merge up to f68c6e2

This commit is contained in:
wangyu 2020-07-14 08:01:48 -04:00
parent fe9e73decc
commit 6681f3a4e6
6 changed files with 32 additions and 19 deletions

@ -581,7 +581,8 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
{
vector<char> type_vec;
vector<string> data_vec;
if(recv_safer_multi(conn_info,type_vec,data_vec)!=0)
recv_safer_multi(conn_info,type_vec,data_vec);
if(data_vec.empty())
{
mylog(log_debug,"recv_safer failed!\n");
return -1;

@ -649,39 +649,50 @@ int recv_safer_multi(conn_info_t &conn_info,vector<char> &type_arr,vector<string
data_arr.emplace_back(data,data+len);
//std::copy(data,data+len,data_arr[0]);
}
return ret;
return 0;
} else
{
char *ori_recv_data=recv_data;
int ori_recv_len=recv_len;
//mylog(log_debug,"recv_len:%d\n",recv_len);
int cnt=0;
while(recv_len>2)
{
recv_len-=2;
cnt++;
int single_len_no_xor;
single_len_no_xor=read_u16(recv_data);
int single_len;
recv_data[0]^=gro_xor[0];
recv_data[1]^=gro_xor[1];
single_len=read_u16(recv_data);
recv_len-=2;
recv_data+=2;
if(single_len > recv_len)
{
mylog(log_debug,"illegal single_len %d, recv_len %d left,dropped\n",single_len,recv_len);
mylog(log_debug,"illegal single_len %d(%d), recv_len %d left,dropped\n",single_len,single_len_no_xor,recv_len);
break;
}
if(single_len> single_max_data_len )
{
mylog(log_warn,"single_len %d > %d\n",single_len,single_max_data_len);
mylog(log_warn,"single_len %d(%d) > %d, maybe you need to turn down mtu at upper level\n",single_len,single_len_no_xor,single_max_data_len);
}
int ret = reserved_parse_safer(conn_info, recv_data, single_len, type, data, len);
if(ret!=0)
{
mylog(log_debug,"illegal single_len %d, recv_len %d left,dropped\n",single_len,recv_len);
mylog(log_debug,"parse failed, offset= %d,single_len=%d(%d)\n",(int)(recv_data-ori_recv_data),single_len,single_len_no_xor);
} else{
type_arr.push_back(type);
data_arr.emplace_back(data,data+len);
//std::copy(data,data+len,data_arr[data_arr.size()-1]);
}
recv_data+=single_len;
recv_len-=single_len;
}
if(cnt>1)
{
mylog(log_debug,"got a suspected gro packet, %d packets recovered, recv_len=%d, loop_cnt=%d\n",(int)data_arr.size(),ori_recv_len,cnt);
}
return 0;
}

@ -26,7 +26,7 @@ unsigned char hmac_key_decrypt[hmac_key_len + 100]; //key for hmac
unsigned char cipher_key_encrypt[cipher_key_len + 100]; //key for aes etc.
unsigned char cipher_key_decrypt[cipher_key_len + 100]; //key for aes etc.
char gro_xor[16+100];//dirty fix for gro
char gro_xor[256+100];//dirty fix for gro
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},};
@ -87,7 +87,7 @@ int my_init_keys(const char * user_passwd,int is_client)
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_decrypt,strlen(info_hmac_decrypt), hmac_key_decrypt, hmac_key_len ) ==0);
const char *gro_info="gro";
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)gro_info,strlen(gro_info), (unsigned char *)gro_xor, 16 ) ==0);
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)gro_info,strlen(gro_info), (unsigned char *)gro_xor, 256 ) ==0);
}
print_binary_chars(normal_key,16);

@ -34,7 +34,7 @@ extern cipher_mode_t cipher_mode;
extern unordered_map<int, const char *> auth_mode_tostring;
extern unordered_map<int, const char *> cipher_mode_tostring;
extern char gro_xor[16+100];
extern char gro_xor[256+100];
int cipher_decrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only
int cipher_encrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only

@ -143,6 +143,8 @@ void print_help()
printf(" -g,--gen-rule generate iptables rule then exit,so that you can copy and\n");
printf(" add it manually.overrides -a\n");
printf(" --disable-anti-replay disable anti-replay,not suggested\n");
printf(" --fix-gro try to fix huge packet caused by GRO. this option is at an early stage.\n");
printf(" make sure client and server are at same version.\n");
//printf("\n");
printf("client options:\n");
@ -184,7 +186,6 @@ void print_help()
printf(" --clear clear any iptables rules added by this program.overrides everything\n");
printf(" --retry-on-error retry on error, allow to start udp2raw before network is initialized\n");
printf(" -h,--help print this help message\n");
//printf("common options,these options must be same on both side\n");
}
@ -770,7 +771,8 @@ void process_arg(int argc, char *argv[]) //process all options
}
else if(strcmp(long_options[option_index].name,"fix-gro")==0)
{
g_fix_gro=0;
mylog(log_info,"--fix-gro enabled\n");
g_fix_gro=1;
}
else
{

@ -9,7 +9,7 @@
#include "log.h"
#include "misc.h"
int g_fix_gro=1;
int g_fix_gro=0;
int raw_recv_fd=-1;
int raw_send_fd=-1;
@ -1418,15 +1418,15 @@ int pre_recv_raw_packet()
{
if(g_fix_gro==0)
{
mylog(log_warn, "huge packet, data_len %d > %d(single_max_data_len) dropped\n", g_packet_buf_len,
mylog(log_warn, "huge packet, data_len %d > %d(single_max_data_len) dropped, maybe you need to turn down mtu at upper level, or you may take a look at --fix-gro\n", g_packet_buf_len,
single_max_data_len);
return -1;
}
else
{
mylog(log_debug, "huge packet, data_len %d > %d(single_max_data_len) dropped\n", g_packet_buf_len,
mylog(log_debug, "huge packet, data_len %d > %d(single_max_data_len) not dropped\n", g_packet_buf_len,
single_max_data_len);
return -1;
//return -1;
}
}
@ -2526,9 +2526,8 @@ int recv_raw_tcp(raw_info_t &raw_info,char * &payload,int &payloadlen)
if(tcp_chk!=0)
{
mylog(log_debug,"tcp_chk:%x\n",tcp_chk);
mylog(log_debug,"tcp header error\n");
return -1;
mylog(log_debug,"tcp_chk:%x, tcp checksum failed, ignored\n",tcp_chk);
//return -1;
}