Hello community, here is the log from the commit of package udp2raw-tunnel for openSUSE:Factory checked in at 2020-08-20 22:32:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/udp2raw-tunnel (Old) and /work/SRC/openSUSE:Factory/.udp2raw-tunnel.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "udp2raw-tunnel" Thu Aug 20 22:32:52 2020 rev:4 rq:828131 version:20200818.0 Changes: -------- --- /work/SRC/openSUSE:Factory/udp2raw-tunnel/udp2raw-tunnel.changes 2020-08-05 20:28:05.775057904 +0200 +++ /work/SRC/openSUSE:Factory/.udp2raw-tunnel.new.3399/udp2raw-tunnel.changes 2020-08-20 22:33:13.736104801 +0200 @@ -1,0 +2,7 @@ +Wed Aug 19 19:36:57 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 20200818.0 + * Fixed FATAL:kernel too old (Issue 339) on x86 amd64 and + possibly arm. + +------------------------------------------------------------------- Old: ---- udp2raw-tunnel-20200727.0.tar.gz New: ---- udp2raw-tunnel-20200818.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ udp2raw-tunnel.spec ++++++ --- /var/tmp/diff_new_pack.cTuiyQ/_old 2020-08-20 22:33:14.380105103 +0200 +++ /var/tmp/diff_new_pack.cTuiyQ/_new 2020-08-20 22:33:14.384105104 +0200 @@ -18,7 +18,7 @@ Name: udp2raw-tunnel -Version: 20200727.0 +Version: 20200818.0 Release: 0 Summary: UDP over TCP/ICMP/UDP tunnel # The following files are adapted from PolarSSL 1.3.19 (GPL-2.0) ++++++ udp2raw-tunnel-20200727.0.tar.gz -> udp2raw-tunnel-20200818.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200727.0/README.md new/udp2raw-tunnel-20200818.0/README.md --- old/udp2raw-tunnel-20200727.0/README.md 2020-07-26 21:07:17.000000000 +0200 +++ new/udp2raw-tunnel-20200818.0/README.md 2020-08-18 09:19:18.000000000 +0200 @@ -1,27 +1,27 @@ # Udp2raw-tunnel -A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). It can defend Replay-Attack and supports Multiplexing. It also acts as a Connection Stabilizer. +A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). + +When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported. + ![image0](images/image0.PNG) -When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported. +or ![image_vpn](images/udp2rawopenvpn.PNG) +[udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki) + [简体中文](/doc/README.zh-cn.md)(内容更丰富) -[udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki) # Support Platforms -Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root access. +Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root account or cap_net_raw capability. For Windows and MacOS users, use the udp2raw in [this repo](https://github.com/wangyu-/udp2raw-multiplatform). -<del>For Windows and MacOS You can run udp2raw inside [this](https://github.com/wangyu-/udp2raw-tunnel/releases/download/20171108.0/lede-17.01.2-x86_virtual_machine_image.zip) 7.5mb virtual machine image(make sure network adapter runs at bridged mode).</del> - - - # Features ### Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel. @@ -29,12 +29,14 @@ UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stalization). ### Simulated TCP with Real-time/Out-of-Order Delivery -In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates following TCP options: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`.Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN. +In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN. ### Encryption, Anti-Replay * Encrypt your traffic with AES-128-CBC. * Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32). -* Defense replay attack with an anti-replay window, smiliar to IPSec and OpenVPN. +* Defense replay attack with anti-replay window. + +[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption) ### Failure Dectection & Stablization (Connection Recovery) Conection failures are detected by heartbeats. If timed-out, client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. @@ -218,63 +220,6 @@ (reverse speed was simliar and not uploaded) -# Application -## Tunneling any traffic via raw traffic by using udp2raw +openvpn -![image_vpn](images/udp2rawopenvpn.PNG) -1. Bypasses UDP block/UDP QOS - -2. No TCP over TCP problem (TCP over TCP problem http://sites.inka.de/bigred/devel/tcp-tcp.html ,https://community.openvpn.net/openvpn/ticket/2 ) - -3. OpenVpn over ICMP also becomes a choice - -4. Supports almost any UDP-based VPN - -More details at [openvpn+udp2raw_guide](https://github.com/wangyu-/udp2raw-tunnel/wiki/udp2raw-openvpn-config-guide) -## Speed-up tcp connection via raw traffic by using udp2raw+kcptun -kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. -(kcptun, https://github.com/xtaci/kcptun) - -## Speed-up tcp connection via raw traffic by using udp2raw+finalspeed -finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable. - -# How to build -read [build_guide](/doc/build_guide.md) - -# Other -### Easier installation on ArchLinux -``` -yaourt -S udp2raw-tunnel # or -pacaur -S udp2raw-tunnel -``` - -# Related work -### kcptun-raw -udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. - -https://github.com/Chion82/kcptun-raw -### relayRawSocket -kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python - -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket -### kcpraw -another project of kcptun with tcp mode - -https://github.com/ccsexyz/kcpraw - -### icmptunnel -Transparently tunnel your IP traffic through ICMP echo and reply packets. - -https://github.com/DhavalKapil/icmptunnel - -### Tcp Minion -Tcp Minion is a project which modifid the code of tcp stack in kernel,and implemented real-time out-order udp packet delivery through this modified tcp stack.I failed to find the implementation,but there are some papers avaliable: - -https://arxiv.org/abs/1103.0463 - -http://korz.cs.yale.edu/2009/tng/papers/pfldnet10.pdf - -https://pdfs.semanticscholar.org/9e6f/e2306f4385b4eb5416d1fcab16e9361d6ba3.pdf - # wiki Check wiki for more info: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200727.0/doc/README.zh-cn.md new/udp2raw-tunnel-20200818.0/doc/README.zh-cn.md --- old/udp2raw-tunnel-20200727.0/doc/README.zh-cn.md 2020-07-26 21:07:17.000000000 +0200 +++ new/udp2raw-tunnel-20200818.0/doc/README.zh-cn.md 2020-08-18 09:19:18.000000000 +0200 @@ -14,21 +14,19 @@ **提示:** -udp2raw不是加速器,只是一个帮助你绕过UDP限制的工具。如果你需要UDP加速器,请看UDPspeeder。 +udp2raw不是加速器,只是一个帮助你绕过UDP限制的工具。如果你需要UDP“加速器” (改善UDP丢包),请看UDPspeeder。 UDPspeeder的repo: https://github.com/wangyu-/UDPspeeder # 支持的平台 -Linux主机,有root权限。可以是PC、android手机/平板、openwrt路由器、树莓派。主机上最好安装了iptables命令(apt/yum很容易安装)。 +Linux主机,有root权限或cap_net_raw capability.。可以是PC、android手机/平板、openwrt路由器、树莓派。主机上最好安装了iptables命令(apt/yum很容易安装)。 Release中提供了`amd64`、`x86`、`arm`、`mips_be`、`mips_le`的预编译binary. ##### 对于windows和mac用户: -可以用[这个repo](https://github.com/wangyu-/udp2raw-multiplatform)里的udp2raw,原生运行。 - -<del>可以把udp2raw运行在虚拟机上(网络必须是桥接模式)。可以参考: https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客户端,带图形界面 </del> +可以用[这个repo](https://github.com/wangyu-/udp2raw-multiplatform)里的udp2raw。 ##### 对于ios和游戏主机用户: @@ -44,10 +42,10 @@ ### 心跳保活、自动重连,连接恢复 心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw))(**就算你拔掉网线重插,或者重新拨号获得新ip,上层应用也不会断线**) -### 加密 防重放攻击 +### 加密、防重放攻击 用aes128cbc加密(或更弱的xor),hmac-sha1(或更弱的md5/crc32/simple)做数据完整校验。用类似ipsec/openvpn的replay window机制来防止重放攻击。 -设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。 +[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption) ### 其他特性 信道复用,client的udp端支持多个连接。 @@ -56,7 +54,7 @@ NAT 穿透 ,tcp icmp udp模式都支持nat穿透。 -支持Openvz,配合finalspeed使用,可以在openvz上用tcp模式的finalspeed +支持Openvz,配合finalspeed使用,可以在openvz上用tcp模式的finalspeed. 支持Openwrt,没有编译依赖,容易编译到任何平台上。 @@ -264,25 +262,6 @@ [udp2raw+kcptun step_by_step教程](kcptun_step_by_step.md) ### 中转 finalspeed [udp2raw+finalspeed step_by_step教程](finalspeed_step_by_step.md) -# 如何自己编译 -[编译教程](build_guide.zh-cn.md) -# 相关repo -### kcptun-raw -udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. - -https://github.com/Chion82/kcptun-raw -### relayRawSocket -kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python - -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket -### kcpraw -another project of kcptun with tcp mode - -https://github.com/ccsexyz/kcpraw -### icmptunnel -Transparently tunnel your IP traffic through ICMP echo and reply packets. - -https://github.com/DhavalKapil/icmptunnel # wiki diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200727.0/makefile new/udp2raw-tunnel-20200818.0/makefile --- old/udp2raw-tunnel-20200727.0/makefile 2020-07-26 21:07:17.000000000 +0200 +++ new/udp2raw-tunnel-20200818.0/makefile 2020-08-18 09:19:18.000000000 +0200 @@ -2,9 +2,11 @@ cc_local=g++ cc_mips24kc_be=/toolchains/lede-sdk-17.01.2-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl-1.1.16/bin/mips-openwrt-linux-musl-g++ cc_mips24kc_le=/toolchains/lede-sdk-17.01.2-ramips-mt7621_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl-1.1.16/bin/mipsel-openwrt-linux-musl-g++ -cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++ +cc_arm= /toolchains/lede-sdk-17.01.2-bcm53xx_gcc-5.4.0_musl-1.1.16_eabi.Linux-x86_64/staging_dir/toolchain-arm_cortex-a9_gcc-5.4.0_musl-1.1.16_eabi/bin/arm-openwrt-linux-c++ cc_mingw_cross=i686-w64-mingw32-g++-posix cc_mac_cross=o64-clang++ -stdlib=libc++ +cc_x86=/toolchains/lede-sdk-17.01.2-x86-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-i386_pentium4_gcc-5.4.0_musl-1.1.16/bin/i486-openwrt-linux-c++ +cc_amd64=/toolchains/lede-sdk-17.01.2-x86-64_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-x86_64_gcc-5.4.0_musl-1.1.16/bin/x86_64-openwrt-linux-c++ #cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ @@ -36,7 +38,7 @@ #dynamic link dynamic: git_version - ${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -O3 + ${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -O2 #targes for general cross compile @@ -55,7 +57,7 @@ ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -ggdb debug: git_version rm -f ${NAME} - ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG + ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG -ggdb debug2: git_version rm -f ${NAME} ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address @@ -63,25 +65,25 @@ #targets only for 'make release' mips24kc_be: git_version - ${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3 + ${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O2 mips24kc_be_asm_aes: git_version - ${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips_be.S + ${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O2 lib/aes_acc/asm/mips_be.S mips24kc_le: git_version - ${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3 + ${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O2 mips24kc_le_asm_aes: git_version - ${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips.S + ${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O2 lib/aes_acc/asm/mips.S amd64:git_version - ${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O3 + ${cc_amd64} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh -ggdb amd64_hw_aes:git_version - ${cc_local} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 lib/aes_acc/asm/x64.S + ${cc_amd64} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/x64.S -lgcc_eh -ggdb x86:git_version - ${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O3 -m32 + ${cc_x86} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh -ggdb x86_asm_aes:git_version - ${cc_local} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 -m32 lib/aes_acc/asm/x86.S + ${cc_x86} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/x86.S -lgcc_eh -ggdb arm:git_version - ${cc_arm} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O3 + ${cc_arm} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh arm_asm_aes:git_version - ${cc_arm} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 lib/aes_acc/asm/arm.S + ${cc_arm} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/arm.S -lgcc_eh release: ${TARGETS} cp git_version.h version.txt @@ -119,7 +121,7 @@ release_mp:${TARGETS_MP} cp git_version.h version.txt - tar -zcvf ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac + tar -zcvf ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac version.txt clean: