new

CMakeLists.txt

-cmake_minimum_required(VERSION 3.21)
+cmake_minimum_required(VERSION 3.18)
 project(tun)
 
-set(CMAKE_CXX_STANDARD 23)
+set(CMAKE_CXX_STANDARD 20)
 
 add_executable(tun src/Config.h src/Router.h src/checksum.h src/main.cpp)
 

Dockerfile

-FROM alpine AS builder
+FROM alpine:3.16 AS builder
 RUN apk --no-cache add build-base cmake linux-headers boost-dev boost-static nlohmann-json
 
 WORKDIR /usr/src/app
@@ -6,10 +6,10 @@ COPY CMakeLists.txt .
 COPY src src
 RUN cmake -DCMAKE_BUILD_TYPE=Release . && cmake --build .
 
-FROM alpine
+FROM alpine:3.16
 RUN apk --no-cache add libgcc libstdc++ bash iproute2 iptables ipset netcat-openbsd
 COPY --from=builder /usr/src/app/tun /usr/local/bin/
 COPY ./entrypoint.sh /entrypoint.sh
 
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["tun"]
+ENTRYPOINT ["tun"]
+#CMD ["tun"]

src/Config.h

@@ -7,24 +7,26 @@
 using json = nlohmann::json;
 
 struct ConfigRouter {
-    unsigned char remote_id;
-    unsigned char proto;
-    unsigned char mark;
-    unsigned char family;
+    uint8_t remote_id;
+    uint8_t proto;
+    uint8_t family;
+    uint32_t mark;
+    std::string endpoint;
     std::string remote_secret;
     std::string dev;
     std::string up;
-    std::string endpoint;
 };
 
-NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE(ConfigRouter, remote_id, proto, mark, family, remote_secret, dev, up, endpoint);
+NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE(ConfigRouter, remote_id, proto, mark, family, remote_secret, dev, up, endpoint
+);
 
 struct Config {
-    unsigned char local_id;
+    uint8_t local_id;
     std::string local_secret;
     std::vector<ConfigRouter> routers;
 };
 
-NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE(Config, local_id, local_secret, routers);
+NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE(Config, local_id, local_secret, routers
+);
 
 #endif //TUN_CONFIG_H
\ No newline at end of file

src/Router.h

@@ -38,16 +38,15 @@ public:
     }
 
     void create_remote_addr() {
-        if (config.endpoint.empty()) {
-            addrinfo hints = {.ai_family = config.family};
-            addrinfo *result;
-            if (auto ret = getaddrinfo(config.endpoint.c_str(), nullptr, &hints, &result) != 0) {
-                puts(gai_strerror(ret));
-                throw;
-            }
-            remote_addr = *(sockaddr_storage *) result->ai_addr;
-            freeaddrinfo(result);
+        if (config.endpoint.empty()) return;
+        addrinfo hints = {.ai_family = config.family == 4 ? AF_INET : AF_INET6};
+        addrinfo *result;
+        if (auto ret = getaddrinfo(config.endpoint.c_str(), nullptr, &hints, &result) != 0) {
+            puts(gai_strerror(ret));
+            throw;
         }
+        remote_addr = *(sockaddr_storage *) result->ai_addr;
+        freeaddrinfo(result);
     }
 
     void create_tun() {
@@ -64,30 +63,32 @@ public:
             perror("ioctl error");
             throw;
         }
+        std::cout << "create tun " << config.dev << std::endl;
     }
 
     void create_raw() {
         auto key = std::make_pair(config.family, config.proto);
         if (!raws.contains(key)) {
-            if (auto result = socket(config.family, SOCK_RAW, config.proto) < 0) {
+            auto result = socket(config.family == 4 ? AF_INET : AF_INET6, SOCK_RAW, config.proto);
+            if (result < 0) {
                 perror("socket init error");
                 throw;
-            } else {
-                raws[key] = result;
             }
+            std::cout << "create raw socket " << result << " proto " << (int) config.proto << std::endl;
+            raws[key] = result;
         }
         raw = raws[key];
     }
 
     void encrypt(unsigned char *data, size_t length) {
         for (size_t i = 0; i < length; i++) {
-            data[i] ^= local_secret[i % secret_length];
+            data[i] ^= secret[i % secret_length];
         }
     }
 
     void decrypt(unsigned char *data, size_t length) {
         for (size_t i = 0; i < length; i++) {
-            data[i] ^= secret[i % secret_length];
+            data[i] ^= local_secret[i % secret_length];
         }
     }
 };

src/checksum.h

@@ -8,5 +8,6 @@ uint16_t csum(uint16_t *packet, int packlen) {
     }
     if (packlen > 0) sum += *(unsigned char *) packet;
     while (sum >> 16) sum = (sum & 0xffff) + (sum >> 16);
-    return (uint16_t) ~sum;
+    return (uint16_t)
+            ~sum;
 }
\ No newline at end of file

src/main.cpp

@@ -26,14 +26,12 @@ void inbound(int raw) {
     socklen_t address_length = sizeof(address);
     size_t packet_length;
     while ((packet_length = recvfrom(raw, buffer, sizeof(buffer), 0, (sockaddr *) &address, &address_length)) >= 0) {
-        auto *packet = (iphdr *) buffer;
-        auto overhead = packet->ihl * 4;
-        auto payload = buffer + overhead;
-        auto meta = (Meta *) payload;
+        auto header_length = ((ipv6hdr *) buffer)->version == 4 ? ((iphdr *) buffer)->ihl : sizeof(ipv6hdr);
+        auto meta = (Meta *) (buffer + header_length);
         if (!(Router::all.contains(meta->src_id) && meta->dst_id == config.local_id && meta->reserved == 0)) continue;
         auto router = Router::all[meta->src_id];
-        auto inner = (payload + sizeof(Meta));
-        auto payload_length = packet_length - overhead - sizeof(Meta);
+        auto inner = buffer + header_length + sizeof(Meta);
+        auto payload_length = packet_length - header_length - sizeof(Meta);
         router->decrypt(inner, payload_length);
         switch (((ipv6hdr *) inner)->version) {
             case 4:
@@ -78,6 +76,7 @@ void outbound(Router *router) {
 }
 
 int main(int argc, char *argv[]) {
+    std::cout << argv[1] << std::endl;
     json data = json::parse(argv[1]);
     config = data.get<Config>();
     Router::create_secret(config.local_secret, Router::local_secret);