mirror of
https://github.com/wangyu-/udp2raw.git
synced 2025-10-29 09:15:33 +08:00
Compare commits
2 Commits
unified
...
f171c8336e
| Author | SHA1 | Date | |
|---|---|---|---|
|
f171c8336e | ||
|
|
864e8090ba |
16
README.md
16
README.md
@@ -90,7 +90,7 @@ To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki
|
||||
### Usage
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -98,16 +98,14 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
|
||||
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -123,7 +121,6 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -136,14 +133,11 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### Iptables rules,`-a` and `-g`
|
||||
|
||||
17
common.cpp
17
common.cpp
@@ -11,6 +11,7 @@
|
||||
|
||||
#include <random>
|
||||
#include <cmath>
|
||||
#include <stdint.h>
|
||||
|
||||
// static int random_number_fd=-1;
|
||||
int force_socket_buf = 0;
|
||||
@@ -190,6 +191,8 @@ int address_t::from_sockaddr(sockaddr *addr, socklen_t slen) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int g_randomize_local_addr = 0;
|
||||
static uint32_t g_lo_ip = 0x7f010001u;
|
||||
int address_t::new_connected_udp_fd() {
|
||||
int new_udp_fd;
|
||||
new_udp_fd = socket(get_type(), SOCK_DGRAM, IPPROTO_UDP);
|
||||
@@ -200,6 +203,20 @@ int address_t::new_connected_udp_fd() {
|
||||
setnonblocking(new_udp_fd);
|
||||
set_buf_size(new_udp_fd, socket_buf_size);
|
||||
|
||||
struct sockaddr_in *paddr_inet = (struct sockaddr_in *)&inner;
|
||||
if (paddr_inet->sin_family == AF_INET && g_randomize_local_addr &&
|
||||
(ntohl(paddr_inet->sin_addr.s_addr) & 0xff000000u) == 0x7f000000u) {
|
||||
// wireguard allows only one port number per address, so change source address on reconnection
|
||||
struct sockaddr_in addr_bound;
|
||||
memset(&addr_bound, 0, sizeof(addr_bound));
|
||||
addr_bound.sin_family = AF_INET;
|
||||
addr_bound.sin_addr.s_addr = htonl(g_lo_ip);
|
||||
g_lo_ip += 0x2u;
|
||||
mylog(log_debug, "randomizing local address when connecting to localhost, binding local ip %s\n", my_ntoa(g_lo_ip));
|
||||
if (bind(new_udp_fd, (struct sockaddr *)&addr_bound, sizeof(addr_bound)) != 0) {
|
||||
mylog(log_warn, "lo addr: bind failed\n");
|
||||
}
|
||||
}
|
||||
mylog(log_debug, "created new udp_fd %d\n", new_udp_fd);
|
||||
int ret = connect(new_udp_fd, (struct sockaddr *)&inner, get_len());
|
||||
if (ret != 0) {
|
||||
|
||||
2
common.h
2
common.h
@@ -163,6 +163,8 @@ extern int force_socket_buf;
|
||||
|
||||
extern int g_fix_gro;
|
||||
|
||||
extern int g_randomize_local_addr;
|
||||
|
||||
/*
|
||||
struct ip_port_t
|
||||
{
|
||||
|
||||
@@ -435,7 +435,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len) //
|
||||
if (cipher_mode == cipher_xor) {
|
||||
send_data_buf2[0] ^= gro_xor[0];
|
||||
send_data_buf2[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
aes_ecb_encrypt1(send_data_buf2);
|
||||
}
|
||||
}
|
||||
@@ -586,7 +586,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
|
||||
if (cipher_mode == cipher_xor) {
|
||||
recv_data[0] ^= gro_xor[0];
|
||||
recv_data[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
aes_ecb_decrypt1(recv_data);
|
||||
}
|
||||
single_len = read_u16(recv_data);
|
||||
|
||||
@@ -103,7 +103,7 @@ https://github.com/wangyu-/udp2raw-tunnel/releases
|
||||
### 命令选项
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -111,16 +111,14 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--cipher-mode <string> available values:aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -136,7 +134,6 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -149,14 +146,11 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### iptables 规则,`-a`和`-g`
|
||||
@@ -275,4 +269,3 @@ raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
||||
|
||||
https://github.com/wangyu-/udp2raw-tunnel/wiki
|
||||
|
||||
|
||||
|
||||
13
misc.cpp
13
misc.cpp
@@ -296,6 +296,9 @@ void process_arg(int argc, char *argv[]) // process all options
|
||||
{"no-pcap-mutex", no_argument, 0, 1},
|
||||
#endif
|
||||
{"fix-gro", no_argument, 0, 1},
|
||||
{"do-fragment", no_argument, 0, 1},
|
||||
{"rand-addr", no_argument, 0, 1},
|
||||
{"wireguard", no_argument, 0, 1},
|
||||
{NULL, 0, 0, 0}};
|
||||
|
||||
process_log_level(argc, argv);
|
||||
@@ -677,6 +680,16 @@ void process_arg(int argc, char *argv[]) // process all options
|
||||
} else if (strcmp(long_options[option_index].name, "fix-gro") == 0) {
|
||||
mylog(log_info, "--fix-gro enabled\n");
|
||||
g_fix_gro = 1;
|
||||
} else if (strcmp(long_options[option_index].name, "do-fragment") == 0) {
|
||||
mylog(log_info, "--do-fragment enabled\n");
|
||||
g_should_fragment = 1;
|
||||
} else if (strcmp(long_options[option_index].name, "rand-addr") == 0) {
|
||||
mylog(log_info, "--rand-addr enabled\n");
|
||||
g_randomize_local_addr = 1;
|
||||
} else if (strcmp(long_options[option_index].name, "wireguard") == 0) {
|
||||
mylog(log_info, "--wireguard mode enabled, turning on --do-fragment and --rand-addr\n");
|
||||
g_should_fragment = 1;
|
||||
g_randomize_local_addr = 1;
|
||||
} else {
|
||||
mylog(log_warn, "ignored unknown long option ,option_index:%d code:<%x>\n", option_index, optopt);
|
||||
}
|
||||
|
||||
@@ -1159,6 +1159,7 @@ printf("pcap send!\n");*/
|
||||
}
|
||||
#endif
|
||||
|
||||
int g_should_fragment = 0;
|
||||
int send_raw_ip(raw_info_t &raw_info, const char *payload, int payloadlen) {
|
||||
const packet_info_t &send_info = raw_info.send_info;
|
||||
const packet_info_t &recv_info = raw_info.recv_info;
|
||||
@@ -1188,8 +1189,11 @@ int send_raw_ip(raw_info_t &raw_info, const char *payload, int payloadlen) {
|
||||
// iph->id = 0; //Id of this packet ,kernel will auto fill this if id is zero ,or really?????// todo //seems like there is a problem
|
||||
}
|
||||
|
||||
iph->frag_off = htons(0x4000); // DF set,others are zero
|
||||
// iph->frag_off = htons(0x0000); //DF set,others are zero
|
||||
if (g_should_fragment) {
|
||||
iph->frag_off = htons(0x0000); //DF cleared,others are zero
|
||||
} else {
|
||||
iph->frag_off = htons(0x4000); // DF set,others are zero
|
||||
}
|
||||
iph->ttl = (unsigned char)ttl_value;
|
||||
iph->protocol = send_info.protocol;
|
||||
iph->check = 0; // Set to 0 before calculating checksum
|
||||
|
||||
Reference in New Issue
Block a user