Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
T
tun
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Railgun
tun
Commits
6636c1ee
Commit
6636c1ee
authored
Sep 14, 2022
by
神楽坂玲奈
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
new
parent
e073c3d2
Pipeline
#16662
failed with stages
in 17 seconds
Changes
5
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
149 additions
and
116 deletions
+149
-116
CMakeLists.txt
CMakeLists.txt
+6
-1
src/Config.h
src/Config.h
+6
-0
src/Router.h
src/Router.h
+98
-0
src/checksum.h
src/checksum.h
+0
-0
src/main.cpp
src/main.cpp
+39
-115
No files found.
CMakeLists.txt
View file @
6636c1ee
...
...
@@ -3,7 +3,7 @@ project(tun)
set
(
CMAKE_CXX_STANDARD 23
)
add_executable
(
tun src/main.cpp src/
Config.cpp src/checksum.cpp
)
add_executable
(
tun src/main.cpp src/
Router.h
)
set
(
CMAKE_CXX_FLAGS_DEBUG -ggdb
)
...
...
@@ -12,3 +12,8 @@ target_link_libraries(tun Threads::Threads)
find_package
(
nlohmann_json REQUIRED
)
target_link_libraries
(
tun nlohmann_json::nlohmann_json
)
find_package
(
Boost REQUIRED
)
target_link_libraries
(
tun Boost
)
target_link_libraries
(
tun b64
)
\ No newline at end of file
src/Config.
cpp
→
src/Config.
h
View file @
6636c1ee
#ifndef TUN_CONFIG_H
#define TUN_CONFIG_H
#include <nlohmann/json.hpp>
#include <boost/core/noncopyable.hpp>
using
json
=
nlohmann
::
json
;
...
...
@@ -35,3 +39,5 @@ void from_json(const json& j, Config& p) {
j
.
at
(
"local_secret"
).
get_to
(
p
.
local_secret
);
j
.
at
(
"routers"
).
get_to
(
p
.
routers
);
}
#endif //TUN_CONFIG_H
\ No newline at end of file
src/Router.h
0 → 100644
View file @
6636c1ee
#ifndef TUN_ROUTER_H
#define TUN_ROUTER_H
#include "Config.h"
#include <boost/core/noncopyable.hpp>
#include <b64/decode.h>
#include <netdb.h>
#include <linux/if.h>
#include <linux/if_tun.h>
#include <fcntl.h>
#include <sys/ioctl.h>
class
Router
:
private
boost
::
noncopyable
{
public:
static
const
int
secret_length
=
32
;
static
std
::
map
<
std
::
pair
<
unsigned
char
,
unsigned
char
>
,
int
>
raws
;
// (family,proto) => fd
static
std
::
map
<
int
,
Router
*>
tuns
;
// fd => router
static
std
::
map
<
int
,
Router
*>
all
;
// id => router
static
unsigned
char
local_secret
[
secret_length
];
const
ConfigRouter
&
config
;
unsigned
char
secret
[
secret_length
];
sockaddr_storage
remote_addr
{};
int
tun
;
int
raw
;
explicit
Router
(
const
ConfigRouter
&
config
)
:
config
(
config
)
{
create_secret
(
config
.
remote_secret
,
secret
);
create_remote_addr
();
create_tun
();
create_raw
();
system
(
config
.
up
.
c_str
());
all
[
config
.
remote_id
]
=
this
;
tuns
[
tun
]
=
this
;
};
static
void
create_secret
(
const
std
::
string
&
secret
,
unsigned
char
*
target
)
{
base64
::
decoder
decoder
;
decoder
.
decode
(
secret
.
c_str
(),
secret
.
length
(),
(
char
*
)
target
);
}
void
create_remote_addr
()
{
if
(
config
.
endpoint
.
empty
())
{
addrinfo
hints
=
{.
ai_family
=
config
.
family
};
addrinfo
*
result
;
if
(
auto
ret
=
getaddrinfo
(
config
.
endpoint
.
c_str
(),
nullptr
,
&
hints
,
&
result
)
!=
0
)
{
puts
(
gai_strerror
(
ret
));
throw
;
}
remote_addr
=
*
(
sockaddr_storage
*
)
result
->
ai_addr
;
freeaddrinfo
(
result
);
}
}
void
create_tun
()
{
ifreq
ifr
{};
ifr
.
ifr_flags
=
IFF_TUN
|
IFF_NO_PI
;
strncpy
(
ifr
.
ifr_name
,
config
.
dev
.
c_str
(),
IFNAMSIZ
);
tun
=
open
(
"/dev/net/tun"
,
O_RDWR
);
if
(
tun
<
0
)
{
perror
(
"tun init error"
);
throw
;
}
if
(
ioctl
(
tun
,
TUNSETIFF
,
&
ifr
)
<
0
)
{
perror
(
"ioctl error"
);
throw
;
}
}
void
create_raw
()
{
auto
key
=
std
::
make_pair
(
config
.
family
,
config
.
proto
);
if
(
!
raws
.
contains
(
key
))
{
if
(
auto
result
=
socket
(
config
.
family
,
SOCK_RAW
,
config
.
proto
)
<
0
)
{
perror
(
"socket init error"
);
throw
;
}
else
{
raws
[
key
]
=
result
;
}
}
raw
=
raws
[
key
];
}
void
encrypt
(
unsigned
char
*
data
,
size_t
length
)
{
for
(
size_t
i
=
0
;
i
<
length
;
i
++
)
{
data
[
i
]
^=
local_secret
[
i
%
secret_length
];
}
}
void
decrypt
(
unsigned
char
*
data
,
size_t
length
)
{
for
(
size_t
i
=
0
;
i
<
length
;
i
++
)
{
data
[
i
]
^=
secret
[
i
%
secret_length
];
}
}
};
#endif
src/checksum.
cpp
→
src/checksum.
h
View file @
6636c1ee
File moved
src/main.cpp
View file @
6636c1ee
#include <iostream>
#include <thread>
#include <sys/socket.h>
#include <netinet/in.h>
#include <fcntl.h>
#include <linux/if.h>
#include <linux/ip.h>
#include <linux/if_tun.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <cstring>
#include <nlohmann/json.hpp>
#include <linux/ipv6.h>
#include <vector>
#include <linux/ip.h>
#include "checksum.h"
#include "Config.h"
#include "Router.h"
using
json
=
nlohmann
::
json
;
struct
Meta
{
unsigned
char
src_id
;
unsigned
char
dst_id
;
unsigned
short
re
vers
ed
;
unsigned
short
re
serv
ed
;
};
unsigned
char
local_id
;
unsigned
char
remote_id
;
sockaddr_storage
remote_addr
{};
class
Secret
{
private:
char
*
key
;
size_t
length
;
public:
Secret
(
char
*
key
)
:
key
(
key
),
length
(
strlen
(
key
))
{}
void
encrypt
(
unsigned
char
*
data
,
size_t
length
)
{
for
(
size_t
i
=
0
;
i
<
length
;
i
++
)
{
data
[
i
]
^=
key
[
i
%
this
->
length
];
}
}
void
decrypt
(
unsigned
char
*
data
,
size_t
length
)
{
encrypt
(
data
,
length
);
}
};
Secret
*
localSecret
;
Secret
*
remoteSecret
;
#include <linux/ipv6.h>
#include <vector>
Config
config
;
// internet -> tun
void
inbound
(
int
raw
,
int
tun
)
{
void
inbound
(
int
raw
)
{
unsigned
char
buffer
[
ETH_DATA_LEN
];
sockaddr_storage
address
;
socklen_t
address_length
=
sizeof
(
address
);
...
...
@@ -58,10 +34,11 @@ void inbound(int raw, int tun) {
auto
overhead
=
packet
->
ihl
*
4
;
auto
payload
=
buffer
+
overhead
;
auto
meta
=
(
Meta
*
)
payload
;
if
(
!
(
meta
->
src_id
==
remote_id
&&
meta
->
dst_id
==
local_id
&&
meta
->
reversed
==
0
))
continue
;
if
(
!
(
Router
::
all
.
contains
(
meta
->
src_id
)
&&
meta
->
dst_id
==
config
.
local_id
&&
meta
->
reserved
==
0
))
continue
;
auto
router
=
Router
::
all
[
meta
->
src_id
];
auto
inner
=
(
payload
+
sizeof
(
Meta
));
auto
payload_length
=
packet_length
-
overhead
-
sizeof
(
Meta
);
r
emoteSecret
->
decrypt
(
inner
,
payload_length
);
r
outer
->
decrypt
(
inner
,
payload_length
);
switch
(((
ipv6hdr
*
)
inner
)
->
version
)
{
case
4
:
if
(
csum
((
uint16_t
*
)
inner
,
((
iphdr
*
)
inner
)
->
ihl
*
4
))
continue
;
...
...
@@ -72,17 +49,9 @@ void inbound(int raw, int tun) {
default:
continue
;
}
// if (ip_fast_csum(inner, inner->ihl)) continue;
// std::cout << "packet_length " << packet_length
// << " tot_len " << ntohs(packet->tot_len)
// << " inner->tot_len " << ntohs(inner->tot_len)
// << " from " << inet_ntoa(address.sin_addr) << std::endl;
// if (remote_addr.sin_addr.s_addr != address.sin_addr.s_addr) {
// std::cout << "float ip: " << inet_ntoa(address.sin_addr) << std::endl;
// }
remote_addr
=
address
;
router
->
remote_addr
=
address
;
if
(
write
(
tun
,
inner
,
payload_length
)
<
0
)
{
if
(
write
(
router
->
tun
,
inner
,
payload_length
)
<
0
)
{
perror
(
"inbound write"
);
}
}
...
...
@@ -90,84 +59,39 @@ void inbound(int raw, int tun) {
}
// tun -> internet
void
outbound
(
int
raw
,
int
tun
)
{
void
outbound
(
int
tun
)
{
auto
router
=
Router
::
tuns
[
tun
];
unsigned
char
buffer
[
ETH_DATA_LEN
];
auto
meta
=
(
Meta
*
)
buffer
;
meta
->
src_id
=
local_id
;
meta
->
dst_id
=
remote_id
;
meta
->
re
vers
ed
=
0
;
meta
->
src_id
=
config
.
local_id
;
meta
->
dst_id
=
r
outer
->
config
.
r
emote_id
;
meta
->
re
serv
ed
=
0
;
auto
inner
=
buffer
+
sizeof
(
Meta
);
size_t
packet_length
;
while
((
packet_length
=
read
(
tun
,
inner
,
sizeof
(
buffer
)
-
sizeof
(
Meta
)))
>=
0
)
{
// std::cout << "sendto: " << inet_ntoa(remote_addr.sin_addr) << std::endl;
if
(
!
remote_addr
.
ss_family
)
continue
;
localSecret
->
encrypt
(
inner
,
packet_length
);
if
(
sendto
(
raw
,
buffer
,
packet_length
+
sizeof
(
Meta
),
0
,
(
sockaddr
*
)
&
remote_addr
,
sizeof
(
remote_addr
))
<
0
)
{
if
(
!
router
->
remote_addr
.
ss_family
)
continue
;
router
->
encrypt
(
inner
,
packet_length
);
if
(
setsockopt
(
router
->
raw
,
SOL_SOCKET
,
SO_MARK
,
&
router
->
config
.
mark
,
sizeof
(
router
->
config
.
mark
))
<
0
)
{
perror
(
"setsockopt error"
);
}
if
(
sendto
(
router
->
raw
,
buffer
,
packet_length
+
sizeof
(
Meta
),
0
,
(
sockaddr
*
)
&
router
->
remote_addr
,
sizeof
(
router
->
remote_addr
))
<
0
)
{
perror
(
"outbound write"
);
}
}
perror
(
"outbound read"
);
}
int
main
(
int
argc
,
char
*
argv
[])
{
// json data = json::parse(argv[1]);
// auto config = data.get<Config>();
//
//
// if (endpoint != nullptr) {
// addrinfo hints = {
// .ai_family = family
// };
// addrinfo *result;
//
// auto ret = getaddrinfo(endpoint, nullptr, &hints, &result);
// if (ret != 0) {
// puts(gai_strerror(ret));
// return -1;
// }
// remote_addr = *(sockaddr_storage *) result->ai_addr;
// freeaddrinfo(result); /* No longer needed */
// }
// ifreq ifr{};
// ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
// strncpy(ifr.ifr_name, dev, IFNAMSIZ);
//
// auto raw = socket(family, SOCK_RAW, proto);
// if (raw < 0) {
// perror("socket init error");
// return -1;
// }
// if (mark) {
// if (setsockopt(raw, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0) {
// perror("setsockopt error");
// return -1;
// }
// }
// auto tun = open("/dev/net/tun", O_RDWR);
// if (tun < 0) {
// perror("tun init error");
// return -1;
// }
// puts(dev);
//
// if (ioctl(tun, TUNSETIFF, &ifr) < 0) {
// perror("ioctl error");
// return -1;
// }
//
// system(up);
//
// std::thread t1(inbound, raw, tun);
// std::thread t2(outbound, raw, tun);
// t1.join();
// t2.join();
json
data
=
json
::
parse
(
argv
[
1
]);
config
=
data
.
get
<
Config
>
();
Router
::
create_secret
(
config
.
local_secret
,
Router
::
local_secret
);
for
(
const
auto
&
item
:
config
.
routers
)
new
Router
(
item
);
std
::
vector
<
std
::
thread
>
threads
;
for
(
auto
&
[
_
,
router
]
:
Router
::
all
)
threads
.
emplace_back
(
outbound
,
router
->
tun
);
for
(
auto
&
[
_
,
raw
]
:
Router
::
raws
)
threads
.
emplace_back
(
inbound
,
raw
);
for
(
auto
&
thread
:
threads
)
thread
.
join
();
return
0
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment