fixed help page.some new function in common

common.cpp

@@ -55,14 +55,15 @@ int add_iptables_rule(char * s)
 	strcpy(iptables_rule,s);
 	char buf[300]="iptables -I ";
 	strcat(buf,s);
-	if(system(buf)==0)
+	char *output;
+	if(run_command(buf,output)==0)
 	{
 		mylog(log_warn,"auto added iptables rule by:  %s\n",buf);
 	}
 	else
 	{
 		mylog(log_fatal,"auto added iptables failed by: %s\n",buf);
-		mylog(log_fatal,"reason : %s\n",strerror(errno));
+		//mylog(log_fatal,"reason : %s\n",strerror(errno));
 		myexit(-1);
 	}
 	return 0;
@@ -74,14 +75,15 @@ int clear_iptables_rule()
 	{
 		char buf[300]="iptables -D ";
 		strcat(buf,iptables_rule);
-		if(system(buf)==0)
+		char *output;
+		if(run_command(buf,output)==0)
 		{
 			mylog(log_warn,"iptables rule cleared by: %s \n",buf);
 		}
 		else
 		{
 			mylog(log_error,"clear iptables failed by: %s\n",buf);
-			mylog(log_error,"reason : %s\n",strerror(errno));
+			//mylog(log_error,"reason : %s\n",strerror(errno));
 		}
 
 	}
@@ -312,3 +314,101 @@ bool larger_than_u16(uint16_t a,uint16_t b)
 		}
 	}
 }
+vector<string> string_to_vec(const char * s,const char * sp) {
+	  vector<string> res;
+	  string str=s;
+	  char *p = strtok ((char *)str.c_str(),sp);
+	  while (p != NULL)
+	  {
+		 res.push_back(p);
+	    //printf ("%s\n",p);
+	    p = strtok (NULL, sp);
+	  }
+	  return res;
+}
+
+vector< vector <string> > string_to_vec2(const char * s)
+{
+	vector< vector <string> > res;
+	vector<string> lines=string_to_vec(s,"\n");
+	for(int i=0;i<int(lines.size());i++)
+	{
+		vector<string> tmp;
+		tmp=string_to_vec(lines[i].c_str(),"\t ");
+		res.push_back(tmp);
+	}
+	return res;
+}
+int read_file(const char * file,char * &output)
+{
+    static char buf[1024*1024+100];
+    buf[sizeof(buf)-1]=0;
+	int fd=open(file,O_RDONLY);
+	if(fd==-1)
+	{
+		 mylog(log_error,"read_file %s fail\n",file);
+		 return -1;
+	}
+	int len=read(fd,buf,1024*1024);
+	if(len==1024*1024)
+	{
+		buf[0]=0;
+        mylog(log_error,"too long,buf not larger enough\n");
+        return -2;
+	}
+	else if(len<0)
+	{
+		buf[0]=0;
+        mylog(log_error,"read fail %d\n");
+        return -3;
+	}
+	else
+	{
+		output=buf;
+		buf[len]=0;
+	}
+	return 0;
+}
+int run_command(const char * command,char * &output) {
+    FILE *in;
+    mylog(log_debug,"run_command %s\n",command);
+    static char buf[1024*1024+100];
+    buf[sizeof(buf)-1]=0;
+    if(!(in = popen(command, "r"))){
+        mylog(log_error,"command %s popen failed,errno %s\n",command,strerror(errno));
+        return -1;
+    }
+
+    int len =fread(buf, 1024*1024, 1, in);
+    if(len==1024*1024)
+    {
+    	buf[0]=0;
+        mylog(log_error,"too long,buf not larger enough\n");
+        return -2;
+    }
+    else
+    {
+       	buf[len]=0;
+    }
+    int ret;
+    if(( ret=ferror(in) ))
+    {
+        mylog(log_error,"command %s fread failed,ferror return value %d \n",command,ret);
+        return -2;
+    }
+    //if(output!=0)
+    output=buf;
+    ret= pclose(in);
+
+    int ret2=WEXITSTATUS(ret);
+
+    if(ret!=0||ret2!=0)
+    {
+    	mylog(log_error,"commnad %s ,pclose returned %d ,WEXITSTATUS %d,errnor :%s \n",command,ret,ret2,strerror(errno));
+    	return -3;
+    }
+
+    return 0;
+
+}
+

common.h

@@ -47,6 +47,8 @@
 
 
 #include<unordered_map>
+#include<vector>
+#include<string>
 using  namespace std;
 
 
@@ -143,4 +145,10 @@ int add_iptables_rule(char *);
 
 int clear_iptables_rule();
 
+int run_command(const char * command,char * &output);
+int read_file(const char * file,char * &output);
+
+vector<string> string_to_vec(const char * s,const char * sp);
+vector< vector <string> > string_to_vec2(const char * s);
+
 #endif /* COMMON_H_ */

encrypt.cpp

@@ -19,7 +19,7 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,   0,0,0,0};//this prog
 unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"}};
 unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}};
 
-auth_mode_t auth_mode=auth_crc32;
+auth_mode_t auth_mode=auth_md5;
 cipher_mode_t cipher_mode=cipher_aes128cbc;
 
 

main.cpp

@@ -234,6 +234,8 @@ struct conv_manager_t  //TODO change map to unordered map
 		int size=conv_last_active_time.size();
 		int num_to_clean=size/conv_clear_ratio+conv_clear_min;   //clear 1/10 each time,to avoid latency glitch
 
+		num_to_clean=min(num_to_clean,size);
+
 		u64_t current_time=get_current_time();
 		for(;;)
 		{
@@ -959,8 +961,7 @@ int set_timer_server(int epollfd,int &timer_fd)
 	}
 	return 0;
 }
-
-
+int get_src_adress(u32_t &ip);
 int client_on_timer(conn_info_t &conn_info) //for client
 {
 	packet_info_t &send_info=conn_info.raw_info.send_info;
@@ -985,6 +986,16 @@ int client_on_timer(conn_info_t &conn_info) //for client
 		conn_info.blob->anti_replay.re_init();
 		conn_info.my_id = get_true_random_number_nz(); ///todo no need to do this everytime
 
+		u32_t new_ip=0;
+		if(get_src_adress(new_ip)==0)
+		{
+			if(new_ip!=source_address_uint32)
+			{
+				source_address_uint32=new_ip;
+				send_info.src_ip=new_ip;
+			}
+		}
+
 		if (source_port == 0)
 		{
 			send_info.src_port = client_bind_to_a_new_port();
@@ -1899,6 +1910,7 @@ int get_src_adress(u32_t &ip)
 
     return 0;
 }
+
 int client_event_loop()
 {
 	char buf[buf_len];
@@ -2354,7 +2366,26 @@ int server_event_loop()
 	}
 	return 0;
 }
+void process_lower_level()
+{
+	if (strchr(optarg, '#') == 0) {
+		mylog(log_fatal,
+				"lower-level parameter invaild,should be if_name#mac_adress  ,ie eth0#00:23:45:67:89:b9\n");
+		myexit(-1);
+	}
+	lower_level = 1;
+	u32_t hw[6];
+	memset(hw, 0, sizeof(hw));
+	sscanf(optarg, "%[^#]#%x:%x:%x:%x:%x:%x", if_name, &hw[0], &hw[1], &hw[2],
+			&hw[3], &hw[4], &hw[5]);
 
+	mylog(log_warn,
+			"make sure this is correct:   ifname=<%s>  gateway_hw_hd=<%x:%x:%x:%x:%x:%x>  \n",
+			if_name, hw[0], hw[1], hw[2], hw[3], hw[4], hw[5]);
+	for (int i = 0; i < 6; i++) {
+		oppsite_hw_addr[i] = uint8_t(hw[i]);
+	}
+}
 void print_help()
 {
 	printf("udp2raw-tunnel\n");
@@ -2368,8 +2399,8 @@ void print_help()
 	printf("common options,these options must be same on both side:\n");
 	printf("    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp\n");
 	printf("    -k,--key              <string>        password to gen symetric key,default:\"secret key\"\n");
-	printf("    --auth-mode           <string>        avaliable values:aes128cbc(default),xor,none\n");
-	printf("    --cipher-mode         <string>        avaliable values:md5(default),crc32,simple,none\n");
+	printf("    --cipher-mode         <string>        avaliable values:aes128cbc(default),xor,none\n");
+	printf("    --auth-mode           <string>        avaliable values:md5(default),crc32,simple,none\n");
 	printf("    -a,--auto-rule                        auto add (and delete) iptables rule\n");
 	printf("    -g,--gen-rule                         generate iptables rule then exit\n");
 	printf("    --disable-anti-replay                 disable anti-replay,not suggested\n");
@@ -2545,8 +2576,9 @@ void process_arg(int argc, char *argv[])
 			mylog(log_debug,"option_index: %d\n",option_index);
 			if(strcmp(long_options[option_index].name,"clear")==0)
 			{
+				char *output;
 				//int ret =system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh");
-				int ret =system("iptables -S|sed -n '/udp2raw_dWRwMnJhdw/p'|sed -n 's/^-A/iptables -D/p'|sh");
+				int ret =run_command("iptables -S|sed -n '/udp2raw_dWRwMnJhdw/p'|sed -n 's/^-A/iptables -D/p'|sh",output);
 
 				//system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh");
 				//system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore");
@@ -2611,7 +2643,7 @@ void process_arg(int argc, char *argv[])
 				}
 				if(i==cipher_end)
 				{
-					mylog(log_fatal,"no such cipher_mode %s\n",optarg);
+
 					myexit(-1);
 				}
 			}
@@ -2620,21 +2652,7 @@ void process_arg(int argc, char *argv[])
 			}
 			else if(strcmp(long_options[option_index].name,"lower-level")==0)
 			{
-				if(strchr(optarg,'#')==0)
-				{
-					mylog(log_fatal,"lower-level parameter invaild,should be if_name#mac_adress  ,ie eth0#00:23:45:67:89:b9\n");
-					myexit(-1);
-				}
-				lower_level=1;
-				u32_t hw[6];
-				memset(hw,0,sizeof(hw));
-				sscanf(optarg,"%[^#]#%x:%x:%x:%x:%x:%x",if_name,&hw[0],&hw[1],&hw[2],&hw[3],&hw[4],&hw[5]);
-
-				mylog(log_warn,"make sure this is correct:   ifname=<%s>  gateway_hw_hd=<%x:%x:%x:%x:%x:%x>  \n",if_name,hw[0],hw[1],hw[2],hw[3],hw[4],hw[5]);
-				for(int i=0;i<6;i++)
-				{
-					oppsite_hw_addr[i]=uint8_t(hw[i]);
-				}
+				process_lower_level();
 			}
 			else if(strcmp(long_options[option_index].name,"disable-color")==0)
 			{
@@ -2813,6 +2831,8 @@ void iptables_rule()
 }
 int main(int argc, char *argv[])
 {
+	//auto a=string_to_vec("a b c d ");
+	//printf("%d\n",(int)a.size());
 	//printf("%d %d %d %d",larger_than_u32(1,2),larger_than_u32(2,1),larger_than_u32(0xeeaaeebb,2),larger_than_u32(2,0xeeaaeebb));
 	//assert(0==1);
 	dup2(1, 2);//redirect stderr to stdout
@@ -2824,6 +2844,11 @@ int main(int argc, char *argv[])
 
 	process_arg(argc,argv);
 
+	if(geteuid() != 0)
+	{
+		mylog(log_error,"root check failed,make sure you run this program with root,we can try to continue,but it will likely fail\n");
+	}
+
 	local_address_uint32=inet_addr(local_address);
 	remote_address_uint32=inet_addr(remote_address);
 	source_address_uint32=inet_addr(source_address);