Compare commits

...

4 Commits

Author SHA1 Message Date
Matt
b1748a2fd8 Merge b6c6813d41 into 4623f878e0 2024-06-10 19:17:55 -04:00
Matt
b6c6813d41 make mingw_cross 2024-04-03 12:44:50 +08:00
mxmkeep
9045264d37 tcp spa: optimize check logic 2024-03-27 22:44:50 +08:00
root
4e6e1e6a97 support TCP SPA feature 2024-03-22 00:51:09 +08:00
5 changed files with 80 additions and 2 deletions

View File

@@ -163,6 +163,8 @@ extern int force_socket_buf;
extern int g_fix_gro; extern int g_fix_gro;
extern int g_tcp_spa;
/* /*
struct ip_port_t struct ip_port_t
{ {

1
git_version.h Normal file
View File

@@ -0,0 +1 @@
const char *gitversion = "e42f0e573221c5e0146c02fd5d71f32aa93c7221";

View File

@@ -148,6 +148,8 @@ void print_help() {
printf(" --disable-anti-replay disable anti-replay,not suggested\n"); printf(" --disable-anti-replay disable anti-replay,not suggested\n");
printf(" --fix-gro try to fix huge packet caused by GRO. this option is at an early stage.\n"); printf(" --fix-gro try to fix huge packet caused by GRO. this option is at an early stage.\n");
printf(" make sure client and server are at same version.\n"); printf(" make sure client and server are at same version.\n");
printf(" --tcp-spa TCP SPA mode to avoid port scanning.\n");
printf(" when enable on server mode, will check SYN's option.\n");
// printf("\n"); // printf("\n");
printf("client options:\n"); printf("client options:\n");
@@ -296,6 +298,7 @@ void process_arg(int argc, char *argv[]) // process all options
{"no-pcap-mutex", no_argument, 0, 1}, {"no-pcap-mutex", no_argument, 0, 1},
#endif #endif
{"fix-gro", no_argument, 0, 1}, {"fix-gro", no_argument, 0, 1},
{"tcp-spa", no_argument, 0, 1},
{NULL, 0, 0, 0}}; {NULL, 0, 0, 0}};
process_log_level(argc, argv); process_log_level(argc, argv);
@@ -677,6 +680,9 @@ void process_arg(int argc, char *argv[]) // process all options
} else if (strcmp(long_options[option_index].name, "fix-gro") == 0) { } else if (strcmp(long_options[option_index].name, "fix-gro") == 0) {
mylog(log_info, "--fix-gro enabled\n"); mylog(log_info, "--fix-gro enabled\n");
g_fix_gro = 1; g_fix_gro = 1;
} else if (strcmp(long_options[option_index].name, "tcp-spa") == 0) {
mylog(log_info, "--tcp-spa enabled\n");
g_tcp_spa = 1;
} else { } else {
mylog(log_warn, "ignored unknown long option ,option_index:%d code:<%x>\n", option_index, optopt); mylog(log_warn, "ignored unknown long option ,option_index:%d code:<%x>\n", option_index, optopt);
} }

View File

@@ -259,6 +259,40 @@ tcpdump -i eth1 ip and icmp -dd
*/ */
#endif #endif
//tcp option for SPA
int g_tcp_spa = 0;
typedef struct tcpopt_data {
uint8_t opcode;
uint8_t opsize;
uint16_t reserve;
uint32_t csum;
}tcpopt_data_t;
#define TCPOPT_SPA 233
#define HASH_PRIME 16777619
#define HASH_OFFSET 2166136261U
//FNV-1a from GPT
uint32_t checksum(uint32_t timestamp, const char* key) {
uint32_t hash = HASH_OFFSET;
const char* ptr = key;
size_t key_len = strlen(key);
for (size_t i = 0; i < key_len; i++) {
hash ^= (uint32_t)ptr[i];
hash *= HASH_PRIME;
}
for (uint32_t i = 0; i < sizeof(uint32_t); i++) {
hash ^= (uint32_t)(timestamp & 0xFF);
hash *= HASH_PRIME;
timestamp >>= 8;
}
return hash;
}
//--------------
packet_info_t::packet_info_t() { packet_info_t::packet_info_t() {
src_port = 0; src_port = 0;
dst_port = 0; dst_port = 0;
@@ -1679,6 +1713,16 @@ int send_raw_tcp(raw_info_t &raw_info, const char *payload, int payloadlen) { /
send_raw_tcp_buf[i++] = 0x03; send_raw_tcp_buf[i++] = 0x03;
send_raw_tcp_buf[i++] = 0x03; send_raw_tcp_buf[i++] = 0x03;
send_raw_tcp_buf[i++] = wscale; send_raw_tcp_buf[i++] = wscale;
if(g_tcp_spa && tcph->ack == 0) {
tcph->doff = 12;
tcpopt_data_t opt = {TCPOPT_SPA, sizeof(tcpopt_data_t), 0, 0};
uint32_t csum = checksum(ts, key_string);
opt.csum = htonl(csum);
memcpy(&send_raw_tcp_buf[i], &opt, opt.opsize);
i += opt.opsize;
}
} else { } else {
tcph->doff = 8; tcph->doff = 8;
int i = sizeof(my_tcphdr); int i = sizeof(my_tcphdr);
@@ -2113,6 +2157,8 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
recv_info.has_ts = 0; recv_info.has_ts = 0;
recv_info.ts = 0; recv_info.ts = 0;
tcpopt_data_t *opt = NULL;
char *ptr = option_begin; char *ptr = option_begin;
// char *option_end=tcp_begin+tcp_hdr_len; // char *option_end=tcp_begin+tcp_hdr_len;
while (ptr < option_end) { while (ptr < option_end) {
@@ -2143,6 +2189,14 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
// return 0;//we currently only parse ts, so just return after its found // return 0;//we currently only parse ts, so just return after its found
ptr += 10; ptr += 10;
} else if (recv_info.syn == 1 && recv_info.ack == 0
&& g_tcp_spa && (unsigned char)*ptr == TCPOPT_SPA) {
if (ptr + sizeof(tcpopt_data_t) > option_end) {
mylog(log_trace, "ptr+8>option_end for TCPOPT_SPA\n");
return -2;
}
opt = (tcpopt_data_t*)ptr;
ptr += sizeof(tcpopt_data_t);
} else { } else {
if (ptr + 1 >= option_end) { if (ptr + 1 >= option_end) {
mylog(log_trace, "invaild option ptr+1==option_end\n"); mylog(log_trace, "invaild option ptr+1==option_end\n");
@@ -2160,7 +2214,18 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
// printf("!"); // printf("!");
} }
// printf("\n"); // printf("\n");
if(recv_info.syn == 1 && recv_info.ack == 0 && g_tcp_spa) {
if(opt == NULL) {
mylog(log_trace, "No found spa opt, pkt drop\n");
return -2;
}
uint32_t csum = checksum(htonl(recv_info.ts), key_string);
if(opt->csum != htonl(csum)){
mylog(log_trace, "SPA csum match failed\n");
return -2;
}
}
return 0; return 0;
} }
int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) { int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
@@ -2294,7 +2359,8 @@ int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
} }
printf("<%d %d>\n",recv_info.ts,recv_info.ts_ack); printf("<%d %d>\n",recv_info.ts,recv_info.ts_ack);
*/ */
parse_tcp_option(tcp_option, option_end, recv_info);
//parse_tcp_option(tcp_option, option_end, recv_info);
recv_info.ack = tcph->ack; recv_info.ack = tcph->ack;
recv_info.syn = tcph->syn; recv_info.syn = tcph->syn;
@@ -2304,6 +2370,9 @@ int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
recv_info.seq = ntohl(tcph->seq); recv_info.seq = ntohl(tcph->seq);
if(-2 == parse_tcp_option(tcp_option, option_end, recv_info))
return -1;
// recv_info.last_last_ack_seq=recv_info.last_ack_seq; // recv_info.last_last_ack_seq=recv_info.last_ack_seq;
// recv_info.last_ack_seq=recv_info.ack_seq; // recv_info.last_ack_seq=recv_info.ack_seq;
u32_t last_ack_seq = recv_info.ack_seq; u32_t last_ack_seq = recv_info.ack_seq;

BIN
udp2raw Executable file

Binary file not shown.