From ef6f67b97533539fe7056f73e56944022da8badd Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 18:20:02 +0800 Subject: [PATCH 1/5] remove_connection refactor --- src/tun2proxy.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a2629c1..a721a86 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -257,9 +257,8 @@ impl<'a> TunToProxy<'a> { .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; #[cfg(target_family = "unix")] - #[rustfmt::skip] let config = match tun.capabilities().medium { - Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), + Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0, 0, 0, 0, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; @@ -350,16 +349,14 @@ impl<'a> TunToProxy<'a> { /// Destroy connection state machine fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(mut state) = self.connection_map.remove(info) { - _ = state.mio_stream.shutdown(Shutdown::Both); + self.expect_smoltcp_send()?; + if let Some(handle) = state.smoltcp_handle { let socket = self.sockets.get_mut::(handle); socket.close(); self.sockets.remove(handle); } - // FIXME: Does this line should be moved up to the beginning of this function? - self.expect_smoltcp_send()?; - if let Err(e) = self.poll.registry().deregister(&mut state.mio_stream) { // FIXME: The function `deregister` will frequently fail for unknown reasons. log::trace!("{}", e); @@ -371,6 +368,10 @@ impl<'a> TunToProxy<'a> { } } + if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { + log::debug!("Shutdown {} error \"{}\"", info, err); + } + log::info!("Close {}", info); } Ok(()) From f175813cc82105c0ef760a17383f4b3a7f7d2611 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 18:39:11 +0800 Subject: [PATCH 2/5] remove_connection refactor --- src/tun2proxy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a721a86..e3820ba 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -369,7 +369,7 @@ impl<'a> TunToProxy<'a> { } if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::debug!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown {} error \"{}\"", info, err); } log::info!("Close {}", info); From c1b322a01e21e3698a59d0d67cc35fa1d8de2f34 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:08:20 +0800 Subject: [PATCH 3/5] log some errors --- src/tun2proxy.rs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e3820ba..ba71944 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -413,7 +413,9 @@ impl<'a> TunToProxy<'a> { .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) { // Close remote server - _ = state.mio_stream.shutdown(Shutdown::Write); + if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { + log::trace!("Shutdown {} error \"{}\"", info, err); + } closed_ends += 1; } @@ -1050,9 +1052,13 @@ impl<'a> TunToProxy<'a> { // The handler request for reset the server connection if state.proxy_handler.reset_connection() { - _ = self.poll.registry().deregister(&mut state.mio_stream); + if let Err(err) = self.poll.registry().deregister(&mut state.mio_stream) { + log::trace!("{}", err); + } // Closes the connection with the proxy - state.mio_stream.shutdown(Shutdown::Both)?; + if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { + log::trace!("Shutdown error \"{}\"", err); + } log::info!("RESET {}", conn_info); From c723adce4f20166e0b7aa7534dac8da80e5449b9 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 22:27:37 +0800 Subject: [PATCH 4/5] reading code --- src/tun2proxy.rs | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ba71944..46b6d68 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -176,7 +176,7 @@ const UDP_ASSO_TIMEOUT: u64 = 10; // seconds const DNS_PORT: u16 = 53; struct ConnectionState { - smoltcp_handle: Option, + smoltcp_handle: SocketHandle, mio_stream: TcpStream, token: Token, proxy_handler: Box, @@ -351,7 +351,8 @@ impl<'a> TunToProxy<'a> { if let Some(mut state) = self.connection_map.remove(info) { self.expect_smoltcp_send()?; - if let Some(handle) = state.smoltcp_handle { + { + let handle = state.smoltcp_handle; let socket = self.sockets.get_mut::(handle); socket.close(); self.sockets.remove(handle); @@ -369,7 +370,7 @@ impl<'a> TunToProxy<'a> { } if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown 0 {} error \"{}\"", info, err); } log::info!("Close {}", info); @@ -396,11 +397,10 @@ impl<'a> TunToProxy<'a> { .proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) { - if let Some(handle) = state.smoltcp_handle { - // Close tun interface - let socket = self.sockets.get_mut::(handle); - socket.close(); - } + // Close tun interface + let socket = self.sockets.get_mut::(state.smoltcp_handle); + socket.close(); + closed_ends += 1; } @@ -414,7 +414,7 @@ impl<'a> TunToProxy<'a> { { // Close remote server if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { - log::trace!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown 1 {} error \"{}\"", info, err); } closed_ends += 1; } @@ -434,10 +434,7 @@ impl<'a> TunToProxy<'a> { Some(state) => state, None => return Ok(()), }; - let socket = match state.smoltcp_handle { - Some(handle) => self.sockets.get_mut::(handle), - None => return Ok(()), - }; + let socket = self.sockets.get_mut::(state.smoltcp_handle); let mut error = Ok(()); while socket.can_recv() && error.is_ok() { socket.recv(|data| { @@ -796,7 +793,7 @@ impl<'a> TunToProxy<'a> { (None, None) }; let state = ConnectionState { - smoltcp_handle: Some(handle), + smoltcp_handle: handle, mio_stream: client, token, proxy_handler, @@ -882,15 +879,11 @@ impl<'a> TunToProxy<'a> { fn write_to_client(&mut self, token: Token, info: &ConnectionInfo) -> Result<(), Error> { while let Some(state) = self.connection_map.get_mut(info) { - let handle = match state.smoltcp_handle { - Some(handle) => handle, - None => break, - }; let event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); let consumed; { - let socket = self.sockets.get_mut::(handle); + let socket = self.sockets.get_mut::(state.smoltcp_handle); if socket.may_send() { if let Some(virtual_dns) = &mut self.options.virtual_dns { // Unwrapping is fine because every smoltcp socket is bound to an. @@ -1057,7 +1050,7 @@ impl<'a> TunToProxy<'a> { } // Closes the connection with the proxy if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown error \"{}\"", err); + log::trace!("Shutdown 2 error \"{}\"", err); } log::info!("RESET {}", conn_info); From cc46526af0e2e5dca61932fe222cc01e4a169c2f Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 23:04:54 +0800 Subject: [PATCH 5/5] process_incoming_tcp_packets --- src/tun2proxy.rs | 70 ++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 29 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 46b6d68..75a36f9 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -690,6 +690,45 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn process_incoming_tcp_packets( + &mut self, + first_packet: bool, + manager: &Rc, + info: &ConnectionInfo, + origin_dst: SocketAddr, + frame: &[u8], + ) -> Result<()> { + if first_packet { + let proxy_handler = manager.new_proxy_handler(info, false)?; + let server = manager.get_server_addr(); + let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; + self.connection_map.insert(info.clone(), state); + + log::info!("Connect done {} ({})", info, origin_dst); + } else if !self.connection_map.contains_key(info) { + log::trace!("Drop middle session {} ({})", info, origin_dst); + return Ok(()); + } else { + log::trace!("Subsequent packet {} ({})", info, origin_dst); + } + + // Inject the packet to advance the remote proxy server smoltcp socket state + self.device.inject_packet(frame); + + // Having advanced the socket state, we expect the socket to ACK + // Exfiltrate the response packets generated by the socket and inject them + // into the tunnel interface. + self.expect_smoltcp_send()?; + + // Read from the smoltcp socket and push the data to the connection handler. + self.tunsocket_read_and_forward(info)?; + + // The connection handler builds up the connection or encapsulates the data. + // Therefore, we now expect it to write data to the server. + self.write_to_server(info)?; + Ok(()) + } + // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { let mut handler = || -> Result<(), Error> { @@ -698,41 +737,14 @@ impl<'a> TunToProxy<'a> { log::debug!("{}, ignored", error); return Ok(()); } - let (info, _first_packet, payload_offset, payload_size) = result?; + let (info, first_packet, payload_offset, payload_size) = result?; let origin_dst = SocketAddr::try_from(&info.dst)?; let info = self.preprocess_origin_connection_info(info)?; let manager = self.get_connection_manager().ok_or("get connection manager")?; if info.protocol == IpProtocol::Tcp { - if _first_packet { - let proxy_handler = manager.new_proxy_handler(&info, false)?; - let server = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; - self.connection_map.insert(info.clone(), state); - - log::info!("Connect done {} ({})", info, origin_dst); - } else if !self.connection_map.contains_key(&info) { - log::trace!("Drop middle session {} ({})", info, origin_dst); - return Ok(()); - } else { - log::trace!("Subsequent packet {} ({})", info, origin_dst); - } - - // Inject the packet to advance the remote proxy server smoltcp socket state - self.device.inject_packet(frame); - - // Having advanced the socket state, we expect the socket to ACK - // Exfiltrate the response packets generated by the socket and inject them - // into the tunnel interface. - self.expect_smoltcp_send()?; - - // Read from the smoltcp socket and push the data to the connection handler. - self.tunsocket_read_and_forward(&info)?; - - // The connection handler builds up the connection or encapsulates the data. - // Therefore, we now expect it to write data to the server. - self.write_to_server(&info)?; + self.process_incoming_tcp_packets(first_packet, &manager, &info, origin_dst, frame)?; } else if info.protocol == IpProtocol::Udp { let port = info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size];