Merge 864e8090ba into f49e6adedf

add --wireguard mode
2025-10-19 04:15:34 +08:00 · 2023-11-09 00:43:56 +08:00 · 2023-02-14 16:50:03 +08:00
8 changed files with 52 additions and 27 deletions
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@ Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your
 Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.

 ### Note
-To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki/Android-Guide)
+To run on Android, check [Android_Guide](/doc/android_guide.md)

 `-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relies on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.

@@ -90,7 +90,7 @@ To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki
 ### Usage
 ```
 udp2raw-tunnel
-git version:4623f878e0    build date:Nov  3 2024 23:15:46
+git version:6e1df4b39f    build date:Oct 24 2017 09:21:15
 repository: https://github.com/wangyu-/udp2raw-tunnel

 usage:
@@ -98,16 +98,14 @@ usage:
    run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port  [options]

 common options,these options must be same on both side:
-    --raw-mode            <string>        available values:faketcp(default),udp,icmp and easy-faketcp
+    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp
    -k,--key              <string>        password to gen symetric key,default:"secret key"
-    --cipher-mode         <string>        available values:aes128cfb,aes128cbc(default),xor,none
-    --auth-mode           <string>        available values:hmac_sha1,md5(default),crc32,simple,none
+    --cipher-mode         <string>        avaliable values:aes128cbc(default),xor,none
+    --auth-mode           <string>        avaliable values:hmac_sha1,md5(default),crc32,simple,none
    -a,--auto-rule                        auto add (and delete) iptables rule
    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and
                                          add it manually.overrides -a
    --disable-anti-replay                 disable anti-replay,not suggested
-    --fix-gro                             try to fix huge packet caused by GRO. this option is at an early stage.
-                                          make sure client and server are at same version.
 client options:
    --source-ip           <ip>            force source-ip for raw socket
    --source-port         <port>          force source-port for raw socket,tcp/udp only
@@ -123,7 +121,6 @@ other options:
    --disable-color                       disable log color
    --disable-bpf                         disable the kernel space filter,most time its not necessary
                                          unless you suspect there is a bug
-    --dev                 <string>        bind raw socket to a device, not necessary but improves performance
    --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
    --force-sock-buf                      bypass system limitation while setting sock-buf
    --seq-mode            <number>        seq increase mode for faketcp:
@@ -136,14 +133,11 @@ other options:
    --lower-level         <string>        send packets at OSI level 2, format:'if_name#dest_mac_adress'
                                          ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
                                          the parameter automatically,specify it manually if 'auto' failed
-    --wait-lock                           wait for xtables lock while invoking iptables, need iptables v1.4.20+
    --gen-add                             generate iptables rule and add it permanently,then exit.overrides -g
    --keep-rule                           monitor iptables and auto re-add if necessary.implys -a
-    --hb-len              <number>        length of heart-beat packet, >=0 and <=1500
-    --mtu-warn            <number>        mtu warning threshold, unit:byte, default:1375
    --clear                               clear any iptables rules added by this program.overrides everything
-    --retry-on-error                      retry on error, allow to start udp2raw before network is initialized
    -h,--help                             print this help message
+
 ```

 ### Iptables rules,`-a` and `-g`
--- a/common.cpp
+++ b/common.cpp
@@ -11,6 +11,7 @@

 #include <random>
 #include <cmath>
+#include <stdint.h>

 // static int random_number_fd=-1;
 int force_socket_buf = 0;
@@ -190,6 +191,8 @@ int address_t::from_sockaddr(sockaddr *addr, socklen_t slen) {
    return 0;
 }

+int g_randomize_local_addr = 0;
+static uint32_t g_lo_ip = 0x7f010001u;
 int address_t::new_connected_udp_fd() {
    int new_udp_fd;
    new_udp_fd = socket(get_type(), SOCK_DGRAM, IPPROTO_UDP);
@@ -200,6 +203,20 @@ int address_t::new_connected_udp_fd() {
    setnonblocking(new_udp_fd);
    set_buf_size(new_udp_fd, socket_buf_size);

+    struct sockaddr_in *paddr_inet = (struct sockaddr_in *)&inner;
+    if (paddr_inet->sin_family == AF_INET && g_randomize_local_addr && 
+    (ntohl(paddr_inet->sin_addr.s_addr) & 0xff000000u) == 0x7f000000u) {
+        // wireguard allows only one port number per address, so change source address on reconnection
+        struct sockaddr_in addr_bound;
+        memset(&addr_bound, 0, sizeof(addr_bound));
+        addr_bound.sin_family = AF_INET;
+        addr_bound.sin_addr.s_addr = htonl(g_lo_ip);
+        g_lo_ip += 0x2u;
+        mylog(log_debug, "randomizing local address when connecting to localhost, binding local ip %s\n", my_ntoa(g_lo_ip));
+        if (bind(new_udp_fd, (struct sockaddr *)&addr_bound, sizeof(addr_bound)) != 0) {
+            mylog(log_warn, "lo addr: bind failed\n");
+        }
+    }
    mylog(log_debug, "created new udp_fd %d\n", new_udp_fd);
    int ret = connect(new_udp_fd, (struct sockaddr *)&inner, get_len());
    if (ret != 0) {
--- a/common.h
+++ b/common.h
@@ -163,6 +163,8 @@ extern int force_socket_buf;

 extern int g_fix_gro;

+extern int g_randomize_local_addr;
+
 /*
 struct ip_port_t
 {
--- a/connection.cpp
+++ b/connection.cpp
@@ -435,7 +435,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len)  //
        if (cipher_mode == cipher_xor) {
            send_data_buf2[0] ^= gro_xor[0];
            send_data_buf2[1] ^= gro_xor[1];
-        } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
+        } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
            aes_ecb_encrypt1(send_data_buf2);
        }
    }
@@ -586,7 +586,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
            if (cipher_mode == cipher_xor) {
                recv_data[0] ^= gro_xor[0];
                recv_data[1] ^= gro_xor[1];
-            } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
+            } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
                aes_ecb_decrypt1(recv_data);
            }
            single_len = read_u16(recv_data);
--- a/doc/README.zh-cn.md
+++ b/doc/README.zh-cn.md
@@ -103,7 +103,7 @@ https://github.com/wangyu-/udp2raw-tunnel/releases
 ### 命令选项
 ```
 udp2raw-tunnel
-git version:4623f878e0    build date:Nov  3 2024 23:15:46
+git version:6e1df4b39f    build date:Oct 24 2017 09:21:15
 repository: https://github.com/wangyu-/udp2raw-tunnel

 usage:
@@ -111,16 +111,14 @@ usage:
    run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port  [options]

 common options,these options must be same on both side:
-    --raw-mode            <string>        available values:faketcp(default),udp,icmp and easy-faketcp
+    --raw-mode            <string>        available values:faketcp(default),udp,icmp
    -k,--key              <string>        password to gen symetric key,default:"secret key"
-    --cipher-mode         <string>        available values:aes128cfb,aes128cbc(default),xor,none
+    --cipher-mode         <string>        available values:aes128cbc(default),xor,none
    --auth-mode           <string>        available values:hmac_sha1,md5(default),crc32,simple,none
    -a,--auto-rule                        auto add (and delete) iptables rule
    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and
                                          add it manually.overrides -a
    --disable-anti-replay                 disable anti-replay,not suggested
-    --fix-gro                             try to fix huge packet caused by GRO. this option is at an early stage.
-                                          make sure client and server are at same version.
 client options:
    --source-ip           <ip>            force source-ip for raw socket
    --source-port         <port>          force source-port for raw socket,tcp/udp only
@@ -136,7 +134,6 @@ other options:
    --disable-color                       disable log color
    --disable-bpf                         disable the kernel space filter,most time its not necessary
                                          unless you suspect there is a bug
-    --dev                 <string>        bind raw socket to a device, not necessary but improves performance
    --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
    --force-sock-buf                      bypass system limitation while setting sock-buf
    --seq-mode            <number>        seq increase mode for faketcp:
@@ -149,14 +146,11 @@ other options:
    --lower-level         <string>        send packets at OSI level 2, format:'if_name#dest_mac_adress'
                                          ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
                                          the parameter automatically,specify it manually if 'auto' failed
-    --wait-lock                           wait for xtables lock while invoking iptables, need iptables v1.4.20+
    --gen-add                             generate iptables rule and add it permanently,then exit.overrides -g
    --keep-rule                           monitor iptables and auto re-add if necessary.implys -a
-    --hb-len              <number>        length of heart-beat packet, >=0 and <=1500
-    --mtu-warn            <number>        mtu warning threshold, unit:byte, default:1375
    --clear                               clear any iptables rules added by this program.overrides everything
-    --retry-on-error                      retry on error, allow to start udp2raw before network is initialized
    -h,--help                             print this help message
+
 ```

 ### iptables 规则,`-a`和`-g`
@@ -275,4 +269,3 @@ raw_mode: faketcp  cipher_mode: aes128cbc  auth_mode: md5

 https://github.com/wangyu-/udp2raw-tunnel/wiki

-
--- a/misc.cpp
+++ b/misc.cpp
@@ -296,6 +296,9 @@ void process_arg(int argc, char *argv[])  // process all options
            {"no-pcap-mutex", no_argument, 0, 1},
 #endif
            {"fix-gro", no_argument, 0, 1},
+            {"do-fragment", no_argument, 0, 1},
+            {"rand-addr", no_argument, 0, 1},
+            {"wireguard", no_argument, 0, 1},
            {NULL, 0, 0, 0}};

    process_log_level(argc, argv);
@@ -677,6 +680,16 @@ void process_arg(int argc, char *argv[])  // process all options
                } else if (strcmp(long_options[option_index].name, "fix-gro") == 0) {
                    mylog(log_info, "--fix-gro enabled\n");
                    g_fix_gro = 1;
+                } else if (strcmp(long_options[option_index].name, "do-fragment") == 0) {
+                    mylog(log_info, "--do-fragment enabled\n");
+                    g_should_fragment = 1;
+                } else if (strcmp(long_options[option_index].name, "rand-addr") == 0) {
+                    mylog(log_info, "--rand-addr enabled\n");
+                    g_randomize_local_addr = 1;
+                } else if (strcmp(long_options[option_index].name, "wireguard") == 0) {
+                    mylog(log_info, "--wireguard mode enabled, turning on --do-fragment and --rand-addr\n");
+                    g_should_fragment = 1;
+                    g_randomize_local_addr = 1;
                } else {
                    mylog(log_warn, "ignored unknown long option ,option_index:%d code:<%x>\n", option_index, optopt);
                }
--- a/network.cpp
+++ b/network.cpp
@@ -1159,6 +1159,7 @@ printf("pcap send!\n");*/
 }
 #endif

+int g_should_fragment = 0;
 int send_raw_ip(raw_info_t &raw_info, const char *payload, int payloadlen) {
    const packet_info_t &send_info = raw_info.send_info;
    const packet_info_t &recv_info = raw_info.recv_info;
@@ -1188,8 +1189,11 @@ int send_raw_ip(raw_info_t &raw_info, const char *payload, int payloadlen) {
            // iph->id = 0; //Id of this packet  ,kernel will auto fill this if id is zero  ,or really?????// todo //seems like there is a problem
        }

-        iph->frag_off = htons(0x4000);  // DF set,others are zero
-        // iph->frag_off = htons(0x0000); //DF set,others are zero
+        if (g_should_fragment) {
+            iph->frag_off = htons(0x0000);  //DF cleared,others are zero
+        } else {
+            iph->frag_off = htons(0x4000);  // DF set,others are zero
+        }
        iph->ttl = (unsigned char)ttl_value;
        iph->protocol = send_info.protocol;
        iph->check = 0;                        // Set to 0 before calculating checksum
--- a/network.h
+++ b/network.h
@@ -56,6 +56,8 @@ struct icmphdr {
 };
 #endif

+extern int g_should_fragment;
+
 struct my_iphdr {
 #ifdef UDP2RAW_LITTLE_ENDIAN
    unsigned char ihl : 4;
Author	SHA1	Message	Date
HouQiming	153c6c002e	Merge `864e8090ba` into `f49e6adedf`	2023-11-09 00:43:56 +08:00
Qiming HOU	864e8090ba	add --wireguard mode	2023-02-14 16:50:03 +08:00