diff --git a/Makefile b/Makefile index bb5340c..c669027 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ CFLAGS += -g -O2 -Wall LIBS = OBJ := ais -all: conf.o ais.o +all: ais.o conf.o $(CC) $(CFLAGS) -o $(OBJ) $^ $(LIBS) .c.o: $(CC) $(CFLAGS) -c $< $(LIBS) diff --git a/README.md b/README.md index 4d5ed11..62cc877 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,15 @@ # AIS 修改自mproxy(https://github.com/examplecode/mproxy), 作为CProxy服务端. 仅代理TCP 支持客户端IP白名单 + 支持IPV4 + 支持IPV6 # 参数 Usage: -l specifyed local listen port -h specifyed next hop server name -d run as daemon + -c Specify configuration file -E <0-128> encode data when forwarding data -D <0-128> decode data when receiving data @@ -14,8 +17,8 @@ global { // 是否开启白名单(1开启,0关闭) IP_RESTRICTION = 1; - // 白名单IP段, 判断前两段IP空格隔开冒号结尾 - IP_SEGMENT= 115.60 115.61 115.62 223.88; + // 白名单IP段, 判断前两段IP空格隔开冒号结尾(可以写完整的IPV4和IPV6地址) + IP_SEGMENT= 115.60 115.61 115.62 223.88 2409:8a44:336:7180:5cb7:5b71:85e2:7f14; } \ No newline at end of file diff --git a/ais.c b/ais.c index 4546989..20c702d 100644 --- a/ais.c +++ b/ais.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "ais.h" #include "conf.h" @@ -52,7 +53,9 @@ int remote_port; int local_port; int server_sock; +int server_sock6; int client_sock; +int client_sock6; int remote_sock; char *header_buffer; @@ -67,7 +70,7 @@ enum { static int io_flag; /* 网络io的一些标志位 */ static int m_pid; /* 保存主进程id */ -void server_loop(); +void server_loop(int signal, char *conffile); void stop_server(); void handle_client(int client_sock, struct sockaddr_in client_addr); void forward_header(int destination_sock); @@ -78,7 +81,7 @@ int receive_data(int socket, char *buffer, int len); void hand_mproxy_info_req(int sock, char *header_buffer); void get_info(char *output); const char *get_work_mode(); -int create_connection(); +int create_connection6(char *remote_host, int remote_port); int _main(int argc, char *argv[]); ssize_t readLine(int fd, void *buffer, size_t n) @@ -104,15 +107,12 @@ ssize_t readLine(int fd, void *buffer, size_t n) continue; else return -1; /* 未知错误 */ - } else if (numRead == 0) { /* EOF */ if (totRead == 0) /* No bytes read; return 0 */ return 0; else /* Some bytes read; add '\0' */ break; - } else { - if (totRead < n - 1) { /* Discard > (n - 1) bytes */ totRead++; *buf++ = ch; @@ -174,18 +174,15 @@ int extract_host(const char *header) char *_p = strstr(header, "CONNECT"); /* 在 CONNECT 方法中解析 隧道主机名称及端口号 */ if (_p) { char *_p1 = strchr(_p, ' '); - char *_p2 = strchr(_p1 + 1, ':'); char *_p3 = strchr(_p1 + 1, ' '); if (_p2) { char s_port[10]; bzero(s_port, 10); - strncpy(remote_host, _p1 + 1, (int)(_p2 - _p1) - 1); strncpy(s_port, _p2 + 1, (int)(_p3 - _p2) - 1); remote_port = atoi(s_port); - } else { strncpy(remote_host, _p1 + 1, (int)(_p3 - _p1) - 1); remote_port = 80; @@ -291,7 +288,6 @@ void get_info(char *output) const char *get_work_mode() { - if (strlen(remote_host) == 0) { if (io_flag == FLG_NONE) { return "start as normal http proxy"; @@ -349,13 +345,12 @@ void handle_client(int client_sock, struct sockaddr_in client_addr) // 打印HTTP header printf("%s", header_buffer); - if ((remote_sock = create_connection()) < 0) { + if ((remote_sock = create_connection6(remote_host, remote_port)) < 0) { LOG("Cannot connect to host [%s:%d]\n", remote_host, remote_port); return; } if (fork() == 0) { // 创建子进程用于从客户端转发数据到远端socket接口 - if (strlen(header_buffer) > 0 && !is_http_tunnel) { forward_header(remote_sock); //普通的http请求先转发header } @@ -365,7 +360,6 @@ void handle_client(int client_sock, struct sockaddr_in client_addr) } if (fork() == 0) { // 创建子进程用于转发从远端socket接口过来的数据到客户端 - if (io_flag == W_S_ENC) { io_flag = R_C_DEC; //发送请求给服务端进行编码,读取服务端的响应则进行解码 } else if (io_flag == R_C_DEC) { @@ -402,7 +396,6 @@ int send_data(int socket, char *buffer, int len) int i; for (i = 0; i < len; i++) { buffer[i] ^= sslEncodeCode; - } } @@ -439,7 +432,6 @@ void rewrite_header() header_buffer[l] = '\0'; } else { char *p2 = strchr(p, ' '); //GET http://3g.sina.com.cn HTTP/1.1 - // printf("%s\n",p2); memcpy(p + 1, p2, (int)(p0 - p2)); *p = '/'; //url 没有路径使用根 @@ -463,64 +455,62 @@ void forward_data(int source_sock, int destination_sock) shutdown(source_sock, SHUT_RDWR); } -int create_connection() +/* Check for valid IPv4 or Iv6 string. Returns AF_INET for IPv4, AF_INET6 for IPv6 */ +int check_ipversion(char *address) { - struct sockaddr_in server_addr; - struct hostent *server; - int sock; + struct in6_addr bindaddr; - if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - return CLIENT_SOCKET_ERROR; + if (inet_pton(AF_INET, address, &bindaddr) == 1) { + return AF_INET; + } else { + if (inet_pton(AF_INET6, address, &bindaddr) == 1) { + return AF_INET6; + } + } + return 0; +} + +int create_connection6(char *remote_host, int remote_port) +{ + struct addrinfo hints, *res = NULL; + int sock; + int validfamily = 0; + char portstr[12]; + + memset(&hints, 0x00, sizeof(hints)); + + hints.ai_flags = AI_NUMERICSERV; /* numeric service number, not resolve */ + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + + sprintf(portstr, "%d", remote_port); + + /* check for numeric IP to specify IPv6 or IPv4 socket */ + if ((validfamily = check_ipversion(remote_host)) != 0) { + hints.ai_family = validfamily; + hints.ai_flags |= AI_NUMERICHOST; /* remote_host是有效的数字ip,跳过解析 */ } - if ((server = gethostbyname(remote_host)) == NULL) { + /* 检查指定的主机是否有效。 如果remote_host是主机名,尝试解析地址 */ + if (getaddrinfo(remote_host, portstr, &hints, &res) != 0) { errno = EFAULT; return CLIENT_RESOLVE_ERROR; } - LOG("======= forward request to remote host:%s port:%d ======= \n", remote_host, remote_port); - memset(&server_addr, 0, sizeof(server_addr)); - server_addr.sin_family = AF_INET; - memcpy(&server_addr.sin_addr.s_addr, server->h_addr, server->h_length); - server_addr.sin_port = htons(remote_port); - if (connect(sock, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) { + if ((sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) { + return CLIENT_SOCKET_ERROR; + } + + if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { return CLIENT_CONNECT_ERROR; } + if (res != NULL) + freeaddrinfo(res); + return sock; } -int create_server_socket(int port) -{ - int server_sock, optval; - struct sockaddr_in server_addr; - - if ((server_sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - return SERVER_SOCKET_ERROR; - } - - optval = 1; - if (setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) { - return SERVER_SETSOCKOPT_ERROR; - } - - memset(&server_addr, 0, sizeof(server_addr)); - server_addr.sin_family = AF_INET; - server_addr.sin_port = htons(port); - server_addr.sin_addr.s_addr = INADDR_ANY; - - if (bind(server_sock, (struct sockaddr *)&server_addr, sizeof(server_addr)) - != 0) { - return SERVER_BIND_ERROR; - } - - if (listen(server_sock, 20) < 0) { - return SERVER_LISTEN_ERROR; - } - - return server_sock; -} - /* 处理僵尸进程 */ void sigchld_handler(int signal) { @@ -528,9 +518,10 @@ void sigchld_handler(int signal) } // IP段白名单 -int whitelist(char *client_ip, char (*whitelist_ip)[32]) +int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM]) { int i; + for (i = 1; i < WHITELIST_IP_NUM - 1; i++) { if (strcmp(whitelist_ip[i], "\0") == 0) { // 如果字符串为空就跳出循环 break; @@ -543,19 +534,21 @@ int whitelist(char *client_ip, char (*whitelist_ip)[32]) return 0; } -void server_loop() +void server_loop(int signal, char *conffile) { int i; - char ipstr[128]; - char client_ip[32]; // 客户端IP + char ipstr[WHITELIST_IP_NUM]; + char client_ip[WHITELIST_IP_NUM]; // 客户端IP struct sockaddr_in client_addr; socklen_t addrlen = sizeof(client_addr); + struct sockaddr_in6 client_addr6; + socklen_t addrlen6 = sizeof(client_addr6); + char whitelist_ip[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } }; conf *configure = (struct CONF *)malloc(sizeof(struct CONF)); - read_conf("ais.conf", configure); + read_conf(conffile, configure); printf("%s\n", configure->IP_SEGMENT); - - char whitelist_ip[WHITELIST_IP_NUM][32] = {{ 0 }, { 0 }}; + split_string(configure->IP_SEGMENT, " ", whitelist_ip); for (i = 1; i <= WHITELIST_IP_NUM - 1; i++) { @@ -564,28 +557,52 @@ void server_loop() } while (1) { - client_sock = accept(server_sock, (struct sockaddr *)&client_addr, &addrlen); - if (client_sock > 0) { - LOG("Client Ip %s Client Port %d\n", inet_ntop(AF_INET, &client_addr.sin_addr.s_addr, ipstr, sizeof(ipstr)), ntohs(client_addr.sin_port)); - strcpy(client_ip, inet_ntop(AF_INET, &client_addr.sin_addr.s_addr, ipstr, sizeof(ipstr))); // 复制客户端IP到client_ip - - if (configure->IP_RESTRICTION == 1) { - if (whitelist(client_ip, whitelist_ip) == 0) { - LOG("非法客户端, 拒绝连接\n"); - continue; + if (signal == 4) { + client_sock = accept(server_sock, (struct sockaddr *)&client_addr, &addrlen); + if (client_sock > 0) { + LOG("Client Ip %s Client Port %d\n", inet_ntop(AF_INET, &client_addr.sin_addr.s_addr, ipstr, sizeof(ipstr)), ntohs(client_addr.sin_port)); + strcpy(client_ip, inet_ntop(AF_INET, &client_addr.sin_addr.s_addr, ipstr, sizeof(ipstr))); // 复制客户端IP到client_ip + + if (configure->IP_RESTRICTION == 1) { + if (whitelist(client_ip, whitelist_ip) == 0) { + LOG("非法IPV4客户端, 拒绝连接\n"); + continue; + } + } + + if (fork() == 0) { // 创建子进程处理客户端连接请求 + close(server_sock); + handle_client(client_sock, client_addr); + exit(0); } } - + //close(client_sock); } - if (fork() == 0) { // 创建子进程处理客户端连接请求 - close(server_sock); - handle_client(client_sock, client_addr); - exit(0); + if (signal == 6) { + client_sock6 = accept(server_sock6, (struct sockaddr *)&client_addr6, &addrlen6); + if (client_sock6 > 0) { + LOG("Client Ip %s Client Port %d\n", inet_ntop(AF_INET6, &client_addr6.sin6_addr, ipstr, sizeof(ipstr)), ntohs(client_addr6.sin6_port)); + strcpy(client_ip, inet_ntop(AF_INET6, &client_addr6.sin6_addr, ipstr, sizeof(ipstr))); // 复制客户端IP到client_ip + + if (configure->IP_RESTRICTION == 1) { + if (whitelist(client_ip, whitelist_ip) == 0) { + LOG("非法IPV6客户端, 拒绝连接\n"); + continue; + } + } + + if (fork() == 0) { // 创建子进程处理客户端连接请求 + close(server_sock6); + handle_client(client_sock6, client_addr); + exit(0); + } + } + //close(client_sock6); } - close(client_sock); } + free_conf(configure); } void stop_server() @@ -599,45 +616,101 @@ void usage(void) printf(" -l specifyed local listen port \n"); printf(" -h specifyed next hop server name\n"); printf(" -d run as daemon\n"); + printf(" -c Specify configuration file\n"); printf(" -E <0-128> encode data when forwarding data\n"); printf(" -D <0-128> decode data when receiving data\n"); exit(8); } -void start_server(int daemon) +int create_server_socket(int port) +{ + int server_sock, optval; + struct sockaddr_in server_addr; + optval = 1; + + if ((server_sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + return SERVER_SOCKET_ERROR; + } + + if (setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) { + return SERVER_SETSOCKOPT_ERROR; + } + + memset(&server_addr, 0, sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(port); + server_addr.sin_addr.s_addr = INADDR_ANY; + if (bind(server_sock, (struct sockaddr *)&server_addr, sizeof(server_addr)) + != 0) { + return SERVER_BIND_ERROR; + } + + if (listen(server_sock, 128) < 0) { + return SERVER_LISTEN_ERROR; + } + + return server_sock; +} + +int create_server_socket6(int port) +{ + int server_sock; + int optval = SO_REUSEADDR; + struct sockaddr_in6 server_addr; + if ((server_sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) { + perror("socket"); + return -1; + } + + if (setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) { + return SERVER_SETSOCKOPT_ERROR; + } + + if (setsockopt(server_sock, IPPROTO_IPV6, IPV6_V6ONLY, &optval, sizeof(optval)) < 0) { + perror("setsockopt"); + return -1; + } + + memset(&server_addr, 0, sizeof(server_addr)); + server_addr.sin6_family = AF_INET6; + server_addr.sin6_port = htons(port); + server_addr.sin6_addr = in6addr_any; + + if (bind(server_sock, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)) != 0) { + perror("bind"); + return -1; + } + + if (listen(server_sock, 128) < 0) { + perror("listen"); + return -1; + } + + return server_sock; +} + +void start_server(int SIGNAL, char *conffile) { //初始化全局变量 header_buffer = (char *)malloc(MAX_HEADER_SIZE); signal(SIGCHLD, sigchld_handler); // 防止子进程变成僵尸进程 - if ((server_sock = create_server_socket(local_port)) < 0) { // start server - LOG("Cannot run server on %d\n", local_port); - exit(server_sock); - } - - if (daemon) { - pid_t pid; - if ((pid = fork()) == 0) { - server_loop(); - } else if (pid > 0) { - m_pid = pid; - LOG("mporxy pid is: [%d]\n", pid); - close(server_sock); - } else { - LOG("Cannot daemonize\n"); - exit(pid); + if (SIGNAL == 4) { + if ((server_sock = create_server_socket(local_port)) < 0) { // start server + LOG("Cannot run server on %d\n", local_port); + exit(server_sock); } - - } else { - server_loop(); } -} + if (SIGNAL == 6) { + if ((server_sock6 = create_server_socket6(local_port)) < 0) { // start server + LOG("Cannot run server on %d\n", local_port); + exit(server_sock); + } + } -int main(int argc, char *argv[]) -{ - return _main(argc, argv); + server_loop(SIGNAL, conffile); } int _main(int argc, char *argv[]) @@ -645,13 +718,14 @@ int _main(int argc, char *argv[]) local_port = DEFAULT_LOCAL_PORT; io_flag = FLG_NONE; sslEncodeCode = 1; - int daemon = 0; - + int DAEMON = 0; char info_buf[2048]; - int opt; - char optstrs[] = ":l:f:dE:D:h?"; + char optstrs[] = ":l:f:dc:E:D:h?"; char *p = NULL; + + char *conffile = "./ais.conf"; + while (-1 != (opt = getopt(argc, argv, optstrs))) { switch (opt) { case 'l': @@ -667,7 +741,10 @@ int _main(int argc, char *argv[]) } break; case 'd': - daemon = 1; + DAEMON = 1; + break; + case 'c': + conffile = optarg; break; case 'E': io_flag = W_S_ENC; @@ -676,7 +753,6 @@ int _main(int argc, char *argv[]) case 'D': io_flag = R_C_DEC; sslEncodeCode = atoi(optarg); - break; case ':': printf("\nMissing argument after: -%c\n", optopt); @@ -689,10 +765,32 @@ int _main(int argc, char *argv[]) usage(); } } + + if (DAEMON == 1) { // 守护进程 + if(daemon(1, 1)) { + perror("daemon"); + return -1; + } + } + printf("sslEncodeCode: %d\n", sslEncodeCode); get_info(info_buf); LOG("%s\n", info_buf); - start_server(daemon); + + if (fork() == 0) { // IPV4 进程 + start_server(4, conffile); + } + + if(fork() == 0) { // IPV6 进程 + start_server(6, conffile); + } return 0; } + +int main(int argc, char *argv[]) +{ + return _main(argc, argv); +} + + diff --git a/ais.conf b/ais.conf index 3aeb990..bb86625 100644 --- a/ais.conf +++ b/ais.conf @@ -1,4 +1,4 @@ global { - IP_RESTRICTION = 1; - IP_SEGMENT= 223.104 115.60 115.61 115.62 223.88 223.89 106.33 117.136 61.158 171.10 171.9 61.158; + IP_RESTRICTION = 0; + IP_SEGMENT= 223.104 223.88 2001:19f0:7001:3bcb:5400:3ff:fe03:860e 2409:8946:28f:5ab8:a96c:44fb:e0ba:63c8 fe80::5400:3ff:fe03:860e 2409:8946:28f:5ab8:74fa:521c:6bb4:7888 2409:8a44:336:7180:f187:5343:2f11:cd65 2409:8a44:336:7180:5cb7:5b71:85e2:7f14; } diff --git a/ais.h b/ais.h index de87bd3..f9f9a45 100644 --- a/ais.h +++ b/ais.h @@ -1,6 +1,6 @@ -#ifndef _AIS_ -#define _AIS_ +#ifndef AIS_H +#define AIS_H -#define WHITELIST_IP_NUM 200 +#define WHITELIST_IP_NUM 2700 #endif diff --git a/conf.c b/conf.c index 9d791be..028fad8 100644 --- a/conf.c +++ b/conf.c @@ -140,7 +140,7 @@ void free_conf(conf * p) return; } -void split_string(char string[], char delims[], char (*whitelist_ip)[32]) +void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM]) { int i = 0; char *result = NULL; diff --git a/conf.h b/conf.h index 02ca457..0e2c445 100644 --- a/conf.h +++ b/conf.h @@ -6,6 +6,7 @@ #include #include #include +#include "ais.h" // 配置文件结构 typedef struct CONF { @@ -15,6 +16,6 @@ typedef struct CONF { void read_conf(char *filename, conf * configure); void free_conf(conf * p); -void split_string(char string[], char delims[], char (*whitelist_ip)[32]); +void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM]); #endif diff --git a/info.sh b/info.sh deleted file mode 100644 index 61e3410..0000000 --- a/info.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -cat info.txt | grep "Client Ip" | awk '{print $7}' | uniq -c - diff --git a/start.sh b/stript/start.sh similarity index 65% rename from start.sh rename to stript/start.sh index 5e44394..7e1b357 100644 --- a/start.sh +++ b/stript/start.sh @@ -1,7 +1,11 @@ #!/bin/bash +# +# aixiao@aixiao.me +# + SHELL_FOLDER=$(cd "$(dirname "$0")"; pwd) #脚本所在目录 SHELL_FOLDER=$(dirname $(readlink -f "$0")) -${SHELL_FOLDER}/ais -l 1080 -D 128 -d &>> ${SHELL_FOLDER}/info.txt +${SHELL_FOLDER}/../ais -l 127 -D 128 -d diff --git a/stop.sh b/stript/stop.sh similarity index 52% rename from stop.sh rename to stript/stop.sh index d977c2d..43799fe 100644 --- a/stop.sh +++ b/stript/stop.sh @@ -1,4 +1,8 @@ #!/bin/bash +# +# aixiao@aixiao.me +# + killall ais