girl 0.75.0

data/lib/girl/udp.rb

@@ -0,0 +1,300 @@
+require 'girl/version'
+require 'socket'
+
+##
+# Girl::Udp - udp透明转发，近端。
+#
+# usage
+# ======
+#
+# Girl::Udpd.new( 3030 ).looping # 远端
+#
+# Girl::Udp.new( 'your.server.ip', 3030, 1313 ).looping # 近端
+#
+# iptables -t nat -A PREROUTING -p udp -d game.server.ip -j REDIRECT --to-ports 1313
+#
+module Girl
+  class Udp
+
+    def initialize( udpd_host, udpd_port = 3030, redir_port = 1313 )
+      ctlr, ctlw = IO.pipe
+
+      redir = Socket.new( Socket::AF_INET, Socket::SOCK_DGRAM, 0 )
+      redir.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEPORT, 1 )
+      redir.bind( Socket.sockaddr_in( redir_port, '0.0.0.0' ) )
+      puts "redir bound on #{ redir_port } #{ Time.new }"
+
+      @mutex = Mutex.new
+      @udpd_host = udpd_host
+      @udpd_addr = Socket.sockaddr_in( udpd_port, udpd_host )
+      @ctlw = ctlw
+      @redir = redir
+      @reads = [ ctlr, redir ]
+      @writes = []
+      @closings = []
+      @roles = {
+        ctlr => :ctlr,   # :ctlr / :redir / :tun
+        redir => :redir
+      }
+      @redir_wbuffs = [] # [ src_addr data ] ...
+      @tuns = {}         # [ orig_src_addr dst_addr ]=> tun
+      @mappings = {}     # src_addr => [ orig_src_addr dst_addr ]
+      @tun_infos = {}    # tun => {}
+                         #   orig_src_addr: sockaddr
+                         #   dst_addr: sockaddr
+                         #   src_addr: sockaddr
+                         #   tund_addr: sockaddr
+                         #   rbuffs: []
+                         #   wbuffs: []
+                         #   last_traff_at: now
+    end
+
+    def looping
+      loop_expire
+
+      loop do
+        rs, ws = IO.select( @reads, @writes )
+
+        @mutex.synchronize do
+          rs.each do | sock |
+            case @roles[ sock ]
+            when :ctlr
+              read_ctlr( sock )
+            when :redir
+              read_redir( sock )
+            when :tun
+              read_tun( sock )
+            end
+          end
+
+          ws.each do | sock |
+            case @roles[ sock ]
+            when :redir
+              write_redir( sock )
+            when :tun
+              write_tun( sock )
+            end
+          end
+        end
+      end
+    end
+
+    def quit!
+      exit
+    end
+
+    private
+
+    def read_ctlr( ctlr )
+      od_addr = ctlr.read( 32 )
+      tun = @tuns[ od_addr ]
+
+      if tun
+        add_closing( tun )
+      end
+    end
+
+    def read_redir( redir )
+      data, addrinfo, rflags, *controls = redir.recvmsg
+      src_addr = addrinfo.to_sockaddr
+      is_hit_cache = false
+      now = Time.new
+      # puts "debug redir recv #{ data.inspect } from #{ addrinfo.inspect }"
+
+      if @mappings.include?( src_addr )
+        orig_src_addr, dst_addr, timeout, read_at = @mappings[ src_addr ]
+
+        if now - read_at < timeout
+          # puts "debug hit cache #{ addrinfo.inspect }"
+          is_hit_cache = true
+        else
+          # puts "debug cache timeout #{ addrinfo.inspect }"
+          @mappings.delete( src_addr )
+        end
+      end
+
+      unless is_hit_cache
+        # 2 udp 4 timeout 5 src 7 sport 9 [UNREPLIED] 11 dst 13 dport
+        # 2 udp 4 timeout 5 src 7 sport 10 dst 12 dport
+        bin = IO.binread( '/proc/net/nf_conntrack' )
+        rows = bin.split( "\n" ).map { | line | line.split( ' ' ) }
+        row = rows.find { | _row | _row[ 2 ] == 'udp' && ( ( _row[ 10 ].split( '=' )[ 1 ] == addrinfo.ip_address && _row[ 12 ].split( '=' )[ 1 ].to_i == addrinfo.ip_port ) || ( _row[ 9 ] == '[UNREPLIED]' && _row[ 11 ].split( '=' )[ 1 ] == addrinfo.ip_address && _row[ 13 ].split( '=' )[ 1 ].to_i == addrinfo.ip_port ) ) }
+
+        unless row
+          puts "miss conntrack #{ addrinfo.inspect } #{ Time.new }"
+          IO.binwrite( '/tmp/nf_conntrack', bin )
+          return
+        end
+
+        timeout = row[ 4 ].to_i
+        orig_src_ip = row[ 5 ].split( '=' )[ 1 ]
+        orig_src_port = row[ 7 ].split( '=' )[ 1 ].to_i
+        dst_ip = row[ 6 ].split( '=' )[ 1 ]
+        dst_port = row[ 8 ].split( '=' )[ 1 ].to_i
+        orig_src_addr = Socket.sockaddr_in( orig_src_port, orig_src_ip )
+        dst_addr = Socket.sockaddr_in( dst_port, dst_ip )
+
+        if Addrinfo.new( dst_addr ).ipv4_private?
+          puts "dst is private? #{ Addrinfo.new( dst_addr ).inspect } #{ Addrinfo.new( src_addr ).inspect } #{ Addrinfo.new( orig_src_addr ).inspect } #{ Time.new }"
+          add_redir_wbuff( redir, dst_addr, data )
+          return
+        end
+
+        # puts "debug save cache #{ addrinfo.inspect } #{ Addrinfo.new( orig_src_addr ).inspect } #{ Addrinfo.new( dst_addr ).inspect } #{ timeout } #{ now }"
+        @mappings[ src_addr ] = [ orig_src_addr, dst_addr, timeout, now ]
+      end
+
+      tun = @tuns[ [ orig_src_addr, dst_addr ].join ]
+
+      unless tun
+        tun = new_a_tun( orig_src_addr, dst_addr, src_addr )
+
+        # puts "debug tun send to udpd #{ Addrinfo.new( orig_src_addr ).inspect } #{ Addrinfo.new( dst_addr ).inspect }"
+        ctlmsg = [ orig_src_addr, dst_addr ].join
+        add_tun_wbuff( tun, @udpd_addr, ctlmsg )
+      end
+
+      tun_info = @tun_infos[ tun ]
+      add_tun_wbuff( tun, tun_info[ :tund_addr ], data )
+    end
+
+    def read_tun( tun )
+      data, addrinfo, rflags, *controls = tun.recvmsg
+      from_addr = addrinfo.to_sockaddr
+      tun_info = @tun_infos[ tun ]
+      tun_info[ :last_traff_at ] = Time.new
+
+      if from_addr == @udpd_addr
+        tund_port = data[ 0, 2 ].unpack( 'n' ).first
+        tund_addr = Socket.sockaddr_in( tund_port, @udpd_host )
+        tun_info[ :tund_addr ] = tund_addr
+
+        if tun_info[ :rbuffs ].any?
+          tun_info[ :wbuffs ] += tun_info[ :rbuffs ].map{ | rbuff | [ tund_addr, rbuff ] }
+          tun_info[ :rbuffs ].clear
+          add_write( tun )
+        end
+
+      elsif from_addr == tun_info[ :tund_addr ]
+        add_redir_wbuff( @redir, tun_info[ :src_addr ], data )
+      end
+    end
+
+    def write_redir( redir )
+      if @redir_wbuffs.empty?
+        @writes.delete( redir )
+        return
+      end
+
+      src_addr, data = @redir_wbuffs.shift
+      redir.sendmsg( data, 0, src_addr )
+    end
+
+    def write_tun( tun )
+      if @closings.include?( tun )
+        close_tun( tun )
+        return
+      end
+
+      tun_info = @tun_infos[ tun ]
+
+      if tun_info[ :wbuffs ].empty?
+        @writes.delete( tun )
+        return
+      end
+
+      to_addr, data = tun_info[ :wbuffs ].shift
+      tun.sendmsg( data, 0, to_addr )
+    end
+
+    def add_redir_wbuff( redir, to_addr, data )
+      @redir_wbuffs << [ to_addr, data ]
+      add_write( redir )
+    end
+
+    def add_tun_wbuff( tun, to_addr, data )
+      tun_info = @tun_infos[ tun ]
+
+      if to_addr
+        tun_info[ :wbuffs ] << [ to_addr, data ]
+        add_write( tun )
+      else
+        tun_info[ :rbuffs ] << data
+      end
+    end
+
+    def add_write( sock )
+      unless @writes.include?( sock )
+        @writes << sock
+      end
+    end
+
+    def add_closing( tun )
+      unless @closings.include?( tun )
+        @closings << tun
+      end
+
+      add_write( tun )
+    end
+
+    def close_tun( tun )
+      tun.close
+      @reads.delete( tun )
+      @writes.delete( tun )
+      @closings.delete( tun )
+      @roles.delete( tun )
+      tun_info = @tun_infos.delete( tun )
+      @tuns.delete( [ tun_info[ :orig_src_addr ], tun_info[ :dst_addr ] ].join )
+
+      if @mappings.include?( tun_info[ :src_addr ] )
+        orig_src_addr, dst_addr, timeout, read_at = @mappings[ tun_info[ :src_addr ] ]
+
+        if orig_src_addr == tun_info[ :orig_src_addr ] && dst_addr == tun_info[ :dst_addr ]
+          @mappings.delete( tun_info[ :src_addr ] )
+        end
+      end
+    end
+
+    def new_a_tun( orig_src_addr, dst_addr, src_addr )
+      tun = Socket.new( Socket::AF_INET, Socket::SOCK_DGRAM, 0 )
+      tun.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEPORT, 1 )
+      tun.bind( Socket.sockaddr_in( 0, '0.0.0.0' ) )
+
+      @tun_infos[ tun ] = {
+        orig_src_addr: orig_src_addr,
+        dst_addr: dst_addr,
+        src_addr: src_addr,
+        tund_addr: nil,
+        rbuffs: [],
+        wbuffs: [],
+        last_traff_at: Time.new
+      }
+
+      @tuns[ [ orig_src_addr, dst_addr ].join ] = tun
+      @roles[ tun ] = :tun
+      @reads << tun
+
+      tun
+    end
+
+    def loop_expire
+      Thread.new do
+        loop do
+          sleep 30
+
+          @mutex.synchronize do
+            now = Time.new
+
+            @tun_infos.values.each do | tun_info |
+              # net.netfilter.nf_conntrack_udp_timeout_stream
+              if now - tun_info[ :last_traff_at ] > 180
+                @ctlw.write( [ tun_info[ :orig_src_addr ], tun_info[ :dst_addr ] ].join )
+              end
+            end
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/girl/udpd.rb

@@ -0,0 +1,286 @@
+require 'girl/version'
+require 'socket'
+
+##
+# Girl::Udpd - udp透明转发，远端。
+#
+module Girl
+  class Udpd
+
+    def initialize( port = 3030 )
+      ctlr, ctlw = IO.pipe
+
+      udpd = Socket.new( Socket::AF_INET, Socket::SOCK_DGRAM, 0 )
+      udpd.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEPORT, 1 )
+      udpd.bind( Socket.sockaddr_in( port, '0.0.0.0' ) )
+      puts "udpd bound on #{ port } #{ Time.new }"
+
+      @mutex = Mutex.new
+      @ctlw = ctlw
+      @udpd = udpd
+      @reads = [ ctlr, udpd ]
+      @writes = []
+      @closings = []
+      @roles = {
+        ctlr => :ctlr,  # :ctlr / :udpd / :tund
+        udpd => :udpd
+      }
+      @udpd_wbuffs = [] # [ tun_addr ctlmsg ] ...
+      @tunds = {}       # [ tun_ip_addr orig_src_addr ] => tund
+      @tund_infos = {}  # tund => {}
+                        #   port: port
+                        #   tun_ip_addr: sockaddr
+                        #   orig_src_addr: sockaddr
+                        #   wbuffs: [] # [ to_addr, data ] ...
+                        #   dst_addrs: { tun_addr => dst_addr }
+                        #   tun_addrs: { dst_addr => tun_addr }
+                        #   is_tunneleds: { [ tun_addr dst_addr ] => false }
+                        #   unpaired_dst_rbuffs: { dst_addr => [] }
+                        #   last_traff_at: now
+    end
+
+    def looping
+      loop_expire
+
+      loop do
+        rs, ws = IO.select( @reads, @writes )
+
+        @mutex.synchronize do
+          rs.each do | sock |
+            case @roles[ sock ]
+            when :ctlr
+              read_ctlr( sock )
+            when :udpd
+              read_udpd( sock )
+            when :tund
+              read_tund( sock )
+            end
+          end
+
+          ws.each do | sock |
+            case @roles[ sock ]
+            when :udpd
+              write_udpd( sock )
+            when :tund
+              write_tund( sock )
+            end
+          end
+        end
+      end
+    end
+
+    def quit!
+      exit
+    end
+
+    private
+
+    def read_ctlr( ctlr )
+      to_addr = ctlr.read( 32 )
+      tund = @tunds[ to_addr ]
+
+      if tund
+        add_closing( tund )
+      end
+    end
+
+    def read_udpd( udpd )
+      data, addrinfo, rflags, *controls = udpd.recvmsg
+      # puts "debug udpd recv #{ data.inspect } from #{ addrinfo.inspect }"
+      orig_src_addr = data[ 0, 16 ]
+      dst_addr = data[ 16, 16 ]
+      tun_addr = addrinfo.to_sockaddr
+      tun_ip_addr = Addrinfo.ip( addrinfo.ip_address ).to_sockaddr
+
+      return unless Addrinfo.new( orig_src_addr ).ipv4?
+
+      dst_addrinfo = Addrinfo.new( dst_addr )
+      return unless dst_addrinfo.ipv4?
+      return if dst_addrinfo.ipv4_private?
+
+      tund = pair_tund( tun_addr, tun_ip_addr, orig_src_addr, dst_addr )
+      tund_info = @tund_infos[ tund ]
+      tund_port = tund_info[ :port ]
+
+      # puts "debug udpd send to tun #{ tund_port } #{ addrinfo.inspect }"
+      ctlmsg = [ tund_port ].pack( 'n' )
+      @udpd_wbuffs << [ tun_addr, ctlmsg ]
+      add_write( udpd )
+    end
+
+    def read_tund( tund )
+      data, addrinfo, rflags, *controls = tund.recvmsg
+      from_addr = addrinfo.to_sockaddr
+      tund_info = @tund_infos[ tund ]
+      tund_info[ :last_traff_at ] = Time.new
+      to_addr = tund_info[ :dst_addrs ][ from_addr ]
+
+      if to_addr
+        # 来自tun，发给dst。
+        td_addr = [ from_addr, to_addr ].join
+        is_tunneled = tund_info[ :is_tunneleds ][ td_addr ]
+
+        unless is_tunneled
+          # puts "debug first traffic from tun #{ addrinfo.inspect } to #{ Addrinfo.new( to_addr ).inspect }"
+          # 发暂存
+          if tund_info[ :unpaired_dst_rbuffs ].include?( to_addr )
+            rbuffs = tund_info[ :unpaired_dst_rbuffs ].delete( to_addr )
+            # puts "debug move tund.dst.rbuffs to tund.wbuffs #{ rbuffs.inspect }"
+            tund_info[ :wbuffs ] += rbuffs.map{ | rbuff | [ from_addr, rbuff ] }
+          end
+
+          tund_info[ :is_tunneleds ][ td_addr ] = true
+        end
+
+        # 如果对面没来过流量，且在nat里，nat规则是只对去过的目的地做接收，那么，先过去的流量会撞死。
+        # 没关系，撞死的流量通常是打洞数据，在应用计算之内，打洞数据通常是连发的。
+        # puts "debug #{ data.inspect } from #{ addrinfo.inspect } to #{ Addrinfo.new( to_addr ).inspect }"
+        add_tund_wbuff( tund, to_addr, data )
+        return
+      end
+
+      to_addr = tund_info[ :tun_addrs ][ from_addr ]
+
+      if to_addr
+        # 来自dst，发给tun。
+        # puts "debug #{ data.inspect } from #{ addrinfo.inspect } to #{ Addrinfo.new( to_addr ).inspect }"
+
+        td_addr = [ to_addr, from_addr ].join
+        is_tunneled = tund_info[ :is_tunneleds ][ td_addr ]
+
+        if is_tunneled
+          add_tund_wbuff( tund, to_addr, data )
+          return
+        end
+
+        # puts "debug #{ Addrinfo.new( to_addr ).inspect } #{ addrinfo.inspect } not tunneled"
+      end
+
+      # 来自未知的地方，或者对应的tun还没来流量，记暂存
+      unless tund_info[ :unpaired_dst_rbuffs ][ from_addr ]
+        tund_info[ :unpaired_dst_rbuffs ][ from_addr ] = []
+      end
+
+      # 暂存5条（连发打洞数据，不需要存多）。
+      if tund_info[ :unpaired_dst_rbuffs ][ from_addr ].size < 5
+        # puts "debug save other dst rbuff #{ addrinfo.inspect } #{ data.inspect }"
+        tund_info[ :unpaired_dst_rbuffs ][ from_addr ] << data
+      end
+    end
+
+    def write_udpd( udpd )
+      if @udpd_wbuffs.empty?
+        @writes.delete( udpd )
+        return
+      end
+
+      tun_addr, ctlmsg = @udpd_wbuffs.shift
+      udpd.sendmsg( ctlmsg, 0, tun_addr )
+    end
+
+    def write_tund( tund )
+      if @closings.include?( tund )
+        close_tund( tund )
+        return
+      end
+
+      tund_info = @tund_infos[ tund ]
+
+      if tund_info[ :wbuffs ].empty?
+        @writes.delete( tund )
+        return
+      end
+
+      to_addr, data = tund_info[ :wbuffs ].shift
+      tund.sendmsg( data, 0, to_addr )
+    end
+
+    def add_tund_wbuff( tund, to_addr, data )
+      tund_info = @tund_infos[ tund ]
+      tund_info[ :wbuffs ] << [ to_addr, data ]
+
+      add_write( tund )
+    end
+
+    def add_write( sock )
+      unless @writes.include?( sock )
+        @writes << sock
+      end
+    end
+
+    def add_closing( tund )
+      unless @closings.include?( tund )
+        @closings << tund
+      end
+
+      add_write( tund )
+    end
+
+    def close_tund( tund )
+      tund.close
+      @reads.delete( tund )
+      @writes.delete( tund )
+      @closings.delete( tund )
+      @roles.delete( tund )
+      tund_info = @tund_infos.delete( tund )
+      @tunds.delete( [ tund_info[ :tun_ip_addr ], tund_info[ :orig_src_addr ] ].join )
+    end
+
+    def pair_tund( tun_addr, tun_ip_addr, orig_src_addr, dst_addr )
+      from_addr = [ tun_ip_addr, orig_src_addr ].join
+      td_addr = [ tun_addr, dst_addr ].join
+      tund = @tunds[ from_addr ]
+
+      if tund
+        tund_info = @tund_infos[ tund ]
+        tund_info[ :dst_addrs ][ tun_addr ] = dst_addr
+        tund_info[ :tun_addrs ][ dst_addr ] = tun_addr
+        tund_info[ :is_tunneleds ][ td_addr ] = false
+      else
+        tund = Socket.new( Socket::AF_INET, Socket::SOCK_DGRAM, 0 )
+        tund.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEPORT, 1 )
+        tund.setsockopt( Socket::SOL_SOCKET, Socket::SO_BROADCAST, 1 )
+        tund.bind( Socket.sockaddr_in( 0, '0.0.0.0' ) )
+        tund_port = tund.local_address.ip_unpack.last
+
+        @tund_infos[ tund ] = {
+          port: tund_port,
+          tun_ip_addr: tun_ip_addr,
+          orig_src_addr: orig_src_addr,
+          wbuffs: [],
+          dst_addrs: { tun_addr => dst_addr },
+          tun_addrs: { dst_addr => tun_addr },
+          is_tunneleds: { td_addr => false },
+          unpaired_dst_rbuffs: {},
+          last_traff_at: Time.new
+        }
+
+        @roles[ tund ] = :tund
+        @reads << tund
+        @tunds[ from_addr ] = tund
+      end
+
+      tund
+    end
+
+    def loop_expire
+      Thread.new do
+        loop do
+          sleep 30
+
+          @mutex.synchronize do
+            now = Time.new
+
+            @tund_infos.values.each do | tund_info |
+              # net.netfilter.nf_conntrack_udp_timeout_stream
+              if now - tund_info[ :last_traff_at ] > 180
+                @ctlw.write( [ tund_info[ :tun_ip_addr ], tund_info[ :orig_src_addr ] ].join )
+              end
+            end
+          end
+        end
+      end
+    end
+
+  end
+end