Skip to content

T
tun
Commit 82776e24 authored by nanahira's avatar nanahira
Browse files
Options

first

parent febc13c2
Hide whitespace changes
Inline Side-by-side
Showing with 176 additions and 39 deletions
.dockerignore
View file @ 82776e24
# Project exclude paths
cmake-build-debug
.idea
Dockerfile
\ No newline at end of file
Dockerfile
.dockerignore
/build
.gitignore
View file @ 82776e24
# Project exclude paths
cmake-build-debug
# Project exclude paths
cmake-build-debug
.idea
.DS_Store
/build
.gitlab-ci.yml 0 → 100644
View file @ 82776e24
stages:
- build
- combine
- deploy
variables:
GIT_DEPTH: "1"
CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build-x86:
stage: build
tags:
- docker
script:
- TARGET_IMAGE=$CONTAINER_TEST_X86_IMAGE
- docker build --pull -t $TARGET_IMAGE .
- docker push $TARGET_IMAGE
build-arm:
stage: build
tags:
- docker-arm
script:
- TARGET_IMAGE=$CONTAINER_TEST_ARM_IMAGE
- docker build --pull -t $TARGET_IMAGE .
- docker push $TARGET_IMAGE
combine:
stage: combine
tags:
- docker
script:
- TARGET_IMAGE=$CONTAINER_TEST_IMAGE
- SOURCE_IMAGE_2=$CONTAINER_TEST_ARM_IMAGE
- SOURCE_IMAGE_1=$CONTAINER_TEST_X86_IMAGE
- docker pull $SOURCE_IMAGE_1
- docker pull $SOURCE_IMAGE_2
- docker manifest create $TARGET_IMAGE --amend $SOURCE_IMAGE_1 --amend
$SOURCE_IMAGE_2
- docker manifest push $TARGET_IMAGE
deploy_latest:
stage: deploy
tags:
- docker
script:
- TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
- SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
- docker pull $SOURCE_IMAGE
- docker tag $SOURCE_IMAGE $TARGET_IMAGE
- docker push $TARGET_IMAGE
only:
- master
deploy_tag:
stage: deploy
tags:
- docker
script:
- TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
- docker pull $SOURCE_IMAGE
- docker tag $SOURCE_IMAGE $TARGET_IMAGE
- docker push $TARGET_IMAGE
only:
- tags
CMakeLists.txt
View file @ 82776e24
cmake_minimum_required(VERSION 3.21)
project(tun)
project(mctun)
set(CMAKE_CXX_STANDARD 23)
add_executable(tun main.cpp)
add_executable(mctun main.cpp)
target_link_libraries(tun)
target_link_libraries(mctun)
find_package(Threads REQUIRED)
target_link_libraries(tun Threads::Threads)
target_link_libraries(mctun Threads::Threads)
#set(Boost_USE_STATIC_LIBS ON)
#find_package(Boost COMPONENTS program_options REQUIRED)
......
Dockerfile
View file @ 82776e24
FROM alpine:3.15 AS builder
RUN apk --no-cache add build-base cmake linux-headers boost-dev boost-static
FROM debian:bullseye-slim as base
RUN apt update && \
apt -y install build-essential libboost-dev iproute2 iptables ipset netcat-openbsd && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* /var/cache/*
FROM base as builder
WORKDIR /usr/src/app
RUN apt update && apt -y install cmake && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* /var/cache/*
COPY . .
RUN cmake -DCMAKE_BUILD_TYPE=Debug .
RUN cmake .
RUN make
FROM alpine
RUN apk --no-cache add libgcc libstdc++
COPY --from=builder /usr/src/app/tun .
FROM base
COPY --from=builder /usr/src/app/mctun /usr/local/bin/
COPY ./entrypoint.sh /entrypoint.sh
ENTRYPOINT ["./tun"]
ENTRYPOINT ["/entrypoint.sh"]
CMD ["mctun"]
README.md 0 → 100644
View file @ 82776e24
# MCTUN
MyCard tun
## env
entrypoint.sh 0 → 100755
View file @ 82776e24
#!/bin/bash
pid=0
run_stop() {
signalCode=$1
if [ -n "$DOWN_SCRIPT" ]; then
eval "$DOWN_SCRIPT"
fi
if [ $pid -ne 0 ]; then
kill "-$signalCode" "$pid"
wait "$pid"
fi
echo "Stopped"
exit $((128 + signalCode));
}
trap 'kill ${!}; run_stop 2' SIGTERM
trap 'kill ${!}; run_stop 15' SIGINT
echo "Started"
"$@" &
pid="$!"
# wait forever
while true
do
tail -f /dev/null & wait ${!}
done
main.cpp
View file @ 82776e24
......@@ -19,8 +19,6 @@ struct Meta {
unsigned short reversed;
};
#define decrypt_package encrypt_package
unsigned char local_id;
unsigned char remote_id;
sockaddr_in remote_addr{.sin_family = AF_INET};
......@@ -47,14 +45,24 @@ uint16_t csum(uint16_t *packet, int packlen) {
return (uint16_t) ~sum;
}
char *secret;
size_t secret_length;
class Secret {
private:
char* key;
size_t length;
public:
Secret(char* key): key(key), length(strlen(key)) {}
void encrypt(unsigned char* data, size_t length) {
for (size_t i = 0; i < length; i++) {
data[i] ^= key[i % this->length];
}
}
void decrypt(unsigned char* data, size_t length) {
encrypt(data, length);
}
};
void encrypt_package(unsigned char *buffer, size_t length) {
for (auto i = 0; i < length; i++) {
buffer[i] ^= secret[i % secret_length];
}
}
Secret *localSecret;
Secret *remoteSecret;
// internet -> tun
void inbound(int raw, int tun) {
......@@ -70,7 +78,7 @@ void inbound(int raw, int tun) {
if (!(meta->src_id == remote_id && meta->dst_id == local_id && meta->reversed == 0)) continue;
auto inner = (iphdr *) (payload + sizeof(Meta));
auto payload_length = packet_length - overhead - sizeof(Meta);
decrypt_package((unsigned char *) inner, payload_length);
remoteSecret->decrypt((unsigned char *) inner, payload_length);
// if (ip_fast_csum(inner, inner->ihl)) continue;
if (csum((uint16_t *) inner, inner->ihl * 4)) continue;
// std::cout << "packet_length " << packet_length
......@@ -101,7 +109,7 @@ void outbound(int raw, int tun) {
while ((packet_length = read(tun, inner, sizeof(buffer) + sizeof(Meta))) >= 0) {
// std::cout << "sendto: " << inet_ntoa(remote_addr.sin_addr) << std::endl;
if (!remote_addr.sin_addr.s_addr) continue;
encrypt_package(inner, packet_length);
localSecret->encrypt(inner, packet_length);
if (sendto(raw, buffer, packet_length + sizeof(Meta), 0, (sockaddr *) &remote_addr, sizeof(remote_addr)) < 0) {
perror("outbound write");
}
......@@ -109,30 +117,44 @@ void outbound(int raw, int tun) {
perror("outbound read");
}
int main(int argc, char *argv[]) {
auto get_var(const char* varname, bool required = true) {
auto value = getenv(varname);
if (value == nullptr && required) {
std::cerr << "missing required environment variable: " << varname << std::endl;
exit(2);
}
return value;
}
local_id = atoi(getenv("local_id"));
remote_id = atoi(getenv("remote_id"));
auto endpoint = getenv("endpoint");
unsigned char proto = atoi(getenv("proto"));
secret = getenv("secret");
auto dev = getenv("dev");
auto up = getenv("up");
auto get_var_number(const char* varname, bool required = true) {
auto value = get_var(varname, required);
if (value == nullptr) return 0;
return atoi(value);
}
int main(int argc, char *argv[]) {
local_id = get_var_number("LOCAL_ID", true);
remote_id = get_var_number("REMOTE_ID", true);
unsigned char proto = get_var_number("PROTO", true);
localSecret = new Secret(get_var("LOCAL_SECRET", true));
remoteSecret = new Secret(get_var("REMOTE_SECRET", true));
auto dev = get_var("DEV", true);
// optionals
auto up = get_var("UP_SCRIPT");
auto endpoint = get_var("ENDPOINT");
auto mark = get_var_number("MARK");
if (endpoint != nullptr) {
auto he = gethostbyname(endpoint);
if (he == nullptr) {
perror("gethostbyname");
perror("gethostbyname error");
return -1;
}
if (he->h_addr_list[0] == nullptr) {
perror("gethostbyname 2");
perror("gethostbyname error 2");
}
remote_addr.sin_addr.s_addr = *(in_addr_t *) he->h_addr_list[0];
}
secret_length = strlen(secret);
ifreq ifr{};
ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
......@@ -142,6 +164,12 @@ int main(int argc, char *argv[]) {
perror("socket init error");
return -1;
}
if (mark) {
if (setsockopt(raw, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0) {
perror("setsockopt error");
return -1;
}
}
auto tun = open("/dev/net/tun", O_RDWR);
if (tun < 0) {
perror("tun init error");
......@@ -163,4 +191,3 @@ int main(int argc, char *argv[]) {
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment