mirror/Easytier
1
0
Fork 0
mirror of https://github.com/EasyTier/EasyTier.git synced 2026-05-07 02:09:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix tcp incoming failure when kcp proxy is enabled (#601)

Browse Source
This commit is contained in:
Sijie.Sun
2025-02-06 09:08:34 +08:00
committed by GitHub
parent 1e821a03fe
commit 8b89a037e8
4 changed files with 35 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
easytier/src/gateway/kcp_proxy.rs
+22 -4
View File
@@ -12,7 +12,12 @@ use kcp_sys::{
packet_def::KcpPacket,
stream::KcpStream,
};
use pnet::packet::{ip::IpNextHeaderProtocols, ipv4::Ipv4Packet};
use pnet::packet::{
ip::IpNextHeaderProtocols,
ipv4::Ipv4Packet,
tcp::{TcpFlags, TcpPacket},
Packet as _,
};
use prost::Message;
use tokio::{io::copy_bidirectional, task::JoinSet};
@@ -138,7 +143,6 @@ impl NatDstConnector for NatDstKcpConnector {
}
fn check_packet_from_peer_fast(&self, _cidr_set: &CidrSet, _global_ctx: &GlobalCtx) -> bool {
// if kcp is turned off, the filter will not be added to the pipeline
true
}
@@ -146,10 +150,11 @@ impl NatDstConnector for NatDstKcpConnector {
&self,
_cidr_set: &CidrSet,
_global_ctx: &GlobalCtx,
_hdr: &PeerManagerHeader,
hdr: &PeerManagerHeader,
_ipv4: &Ipv4Packet,
) -> bool {
true
// TODO: how to support net to net kcp proxy?
return hdr.from_peer_id == hdr.to_peer_id;
}
}
@@ -201,6 +206,19 @@ impl NicPacketFilter for TcpProxyForKcpSrc {
return false;
}
// if no connection is established, only allow SYN packet
let tcp_packet = TcpPacket::new(ip_packet.payload()).unwrap();
let is_syn = tcp_packet.get_flags() & TcpFlags::SYN != 0
&& tcp_packet.get_flags() & TcpFlags::ACK == 0;
if !is_syn
&& !self.0.is_tcp_proxy_connection(SocketAddr::new(
IpAddr::V4(my_ipv4.address()),
tcp_packet.get_source(),
))
{
return false;
}
zc_packet.mut_peer_manager_header().unwrap().to_peer_id = self.0.get_my_peer_id().into();
true
easytier/src/gateway/tcp_proxy.rs
+4
View File
@@ -795,4 +795,8 @@ impl<C: NatDstConnector> TcpProxy<C> {
pub fn get_peer_manager(&self) -> &Arc<PeerManager> {
&self.peer_manager
}
pub fn is_tcp_proxy_connection(&self, src: SocketAddr) -> bool {
self.syn_map.contains_key(&src) || self.addr_conn_map.contains_key(&src)
}
}