sad/udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2024-06-16 12:09:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

--max-rst-allowed --max-rst-to-show

Browse Source
This commit is contained in:
wangyu- 2018-02-24 17:26:29 -06:00
parent 7cb65ec45d
commit 0c2060028a
7 changed files with 92 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
connection.cpp
View File

@ -228,6 +228,10 @@ conv_manager_t::~conv_manager_t()
void conn_info_t::recover(const conn_info_t &conn_info)
{
raw_info=conn_info.raw_info;
raw_info.rst_received=0;
raw_info.disabled=0;
last_state_time=conn_info.last_state_time;
last_hb_recv_time=conn_info.last_hb_recv_time;
last_hb_sent_time=conn_info.last_hb_sent_time;
@ -238,6 +242,7 @@ conv_manager_t::~conv_manager_t()
my_roller=0;//no need to set,but for easier debug,set it to zero
oppsite_roller=0;//same as above
last_oppsite_roller_time=0;
}
void conn_info_t::re_init()
@ -642,7 +647,7 @@ int send_data_safer(conn_info_t &conn_info,const char* data,int len,u32_t conv_n
return 0;
}
int parse_safer(conn_info_t &conn_info,const char * input,int input_len,char &type,char* &data,int &len)//subfunction for recv_safer,allow overlap
int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len,char &type,char* &data,int &len)//subfunction for recv_safer,allow overlap
{
static char recv_data_buf[buf_len];
@ -738,7 +743,7 @@ int recv_safer(conn_info_t &conn_info,char &type,char* &data,int &len)///safer t
if(recv_raw0(conn_info.raw_info,recv_data,recv_len)!=0) return -1;
return parse_safer(conn_info,recv_data,recv_len,type,data,len);
return reserved_parse_safer(conn_info,recv_data,recv_len,type,data,len);
}
void server_clear_function(u64_t u64)//used in conv_manager in server mode.for server we have to use one udp fd for one conv(udp connection),

4
connection.h
View File

@ -154,12 +154,12 @@ void server_clear_function(u64_t u64);
int send_bare(raw_info_t &raw_info,const char* data,int len);//send function with encryption but no anti replay,this is used when client and server verifys each other
//you have to design the protocol carefully, so that you wont be affect by relay attack
int reserved_parse_bare(const char *input,int input_len,char* & data,int & len); // a sub function used in recv_bare
//int reserved_parse_bare(const char *input,int input_len,char* & data,int & len); // a sub function used in recv_bare
int recv_bare(raw_info_t &raw_info,char* & data,int & len);//recv function with encryption but no anti replay,this is used when client and server verifys each other
//you have to design the protocol carefully, so that you wont be affect by relay attack
int send_handshake(raw_info_t &raw_info,id_t id1,id_t id2,id_t id3);// a warp for send_bare for sending handshake(this is not tcp handshake) easily
int send_safer(conn_info_t &conn_info,char type,const char* data,int len); //safer transfer function with anti-replay,when mutually verification is done.
int send_data_safer(conn_info_t &conn_info,const char* data,int len,u32_t conv_num);//a wrap for send_safer for transfer data.
int parse_safer(conn_info_t &conn_info,const char * input,int input_len,char &type,char* &data,int &len);//subfunction for recv_safer,allow overlap
//int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len,char &type,char* &data,int &len);//subfunction for recv_safer,allow overlap
int recv_safer(conn_info_t &conn_info,char &type,char* &data,int &len);///safer transfer function with anti-replay,when mutually verification is done.
#endif /* CONNECTION_H_ */

28
main.cpp
View File

@ -10,11 +10,13 @@
char hb_buf[buf_len];
int on_epoll_recv_event=0; //TODO, just a flag to help detect epoll infinite shoot
int server_on_raw_recv_pre_ready(conn_info_t &conn_info,char * ip_port,u32_t tmp_oppsite_const_id);
int server_on_raw_recv_ready(conn_info_t &conn_info,char * ip_port,char type,char *data,int data_len);
int server_on_raw_recv_handshake1(conn_info_t &conn_info,char * ip_port,char * data, int data_len);
int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is ready in epoll
{
//keep_iptables_rule();
@ -28,9 +30,19 @@ int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is
mylog(log_trace,"<client_on_timer,send_info.ts_ack= %u>\n",send_info.ts_ack);
if(raw_info.disabled)
{
conn_info.state.client_current_state=client_idle;
conn_info.my_id=get_true_random_number_nz();
mylog(log_info,"state back to client_idle\n");
}
if(conn_info.state.client_current_state==client_idle)
{
raw_info.rst_received=0;
raw_info.disabled=0;
fail_time_counter++;
if(max_fail_time>0&&fail_time_counter>max_fail_time)
{
@ -41,6 +53,8 @@ int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is
conn_info.blob->anti_replay.re_init();
conn_info.my_id = get_true_random_number_nz(); ///todo no need to do this everytime
u32_t new_ip=0;
if(!force_source_ip&&get_src_adress(new_ip,remote_ip_uint32,remote_port)==0)
{
@ -610,13 +624,15 @@ int server_on_raw_recv_multi() //called when server received an raw packet
conn_info_t &conn_info=conn_manager.find_insert(ip,port);
conn_info.raw_info=tmp_raw_info;
raw_info_t &raw_info=conn_info.raw_info;
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
//conn_info.ip_port.ip=ip;
//conn_info.ip_port.port=port;
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
raw_info_t &raw_info=conn_info.raw_info;
send_info.src_ip=recv_info.dst_ip;
send_info.src_port=recv_info.dst_port;
@ -645,6 +661,8 @@ int server_on_raw_recv_multi() //called when server received an raw packet
}
conn_info_t & conn_info=conn_manager.find_insert(ip,port);//insert if not exist
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
@ -1479,6 +1497,8 @@ int server_event_loop()
}
mylog(log_info,"fifo_file=%s\n",fifo_file);
}
while(1)////////////////////////
{
@ -1730,7 +1750,7 @@ int main(int argc, char *argv[])
if(geteuid() != 0)
{
mylog(log_error,"root check failed, it seems like you are using a non-root account. we can try to continue, but it may fail. If you want to run udp2raw as non-root, you have to add iptables rule manually, and grant udp2raw CAP_NET_RAW capability, check README.md in repo for more info.\n");
mylog(log_warn,"root check failed, it seems like you are using a non-root account. we can try to continue, but it may fail. If you want to run udp2raw as non-root, you have to add iptables rule manually, and grant udp2raw CAP_NET_RAW capability, check README.md in repo for more info.\n");
}
else
{

18
misc.cpp
View File

@ -18,6 +18,10 @@ int hb_len=1200;
int mtu_warn=1375;//if a packet larger than mtu warn is receviced,there will be a warning
int max_rst_to_show=15;
int max_rst_allowed=-1;
fd_manager_t fd_manager;
@ -268,6 +272,8 @@ void process_arg(int argc, char *argv[]) //process all options
{"hb-mode", required_argument, 0, 1},
{"hb-len", required_argument, 0, 1},
{"mtu-warn", required_argument, 0, 1},
{"max-rst-to-show", required_argument, 0, 1},
{"max-rst-allowed", required_argument, 0, 1},
{NULL, 0, 0, 0}
};
@ -628,6 +634,18 @@ void process_arg(int argc, char *argv[]) //process all options
assert(mtu_warn>0);
mylog(log_info,"mtu_warn=%d \n",mtu_warn);
}
else if(strcmp(long_options[option_index].name,"max-rst-to-show")==0)
{
sscanf(optarg,"%d",&max_rst_to_show);
assert(max_rst_to_show>=-1);
mylog(log_info,"max_rst_to_show=%d \n",max_rst_to_show);
}
else if(strcmp(long_options[option_index].name,"max-rst-allowed")==0)
{
sscanf(optarg,"%d",&max_rst_allowed);
assert(max_rst_allowed>=-1);
mylog(log_info,"max_rst_allowed=%d \n",max_rst_allowed);
}
else
{
mylog(log_warn,"ignored unknown long option ,option_index:%d code:<%x>\n",option_index, optopt);

4
misc.h
View File

@ -17,6 +17,10 @@ extern int hb_mode;
extern int hb_len;
extern int mtu_warn;
extern int max_rst_allowed;
extern int max_rst_to_show;
const u32_t max_handshake_conn_num=10000;
const u32_t max_ready_conn_num=1000;
const u32_t anti_replay_window_size=4000;

36
network.cpp
View File

@ -566,6 +566,11 @@ int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)
const packet_info_t &recv_info=raw_info.recv_info;
char send_raw_ip_buf[buf_len];
if(raw_info.disabled)
{
return 0;
}
struct iphdr *iph = (struct iphdr *) send_raw_ip_buf;
memset(iph,0,sizeof(iphdr));
@ -1445,7 +1450,36 @@ int recv_raw_tcp(raw_info_t &raw_info,char * &payload,int &payloadlen)
if(tcph->rst==1)
{
mylog(log_error,"[%s,%d]rst==1\n",my_ntoa(recv_info.src_ip),recv_info.src_port);
raw_info.rst_received++;
if(max_rst_to_show>0)
{
if(raw_info.rst_received < max_rst_to_show)
{
mylog(log_warn,"[%s,%d]rst==1,cnt=%d\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received);
}
else if(raw_info.rst_received == max_rst_to_show)
{
mylog(log_warn,"[%s,%d]rst==1,cnt=%d >=max_rst_to_show, this log is muted for current connection\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received);
}
else
{
mylog(log_debug,"[%s,%d]rst==1,cnt=%d\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received);
}
}
if(max_rst_to_show==0)
{
mylog(log_debug,"[%s,%d]rst==1,cnt=%d\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received);
}
else
{
mylog(log_warn,"[%s,%d]rst==1,cnt=%d\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received);
}
if(max_rst_allowed>=0 && raw_info.rst_received==max_rst_allowed+1 )
{
mylog(log_warn,"[%s,%d]connection disabled because of rst_received %d > max_rst_allow=%d\n",my_ntoa(recv_info.src_ip),recv_info.src_port,(int)raw_info.rst_received,(int)max_rst_allowed );
raw_info.disabled=1;
}
}
/* if(recv_info.has_ts)

3
network.h
View File

@ -77,12 +77,13 @@ struct raw_info_t
{
packet_info_t send_info;
packet_info_t recv_info;
//int last_send_len;
//int last_recv_len;
u32_t reserved_send_seq;
//uint32_t first_seq,first_ack_seq;
int rst_received=0;
bool disabled=0;
};//g_raw_info;