mirror of
https://github.com/hufrea/byedpi.git
synced 2025-01-03 04:49:47 +00:00
Merge branch 'hufrea:main' into cmake
This commit is contained in:
commit
f265ab4b24
7
Makefile
7
Makefile
@ -10,6 +10,9 @@ WIN_SRC = win_service.c
|
|||||||
OBJ = $(SRC:.c=.o)
|
OBJ = $(SRC:.c=.o)
|
||||||
WIN_OBJ = $(WIN_SRC:.c=.o)
|
WIN_OBJ = $(WIN_SRC:.c=.o)
|
||||||
|
|
||||||
|
PREFIX := /usr/local
|
||||||
|
INSTALL_DIR := $(DESTDIR)$(PREFIX)/bin/
|
||||||
|
|
||||||
all: $(TARGET)
|
all: $(TARGET)
|
||||||
|
|
||||||
$(TARGET): $(OBJ)
|
$(TARGET): $(OBJ)
|
||||||
@ -23,3 +26,7 @@ windows: $(OBJ) $(WIN_OBJ)
|
|||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f $(TARGET) $(TARGET).exe $(OBJ) $(WIN_OBJ)
|
rm -f $(TARGET) $(TARGET).exe $(OBJ) $(WIN_OBJ)
|
||||||
|
|
||||||
|
install: $(TARGET)
|
||||||
|
mkdir -p $(INSTALL_DIR)
|
||||||
|
install -m 755 $(TARGET) $(INSTALL_DIR)
|
||||||
|
11
README.md
11
README.md
@ -16,6 +16,9 @@ ciadpi --fake -1 --ttl 8
|
|||||||
-p, --port <num>
|
-p, --port <num>
|
||||||
Прослушиваемый порт, по умолчанию 1080
|
Прослушиваемый порт, по умолчанию 1080
|
||||||
|
|
||||||
|
-E, --transparent
|
||||||
|
Запуск в режиме прозрачного прокси, SOCKS работать не будет
|
||||||
|
|
||||||
-c, --max-conn <count>
|
-c, --max-conn <count>
|
||||||
Максимальное количество клиентских подключений, по умолчанию 512
|
Максимальное количество клиентских подключений, по умолчанию 512
|
||||||
|
|
||||||
@ -53,6 +56,12 @@ ciadpi --fake -1 --ttl 8
|
|||||||
ssl_err : В ответ на ClientHello не пришел ServerHello или SH содержит некорректный session_id
|
ssl_err : В ответ на ClientHello не пришел ServerHello или SH содержит некорректный session_id
|
||||||
none : Предыдущая группа пропущена, например из-за ограничения по доменам или протоколам
|
none : Предыдущая группа пропущена, например из-за ограничения по доменам или протоколам
|
||||||
|
|
||||||
|
-L, --auto-mode <0|1>
|
||||||
|
0: кешировать IP только если имеется возможность переподключиться
|
||||||
|
1: кешировать IP также в том случае, если:
|
||||||
|
torst - таймаут/соединение сброшено во время обмена пакетами (т.е. уже после первых данных от сервера)
|
||||||
|
ssl_err - совершился лишь один круг обмена данными (запрос-ответ/запрос-ответ-запрос)
|
||||||
|
|
||||||
-u, --cache-ttl <sec>
|
-u, --cache-ttl <sec>
|
||||||
Время жизни значения в кеше, по умолчанию 100800 (28 часов)
|
Время жизни значения в кеше, по умолчанию 100800 (28 часов)
|
||||||
|
|
||||||
@ -246,7 +255,7 @@ TCP может отсылать данные вне основного пото
|
|||||||
------
|
------
|
||||||
#### Примеры:
|
#### Примеры:
|
||||||
```
|
```
|
||||||
--fake -1 --ttl 10 --auto=alert,sid_inv --fake -1 --ttl 5
|
--fake -1 --ttl 10 --auto=ssl_err --fake -1 --ttl 5
|
||||||
```
|
```
|
||||||
По умолчанию использовать `fake` с ttl=10, в случае ошибки использовать `fake` с ttl=5
|
По умолчанию использовать `fake` с ttl=10, в случае ошибки использовать `fake` с ttl=5
|
||||||
|
|
||||||
|
11
conev.c
11
conev.c
@ -4,12 +4,14 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
#include "error.h"
|
||||||
|
|
||||||
|
|
||||||
struct poolhd *init_pool(int count)
|
struct poolhd *init_pool(int count)
|
||||||
{
|
{
|
||||||
struct poolhd *pool = calloc(sizeof(struct poolhd), 1);
|
struct poolhd *pool = calloc(sizeof(struct poolhd), 1);
|
||||||
if (!pool) {
|
if (!pool) {
|
||||||
|
uniperror("init pool");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
pool->max = count;
|
pool->max = count;
|
||||||
@ -29,6 +31,7 @@ struct poolhd *init_pool(int count)
|
|||||||
pool->items = malloc(sizeof(*pool->items) * count);
|
pool->items = malloc(sizeof(*pool->items) * count);
|
||||||
|
|
||||||
if (!pool->pevents || !pool->links || !pool->items) {
|
if (!pool->pevents || !pool->links || !pool->items) {
|
||||||
|
uniperror("init pool");
|
||||||
destroy_pool(pool);
|
destroy_pool(pool);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -45,6 +48,7 @@ struct eval *add_event(struct poolhd *pool, enum eid type,
|
|||||||
{
|
{
|
||||||
assert(fd > 0);
|
assert(fd > 0);
|
||||||
if (pool->count >= pool->max) {
|
if (pool->count >= pool->max) {
|
||||||
|
LOG(LOG_E, "add_event: pool is full\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
struct eval *val = pool->links[pool->count];
|
struct eval *val = pool->links[pool->count];
|
||||||
@ -58,6 +62,7 @@ struct eval *add_event(struct poolhd *pool, enum eid type,
|
|||||||
#ifndef NOEPOLL
|
#ifndef NOEPOLL
|
||||||
struct epoll_event ev = { .events = EPOLLRDHUP | e, .data = {val} };
|
struct epoll_event ev = { .events = EPOLLRDHUP | e, .data = {val} };
|
||||||
if (epoll_ctl(pool->efd, EPOLL_CTL_ADD, fd, &ev)) {
|
if (epoll_ctl(pool->efd, EPOLL_CTL_ADD, fd, &ev)) {
|
||||||
|
uniperror("add event");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
@ -153,9 +158,6 @@ struct eval *next_event(struct poolhd *pool, int *offs, int *type)
|
|||||||
if (i < 0) {
|
if (i < 0) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (pool->iters == UINT_MAX) {
|
|
||||||
pool->iters = 0;
|
|
||||||
}
|
|
||||||
pool->iters++;
|
pool->iters++;
|
||||||
}
|
}
|
||||||
struct eval *val = pool->pevents[i].data.ptr;
|
struct eval *val = pool->pevents[i].data.ptr;
|
||||||
@ -188,9 +190,6 @@ struct eval *next_event(struct poolhd *pool, int *offs, int *typel)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
i = pool->count - 1;
|
i = pool->count - 1;
|
||||||
if (pool->iters == UINT_MAX) {
|
|
||||||
pool->iters = 0;
|
|
||||||
}
|
|
||||||
pool->iters++;
|
pool->iters++;
|
||||||
}
|
}
|
||||||
short type = pool->pevents[i].revents;
|
short type = pool->pevents[i].revents;
|
||||||
|
7
conev.h
7
conev.h
@ -68,7 +68,7 @@ struct buffer {
|
|||||||
struct eval {
|
struct eval {
|
||||||
int fd;
|
int fd;
|
||||||
int index;
|
int index;
|
||||||
unsigned int mod_iter;
|
unsigned long long mod_iter;
|
||||||
enum eid type;
|
enum eid type;
|
||||||
struct eval *pair;
|
struct eval *pair;
|
||||||
struct buffer buff;
|
struct buffer buff;
|
||||||
@ -78,8 +78,11 @@ struct eval {
|
|||||||
struct sockaddr_in6 in6;
|
struct sockaddr_in6 in6;
|
||||||
};
|
};
|
||||||
ssize_t recv_count;
|
ssize_t recv_count;
|
||||||
|
unsigned int round_count;
|
||||||
|
char last_round;
|
||||||
int attempt;
|
int attempt;
|
||||||
char cache;
|
char cache;
|
||||||
|
char mark; //
|
||||||
};
|
};
|
||||||
|
|
||||||
struct poolhd {
|
struct poolhd {
|
||||||
@ -93,7 +96,7 @@ struct poolhd {
|
|||||||
#else
|
#else
|
||||||
struct pollfd *pevents;
|
struct pollfd *pevents;
|
||||||
#endif
|
#endif
|
||||||
unsigned int iters;
|
unsigned long long iters;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct poolhd *init_pool(int count);
|
struct poolhd *init_pool(int count);
|
||||||
|
47
desync.c
47
desync.c
@ -1,3 +1,5 @@
|
|||||||
|
#define _GNU_SOURCE
|
||||||
|
|
||||||
#include "desync.h"
|
#include "desync.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -16,11 +18,7 @@
|
|||||||
#include <netinet/tcp.h>
|
#include <netinet/tcp.h>
|
||||||
#else
|
#else
|
||||||
#include <linux/tcp.h>
|
#include <linux/tcp.h>
|
||||||
#include <sys/sendfile.h>
|
|
||||||
#include <linux/filter.h>
|
#include <linux/filter.h>
|
||||||
#include <sys/syscall.h>
|
|
||||||
|
|
||||||
#define memfd_create(name, flags) syscall(__NR_memfd_create, name, flags)
|
|
||||||
#endif
|
#endif
|
||||||
#else
|
#else
|
||||||
#include <winsock2.h>
|
#include <winsock2.h>
|
||||||
@ -143,14 +141,12 @@ void wait_send(int sfd)
|
|||||||
#define wait_send_if_support(sfd) // :(
|
#define wait_send_if_support(sfd) // :(
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef FAKE_SUPPORT
|
#ifdef __linux__
|
||||||
#ifndef _WIN32
|
|
||||||
ssize_t send_fake(int sfd, char *buffer,
|
ssize_t send_fake(int sfd, char *buffer,
|
||||||
int cnt, long pos, int fa, struct desync_params *opt)
|
int cnt, long pos, int fa, struct desync_params *opt)
|
||||||
{
|
{
|
||||||
struct sockaddr_in6 addr = {};
|
struct sockaddr_in6 addr = {};
|
||||||
socklen_t addr_size = sizeof(addr);
|
socklen_t addr_size = sizeof(addr);
|
||||||
#ifdef __linux__
|
|
||||||
if (opt->md5sig) {
|
if (opt->md5sig) {
|
||||||
if (getpeername(sfd,
|
if (getpeername(sfd,
|
||||||
(struct sockaddr *)&addr, &addr_size) < 0) {
|
(struct sockaddr *)&addr, &addr_size) < 0) {
|
||||||
@ -158,7 +154,6 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
struct packet pkt;
|
struct packet pkt;
|
||||||
if (opt->fake_data.data) {
|
if (opt->fake_data.data) {
|
||||||
pkt = opt->fake_data;
|
pkt = opt->fake_data;
|
||||||
@ -173,21 +168,16 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
}
|
}
|
||||||
else pkt.size = 0;
|
else pkt.size = 0;
|
||||||
}
|
}
|
||||||
|
int fds[2];
|
||||||
int ffd = memfd_create("name", 0);
|
if (pipe(fds) < 0) {
|
||||||
if (ffd < 0) {
|
uniperror("pipe");
|
||||||
uniperror("memfd_create");
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
char *p = 0;
|
char *p = 0;
|
||||||
ssize_t len = -1;
|
ssize_t len = -1;
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
if (ftruncate(ffd, pos) < 0) {
|
p = mmap(0, pos, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
|
||||||
uniperror("ftruncate");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
p = mmap(0, pos, PROT_WRITE, MAP_SHARED, ffd, 0);
|
|
||||||
if (p == MAP_FAILED) {
|
if (p == MAP_FAILED) {
|
||||||
uniperror("mmap");
|
uniperror("mmap");
|
||||||
p = 0;
|
p = 0;
|
||||||
@ -198,8 +188,6 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
if (setttl(sfd, opt->ttl ? opt->ttl : 8, fa) < 0) {
|
if (setttl(sfd, opt->ttl ? opt->ttl : 8, fa) < 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef __linux__
|
|
||||||
if (opt->md5sig) {
|
if (opt->md5sig) {
|
||||||
struct tcp_md5sig md5 = {
|
struct tcp_md5sig md5 = {
|
||||||
.tcpm_keylen = 5
|
.tcpm_keylen = 5
|
||||||
@ -212,17 +200,22 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
if (opt->ip_options && fa == AF_INET
|
if (opt->ip_options && fa == AF_INET
|
||||||
&& setsockopt(sfd, IPPROTO_IP, IP_OPTIONS,
|
&& setsockopt(sfd, IPPROTO_IP, IP_OPTIONS,
|
||||||
opt->ip_options, opt->ip_options_len) < 0) {
|
opt->ip_options, opt->ip_options_len) < 0) {
|
||||||
uniperror("setsockopt IP_OPTIONS");
|
uniperror("setsockopt IP_OPTIONS");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
struct iovec vec = { .iov_base = p, .iov_len = pos };
|
||||||
|
|
||||||
len = sendfile(sfd, ffd, 0, pos);
|
len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT);
|
||||||
if (len < 0) {
|
if (len < 0) {
|
||||||
uniperror("sendfile");
|
uniperror("vmsplice");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
len = splice(fds[0], 0, sfd, 0, len, 0);
|
||||||
|
if (len < 0) {
|
||||||
|
uniperror("splice");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
wait_send(sfd);
|
wait_send(sfd);
|
||||||
@ -237,7 +230,6 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
uniperror("setsockopt IP_OPTIONS");
|
uniperror("setsockopt IP_OPTIONS");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#ifdef __linux__
|
|
||||||
if (opt->md5sig) {
|
if (opt->md5sig) {
|
||||||
struct tcp_md5sig md5 = {
|
struct tcp_md5sig md5 = {
|
||||||
.tcpm_keylen = 0
|
.tcpm_keylen = 0
|
||||||
@ -250,14 +242,16 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (p) munmap(p, pos);
|
if (p) munmap(p, pos);
|
||||||
close(ffd);
|
close(fds[0]);
|
||||||
|
close(fds[1]);
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
#else
|
#endif
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
OVERLAPPED ov = {};
|
OVERLAPPED ov = {};
|
||||||
|
|
||||||
ssize_t send_fake(int sfd, char *buffer,
|
ssize_t send_fake(int sfd, char *buffer,
|
||||||
@ -359,7 +353,6 @@ ssize_t send_fake(int sfd, char *buffer,
|
|||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
|
|
||||||
ssize_t send_oob(int sfd, char *buffer,
|
ssize_t send_oob(int sfd, char *buffer,
|
||||||
ssize_t n, long pos, char *c)
|
ssize_t n, long pos, char *c)
|
||||||
|
38
dist/linux/README.md
vendored
Normal file
38
dist/linux/README.md
vendored
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# Installing on Linux
|
||||||
|
|
||||||
|
## Building
|
||||||
|
```sh
|
||||||
|
cd byedpi/
|
||||||
|
make
|
||||||
|
sudo make install
|
||||||
|
```
|
||||||
|
|
||||||
|
## Systemd Service (optional)
|
||||||
|
|
||||||
|
You can configure the program to run as systemd service, user- or system-wide (only one at a time).
|
||||||
|
|
||||||
|
### As user service:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cp byedpi.service ~/.config/systemd/user/
|
||||||
|
cp byedpi.conf ~/.config/
|
||||||
|
systemctl --user enable --now byedpi.service
|
||||||
|
```
|
||||||
|
|
||||||
|
You should see the service now marked as "active":
|
||||||
|
```sh
|
||||||
|
systemctl --user status byedpi.service
|
||||||
|
```
|
||||||
|
|
||||||
|
### As system service:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo cp byedpi.service /etc/systemd/system/
|
||||||
|
sudo cp byedpi.conf /etc/
|
||||||
|
sudo systemctl enable --now byedpi.service
|
||||||
|
```
|
||||||
|
|
||||||
|
You should see the service now marked as "active":
|
||||||
|
```sh
|
||||||
|
systemctl status byedpi.service
|
||||||
|
```
|
8
dist/linux/byedpi.conf
vendored
Normal file
8
dist/linux/byedpi.conf
vendored
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# More options and their descriptions can be found here:
|
||||||
|
# https://github.com/hufrea/byedpi/blob/main/README.md
|
||||||
|
#
|
||||||
|
# By default, ciadpi listens on all interfaces,
|
||||||
|
# a specific one can be specified via "--ip 127.0.0.1".
|
||||||
|
|
||||||
|
# Put your options here
|
||||||
|
BYEDPI_OPTIONS="--split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s"
|
19
dist/linux/byedpi.service
vendored
Normal file
19
dist/linux/byedpi.service
vendored
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=ByeDPI
|
||||||
|
Documentation=https://github.com/hufrea/byedpi
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
StandardOutput=null
|
||||||
|
StandardError=journal
|
||||||
|
EnvironmentFile=-/etc/byedpi.conf
|
||||||
|
EnvironmentFile=-%h/.config/byedpi.conf
|
||||||
|
ExecStart=ciadpi $BYEDPI_OPTIONS
|
||||||
|
TimeoutStopSec=5s
|
||||||
|
PrivateTmp=true
|
||||||
|
ProtectSystem=full
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
2
error.h
2
error.h
@ -11,6 +11,8 @@
|
|||||||
#include <android/log.h>
|
#include <android/log.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "params.h"
|
||||||
|
|
||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
#define get_e() \
|
#define get_e() \
|
||||||
unie(WSAGetLastError())
|
unie(WSAGetLastError())
|
||||||
|
180
extend.c
180
extend.c
@ -23,6 +23,8 @@
|
|||||||
#include "desync.h"
|
#include "desync.h"
|
||||||
#include "packets.h"
|
#include "packets.h"
|
||||||
|
|
||||||
|
#define KEY_SIZE sizeof(struct sockaddr_ina)
|
||||||
|
|
||||||
|
|
||||||
int set_timeout(int fd, unsigned int s)
|
int set_timeout(int fd, unsigned int s)
|
||||||
{
|
{
|
||||||
@ -45,32 +47,67 @@ int set_timeout(int fd, unsigned int s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int mode_add_get(struct sockaddr_ina *dst, int m)
|
static ssize_t serialize_addr(const struct sockaddr_ina *dst,
|
||||||
|
uint8_t *const out, const size_t out_len)
|
||||||
|
{
|
||||||
|
#define serialize(raw, field, len, counter){ \
|
||||||
|
const size_t size = sizeof(field); \
|
||||||
|
if ((counter + size) <= len) { \
|
||||||
|
memcpy(raw + counter, &(field), size); \
|
||||||
|
counter += size; \
|
||||||
|
} else return 0; \
|
||||||
|
}
|
||||||
|
size_t c = 0;
|
||||||
|
serialize(out, dst->in.sin_port, out_len, c);
|
||||||
|
serialize(out, dst->sa.sa_family, out_len, c);
|
||||||
|
|
||||||
|
if (dst->sa.sa_family == AF_INET) {
|
||||||
|
serialize(out, dst->in.sin_addr, out_len, c);
|
||||||
|
} else {
|
||||||
|
serialize(out, dst->in6.sin6_addr, out_len, c);
|
||||||
|
}
|
||||||
|
#undef serialize
|
||||||
|
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int mode_add_get(struct sockaddr_ina *dst, int m)
|
||||||
{
|
{
|
||||||
// m < 0: get, m > 0: set, m == 0: delete
|
// m < 0: get, m > 0: set, m == 0: delete
|
||||||
assert(m >= -1 && m < params.dp_count);
|
assert(m >= -1 && m < params.dp_count);
|
||||||
|
|
||||||
time_t t = 0;
|
time_t t = 0;
|
||||||
struct elem *val = 0;
|
struct elem *val = 0;
|
||||||
char *str = (char *)&dst->in;
|
|
||||||
int len = 0;
|
|
||||||
|
|
||||||
if (dst->sa.sa_family == AF_INET) {
|
uint8_t key[KEY_SIZE] = { 0 };
|
||||||
len = sizeof(dst->in);
|
int len = serialize_addr(dst, key, sizeof(key));
|
||||||
}
|
|
||||||
else {
|
|
||||||
len = sizeof(dst->in6) - sizeof(dst->in6.sin6_scope_id);
|
|
||||||
}
|
|
||||||
len -= sizeof(dst->sa.sa_family);
|
|
||||||
assert(len > 0);
|
assert(len > 0);
|
||||||
|
|
||||||
|
if (m < 0) {
|
||||||
|
val = mem_get(params.mempool, (char *)key, len);
|
||||||
|
if (!val) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
time(&t);
|
||||||
|
if (t > val->time + params.cache_ttl) {
|
||||||
|
LOG(LOG_S, "time=%jd, now=%jd, ignore\n", (intmax_t)val->time, (intmax_t)t);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return val->m;
|
||||||
|
}
|
||||||
|
INIT_ADDR_STR((*dst));
|
||||||
|
|
||||||
if (m == 0) {
|
if (m == 0) {
|
||||||
mem_delete(params.mempool, str, len);
|
LOG(LOG_S, "delete ip: %s\n", ADDR_STR);
|
||||||
|
mem_delete(params.mempool, (char *)key, len);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
else if (m > 0) {
|
else {
|
||||||
|
LOG(LOG_S, "save ip: %s, m=%d\n", ADDR_STR, m);
|
||||||
time(&t);
|
time(&t);
|
||||||
val = mem_add(params.mempool, str, len);
|
|
||||||
|
val = mem_add(params.mempool, (char *)key, len);
|
||||||
if (!val) {
|
if (!val) {
|
||||||
uniperror("mem_add");
|
uniperror("mem_add");
|
||||||
return -1;
|
return -1;
|
||||||
@ -79,16 +116,6 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
|
|||||||
val->time = t;
|
val->time = t;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
val = mem_get(params.mempool, str, len);
|
|
||||||
if (!val) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
time(&t);
|
|
||||||
if (t > val->time + params.cache_ttl) {
|
|
||||||
LOG(LOG_S, "time=%ld, now=%ld, ignore\n", val->time, t);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
return val->m;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -188,21 +215,39 @@ int on_torst(struct poolhd *pool, struct eval *val)
|
|||||||
{
|
{
|
||||||
int m = val->pair->attempt + 1;
|
int m = val->pair->attempt + 1;
|
||||||
|
|
||||||
for (; m < params.dp_count; m++) {
|
bool can_reconn = (
|
||||||
struct desync_params *dp = ¶ms.dp[m];
|
val->pair->buff.data && !val->recv_count
|
||||||
if (!dp->detect) {
|
);
|
||||||
return -1;
|
if (can_reconn || params.auto_level >= 1) {
|
||||||
|
for (; m < params.dp_count; m++) {
|
||||||
|
struct desync_params *dp = ¶ms.dp[m];
|
||||||
|
if (!dp->detect) {
|
||||||
|
m = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (dp->detect & DETECT_TORST) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (dp->detect & DETECT_TORST) {
|
if (m == 0) {
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
else if (m >= params.dp_count) {
|
||||||
|
if (m > 1) mode_add_get(
|
||||||
|
(struct sockaddr_ina *)&val->in6, 0);
|
||||||
|
}
|
||||||
|
else if (can_reconn) {
|
||||||
|
return reconnect(pool, val, m);
|
||||||
|
}
|
||||||
|
else mode_add_get(
|
||||||
|
(struct sockaddr_ina *)&val->in6, m);
|
||||||
}
|
}
|
||||||
if (m >= params.dp_count) {
|
struct linger l = { .l_onoff = 1 };
|
||||||
mode_add_get(
|
if (setsockopt(val->pair->fd, SOL_SOCKET,
|
||||||
(struct sockaddr_ina *)&val->in6, 0);
|
SO_LINGER, (char *)&l, sizeof(l)) < 0) {
|
||||||
|
uniperror("setsockopt SO_LINGER");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return reconnect(pool, val, m);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -210,21 +255,44 @@ int on_fin(struct poolhd *pool, struct eval *val)
|
|||||||
{
|
{
|
||||||
int m = val->pair->attempt + 1;
|
int m = val->pair->attempt + 1;
|
||||||
|
|
||||||
|
bool can_reconn = (
|
||||||
|
val->pair->buff.data && !val->recv_count
|
||||||
|
);
|
||||||
|
if (!can_reconn && params.auto_level < 1) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
bool ssl_err = 0;
|
||||||
|
|
||||||
|
if (can_reconn) {
|
||||||
|
char *req = val->pair->buff.data;
|
||||||
|
ssize_t qn = val->pair->buff.size;
|
||||||
|
|
||||||
|
ssl_err = is_tls_chello(req, qn);
|
||||||
|
}
|
||||||
|
else if (val->mark && val->round_count <= 1) {
|
||||||
|
ssl_err = 1;
|
||||||
|
}
|
||||||
|
if (!ssl_err) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
for (; m < params.dp_count; m++) {
|
for (; m < params.dp_count; m++) {
|
||||||
struct desync_params *dp = ¶ms.dp[m];
|
struct desync_params *dp = ¶ms.dp[m];
|
||||||
if (!dp->detect) {
|
if (!dp->detect) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (!(dp->detect & DETECT_TLS_ERR)) {
|
if (dp->detect & DETECT_TLS_ERR) {
|
||||||
continue;
|
if (can_reconn)
|
||||||
|
return reconnect(pool, val, m);
|
||||||
|
else {
|
||||||
|
mode_add_get(
|
||||||
|
(struct sockaddr_ina *)&val->in6, m);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
char *req = val->pair->buff.data;
|
}
|
||||||
ssize_t qn = val->pair->buff.size;
|
if (m > 1) { // delete
|
||||||
|
mode_add_get(
|
||||||
if (!is_tls_chello(req, qn)) {
|
(struct sockaddr_ina *)&val->in6, 0);
|
||||||
continue;
|
|
||||||
}
|
|
||||||
return reconnect(pool, val, m);
|
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -279,20 +347,25 @@ int on_tunnel_check(struct poolhd *pool, struct eval *val,
|
|||||||
assert(!out);
|
assert(!out);
|
||||||
ssize_t n = recv(val->fd, buffer, bfsize, 0);
|
ssize_t n = recv(val->fd, buffer, bfsize, 0);
|
||||||
if (n < 1) {
|
if (n < 1) {
|
||||||
if (n) uniperror("recv");
|
if (!n) {
|
||||||
|
return on_fin(pool, val);
|
||||||
|
}
|
||||||
|
uniperror("recv");
|
||||||
switch (get_e()) {
|
switch (get_e()) {
|
||||||
case ECONNRESET:
|
case ECONNRESET:
|
||||||
case ECONNREFUSED:
|
case ECONNREFUSED:
|
||||||
case ETIMEDOUT:
|
case ETIMEDOUT:
|
||||||
return on_torst(pool, val);
|
return on_torst(pool, val);
|
||||||
}
|
}
|
||||||
return on_fin(pool, val);
|
return -1;
|
||||||
}
|
}
|
||||||
//
|
//
|
||||||
if (on_response(pool, val, buffer, n) == 0) {
|
if (on_response(pool, val, buffer, n) == 0) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
val->recv_count += n;
|
val->recv_count += n;
|
||||||
|
val->round_count = 1;
|
||||||
|
val->last_round = 1;
|
||||||
struct eval *pair = val->pair;
|
struct eval *pair = val->pair;
|
||||||
|
|
||||||
ssize_t sn = send(pair->fd, buffer, n, 0);
|
ssize_t sn = send(pair->fd, buffer, n, 0);
|
||||||
@ -300,9 +373,12 @@ int on_tunnel_check(struct poolhd *pool, struct eval *val,
|
|||||||
uniperror("send");
|
uniperror("send");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
if (params.auto_level > 0 && params.dp_count > 1) {
|
||||||
|
val->mark = is_tls_chello(pair->buff.data, pair->buff.size);
|
||||||
|
}
|
||||||
to_tunnel(pair);
|
to_tunnel(pair);
|
||||||
|
|
||||||
if (params.timeout &&
|
if (params.timeout && params.auto_level < 1 &&
|
||||||
set_timeout(val->fd, 0)) {
|
set_timeout(val->fd, 0)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -315,15 +391,7 @@ int on_tunnel_check(struct poolhd *pool, struct eval *val,
|
|||||||
if (!pair->cache) {
|
if (!pair->cache) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
struct sockaddr_ina *addr = (struct sockaddr_ina *)&val->in6;
|
return mode_add_get((struct sockaddr_ina *)&val->in6, m);
|
||||||
|
|
||||||
if (m == 0) {
|
|
||||||
LOG(LOG_S, "delete ip: m=%d\n", m);
|
|
||||||
} else {
|
|
||||||
INIT_ADDR_STR((*addr));
|
|
||||||
LOG(LOG_S, "save ip: %s, m=%d\n", ADDR_STR, m);
|
|
||||||
}
|
|
||||||
return mode_add_get(addr, m);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -331,7 +399,8 @@ int on_desync_again(struct poolhd *pool,
|
|||||||
struct eval *val, char *buffer, size_t bfsize)
|
struct eval *val, char *buffer, size_t bfsize)
|
||||||
{
|
{
|
||||||
if (val->flag == FLAG_CONN) {
|
if (val->flag == FLAG_CONN) {
|
||||||
if (mod_etype(pool, val, POLLIN)) {
|
if (mod_etype(pool, val, POLLIN) ||
|
||||||
|
mod_etype(pool, val->pair, POLLIN)) {
|
||||||
uniperror("mod_etype");
|
uniperror("mod_etype");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -384,6 +453,7 @@ int on_desync(struct poolhd *pool, struct eval *val,
|
|||||||
}
|
}
|
||||||
val->buff.size += n;
|
val->buff.size += n;
|
||||||
val->recv_count += n;
|
val->recv_count += n;
|
||||||
|
val->round_count = 1;
|
||||||
|
|
||||||
val->buff.data = realloc(val->buff.data, val->buff.size);
|
val->buff.data = realloc(val->buff.data, val->buff.size);
|
||||||
if (val->buff.data == 0) {
|
if (val->buff.data == 0) {
|
||||||
|
4
extend.h
4
extend.h
@ -19,6 +19,10 @@ int on_desync(struct poolhd *pool, struct eval *val,
|
|||||||
ssize_t udp_hook(struct eval *val,
|
ssize_t udp_hook(struct eval *val,
|
||||||
char *buffer, size_t bfsize, ssize_t n, struct sockaddr_ina *dst);
|
char *buffer, size_t bfsize, ssize_t n, struct sockaddr_ina *dst);
|
||||||
|
|
||||||
|
int on_torst(struct poolhd *pool, struct eval *val);
|
||||||
|
|
||||||
|
int on_fin(struct poolhd *pool, struct eval *val);
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
int protect(int conn_fd, const char *path);
|
int protect(int conn_fd, const char *path);
|
||||||
#else
|
#else
|
||||||
|
47
main.c
47
main.c
@ -23,7 +23,7 @@
|
|||||||
#define close(fd) closesocket(fd)
|
#define close(fd) closesocket(fd)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define VERSION "13.1"
|
#define VERSION "14.1"
|
||||||
|
|
||||||
char ip_option[1] = "\0";
|
char ip_option[1] = "\0";
|
||||||
|
|
||||||
@ -54,13 +54,17 @@ struct params params = {
|
|||||||
.laddr = {
|
.laddr = {
|
||||||
.sin6_family = AF_INET
|
.sin6_family = AF_INET
|
||||||
},
|
},
|
||||||
.debug = 0
|
.debug = 0,
|
||||||
|
.auto_level = 0
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
const char help_text[] = {
|
const char help_text[] = {
|
||||||
" -i, --ip, <ip> Listening IP, default 0.0.0.0\n"
|
" -i, --ip, <ip> Listening IP, default 0.0.0.0\n"
|
||||||
" -p, --port <num> Listening port, default 1080\n"
|
" -p, --port <num> Listening port, default 1080\n"
|
||||||
|
#ifdef __linux__
|
||||||
|
" -E, --transparent Transparent proxy mode\n"
|
||||||
|
#endif
|
||||||
" -c, --max-conn <count> Connection count limit, default 512\n"
|
" -c, --max-conn <count> Connection count limit, default 512\n"
|
||||||
" -N, --no-domain Deny domain resolving\n"
|
" -N, --no-domain Deny domain resolving\n"
|
||||||
" -U, --no-udp Deny UDP association\n"
|
" -U, --no-udp Deny UDP association\n"
|
||||||
@ -74,6 +78,7 @@ const char help_text[] = {
|
|||||||
#endif
|
#endif
|
||||||
" -A, --auto <t,r,s,n> Try desync params after this option\n"
|
" -A, --auto <t,r,s,n> Try desync params after this option\n"
|
||||||
" Detect: torst,redirect,ssl_err,none\n"
|
" Detect: torst,redirect,ssl_err,none\n"
|
||||||
|
" -L, --auto-mode <0|1> 1 - handle trigger after several packets\n"
|
||||||
" -u, --cache-ttl <sec> Lifetime of cached desync params for IP\n"
|
" -u, --cache-ttl <sec> Lifetime of cached desync params for IP\n"
|
||||||
#ifdef TIMEOUT_SUPPORT
|
#ifdef TIMEOUT_SUPPORT
|
||||||
" -T, --timeout <sec> Timeout waiting for response, after which trigger auto\n"
|
" -T, --timeout <sec> Timeout waiting for response, after which trigger auto\n"
|
||||||
@ -116,6 +121,9 @@ const struct option options[] = {
|
|||||||
{"version", 0, 0, 'v'},
|
{"version", 0, 0, 'v'},
|
||||||
{"ip", 1, 0, 'i'},
|
{"ip", 1, 0, 'i'},
|
||||||
{"port", 1, 0, 'p'},
|
{"port", 1, 0, 'p'},
|
||||||
|
#ifdef __linux__
|
||||||
|
{"transparent", 0, 0, 'E'},
|
||||||
|
#endif
|
||||||
{"conn-ip", 1, 0, 'I'},
|
{"conn-ip", 1, 0, 'I'},
|
||||||
{"buf-size", 1, 0, 'b'},
|
{"buf-size", 1, 0, 'b'},
|
||||||
{"max-conn", 1, 0, 'c'},
|
{"max-conn", 1, 0, 'c'},
|
||||||
@ -125,6 +133,7 @@ const struct option options[] = {
|
|||||||
{"tfo ", 0, 0, 'F'},
|
{"tfo ", 0, 0, 'F'},
|
||||||
#endif
|
#endif
|
||||||
{"auto", 1, 0, 'A'},
|
{"auto", 1, 0, 'A'},
|
||||||
|
{"auto-mode", 1, 0, 'L'},
|
||||||
{"cache-ttl", 1, 0, 'u'},
|
{"cache-ttl", 1, 0, 'u'},
|
||||||
#ifdef TIMEOUT_SUPPORT
|
#ifdef TIMEOUT_SUPPORT
|
||||||
{"timeout", 1, 0, 'T'},
|
{"timeout", 1, 0, 'T'},
|
||||||
@ -352,6 +361,17 @@ int get_default_ttl()
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool ipv6_support()
|
||||||
|
{
|
||||||
|
int fd = socket(AF_INET6, SOCK_STREAM, 0);
|
||||||
|
if (fd < 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
close(fd);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int parse_offset(struct part *part, const char *str)
|
int parse_offset(struct part *part, const char *str)
|
||||||
{
|
{
|
||||||
char *end = 0;
|
char *end = 0;
|
||||||
@ -464,12 +484,16 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
params.laddr.sin6_port = htons(1080);
|
params.laddr.sin6_port = htons(1080);
|
||||||
|
if (!ipv6_support()) {
|
||||||
|
params.baddr.sin6_family = AF_INET;
|
||||||
|
}
|
||||||
|
|
||||||
int rez;
|
int rez;
|
||||||
int invalid = 0;
|
int invalid = 0;
|
||||||
|
|
||||||
long val = 0;
|
long val = 0;
|
||||||
char *end = 0;
|
char *end = 0;
|
||||||
|
bool all_limited = 1;
|
||||||
|
|
||||||
struct desync_params *dp = add((void *)¶ms.dp,
|
struct desync_params *dp = add((void *)¶ms.dp,
|
||||||
¶ms.dp_count, sizeof(struct desync_params));
|
¶ms.dp_count, sizeof(struct desync_params));
|
||||||
@ -492,6 +516,11 @@ int main(int argc, char **argv)
|
|||||||
case 'U':
|
case 'U':
|
||||||
params.udp = 0;
|
params.udp = 0;
|
||||||
break;
|
break;
|
||||||
|
#ifdef __linux__
|
||||||
|
case 'E':
|
||||||
|
params.transparent = 1;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
case 'h':
|
case 'h':
|
||||||
printf(help_text);
|
printf(help_text);
|
||||||
@ -550,7 +579,18 @@ int main(int argc, char **argv)
|
|||||||
params.tfo = 1;
|
params.tfo = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'L':
|
||||||
|
val = strtol(optarg, &end, 0);
|
||||||
|
if (val < 0 || val > 1 || *end)
|
||||||
|
invalid = 1;
|
||||||
|
else
|
||||||
|
params.auto_level = val;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'A':
|
case 'A':
|
||||||
|
if (!(dp->hosts || dp->proto || dp->pf[0] || dp->detect)) {
|
||||||
|
all_limited = 0;
|
||||||
|
}
|
||||||
dp = add((void *)¶ms.dp, ¶ms.dp_count,
|
dp = add((void *)¶ms.dp, ¶ms.dp_count,
|
||||||
sizeof(struct desync_params));
|
sizeof(struct desync_params));
|
||||||
if (!dp) {
|
if (!dp) {
|
||||||
@ -844,7 +884,7 @@ int main(int argc, char **argv)
|
|||||||
clear_params();
|
clear_params();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (dp->hosts || dp->proto || dp->pf[0]) {
|
if (all_limited) {
|
||||||
dp = add((void *)¶ms.dp,
|
dp = add((void *)¶ms.dp,
|
||||||
¶ms.dp_count, sizeof(struct desync_params));
|
¶ms.dp_count, sizeof(struct desync_params));
|
||||||
if (!dp) {
|
if (!dp) {
|
||||||
@ -868,6 +908,7 @@ int main(int argc, char **argv)
|
|||||||
clear_params();
|
clear_params();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int status = run((struct sockaddr_ina *)¶ms.laddr);
|
int status = run((struct sockaddr_ina *)¶ms.laddr);
|
||||||
clear_params();
|
clear_params();
|
||||||
return status;
|
return status;
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define ANTOHS(data, i) \
|
#define ANTOHS(data, i) \
|
||||||
(uint16_t)((data[i] << 8) + (uint8_t)data[i + 1])
|
(((uint16_t)data[i] << 8) + (uint8_t)data[i + 1])
|
||||||
|
|
||||||
#define SHTONA(data, i, x) \
|
#define SHTONA(data, i, x) \
|
||||||
data[i] = (uint8_t)((x) >> 8); \
|
data[i] = (uint8_t)((x) >> 8); \
|
||||||
|
19
params.h
19
params.h
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
#include "mpool.h"
|
#include "mpool.h"
|
||||||
|
|
||||||
@ -63,11 +64,11 @@ struct desync_params {
|
|||||||
int ttl;
|
int ttl;
|
||||||
char *ip_options;
|
char *ip_options;
|
||||||
ssize_t ip_options_len;
|
ssize_t ip_options_len;
|
||||||
char md5sig;
|
bool md5sig;
|
||||||
struct packet fake_data;
|
struct packet fake_data;
|
||||||
int udp_fake_count;
|
int udp_fake_count;
|
||||||
int fake_offset;
|
int fake_offset;
|
||||||
char drop_sack;
|
bool drop_sack;
|
||||||
char oob_char[2];
|
char oob_char[2];
|
||||||
|
|
||||||
int parts_n;
|
int parts_n;
|
||||||
@ -90,21 +91,23 @@ struct params {
|
|||||||
int dp_count;
|
int dp_count;
|
||||||
struct desync_params *dp;
|
struct desync_params *dp;
|
||||||
long sfdelay;
|
long sfdelay;
|
||||||
char wait_send;
|
bool wait_send;
|
||||||
int def_ttl;
|
int def_ttl;
|
||||||
char custom_ttl;
|
bool custom_ttl;
|
||||||
|
|
||||||
char tfo;
|
bool tfo;
|
||||||
unsigned int timeout;
|
unsigned int timeout;
|
||||||
|
int auto_level;
|
||||||
long cache_ttl;
|
long cache_ttl;
|
||||||
char ipv6;
|
bool ipv6;
|
||||||
char resolve;
|
bool resolve;
|
||||||
char udp;
|
bool udp;
|
||||||
int max_open;
|
int max_open;
|
||||||
int debug;
|
int debug;
|
||||||
size_t bfsize;
|
size_t bfsize;
|
||||||
struct sockaddr_in6 baddr;
|
struct sockaddr_in6 baddr;
|
||||||
struct sockaddr_in6 laddr;
|
struct sockaddr_in6 laddr;
|
||||||
|
bool transparent;
|
||||||
struct mphdr *mempool;
|
struct mphdr *mempool;
|
||||||
|
|
||||||
char *protect_path;
|
char *protect_path;
|
||||||
|
104
proxy.c
104
proxy.c
@ -32,6 +32,13 @@
|
|||||||
#if defined(__linux__) && defined(__GLIBC__)
|
#if defined(__linux__) && defined(__GLIBC__)
|
||||||
extern int accept4(int, struct sockaddr *__restrict, socklen_t *__restrict, int);
|
extern int accept4(int, struct sockaddr *__restrict, socklen_t *__restrict, int);
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef __linux__
|
||||||
|
/* For SO_ORIGINAL_DST only (which is 0x50) */
|
||||||
|
#include "linux/netfilter_ipv4.h"
|
||||||
|
#ifndef IP6T_SO_ORIGINAL_DST
|
||||||
|
#define IP6T_SO_ORIGINAL_DST SO_ORIGINAL_DST
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
@ -125,6 +132,7 @@ int resolve(char *host, int len,
|
|||||||
|
|
||||||
char rchar = host[len];
|
char rchar = host[len];
|
||||||
host[len] = '\0';
|
host[len] = '\0';
|
||||||
|
LOG(LOG_S, "resolve: %s\n", host);
|
||||||
|
|
||||||
if (getaddrinfo(host, 0, &hints, &res) || !res) {
|
if (getaddrinfo(host, 0, &hints, &res) || !res) {
|
||||||
host[len] = rchar;
|
host[len] = rchar;
|
||||||
@ -197,6 +205,17 @@ int resp_error(int fd, int e, int flag)
|
|||||||
}
|
}
|
||||||
return resp_s5_error(fd, e);
|
return resp_s5_error(fd, e);
|
||||||
}
|
}
|
||||||
|
#ifdef __linux__
|
||||||
|
if (params.transparent &&
|
||||||
|
(e == ECONNREFUSED || e == ETIMEDOUT)) {
|
||||||
|
struct linger l = { .l_onoff = 1 };
|
||||||
|
if (setsockopt(fd,
|
||||||
|
SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
|
||||||
|
uniperror("setsockopt SO_LINGER");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -242,7 +261,7 @@ int s5_get_addr(char *buffer, size_t n,
|
|||||||
struct sockaddr_ina *addr, int type)
|
struct sockaddr_ina *addr, int type)
|
||||||
{
|
{
|
||||||
if (n < S_SIZE_MIN) {
|
if (n < S_SIZE_MIN) {
|
||||||
LOG(LOG_E, "ss: request to small\n");
|
LOG(LOG_E, "ss: request too small\n");
|
||||||
return -S_ER_GEN;
|
return -S_ER_GEN;
|
||||||
}
|
}
|
||||||
struct s5_req *r = (struct s5_req *)buffer;
|
struct s5_req *r = (struct s5_req *)buffer;
|
||||||
@ -393,6 +412,10 @@ int create_conn(struct poolhd *pool,
|
|||||||
close(sfd);
|
close(sfd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
if (mod_etype(pool, val, 0) < 0) {
|
||||||
|
uniperror("mod_etype");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
val->pair = pair;
|
val->pair = pair;
|
||||||
pair->pair = val;
|
pair->pair = val;
|
||||||
#ifdef __NetBSD__
|
#ifdef __NetBSD__
|
||||||
@ -482,7 +505,7 @@ int udp_associate(struct poolhd *pool,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
struct eval *client = add_event(pool, EV_UDP_TUNNEL, cfd, POLLIN);
|
struct eval *client = add_event(pool, EV_UDP_TUNNEL, cfd, POLLIN);
|
||||||
if (!pair) {
|
if (!client) {
|
||||||
del_event(pool, pair);
|
del_event(pool, pair);
|
||||||
close(cfd);
|
close(cfd);
|
||||||
return -1;
|
return -1;
|
||||||
@ -519,6 +542,38 @@ int udp_associate(struct poolhd *pool,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef __linux__
|
||||||
|
static inline int transp_conn(struct poolhd *pool, struct eval *val)
|
||||||
|
{
|
||||||
|
struct sockaddr_ina remote, self;
|
||||||
|
socklen_t rlen = sizeof(remote), slen = sizeof(self);
|
||||||
|
if (getsockopt(val->fd, IPPROTO_IP,
|
||||||
|
SO_ORIGINAL_DST, &remote, &rlen) != 0)
|
||||||
|
{
|
||||||
|
if (getsockopt(val->fd, IPPROTO_IPV6,
|
||||||
|
IP6T_SO_ORIGINAL_DST, &remote, &rlen) != 0) {
|
||||||
|
uniperror("getsockopt SO_ORIGINAL_DST");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (getsockname(val->fd, &self.sa, &slen) < 0) {
|
||||||
|
uniperror("getsockname");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (self.sa.sa_family == remote.sa.sa_family &&
|
||||||
|
self.in.sin_port == remote.in.sin_port &&
|
||||||
|
addr_equ(&self, &remote)) {
|
||||||
|
LOG(LOG_E, "connect to self, ignore\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
int error = connect_hook(pool, val, &remote, EV_CONNECT);
|
||||||
|
if (error) {
|
||||||
|
uniperror("connect_hook");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static inline int on_accept(struct poolhd *pool, struct eval *val)
|
static inline int on_accept(struct poolhd *pool, struct eval *val)
|
||||||
{
|
{
|
||||||
@ -565,6 +620,12 @@ static inline int on_accept(struct poolhd *pool, struct eval *val)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
rval->in6 = client.in6;
|
rval->in6 = client.in6;
|
||||||
|
#ifdef __linux__
|
||||||
|
if (params.transparent && transp_conn(pool, rval) < 0) {
|
||||||
|
del_event(pool, rval);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -614,11 +675,30 @@ int on_tunnel(struct poolhd *pool, struct eval *val,
|
|||||||
if (n < 0 && get_e() == EAGAIN) {
|
if (n < 0 && get_e() == EAGAIN) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (n < 1) {
|
if (n == 0) {
|
||||||
if (n) uniperror("recv");
|
if (val->flag != FLAG_CONN)
|
||||||
|
val = val->pair;
|
||||||
|
on_fin(pool, val);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (n < 0) {
|
||||||
|
uniperror("recv");
|
||||||
|
switch (get_e()) {
|
||||||
|
case ECONNRESET:
|
||||||
|
case ETIMEDOUT:
|
||||||
|
if (val->flag == FLAG_CONN)
|
||||||
|
on_torst(pool, val);
|
||||||
|
else
|
||||||
|
on_fin(pool, val->pair);
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
val->recv_count += n;
|
val->recv_count += n;
|
||||||
|
if (!val->last_round) {
|
||||||
|
val->round_count++;
|
||||||
|
val->last_round = 1;
|
||||||
|
pair->last_round = 0;
|
||||||
|
}
|
||||||
|
|
||||||
ssize_t sn = send(pair->fd, buffer, n, 0);
|
ssize_t sn = send(pair->fd, buffer, n, 0);
|
||||||
if (sn != n) {
|
if (sn != n) {
|
||||||
@ -753,7 +833,7 @@ static inline int on_request(struct poolhd *pool, struct eval *val,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (n < S_SIZE_MIN) {
|
if (n < S_SIZE_MIN) {
|
||||||
LOG(LOG_E, "ss: request to small (%zd)\n", n);
|
LOG(LOG_E, "ss: request too small (%zd)\n", n);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
struct s5_req *r = (struct s5_req *)buffer;
|
struct s5_req *r = (struct s5_req *)buffer;
|
||||||
@ -821,7 +901,8 @@ static inline int on_connect(struct poolhd *pool, struct eval *val, int e)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (mod_etype(pool, val, POLLIN)) {
|
if (mod_etype(pool, val, POLLIN) ||
|
||||||
|
mod_etype(pool, val->pair, POLLIN)) {
|
||||||
uniperror("mod_etype");
|
uniperror("mod_etype");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -839,7 +920,10 @@ static inline int on_connect(struct poolhd *pool, struct eval *val, int e)
|
|||||||
|
|
||||||
void close_conn(struct poolhd *pool, struct eval *val)
|
void close_conn(struct poolhd *pool, struct eval *val)
|
||||||
{
|
{
|
||||||
LOG(LOG_S, "close: fds=%d,%d\n", val->fd, val->pair ? val->pair->fd : -1);
|
LOG(LOG_S, "close: fds=%d,%d, recv: %zd,%zd, rounds: %d,%d\n",
|
||||||
|
val->fd, val->pair ? val->pair->fd : -1,
|
||||||
|
val->recv_count, val->pair ? val->pair->recv_count : 0,
|
||||||
|
val->round_count, val->pair ? val->pair->round_count : 0);
|
||||||
del_event(pool, val);
|
del_event(pool, val);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -850,12 +934,10 @@ int event_loop(int srvfd)
|
|||||||
|
|
||||||
struct poolhd *pool = init_pool(params.max_open * 2 + 1);
|
struct poolhd *pool = init_pool(params.max_open * 2 + 1);
|
||||||
if (!pool) {
|
if (!pool) {
|
||||||
uniperror("init pool");
|
|
||||||
close(srvfd);
|
close(srvfd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (!add_event(pool, EV_ACCEPT, srvfd, POLLIN)) {
|
if (!add_event(pool, EV_ACCEPT, srvfd, POLLIN)) {
|
||||||
uniperror("add event");
|
|
||||||
destroy_pool(pool);
|
destroy_pool(pool);
|
||||||
close(srvfd);
|
close(srvfd);
|
||||||
return -1;
|
return -1;
|
||||||
@ -880,7 +962,7 @@ int event_loop(int srvfd)
|
|||||||
}
|
}
|
||||||
assert(val->type >= 0
|
assert(val->type >= 0
|
||||||
&& val->type < sizeof(eid_name)/sizeof(*eid_name));
|
&& val->type < sizeof(eid_name)/sizeof(*eid_name));
|
||||||
LOG(LOG_L, "new event: fd: %d, evt: %s, mod_iter: %d\n", val->fd, eid_name[val->type], val->mod_iter);
|
LOG(LOG_L, "new event: fd: %d, evt: %s, mod_iter: %llu\n", val->fd, eid_name[val->type], val->mod_iter);
|
||||||
|
|
||||||
switch (val->type) {
|
switch (val->type) {
|
||||||
case EV_ACCEPT:
|
case EV_ACCEPT:
|
||||||
@ -974,6 +1056,7 @@ int run(struct sockaddr_ina *srv)
|
|||||||
uniperror("signal SIGPIPE!");
|
uniperror("signal SIGPIPE!");
|
||||||
#endif
|
#endif
|
||||||
signal(SIGINT, on_cancel);
|
signal(SIGINT, on_cancel);
|
||||||
|
signal(SIGTERM, on_cancel);
|
||||||
|
|
||||||
int fd = listen_socket(srv);
|
int fd = listen_socket(srv);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
@ -981,4 +1064,3 @@ int run(struct sockaddr_ina *srv)
|
|||||||
}
|
}
|
||||||
return event_loop(fd);
|
return event_loop(fd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user