merge up to f68c6e2

2024-06-25 00:19:06 +00:00 · 2020-07-14 08:01:48 -04:00 · 2020-07-14 08:01:48 -04:00 · 6681f3a4e6
commit 6681f3a4e6
parent fe9e73decc
6 changed files with 32 additions and 19 deletions
--- a/client.cpp
+++ b/client.cpp
@ -581,7 +581,8 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 	{
 		vector<char> type_vec;
 		vector<string> data_vec;
-		if(recv_safer_multi(conn_info,type_vec,data_vec)!=0)
+        recv_safer_multi(conn_info,type_vec,data_vec);
+		if(data_vec.empty())
 		{
 			mylog(log_debug,"recv_safer failed!\n");
 			return -1;
--- a/connection.cpp
+++ b/connection.cpp
@ -649,39 +649,50 @@ int recv_safer_multi(conn_info_t &conn_info,vector<char> &type_arr,vector<string
            data_arr.emplace_back(data,data+len);
            //std::copy(data,data+len,data_arr[0]);
        }
-        return ret;
+        return 0;
    } else
    {
+        char *ori_recv_data=recv_data;
+        int ori_recv_len=recv_len;
+        //mylog(log_debug,"recv_len:%d\n",recv_len);
+        int cnt=0;
        while(recv_len>2)
        {
-            recv_len-=2;
+            cnt++;
+            int single_len_no_xor;
+            single_len_no_xor=read_u16(recv_data);
            int single_len;
            recv_data[0]^=gro_xor[0];
            recv_data[1]^=gro_xor[1];
            single_len=read_u16(recv_data);
+            recv_len-=2;
            recv_data+=2;
            if(single_len > recv_len)
            {
-                mylog(log_debug,"illegal single_len %d, recv_len %d left,dropped\n",single_len,recv_len);
+                mylog(log_debug,"illegal single_len %d(%d), recv_len %d left,dropped\n",single_len,single_len_no_xor,recv_len);
                break;
            }
            if(single_len> single_max_data_len )
            {
-                mylog(log_warn,"single_len %d > %d\n",single_len,single_max_data_len);
+                mylog(log_warn,"single_len %d(%d) > %d, maybe you need to turn down mtu at upper level\n",single_len,single_len_no_xor,single_max_data_len);
            }

            int ret = reserved_parse_safer(conn_info, recv_data, single_len, type, data, len);

            if(ret!=0)
            {
-                mylog(log_debug,"illegal single_len %d, recv_len %d left,dropped\n",single_len,recv_len);
+                mylog(log_debug,"parse failed, offset= %d,single_len=%d(%d)\n",(int)(recv_data-ori_recv_data),single_len,single_len_no_xor);
            } else{
                type_arr.push_back(type);
                data_arr.emplace_back(data,data+len);
                //std::copy(data,data+len,data_arr[data_arr.size()-1]);
            }
            recv_data+=single_len;
-            
+            recv_len-=single_len;
+        }
+        if(cnt>1)
+        {
+            mylog(log_debug,"got a suspected gro packet, %d packets recovered, recv_len=%d, loop_cnt=%d\n",(int)data_arr.size(),ori_recv_len,cnt);
        }
        return 0;
    }
--- a/encrypt.cpp
+++ b/encrypt.cpp
@ -26,7 +26,7 @@ unsigned char hmac_key_decrypt[hmac_key_len + 100];  //key for hmac
 unsigned char cipher_key_encrypt[cipher_key_len + 100];  //key for aes etc.
 unsigned char cipher_key_decrypt[cipher_key_len + 100];  //key for aes etc.

-char gro_xor[16+100];//dirty fix for gro
+char gro_xor[256+100];//dirty fix for gro

 unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},};

@ -87,7 +87,7 @@ int my_init_keys(const char * user_passwd,int is_client)
 		assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_decrypt,strlen(info_hmac_decrypt), hmac_key_decrypt, hmac_key_len )  ==0);

        const char *gro_info="gro";
-        assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)gro_info,strlen(gro_info), (unsigned char *)gro_xor, 16 )  ==0);
+        assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)gro_info,strlen(gro_info), (unsigned char *)gro_xor, 256 )  ==0);
 	}
 	
 	print_binary_chars(normal_key,16);
--- a/encrypt.h
+++ b/encrypt.h
@ -34,7 +34,7 @@ extern cipher_mode_t cipher_mode;
 extern unordered_map<int, const char *> auth_mode_tostring;
 extern unordered_map<int, const char *> cipher_mode_tostring;

-extern char gro_xor[16+100];
+extern char gro_xor[256+100];

 int cipher_decrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only
 int cipher_encrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only
--- a/misc.cpp
+++ b/misc.cpp
@ -143,6 +143,8 @@ void print_help()
 	printf("    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and\n");
 	printf("                                          add it manually.overrides -a\n");
 	printf("    --disable-anti-replay                 disable anti-replay,not suggested\n");
+	printf("    --fix-gro                             try to fix huge packet caused by GRO. this option is at an early stage.\n");
+	printf("                                          make sure client and server are at same version.\n");

 	//printf("\n");
 	printf("client options:\n");
@ -184,7 +186,6 @@ void print_help()
 	printf("    --clear                               clear any iptables rules added by this program.overrides everything\n");
 	printf("    --retry-on-error                      retry on error, allow to start udp2raw before network is initialized\n");
 	printf("    -h,--help                             print this help message\n");
-
 	//printf("common options,these options must be same on both side\n");
 }

@ -770,7 +771,8 @@ void process_arg(int argc, char *argv[])  //process all options
 			}
            else if(strcmp(long_options[option_index].name,"fix-gro")==0)
            {
-                g_fix_gro=0;
+                mylog(log_info,"--fix-gro enabled\n");
+                g_fix_gro=1;
            }
 			else
 			{
--- a/network.cpp
+++ b/network.cpp
@ -9,7 +9,7 @@
 #include "log.h"
 #include "misc.h"

-int g_fix_gro=1;
+int g_fix_gro=0;

 int raw_recv_fd=-1;
 int raw_send_fd=-1;
@ -1418,15 +1418,15 @@ int pre_recv_raw_packet()
    {
        if(g_fix_gro==0)
        {
-            mylog(log_warn, "huge packet, data_len %d > %d(single_max_data_len) dropped\n", g_packet_buf_len,
+            mylog(log_warn, "huge packet, data_len %d > %d(single_max_data_len) dropped, maybe you need to turn down mtu at upper level, or you may take a look at --fix-gro\n", g_packet_buf_len,
                  single_max_data_len);
            return -1;
        }
        else
        {
-            mylog(log_debug, "huge packet, data_len %d > %d(single_max_data_len) dropped\n", g_packet_buf_len,
+            mylog(log_debug, "huge packet, data_len %d > %d(single_max_data_len) not dropped\n", g_packet_buf_len,
                  single_max_data_len);
-            return -1;
+            //return -1;
        }

    }
@ -2526,9 +2526,8 @@ int recv_raw_tcp(raw_info_t &raw_info,char * &payload,int &payloadlen)

    if(tcp_chk!=0)
    {
-    	mylog(log_debug,"tcp_chk:%x\n",tcp_chk);
-    	mylog(log_debug,"tcp header error\n");
-    	return -1;
+    	mylog(log_debug,"tcp_chk:%x, tcp checksum failed, ignored\n",tcp_chk);
+    	//return -1;

    }