Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
T
tun
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Railgun
tun
Commits
82776e24
Commit
82776e24
authored
Aug 17, 2022
by
nanahira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
first
parent
febc13c2
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
176 additions
and
39 deletions
+176
-39
.dockerignore
.dockerignore
+4
-1
.gitignore
.gitignore
+4
-2
.gitlab-ci.yml
.gitlab-ci.yml
+65
-0
CMakeLists.txt
CMakeLists.txt
+4
-4
Dockerfile
Dockerfile
+13
-7
README.md
README.md
+5
-0
entrypoint.sh
entrypoint.sh
+29
-0
main.cpp
main.cpp
+52
-25
No files found.
.dockerignore
View file @
82776e24
# Project exclude paths
cmake-build-debug
.idea
Dockerfile
\ No newline at end of file
Dockerfile
.dockerignore
/build
.gitignore
View file @
82776e24
# Project exclude paths
cmake-build-debug
# Project exclude paths
cmake-build-debug
.idea
.DS_Store
/build
.gitlab-ci.yml
0 → 100644
View file @
82776e24
stages
:
-
build
-
combine
-
deploy
variables
:
GIT_DEPTH
:
"
1"
CONTAINER_TEST_IMAGE
:
$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
CONTAINER_TEST_ARM_IMAGE
:
$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
CONTAINER_TEST_X86_IMAGE
:
$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
CONTAINER_RELEASE_IMAGE
:
$CI_REGISTRY_IMAGE:latest
before_script
:
-
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build-x86
:
stage
:
build
tags
:
-
docker
script
:
-
TARGET_IMAGE=$CONTAINER_TEST_X86_IMAGE
-
docker build --pull -t $TARGET_IMAGE .
-
docker push $TARGET_IMAGE
build-arm
:
stage
:
build
tags
:
-
docker-arm
script
:
-
TARGET_IMAGE=$CONTAINER_TEST_ARM_IMAGE
-
docker build --pull -t $TARGET_IMAGE .
-
docker push $TARGET_IMAGE
combine
:
stage
:
combine
tags
:
-
docker
script
:
-
TARGET_IMAGE=$CONTAINER_TEST_IMAGE
-
SOURCE_IMAGE_2=$CONTAINER_TEST_ARM_IMAGE
-
SOURCE_IMAGE_1=$CONTAINER_TEST_X86_IMAGE
-
docker pull $SOURCE_IMAGE_1
-
docker pull $SOURCE_IMAGE_2
-
docker manifest create $TARGET_IMAGE --amend $SOURCE_IMAGE_1 --amend
$SOURCE_IMAGE_2
-
docker manifest push $TARGET_IMAGE
deploy_latest
:
stage
:
deploy
tags
:
-
docker
script
:
-
TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
-
SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
-
docker pull $SOURCE_IMAGE
-
docker tag $SOURCE_IMAGE $TARGET_IMAGE
-
docker push $TARGET_IMAGE
only
:
-
master
deploy_tag
:
stage
:
deploy
tags
:
-
docker
script
:
-
TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
-
SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
-
docker pull $SOURCE_IMAGE
-
docker tag $SOURCE_IMAGE $TARGET_IMAGE
-
docker push $TARGET_IMAGE
only
:
-
tags
CMakeLists.txt
View file @
82776e24
cmake_minimum_required
(
VERSION 3.21
)
project
(
tun
)
project
(
mc
tun
)
set
(
CMAKE_CXX_STANDARD 23
)
add_executable
(
tun main.cpp
)
add_executable
(
mc
tun main.cpp
)
target_link_libraries
(
tun
)
target_link_libraries
(
mc
tun
)
find_package
(
Threads REQUIRED
)
target_link_libraries
(
tun Threads::Threads
)
target_link_libraries
(
mc
tun Threads::Threads
)
#set(Boost_USE_STATIC_LIBS ON)
#find_package(Boost COMPONENTS program_options REQUIRED)
...
...
Dockerfile
View file @
82776e24
FROM
alpine:3.15 AS builder
RUN
apk
--no-cache
add build-base cmake linux-headers boost-dev boost-static
FROM
debian:bullseye-slim as base
RUN
apt update
&&
\
apt
-y
install
build-essential libboost-dev iproute2 iptables ipset netcat-openbsd
&&
\
rm
-rf
/var/lib/apt/lists/
*
/tmp/
*
/var/tmp/
*
/var/log/
*
/var/cache/
*
FROM
base as builder
WORKDIR
/usr/src/app
RUN
apt update
&&
apt
-y
install
cmake
&&
rm
-rf
/var/lib/apt/lists/
*
/tmp/
*
/var/tmp/
*
/var/log/
*
/var/cache/
*
COPY
. .
RUN
cmake
-DCMAKE_BUILD_TYPE
=
Debug
.
RUN
cmake .
RUN
make
FROM
alpin
e
RUN
apk
--no-cache
add libgcc libstdc++
COPY
--from=builder /usr/src/app/tun .
FROM
bas
e
COPY
--from=builder /usr/src/app/mctun /usr/local/bin/
COPY
./entrypoint.sh /entrypoint.sh
ENTRYPOINT
["./tun"]
ENTRYPOINT
["/entrypoint.sh"]
CMD
["mctun"]
README.md
0 → 100644
View file @
82776e24
# MCTUN
MyCard tun
## env
entrypoint.sh
0 → 100755
View file @
82776e24
#!/bin/bash
pid
=
0
run_stop
()
{
signalCode
=
$1
if
[
-n
"
$DOWN_SCRIPT
"
]
;
then
eval
"
$DOWN_SCRIPT
"
fi
if
[
$pid
-ne
0
]
;
then
kill
"-
$signalCode
"
"
$pid
"
wait
"
$pid
"
fi
echo
"Stopped"
exit
$((
128
+
signalCode
))
;
}
trap
'kill ${!}; run_stop 2'
SIGTERM
trap
'kill ${!}; run_stop 15'
SIGINT
echo
"Started"
"
$@
"
&
pid
=
"
$!
"
# wait forever
while
true
do
tail
-f
/dev/null &
wait
${
!
}
done
main.cpp
View file @
82776e24
...
...
@@ -19,8 +19,6 @@ struct Meta {
unsigned
short
reversed
;
};
#define decrypt_package encrypt_package
unsigned
char
local_id
;
unsigned
char
remote_id
;
sockaddr_in
remote_addr
{.
sin_family
=
AF_INET
};
...
...
@@ -47,14 +45,24 @@ uint16_t csum(uint16_t *packet, int packlen) {
return
(
uint16_t
)
~
sum
;
}
char
*
secret
;
size_t
secret_length
;
class
Secret
{
private:
char
*
key
;
size_t
length
;
public:
Secret
(
char
*
key
)
:
key
(
key
),
length
(
strlen
(
key
))
{}
void
encrypt
(
unsigned
char
*
data
,
size_t
length
)
{
for
(
size_t
i
=
0
;
i
<
length
;
i
++
)
{
data
[
i
]
^=
key
[
i
%
this
->
length
];
}
}
void
decrypt
(
unsigned
char
*
data
,
size_t
length
)
{
encrypt
(
data
,
length
);
}
};
void
encrypt_package
(
unsigned
char
*
buffer
,
size_t
length
)
{
for
(
auto
i
=
0
;
i
<
length
;
i
++
)
{
buffer
[
i
]
^=
secret
[
i
%
secret_length
];
}
}
Secret
*
localSecret
;
Secret
*
remoteSecret
;
// internet -> tun
void
inbound
(
int
raw
,
int
tun
)
{
...
...
@@ -70,7 +78,7 @@ void inbound(int raw, int tun) {
if
(
!
(
meta
->
src_id
==
remote_id
&&
meta
->
dst_id
==
local_id
&&
meta
->
reversed
==
0
))
continue
;
auto
inner
=
(
iphdr
*
)
(
payload
+
sizeof
(
Meta
));
auto
payload_length
=
packet_length
-
overhead
-
sizeof
(
Meta
);
decrypt_package
((
unsigned
char
*
)
inner
,
payload_length
);
remoteSecret
->
decrypt
((
unsigned
char
*
)
inner
,
payload_length
);
// if (ip_fast_csum(inner, inner->ihl)) continue;
if
(
csum
((
uint16_t
*
)
inner
,
inner
->
ihl
*
4
))
continue
;
// std::cout << "packet_length " << packet_length
...
...
@@ -101,7 +109,7 @@ void outbound(int raw, int tun) {
while
((
packet_length
=
read
(
tun
,
inner
,
sizeof
(
buffer
)
+
sizeof
(
Meta
)))
>=
0
)
{
// std::cout << "sendto: " << inet_ntoa(remote_addr.sin_addr) << std::endl;
if
(
!
remote_addr
.
sin_addr
.
s_addr
)
continue
;
encrypt_package
(
inner
,
packet_length
);
localSecret
->
encrypt
(
inner
,
packet_length
);
if
(
sendto
(
raw
,
buffer
,
packet_length
+
sizeof
(
Meta
),
0
,
(
sockaddr
*
)
&
remote_addr
,
sizeof
(
remote_addr
))
<
0
)
{
perror
(
"outbound write"
);
}
...
...
@@ -109,30 +117,44 @@ void outbound(int raw, int tun) {
perror
(
"outbound read"
);
}
int
main
(
int
argc
,
char
*
argv
[])
{
auto
get_var
(
const
char
*
varname
,
bool
required
=
true
)
{
auto
value
=
getenv
(
varname
);
if
(
value
==
nullptr
&&
required
)
{
std
::
cerr
<<
"missing required environment variable: "
<<
varname
<<
std
::
endl
;
exit
(
2
);
}
return
value
;
}
local_id
=
atoi
(
getenv
(
"local_id"
));
remote_id
=
atoi
(
getenv
(
"remote_id"
));
auto
endpoint
=
getenv
(
"endpoint"
);
unsigned
char
proto
=
atoi
(
getenv
(
"proto"
));
secret
=
getenv
(
"secret"
);
auto
dev
=
getenv
(
"dev"
);
auto
up
=
getenv
(
"up"
);
auto
get_var_number
(
const
char
*
varname
,
bool
required
=
true
)
{
auto
value
=
get_var
(
varname
,
required
);
if
(
value
==
nullptr
)
return
0
;
return
atoi
(
value
);
}
int
main
(
int
argc
,
char
*
argv
[])
{
local_id
=
get_var_number
(
"LOCAL_ID"
,
true
);
remote_id
=
get_var_number
(
"REMOTE_ID"
,
true
);
unsigned
char
proto
=
get_var_number
(
"PROTO"
,
true
);
localSecret
=
new
Secret
(
get_var
(
"LOCAL_SECRET"
,
true
));
remoteSecret
=
new
Secret
(
get_var
(
"REMOTE_SECRET"
,
true
));
auto
dev
=
get_var
(
"DEV"
,
true
);
// optionals
auto
up
=
get_var
(
"UP_SCRIPT"
);
auto
endpoint
=
get_var
(
"ENDPOINT"
);
auto
mark
=
get_var_number
(
"MARK"
);
if
(
endpoint
!=
nullptr
)
{
auto
he
=
gethostbyname
(
endpoint
);
if
(
he
==
nullptr
)
{
perror
(
"gethostbyname"
);
perror
(
"gethostbyname
error
"
);
return
-
1
;
}
if
(
he
->
h_addr_list
[
0
]
==
nullptr
)
{
perror
(
"gethostbyname 2"
);
perror
(
"gethostbyname
error
2"
);
}
remote_addr
.
sin_addr
.
s_addr
=
*
(
in_addr_t
*
)
he
->
h_addr_list
[
0
];
}
secret_length
=
strlen
(
secret
);
ifreq
ifr
{};
ifr
.
ifr_flags
=
IFF_TUN
|
IFF_NO_PI
;
strncpy
(
ifr
.
ifr_name
,
dev
,
IFNAMSIZ
);
...
...
@@ -142,6 +164,12 @@ int main(int argc, char *argv[]) {
perror
(
"socket init error"
);
return
-
1
;
}
if
(
mark
)
{
if
(
setsockopt
(
raw
,
SOL_SOCKET
,
SO_MARK
,
&
mark
,
sizeof
(
mark
))
<
0
)
{
perror
(
"setsockopt error"
);
return
-
1
;
}
}
auto
tun
=
open
(
"/dev/net/tun"
,
O_RDWR
);
if
(
tun
<
0
)
{
perror
(
"tun init error"
);
...
...
@@ -163,4 +191,3 @@ int main(int argc, char *argv[]) {
return
0
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment