├── sub.set ├── local6.set ├── natcap_seq.png ├── docs ├── multi_conn.pdf ├── natcap_seq.pdf ├── natcap_tcp_type1.pdf ├── natcap_tcp_type2.pdf ├── natcap_tcp_type3.pdf ├── natcap_seq.tex ├── natcap_tcp_type2.tex ├── multi_conn.tex ├── natcap_tcp_type3.tex └── natcap_tcp_type1.tex ├── accelerated-domains.china.raw.build.gz ├── peer_client.sh ├── dkms.conf ├── local.set ├── natcapd ├── natcapd.server.load.sh ├── Makefile ├── natcapd.h └── natcapd.c ├── vclist.sh ├── ipgroup_merge.lua ├── dubai.set.sh ├── hkip2cidr.lua ├── ipgroup_sub.lua ├── cnip2cidr.lua ├── peer.sh ├── apnic.lua ├── ipgroup_invert.lua ├── Makefile.dkms ├── accelerated-domains.china.raw.gen.sh ├── natcap_server.h ├── natcap_knock.h ├── natcap_dns_node.sh ├── gfwlist1.tocn.ip.txt ├── client.sh ├── server.sh ├── README.md ├── .gitignore ├── peer_ctl.sh ├── kernel_patch_sample.natcap-patch-kernel-for-cone-nat-support.patch ├── gfwlist1.tocn.host.txt ├── Makefile ├── natcap_client.h ├── natcap_peer.h ├── geoip.txt.out.cn1 ├── natcap_knock.c ├── cniplist.orig.set.exclude1 ├── natcap.h ├── getflix.set ├── qq.com.set ├── natcap_common.h └── geoip.txt.out.cn /sub.set: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /local6.set: -------------------------------------------------------------------------------- 1 | ::1 2 | fc00::/7 3 | ff00::/8 4 | fec0::/10 5 | fe80::/10 6 | -------------------------------------------------------------------------------- /natcap_seq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/natcap_seq.png -------------------------------------------------------------------------------- /docs/multi_conn.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/docs/multi_conn.pdf -------------------------------------------------------------------------------- /docs/natcap_seq.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/docs/natcap_seq.pdf -------------------------------------------------------------------------------- /docs/natcap_tcp_type1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/docs/natcap_tcp_type1.pdf -------------------------------------------------------------------------------- /docs/natcap_tcp_type2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/docs/natcap_tcp_type2.pdf -------------------------------------------------------------------------------- /docs/natcap_tcp_type3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/docs/natcap_tcp_type3.pdf -------------------------------------------------------------------------------- /accelerated-domains.china.raw.build.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptpt52/natcap/HEAD/accelerated-domains.china.raw.build.gz -------------------------------------------------------------------------------- /peer_client.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SERVER=ec2ns.ptpt52.com 4 | 5 | while :; do 6 | timeout 30 ping -t1 -s16 -c16 $SERVER 7 | done 8 | -------------------------------------------------------------------------------- /dkms.conf: -------------------------------------------------------------------------------- 1 | PACKAGE_NAME="natcap" 2 | PACKAGE_VERSION="#MODULE_VERSION#" 3 | MAKE[0]="make KVERSION=$kernelver" 4 | CLEAN="make clean" 5 | BUILT_MODULE_NAME[0]="natcap" 6 | DEST_MODULE_LOCATION[0]="/kernel/drivers/net" 7 | AUTOINSTALL="yes" 8 | -------------------------------------------------------------------------------- /local.set: -------------------------------------------------------------------------------- 1 | 0.0.0.0/8 2 | 10.0.0.0/8 3 | 100.64.0.0/10 4 | 127.0.0.0/8 5 | 169.254.0.0/16 6 | 172.16.0.0/12 7 | 192.0.2.0/24 8 | 192.168.0.0/16 9 | 198.18.0.0/15 10 | 198.51.100.0/24 11 | 203.0.113.0/24 12 | 224.0.0.0/4 13 | 240.0.0.0/4 14 | 255.255.255.255/32 15 | -------------------------------------------------------------------------------- /natcapd/natcapd.server.load.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | vmroot=`dirname "$0"` 4 | cd "$vmroot" 5 | vmroot=`pwd` 6 | cd - 7 | 8 | test -c /dev/natcap_ctl && echo natcap_redirect_port=1080 >/dev/natcap_ctl 9 | ulimit -n 100000 10 | $vmroot/natcapd-server -t 900 11 | test -c /dev/natcap_ctl && echo natcap_redirect_port=0 >/dev/natcap_ctl 12 | -------------------------------------------------------------------------------- /vclist.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # load && run 4 | modprobe ip_set 5 | rmmod natcap >/dev/null 2>&1 6 | ( modprobe natcap auth_enabled=1 mode=1 >/dev/null || insmod ./natcap.ko auth_enabled=1 mode=1 ) && { 7 | cat <>/dev/natcap_ctl 8 | debug=3 9 | disabled=0 10 | EOF 11 | } 12 | 13 | ipset create vclist hash:mac hashsize 1024 maxelem 65536 14 | 15 | -------------------------------------------------------------------------------- /ipgroup_merge.lua: -------------------------------------------------------------------------------- 1 | local args = {...} 2 | local ipops = require("ipops") 3 | 4 | local netStringSet = {} 5 | 6 | for _, arg in ipairs(args) do 7 | for line in io.lines(arg) do 8 | table.insert(netStringSet, line) 9 | end 10 | end 11 | 12 | local rangeSet = ipops.netStringSet2rangeSet(netStringSet) 13 | local ipcidrSet = ipops.rangeSet2ipcidrSet(rangeSet) 14 | for _, ipcidr in ipairs(ipcidrSet) do 15 | print(ipcidr) 16 | end 17 | -------------------------------------------------------------------------------- /dubai.set.sh: -------------------------------------------------------------------------------- 1 | cat urls.js | grep -v "^[ ]*//" | \ 2 | grep -o "\(http\|https\)://.*" | \ 3 | cut -d"/" -f3 | \ 4 | grep -v '*' | \ 5 | sort | uniq | \ 6 | grep -v '\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)' \ 7 | >gfwlist1.tocn.host.txt 8 | 9 | cat urls.js | grep -v "^[ ]*//" | \ 10 | grep -o "\(http\|https\)://.*" | \ 11 | cut -d"/" -f3 | \ 12 | grep -v '*' | \ 13 | sort | uniq | \ 14 | grep -o '\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)' \ 15 | >gfwlist1.tocn.ip.txt 16 | -------------------------------------------------------------------------------- /hkip2cidr.lua: -------------------------------------------------------------------------------- 1 | local ipops = require "ipops" 2 | 3 | local rangeSet = {} 4 | 5 | for line in io.lines("ip.merge.txt") do 6 | local ip1, ip2, z1, _, z2 = line:match('(%d+.%d+.%d+.%d+)|(%d+.%d+.%d+.%d+)|(%S-)|(%S-)|(%S-)|.*') 7 | --print(z1, z2) 8 | if z2 == '香港' or z2 == '台湾省' or z2 == '澳门' then 9 | local netString = string.format("%s-%s", ip1, ip2) 10 | rangeSet = ipops.rangeSet_add_range(rangeSet, ipops.netString2range(netString)) 11 | end 12 | end 13 | 14 | local ipcidrSet = ipops.rangeSet2ipcidrSet(rangeSet) 15 | --print(table.concat(ipcidrSet, ',')) 16 | for _, ipcidr in ipairs(ipcidrSet) do 17 | print(ipcidr) 18 | end 19 | -------------------------------------------------------------------------------- /ipgroup_sub.lua: -------------------------------------------------------------------------------- 1 | local args = {...} 2 | local ipops = require("ipops") 3 | 4 | local netStringSetA = {} 5 | local netStringSetB = {} 6 | 7 | for line in io.lines(arg[1]) do 8 | table.insert(netStringSetA, line) 9 | end 10 | for line in io.lines(arg[2]) do 11 | table.insert(netStringSetB, line) 12 | end 13 | 14 | local rangeSetA = ipops.netStringSet2rangeSet(netStringSetA) 15 | local rangeSetB = ipops.netStringSet2rangeSet(netStringSetB) 16 | local rangeSet = ipops.rangeSet_sub_rangeSet(rangeSetA, rangeSetB) 17 | local ipcidrSet = ipops.rangeSet2ipcidrSet(rangeSet) 18 | for _, ipcidr in ipairs(ipcidrSet) do 19 | print(ipcidr) 20 | end 21 | -------------------------------------------------------------------------------- /cnip2cidr.lua: -------------------------------------------------------------------------------- 1 | local ipops = require "ipops" 2 | 3 | local rangeSet = {} 4 | 5 | for line in io.lines("ip.merge.txt") do 6 | local ip1, ip2, z1, _, z2 = line:match('(%d+.%d+.%d+.%d+)|(%d+.%d+.%d+.%d+)|(%S-)|(%S-)|(%S-)|.*') 7 | --print(z1, z2) 8 | if z1 == '中国' and z2 ~= '香港' and z2 ~= '台湾省' and z2 ~= '澳门' then 9 | local netString = string.format("%s-%s", ip1, ip2) 10 | rangeSet = ipops.rangeSet_add_range(rangeSet, ipops.netString2range(netString)) 11 | end 12 | end 13 | 14 | local ipcidrSet = ipops.rangeSet2ipcidrSet(rangeSet) 15 | --print(table.concat(ipcidrSet, ',')) 16 | for _, ipcidr in ipairs(ipcidrSet) do 17 | print(ipcidr) 18 | end 19 | -------------------------------------------------------------------------------- /peer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 1 > /proc/sys/net/ipv4/ip_forward 4 | 5 | iptables -F 6 | iptables -F -t nat 7 | iptables -P FORWARD DROP 8 | iptables -P INPUT ACCEPT 9 | 10 | iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 11 | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 12 | 13 | iptables -I FORWARD -m mark --mark 0x99 -j ACCEPT 14 | iptables -t nat -I POSTROUTING -m mark --mark 0x99 -j MASQUERADE 15 | 16 | modprobe ip_set 17 | rmmod natcap >/dev/null 2>&1 18 | ( modprobe natcap mode=5 debug=3 2>/dev/null || insmod ./natcap.ko mode=5 debug=3 ) && { 19 | cat <>/dev/natcap_peer_ctl 20 | local_target=0.0.0.0:22 21 | peer_sni_auth=1 22 | EOF 23 | } 24 | -------------------------------------------------------------------------------- /apnic.lua: -------------------------------------------------------------------------------- 1 | local args = {...} 2 | local ipops = require("ipops") 3 | 4 | local group = {} 5 | local rangeSet = {} 6 | 7 | local function get_parts_as_number(str) 8 | local t = {} 9 | for part in string.gmatch(str, "%d+") do 10 | table.insert(t, tonumber(part, 10)) 11 | end 12 | return t 13 | end 14 | 15 | for _, arg in ipairs(args) do 16 | for line in io.lines(arg) do 17 | local ip = get_parts_as_number(line) 18 | if #ip == 5 then 19 | local ips = (((ip[1] * 256 + ip[2]) * 256 + ip[3]) * 256 + ip[4]) 20 | local ipe = ips + ip[5] - 1 21 | rangeSet = ipops.rangeSet_add_range(rangeSet, {ips, ipe}) 22 | end 23 | end 24 | end 25 | 26 | local ipcidrSet = ipops.rangeSet2ipcidrSet(rangeSet) 27 | for _, ipcidr in ipairs(ipcidrSet) do 28 | print(ipcidr) 29 | end 30 | -------------------------------------------------------------------------------- /natcapd/Makefile: -------------------------------------------------------------------------------- 1 | INCS += -I.. 2 | LIBS += -L. -lev -lm 3 | 4 | SERVER_BIN = natcapd-server 5 | CLIENT_BIN = natcapd-client 6 | 7 | SERVER_CFLAGS = -std=gnu99 8 | CLIENT_CFLAGS = -std=gnu99 -DNATCAP_CLIENT_MODE 9 | CFLAGS += -Werror 10 | 11 | SRCS = natcapd.c 12 | 13 | .SUFFIXES: .c .o .server.o .client.o 14 | 15 | .c.server.o: 16 | $(CC) -c $^ -o $@ $(CFLAGS) $(SERVER_CFLAGS) $(INCS) 17 | 18 | .c.client.o: 19 | $(CC) -c $^ -o $@ $(CFLAGS) $(CLIENT_CFLAGS) $(INCS) 20 | 21 | default: $(SERVER_BIN) $(CLIENT_BIN) 22 | 23 | $(SERVER_BIN): $(SRCS:.c=.server.o) 24 | $(CC) $^ -o $@ $(CFLAGS) $(LDFLAGS) $(LIBS) 25 | 26 | $(CLIENT_BIN): $(SRCS:.c=.client.o) 27 | $(CC) $^ -o $@ $(CFLAGS) $(LDFLAGS) $(LIBS) 28 | 29 | clean: 30 | $(RM) $(SERVER_BIN) $(CLIENT_BIN) $(SRCS:.c=.server.o) $(SRCS:.c=.client.o) 31 | 32 | -------------------------------------------------------------------------------- /ipgroup_invert.lua: -------------------------------------------------------------------------------- 1 | local args = {...} 2 | local ipops = require("ipops") 3 | 4 | local netStringSet = {} 5 | 6 | for line in io.lines(args[1]) do 7 | table.insert(netStringSet, line) 8 | end 9 | 10 | local rangeSet = ipops.netStringSet2rangeSet(netStringSet) 11 | 12 | local invgroup = {} 13 | local lastrange = {0, 0} 14 | 15 | for i, range in pairs(rangeSet) do 16 | if i == 1 then 17 | if 0 < range[1] then 18 | table.insert(invgroup, {0, range[1] - 1}) 19 | end 20 | lastrange = range 21 | else 22 | if rangeSet[i-1][2] + 1 <= range[1] - 1 then 23 | table.insert(invgroup, {rangeSet[i-1][2] + 1, range[1] - 1}) 24 | end 25 | lastrange = range 26 | end 27 | end 28 | 29 | if lastrange[2] < 4294967295 then 30 | table.insert(invgroup, {lastrange[2] + 1, 4294967295}) 31 | end 32 | 33 | local ipcidrSet = ipops.rangeSet2ipcidrSet(invgroup) 34 | for _, ipcidr in ipairs(ipcidrSet) do 35 | print(ipcidr) 36 | end 37 | -------------------------------------------------------------------------------- /docs/natcap_seq.tex: -------------------------------------------------------------------------------- 1 | \documentclass[tikz, border=2mm]{standalone} 2 | 3 | \usetikzlibrary{arrows,shadows} 4 | \usepackage{pgf-umlsd} 5 | 6 | \begin{document} 7 | \begin{sequencediagram} 8 | \newthread[white]{c}{Client$(C)$} 9 | \newinst[6]{r}{Router$(R)$} 10 | \newinst[6]{p}{ProxyServer$(P)$} 11 | \newinst[6]{s}{Server$(S)$} 12 | 13 | \mess{c}{${syn}_{(ipaddr_C:port_C - ipaddr_S:port_S)}$}{r} 14 | \mess{r}{${{syn}^{encode(),dnat,snat}}_{(ipaddr_R:port_R - ipaddr_P:port_P)}$}{p} 15 | \mess{p}{${{syn}^{decode(),dnat,snat}}_{(ipaddr_P:port_P - ipaddr_S:port_S)}$}{s} 16 | \mess{s}{${syn,ack}_{(ipaddr_S:port_S - ipaddr_P:port_P)}$}{p} 17 | \mess{p}{${{syn,ack}^{dnat,snat}}_{(ipaddr_P:port_P - ipaddr_R:port_R)}$}{r} 18 | \mess{r}{${{syn,ack}^{dnat,snat}}_{(ipaddr_S:port_S - ipaddr_C:port_C)}$}{c} 19 | \mess{c}{...}{s} 20 | \mess{s}{...}{c} 21 | \end{sequencediagram} 22 | 23 | \end{document} 24 | -------------------------------------------------------------------------------- /Makefile.dkms: -------------------------------------------------------------------------------- 1 | modname := natcap 2 | DKMS := dkms 3 | modver := $(shell awk -F'"' '/define *NATCAP_VERSION/{print $$2}' < natcap.h) 4 | 5 | # directory in which generated files are stored 6 | DKMS_DEST := /usr/src/$(modname)-$(modver) 7 | 8 | all: install 9 | 10 | src_install: 11 | mkdir -p '$(DKMS_DEST)' 12 | cp \ 13 | natcap_main.c \ 14 | natcap.h \ 15 | natcap_common.c \ 16 | natcap_common.h \ 17 | natcap_client.c \ 18 | natcap_client.h \ 19 | natcap_server.c \ 20 | natcap_server.h \ 21 | natcap_knock.c \ 22 | natcap_knock.h \ 23 | natcap_peer.c \ 24 | natcap_peer.h \ 25 | '$(DKMS_DEST)' 26 | cp Makefile '$(DKMS_DEST)/Makefile' 27 | sed 's/#MODULE_VERSION#/$(modver)/' dkms.conf > '$(DKMS_DEST)/dkms.conf' 28 | 29 | build: src_install 30 | $(DKMS) add -m natcap -v $(modver) 2>/dev/null || true 31 | $(DKMS) build -m natcap -v $(modver) 32 | 33 | install: build 34 | $(DKMS) install -m natcap -v $(modver) 35 | 36 | uninstall: 37 | $(DKMS) remove -m natcap -v $(modver) --all 38 | 39 | .PHONY: all src_install build install uninstall 40 | -------------------------------------------------------------------------------- /docs/natcap_tcp_type2.tex: -------------------------------------------------------------------------------- 1 | \documentclass{standalone} 2 | \usepackage{ctex} 3 | \usepackage{bytefield} 4 | 5 | \begin{document} 6 | \begin{bytefield}[bitwidth=1.1em]{32} 7 | \\ 8 | \\ 9 | \bitheader{0-31} \\ 10 | \begin{rightwordgroup}{TCP \\ Header} 11 | \bitbox{16}{source port} & \bitbox{16}{destination port} \\ 12 | \bitbox{32}{sequence number} \\ 13 | \bitbox{32}{acknowledgment number} \\ 14 | \bitbox{4}{offset} & \bitbox{4}{reserverd} & \bitbox{8}{tcp flags} & \bitbox{16}{window} \\ 15 | \bitbox{16}{checksum} & \bitbox{16}{urgent pointer} 16 | \end{rightwordgroup} \\ 17 | \begin{rightwordgroup}{TCP \\ Options} 18 | \begin{leftwordgroup}{Natcap \\ Option} 19 | \bitbox{8}{code=0x99} & \bitbox{8}{length=10} & \bitbox{8}{type=2(dst)} & \bitbox{8}{encryption bits} \\ 20 | \bitbox{32}{destination address} \\ 21 | \bitbox{16}{destination port} & \bitbox{16}{...} 22 | \end{leftwordgroup} \\ 23 | \bitbox{32}{{ ... }other tcp options{ ... }} 24 | \end{rightwordgroup} \\ 25 | \\ 26 | \end{bytefield} 27 | \end{document} 28 | -------------------------------------------------------------------------------- /docs/multi_conn.tex: -------------------------------------------------------------------------------- 1 | \documentclass{standalone} 2 | \usepackage{ctex} 3 | %\usepackage{geometry} 4 | %\geometry{left=1.0cm,right=1.0cm} 5 | \usepackage{pgf} 6 | \usepackage{tikz} 7 | \usetikzlibrary{arrows, decorations.pathmorphing, backgrounds, positioning, fit, petri, automata} 8 | \definecolor{yellow1}{rgb}{1,0.8,0.2} 9 | 10 | \begin{document} 11 | \begin{tikzpicture}[->,>=stealth',shorten >=1pt,auto,node distance=2.8cm,semithick] 12 | \tikzstyle{every state}=[fill=yellow1,draw=none,text=black] 13 | 14 | \node[state] (C) at (-6, 0) {客户端}; 15 | \node[state] (R) at (-1, 0) {科学路由器}; 16 | \node[state] (S) at (9, 3) {目标网站}; 17 | \node[state] (P) at (7, -2) {代理服务器}; 18 | 19 | \path (C) edge node {访问Google} (R); 20 | \draw[->] (R) to[out=40,in=135] node {发起连接(被阻断)} (S); 21 | \draw[->] (S) to[out=155,in=25] node {响应(被阻断)} (R); 22 | \draw[->] (R) to[out=-5,in=155] node {发起加密连接} (P); 23 | \draw[->] (P) to[out=175,in=-20] node {应答} (R); 24 | \draw[->] (P) to[out=-5,in=-90] node {发起连接} (S); 25 | \draw[->] (S) to[out=-70,in=-20] node {响应} (P); 26 | \end{tikzpicture} 27 | \end{document} 28 | -------------------------------------------------------------------------------- /accelerated-domains.china.raw.gen.sh: -------------------------------------------------------------------------------- 1 | modprobe ip_set 2 | modprobe nf_nat 3 | modprobe nf_conntrack 4 | insmod ./natcap.ko 5 | wget -4 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf -O accelerated-domains.china.conf && \ 6 | cat accelerated-domains.china.conf | cut -d\/ -f2 >accelerated-domains.china.raw.txt && { 7 | cp accelerated-domains.china.raw.txt accelerated-domains.china.raw.txt.tmp && \ 8 | cat accelerated-domains.china.raw.txt.tmp \ 9 | | grep -v alibaba \ 10 | | grep -v rustdesk.com \ 11 | | grep -v linkedin.com \ 12 | | grep -v bing.com \ 13 | | grep -v microsoft.com \ 14 | | grep -v "^cn$" \ 15 | > accelerated-domains.china.raw.txt 16 | rm -f accelerated-domains.china.raw.txt.tmp 17 | echo cn_domain_clean >/dev/natcap_ctl 18 | echo cn_domain_path=$(pwd)/accelerated-domains.china.raw.txt >/dev/natcap_ctl 19 | echo cn_domain_dump=$(pwd)/accelerated-domains.china.raw.build >/dev/natcap_ctl 20 | rm -f accelerated-domains.china.raw.build.gz 21 | gzip -n accelerated-domains.china.raw.build 22 | chmod 666 accelerated-domains.china.raw.build.gz accelerated-domains.china.raw.txt 23 | } 24 | -------------------------------------------------------------------------------- /docs/natcap_tcp_type3.tex: -------------------------------------------------------------------------------- 1 | \documentclass{standalone} 2 | \usepackage{ctex} 3 | \usepackage{bytefield} 4 | 5 | \begin{document} 6 | \begin{bytefield}[bitwidth=1.1em]{32} 7 | \\ 8 | \\ 9 | \bitheader{0-31} \\ 10 | \begin{rightwordgroup}{TCP \\ Header} 11 | \bitbox{16}{source port} & \bitbox{16}{destination port} \\ 12 | \bitbox{32}{sequence number} \\ 13 | \bitbox{32}{acknowledgment number} \\ 14 | \bitbox{4}{offset} & \bitbox{4}{reserverd} & \bitbox{8}{tcp flags} & \bitbox{16}{window} \\ 15 | \bitbox{16}{checksum} & \bitbox{16}{urgent pointer} 16 | \end{rightwordgroup} \\ 17 | \begin{rightwordgroup}{TCP \\ Options} 18 | \begin{leftwordgroup}{Natcap \\ Option} 19 | \bitbox{8}{code=0x99} & \bitbox{8}{length=14} & \bitbox{8}{type=3(user)} & \bitbox{8}{encryption bits} \\ 20 | \bitbox{32}{ user hash} \\ 21 | \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{8}{mac byte} \\ 22 | \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{16}{...} 23 | \end{leftwordgroup} \\ 24 | \bitbox{32}{{ ... }other tcp options{ ... }} 25 | \end{rightwordgroup} \\ 26 | \\ 27 | \end{bytefield} 28 | \end{document} 29 | -------------------------------------------------------------------------------- /docs/natcap_tcp_type1.tex: -------------------------------------------------------------------------------- 1 | \documentclass{standalone} 2 | \usepackage{ctex} 3 | \usepackage{bytefield} 4 | 5 | \begin{document} 6 | \begin{bytefield}[bitwidth=1.1em]{32} 7 | \\ 8 | \\ 9 | \bitheader{0-31} \\ 10 | \begin{rightwordgroup}{TCP \\ Header} 11 | \bitbox{16}{source port} & \bitbox{16}{destination port} \\ 12 | \bitbox{32}{sequence number} \\ 13 | \bitbox{32}{acknowledgment number} \\ 14 | \bitbox{4}{offset} & \bitbox{4}{reserverd} & \bitbox{8}{tcp flags} & \bitbox{16}{window} \\ 15 | \bitbox{16}{checksum} & \bitbox{16}{urgent pointer} 16 | \end{rightwordgroup} \\ 17 | \begin{rightwordgroup}{TCP \\ Options} 18 | \begin{leftwordgroup}{Natcap \\ Option} 19 | \bitbox{8}{code=0x99} & \bitbox{8}{length=20} & \bitbox{8}{type=1(all)} & \bitbox{8}{encryption bits} \\ 20 | \bitbox{32}{ user hash} \\ 21 | \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{8}{mac byte} \\ 22 | \bitbox{8}{mac byte} & \bitbox{8}{mac byte} & \bitbox{16}{destination port} \\ 23 | \bitbox{32}{destination address} 24 | \end{leftwordgroup} \\ 25 | \bitbox{32}{{ ... }other tcp options{ ... }} 26 | \end{rightwordgroup} \\ 27 | \\ 28 | \end{bytefield} 29 | \end{document} 30 | -------------------------------------------------------------------------------- /natcap_server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Sun, 05 Jun 2016 16:24:37 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_SERVER_H_ 22 | #define _NATCAP_SERVER_H_ 23 | 24 | extern unsigned int server_flow_stop; 25 | extern unsigned int user_mark_natcap_mask; 26 | 27 | extern int dns_server_node_add(__be32 ip); 28 | extern void dns_server_node_clean(void); 29 | 30 | int natcap_server_init(void); 31 | 32 | void natcap_server_exit(void); 33 | 34 | extern char *auth_http_redirect_url; 35 | 36 | #endif /* _NATCAP_SERVER_H_ */ 37 | -------------------------------------------------------------------------------- /natcap_knock.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Sun, 05 Jun 2016 16:24:31 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_KNOCK_H_ 22 | #define _NATCAP_KNOCK_H_ 23 | 24 | #include 25 | #include 26 | #include "natcap.h" 27 | 28 | extern unsigned short knock_port; 29 | extern unsigned int knock_flood; 30 | extern unsigned short knock_encryption; 31 | extern unsigned char knock_tcp_encode; 32 | extern unsigned char knock_udp_encode; 33 | 34 | extern void natcap_knock_info_select(__be32 ip, __be16 port, struct tuple *dst); 35 | 36 | int natcap_knock_init(void); 37 | void natcap_knock_exit(void); 38 | 39 | #endif /* _NATCAP_KNOCK_H_ */ 40 | -------------------------------------------------------------------------------- /natcap_dns_node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo dns_server_node_clean 4 | cat $0 | grep -o '\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\).*\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)' | \ 5 | while read ip ip2; do 6 | nslookup -timeout=1 www.google.com $ip 2>&1 >/dev/null && echo dns_server_node_add=$ip 7 | done 8 | cat $0 | grep -o '\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\).*\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)' | \ 9 | while read ip1 ip; do 10 | nslookup -timeout=1 www.google.com $ip 2>&1 >/dev/null && echo dns_server_node_add=$ip 11 | done 12 | 13 | exit 0 14 | 15 | 1.1.1.1 1.0.0.1 16 | Level3 209.244.0.3 209.244.0.4 17 | Verisign 64.6.64.6 64.6.65.6 18 | Google 8.8.8.8 8.8.4.4 19 | Quad9 9.9.9.9 149.112.112.112 20 | DNS.WATCH 84.200.69.80 84.200.70.40 21 | Comodo Secure DNS 8.26.56.26 8.20.247.20 22 | OpenDNS Home 208.67.222.222 208.67.220.220 23 | Norton ConnectSafe 199.85.126.10 199.85.127.10 24 | GreenTeamDNS 81.218.119.11 209.88.198.133 25 | SafeDNS 195.46.39.39 195.46.39.40 26 | OpenNIC 69.195.152.204 23.94.60.240 27 | SmartViper 208.76.50.50 208.76.51.51 28 | Dyn 216.146.35.35 216.146.36.36 29 | FreeDNS 37.235.1.174 37.235.1.177 30 | Alternate DNS 198.101.242.72 23.253.163.53 31 | Yandex.DNS 77.88.8.8 77.88.8.1 32 | UncensoredDNS 91.239.100.100 89.233.43.71 33 | Hurricane Electric + puntCAT 74.82.42.42 109.69.8.51 34 | Neustar 156.154.70.1 156.154.71.1 35 | -------------------------------------------------------------------------------- /gfwlist1.tocn.ip.txt: -------------------------------------------------------------------------------- 1 | 101.227.139.217 2 | 101.227.169.200 3 | 103.65.41.125 4 | 103.65.41.126 5 | 103.7.30.89 6 | 103.7.31.186 7 | 111.13.127.46 8 | 111.206.208.163 9 | 111.206.208.164 10 | 111.206.208.166 11 | 111.206.208.36 12 | 111.206.208.37 13 | 111.206.208.38 14 | 111.206.208.61 15 | 111.206.208.62 16 | 111.206.211.129 17 | 111.206.211.130 18 | 111.206.211.131 19 | 111.206.211.145 20 | 111.206.211.146 21 | 111.206.211.147 22 | 111.206.211.148 23 | 115.182.200.50 24 | 115.182.200.51 25 | 115.182.200.52 26 | 115.182.200.53 27 | 115.182.200.54 28 | 115.182.63.51 29 | 115.182.63.93 30 | 117.185.116.152 31 | 118.244.244.124 32 | 122.72.82.31 33 | 123.125.89.101 34 | 123.125.89.102 35 | 123.125.89.103 36 | 123.125.89.157 37 | 123.125.89.159 38 | 123.125.89.6 39 | 123.126.32.134 40 | 123.126.99.39 41 | 123.126.99.57 42 | 123.59.122.104 43 | 123.59.122.75 44 | 123.59.122.76 45 | 123.59.122.77 46 | 140.207.69.99 47 | 14.152.77.22 48 | 14.152.77.25 49 | 14.152.77.26 50 | 14.152.77.32 51 | 14.18.245.250 52 | 163.177.90.61 53 | 180.153.225.136 54 | 182.16.230.98 55 | 182.254.11.174 56 | 182.254.116.117 57 | 182.254.34.151 58 | 182.254.4.234 59 | 183.192.192.139 60 | 183.232.119.198 61 | 183.232.126.23 62 | 183.232.229.21 63 | 183.232.229.22 64 | 183.232.229.25 65 | 183.232.229.32 66 | 203.205.151.23 67 | 210.129.145.150 68 | 211.151.157.15 69 | 211.151.158.155 70 | 211.151.50.10 71 | 220.181.153.113 72 | 220.181.154.137 73 | 220.181.185.150 74 | 220.249.243.70 75 | 223.167.82.139 76 | 36.110.222.105 77 | 36.110.222.119 78 | 36.110.222.146 79 | 36.110.222.156 80 | 59.37.96.220 81 | 61.135.196.99 82 | -------------------------------------------------------------------------------- /client.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 1 > /proc/sys/net/ipv4/ip_forward 4 | 5 | iptables -F 6 | iptables -F -t nat 7 | iptables -P INPUT ACCEPT 8 | iptables -P FORWARD DROP 9 | 10 | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 11 | iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 12 | 13 | iptables -A FORWARD -m mark --mark 0x99 -j ACCEPT 14 | iptables -t nat -A POSTROUTING -m mark --mark 0x99 -j MASQUERADE 15 | 16 | # forward for subnet as router 17 | iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT 18 | iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE 19 | 20 | ipset destroy cniplist 21 | ipset destroy gfwlist0 22 | 23 | echo 'create cniplist hash:net family inet hashsize 4096 maxelem 65536' >/tmp/cniplist.set 24 | cat cniplist.set | sed 's/^/add cniplist /' >>/tmp/cniplist.set 25 | ipset restore -f /tmp/cniplist.set 26 | rm -f /tmp/cniplist.set 27 | 28 | ipset create gfwlist0 iphash 29 | 30 | # load && run 31 | # server is 1.2.3.4 for example 32 | # server line format: server ip.ip.ip.ip:port-X-[TU]-[UT] 33 | # TU/UT ==>T,U 34 | # T=encode as TCP U=encode as UDP 35 | # X ==> e,o 36 | # e=encryption o=non-encryption 37 | # port ==> 65535,1-65535,0 38 | # 65535=Random port, 1-65534=Specific port, 0=Original port 39 | # .example line: server 0 1.2.3.4:65535-e-T-U 40 | # .example line: server 0 1.2.3.4:65535-e-U-T 41 | # .example line: server 0 1.2.3.4:22-e-T-T 42 | # .example line: server 0 1.2.3.4:0-e-U-T 43 | # sproxy=1 MUST make sure server running natcapd-server app 44 | rmmod natcap >/dev/null 2>&1 45 | ( modprobe natcap mode=0 2>/dev/null || insmod ./natcap.ko mode=0 ) && { 46 | cat <>/dev/natcap_ctl 47 | clean 48 | debug=3 49 | disabled=0 50 | server_persist_timeout=86400 51 | sproxy=1 52 | server 0 1.2.3.4:65535-e-T-U 53 | EOF 54 | } 55 | -------------------------------------------------------------------------------- /server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 1 > /proc/sys/net/ipv4/ip_forward 4 | 5 | iptables -F 6 | iptables -F -t nat 7 | iptables -P INPUT ACCEPT 8 | iptables -P FORWARD DROP 9 | 10 | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 11 | iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 12 | 13 | iptables -A FORWARD -m mark --mark 0x99 -j ACCEPT 14 | iptables -t nat -A POSTROUTING -m mark --mark 0x99 -j MASQUERADE 15 | 16 | # load && run 17 | modprobe ip_set 18 | rmmod natcap >/dev/null 2>&1 19 | ( modprobe natcap mode=1 auth_enabled=0 >/dev/null || insmod ./natcap.ko mode=1 auth_enabled=0 ) && { 20 | cat <>/dev/natcap_ctl 21 | debug=3 22 | disabled=0 23 | EOF 24 | 25 | # reload natcapd-server 26 | killall natcapd-server 2>/dev/null 27 | sh ./natcapd/natcapd.server.load.sh & 28 | 29 | } 30 | 31 | sysctl_setup() 32 | { 33 | cat | while read line; do 34 | sysctl -w $line 35 | done 36 | } 37 | 38 | # basic system config setup, enable bbr 39 | sysctl_setup << EOF 40 | kernel.panic=3 41 | net.ipv4.conf.default.arp_ignore=1 42 | net.ipv4.conf.all.arp_ignore=1 43 | net.ipv4.ip_forward=1 44 | net.ipv4.icmp_echo_ignore_broadcasts=1 45 | net.ipv4.icmp_ignore_bogus_error_responses=1 46 | net.ipv4.igmp_max_memberships=100 47 | net.ipv4.tcp_max_syn_backlog=512 48 | net.ipv4.tcp_fin_timeout=15 49 | net.ipv4.tcp_keepalive_time=120 50 | net.ipv4.tcp_syncookies=1 51 | net.ipv4.tcp_timestamps=1 52 | net.ipv4.tcp_sack=1 53 | net.ipv4.tcp_dsack=1 54 | net.ipv4.tcp_tw_reuse=1 55 | net.ipv4.tcp_congestion_control=bbr 56 | net.netfilter.nf_conntrack_acct=1 57 | net.netfilter.nf_conntrack_checksum=0 58 | net.netfilter.nf_conntrack_max=655360 59 | net.netfilter.nf_conntrack_tcp_timeout_established=7440 60 | net.netfilter.nf_conntrack_udp_timeout=60 61 | net.netfilter.nf_conntrack_udp_timeout_stream=180 62 | net.core.somaxconn=2048 63 | net.core.default_qdisc=fq 64 | EOF 65 | -------------------------------------------------------------------------------- /natcapd/natcapd.h: -------------------------------------------------------------------------------- 1 | #ifndef _NATCAPD_H 2 | #define _NATCAPD_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include "natcap.h" 8 | 9 | typedef struct { 10 | int idx; 11 | int len; 12 | #define BUF_SIZE 2048 13 | unsigned char data[BUF_SIZE]; 14 | } buffer_t; 15 | 16 | typedef struct listen_ctx { 17 | ev_io io; 18 | int fd; 19 | int timeout; 20 | struct ev_loop *loop; 21 | } listen_ctx_t; 22 | 23 | typedef struct server_ctx { 24 | ev_io io; 25 | ev_timer watcher; 26 | int connected; 27 | struct server *server; 28 | } server_ctx_t; 29 | 30 | typedef struct server { 31 | int fd; 32 | int stage; 33 | 34 | buffer_t *buf; 35 | 36 | struct server_ctx *recv_ctx; 37 | struct server_ctx *send_ctx; 38 | struct listen_ctx *listen_ctx; 39 | struct remote *remote; 40 | } server_t; 41 | 42 | typedef struct remote_ctx { 43 | ev_io io; 44 | int connected; 45 | struct remote *remote; 46 | } remote_ctx_t; 47 | 48 | typedef struct remote { 49 | int fd; 50 | 51 | buffer_t *buf; 52 | 53 | struct remote_ctx *recv_ctx; 54 | struct remote_ctx *send_ctx; 55 | struct server *server; 56 | } remote_t; 57 | 58 | #define STAGE_ERROR -1 /* Error detected */ 59 | #define STAGE_INIT 0 /* Initial stage */ 60 | #define STAGE_HANDSHAKE 1 /* Handshake with client */ 61 | #define STAGE_PARSE 2 /* Parse the header */ 62 | #define STAGE_RESOLVE 4 /* Resolve the hostname */ 63 | #define STAGE_WAIT 5 /* Wait for more data */ 64 | #define STAGE_STREAM 6 /* Stream between client and server */ 65 | 66 | #define container_of(ptr, type, member) ({ \ 67 | const typeof( ((type *)0)->member ) *__mptr = (ptr); \ 68 | (type *)( (char *)__mptr - offsetof(type,member) );}) 69 | 70 | #define min(a, b) (((a) < (b)) ? (a) : (b)) 71 | #define max(a, b) (((a) > (b)) ? (a) : (b)) 72 | 73 | #define MAX_REQUEST_TIMEOUT 30 74 | #define MAX_REMOTE_NUM 10 75 | 76 | void 77 | FATAL(const char *msg) 78 | { 79 | fprintf(stderr, "%s", msg); 80 | exit(-1); 81 | } 82 | 83 | #endif // _NATCAPD_H 84 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # natcap 2 | A code very difficult to read, an implementation of transparent proxy protocol to break through the firewall. 3 | 4 | TCP flow establishing connection 5 | -------------------------------- 6 | 7 | ![Image of TCP flow establishing connection](https://raw.githubusercontent.com/ptpt52/natcap/master/natcap_seq.png) 8 | 9 | 10 | How router works 11 | ---------------- 12 | 13 | https://github.com/ptpt52/natcap/blob/master/docs/multi_conn.pdf 14 | 15 | TCP encode headers 16 | ------------------ 17 | 18 | https://github.com/ptpt52/natcap/blob/master/docs/natcap_tcp_type1.pdf 19 | https://github.com/ptpt52/natcap/blob/master/docs/natcap_tcp_type2.pdf 20 | https://github.com/ptpt52/natcap/blob/master/docs/natcap_tcp_type3.pdf 21 | 22 | Install on Ubuntu 23 | ------------------------------ 24 | 25 | Install essential packages 26 | ```sh 27 | sudo apt-get install build-essential ipset libev-dev 28 | sudo apt-get build-dep linux-image-`uname -r` 29 | sudo apt-get install lua5.1 lua-cjson lua-bitop ipcalc 30 | ``` 31 | 32 | Get the source code 33 | ```sh 34 | git clone https://github.com/ptpt52/natcap.git 35 | ``` 36 | 37 | Build and run as client 38 | ```sh 39 | cd natcap 40 | make && make -C natcapd 41 | #edit client.sh change server line 42 | sudo ./client.sh 43 | ``` 44 | 45 | Build and run as server 46 | ```sh 47 | cd natcap 48 | make && make -C natcapd 49 | sudo ./server.sh 50 | ``` 51 | 52 | ## License 53 | 54 | ``` 55 | Copyright: 2012, Chen Minqiang 56 | 57 | This program is free software: you can redistribute it and/or modify 58 | it under the terms of the GNU General Public License as published by 59 | the Free Software Foundation, either version 3 of the License, or 60 | (at your option) any later version. 61 | 62 | This program is distributed in the hope that it will be useful, 63 | but WITHOUT ANY WARRANTY; without even the implied warranty of 64 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 65 | GNU General Public License for more details. 66 | 67 | You should have received a copy of the GNU General Public License 68 | along with this program. If not, see . 69 | ``` 70 | 71 | ## Donate 72 | Buy me a beer! 73 | 74 | [](https://paypal.me/ptpt52) 75 | 76 | BITCOIN ADDR: `3CJ5VwxL8ageKpA3jJ561rvhkFW4FmZiqc` 77 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE! Don't add files that are generated in specific 3 | # subdirectories here. Add them in the ".gitignore" file 4 | # in that subdirectory instead. 5 | # 6 | # NOTE! Please use 'git ls-files -i --exclude-standard' 7 | # command after changing this file, to see if there are 8 | # any tracked files which get ignored after the change. 9 | # 10 | # Normal rules (sorted alphabetically) 11 | # 12 | .* 13 | *.a 14 | *.asn1.[ch] 15 | *.bin 16 | *.bz2 17 | *.c.[012]*.* 18 | *.dt.yaml 19 | *.dtb 20 | *.dtb.S 21 | *.dwo 22 | *.elf 23 | *.gcno 24 | *.gz 25 | *.i 26 | *.ko 27 | *.lex.c 28 | *.ll 29 | *.lst 30 | *.lz4 31 | *.lzma 32 | *.lzo 33 | *.mod 34 | *.mod.c 35 | *.o 36 | *.o.* 37 | *.patch 38 | *.s 39 | *.so 40 | *.so.dbg 41 | *.su 42 | *.symtypes 43 | *.tab.[ch] 44 | *.tar 45 | *.xz 46 | Module.symvers 47 | modules.builtin 48 | modules.order 49 | 50 | # 51 | # Top-level generic files 52 | # 53 | /tags 54 | /TAGS 55 | /linux 56 | /vmlinux 57 | /vmlinux.32 58 | /vmlinux-gdb.py 59 | /vmlinuz 60 | /System.map 61 | /Module.markers 62 | /modules.builtin.modinfo 63 | /modules.nsdeps 64 | 65 | # 66 | # RPM spec file (make rpm-pkg) 67 | # 68 | /*.spec 69 | 70 | # 71 | # Debian directory (make deb-pkg) 72 | # 73 | /debian/ 74 | 75 | # 76 | # Snap directory (make snap-pkg) 77 | # 78 | /snap/ 79 | 80 | # 81 | # tar directory (make tar*-pkg) 82 | # 83 | /tar-install/ 84 | 85 | # 86 | # We don't want to ignore the following even if they are dot-files 87 | # 88 | !.clang-format 89 | !.cocciconfig 90 | !.get_maintainer.ignore 91 | !.gitattributes 92 | !.gitignore 93 | !.mailmap 94 | 95 | # 96 | # Generated include files 97 | # 98 | /include/config/ 99 | /include/generated/ 100 | /include/ksym/ 101 | /arch/*/include/generated/ 102 | 103 | # stgit generated dirs 104 | patches-* 105 | 106 | # quilt's files 107 | patches 108 | series 109 | 110 | # cscope files 111 | cscope.* 112 | ncscope.* 113 | 114 | # gnu global files 115 | GPATH 116 | GRTAGS 117 | GSYMS 118 | GTAGS 119 | 120 | # id-utils files 121 | ID 122 | 123 | *.orig 124 | *~ 125 | \#*# 126 | 127 | # 128 | # Leavings from module signing 129 | # 130 | extra_certificates 131 | signing_key.pem 132 | signing_key.priv 133 | signing_key.x509 134 | x509.genkey 135 | 136 | # Kconfig presets 137 | /all.config 138 | /alldef.config 139 | /allmod.config 140 | /allno.config 141 | /allrandom.config 142 | /allyes.config 143 | 144 | # Kdevelop4 145 | *.kdev4 146 | 147 | # Clang's compilation database file 148 | /compile_commands.json 149 | natcapd/natcapd-client 150 | natcapd/natcapd-server 151 | -------------------------------------------------------------------------------- /peer_ctl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #ping6 3f99:aabb:ccdd:eeff:: -t1 -s1 -c1 -W1 4 | send_msg() 5 | { 6 | local input="$1" 7 | input=$(printf "%s" "$input" | sed 's/[^[:xdigit:]]//g' | sed 's/../& /g' | sed 's/ $//') 8 | echo "$input" | sed 's/:/ /g;s/-/ /g;' | tr A-F a-f | while read m0 m1 m2 m3 m4 m5; do 9 | test -n "$m0" && \ 10 | test -n "$m1" && \ 11 | test -n "$m2" && \ 12 | test -n "$m3" && \ 13 | test -n "$m4" && \ 14 | test -n "$m5" && { 15 | ping6 3f99:$m0$m1:$m2$m3:$m4$m5:: -t1 -s1 -c1 -W1 16 | } 17 | done 18 | } 19 | 20 | send_conn() 21 | { 22 | local input="$1" 23 | local addr=${2-255.255.255.255:22} 24 | input=$(printf "%s" "$input" | sed 's/[^[:xdigit:]]//g' | sed 's/../& /g' | sed 's/ $//') 25 | test -c /dev/natcap_peer_ctl || return 26 | echo "$input" | sed 's/:/ /g;s/-/ /g;' | tr A-F a-f | while read m0 m1 m2 m3 m4 m5; do 27 | test -n "$m0" && \ 28 | test -n "$m1" && \ 29 | test -n "$m2" && \ 30 | test -n "$m3" && \ 31 | test -n "$m4" && \ 32 | test -n "$m5" && { 33 | echo "echo KN=$addr MAC=$m0:$m1:$m2:$m3:$m4:$m5 LP=997 >/dev/natcap_peer_ctl" 34 | echo KN=$addr MAC=$m0:$m1:$m2:$m3:$m4:$m5 LP=997 >/dev/natcap_peer_ctl 35 | } 36 | done 37 | } 38 | 39 | send_ps() 40 | { 41 | local input="$1" 42 | input=$(printf "%s" "$input" | sed 's/[^[:xdigit:]]//g' | sed 's/../& /g' | sed 's/ $//') 43 | test -c /dev/natcap_peer_ctl || return 44 | echo "$input" | sed 's/:/ /g;s/-/ /g;' | tr A-F a-f | while read m0 m1 m2 m3 m4 m5; do 45 | test -n "$m0" && \ 46 | test -n "$m1" && \ 47 | test -n "$m2" && \ 48 | test -n "$m3" && \ 49 | test -n "$m4" && \ 50 | test -n "$m5" && { 51 | cat /dev/natcap_peer_ctl | grep $m0:$m1:$m2:$m3:$m4:$m5 52 | } 53 | done 54 | } 55 | 56 | list_cli() 57 | { 58 | (cat /proc/net/nf_conntrack 2>/dev/null || conntrack -L 2>/dev/null) | grep -o "udp.*src=.*dst=127.255.255.254 sport=.* dport=65535 .*src=127.255.255.254 dst=.* sport=65535 dport=.*" | while read _ _ timeout src _ sport _ _ _ _ _ _ _ _ _ _ mark _ _; do 59 | things=`echo $timeout $src $sport | grep -o "[0-9]*"` 60 | things=`echo $things` 61 | _src=`printf "src=%u.%u.%u.%u" $(((mark&0xff000000)>>24)) $(((mark&0x00ff0000)>>16)) $(((mark&0x0000ff00)>>8)) $(((mark&0x000000ff)>>0))` 62 | echo "$things" | while read T ip1 ip2 ip3 ip4 port; do 63 | printf "mac=%02x:%02x:%02x:%02x:%02x:%02x %-19s T=%d\n" $ip1 $ip2 $ip3 $ip4 $((port/256)) $((port&255)) $_src $T 64 | done 65 | done 66 | } 67 | 68 | case $1 in 69 | msg) 70 | send_msg $2 71 | ;; 72 | conn) 73 | send_conn $2 $3 74 | ;; 75 | ps) 76 | send_ps $2 77 | ;; 78 | list|list_cli) 79 | list_cli 80 | ;; 81 | *) 82 | echo "peer_ctl msg " 83 | echo "peer_ctl conn " 84 | echo "peer_ctl ps " 85 | echo "peer_ctl list_cli" 86 | ;; 87 | esac 88 | -------------------------------------------------------------------------------- /kernel_patch_sample.natcap-patch-kernel-for-cone-nat-support.patch: -------------------------------------------------------------------------------- 1 | From aeb7ac1f2fbad88de1e101be69da61e86eb9ef1d Mon Sep 17 00:00:00 2001 2 | From: Chen Minqiang 3 | Date: Sat, 17 Jul 2021 18:01:02 +0800 4 | Subject: [PATCH] natcap: patch kernel for cone nat support 5 | 6 | Signed-off-by: Chen Minqiang 7 | --- 8 | include/net/netfilter/nf_nat.h | 3 +++ 9 | net/netfilter/nf_nat_core.c | 28 +++++++++++++++++++++++++++- 10 | 2 files changed, 30 insertions(+), 1 deletion(-) 11 | 12 | diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h 13 | index 0d412dd63707..d3dd99d59716 100644 14 | --- a/include/net/netfilter/nf_nat.h 15 | +++ b/include/net/netfilter/nf_nat.h 16 | @@ -114,4 +114,7 @@ static inline int nf_nat_initialized(struct nf_conn *ct, 17 | else 18 | return ct->status & IPS_DST_NAT_DONE; 19 | } 20 | + 21 | +#define CONE_NAT_CHECK_USED_HOOK cone_nat_tuple_used 22 | +extern int (*cone_nat_check_used)(__be32 iip, __be16 iport, __be32 eip, __be16 eport); 23 | #endif 24 | diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c 25 | index b7c3c902290f..d71b27cbe147 100644 26 | --- a/net/netfilter/nf_nat_core.c 27 | +++ b/net/netfilter/nf_nat_core.c 28 | @@ -217,6 +217,32 @@ nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 29 | return nf_conntrack_tuple_taken(&reply, ignored_conntrack); 30 | } 31 | 32 | +int (*cone_nat_check_used)(__be32 iip, __be16 iport, __be32 eip, __be16 eport) = NULL; 33 | +EXPORT_SYMBOL_GPL(cone_nat_check_used); 34 | + 35 | +static int 36 | +cone_nat_tuple_ok(const struct nf_conntrack_tuple *tuple, 37 | + enum nf_nat_manip_type maniptype, 38 | + const struct nf_conn *ct) 39 | +{ 40 | + int (*cone_call)(__be32 iip, __be16 iport, __be32 eip, __be16 eport) = cone_nat_check_used; 41 | + if (maniptype != NF_NAT_MANIP_SRC) 42 | + return 1; 43 | + if (tuple->dst.protonum != IPPROTO_UDP) 44 | + return 1; 45 | + if (tuple->src.l3num != NFPROTO_IPV4) 46 | + return 1; 47 | + 48 | + if (!cone_call || 49 | + !cone_call(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip, 50 | + ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all, 51 | + tuple->src.u3.ip, tuple->src.u.all)) { 52 | + return 1; 53 | + } 54 | + 55 | + return 0; 56 | +} 57 | + 58 | static bool nf_nat_inet_in_range(const struct nf_conntrack_tuple *t, 59 | const struct nf_nat_range2 *range) 60 | { 61 | @@ -503,7 +529,7 @@ static void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple, 62 | another_round: 63 | for (i = 0; i < attempts; i++, off++) { 64 | *keyptr = htons(min + off % range_size); 65 | - if (!nf_nat_used_tuple(tuple, ct)) 66 | + if (cone_nat_tuple_ok(tuple, maniptype, ct) && !nf_nat_used_tuple(tuple, ct)) 67 | return; 68 | } 69 | 70 | -- 71 | 2.17.1 72 | 73 | -------------------------------------------------------------------------------- /gfwlist1.tocn.host.txt: -------------------------------------------------------------------------------- 1 | 3g.music.qq.com 2 | access.tv.sohu.com 3 | acc.music.qq.com 4 | ac.qq.com 5 | acs.youku.com 6 | aidbak.video.qq.com 7 | aid.video.qq.com 8 | antiserver.kuwo.cn 9 | api.3g.tudou.com 10 | api.3g.youku.com 11 | api.aixifan.com 12 | api.appsdk.soku.com 13 | api.bilibili.com 14 | api.itv.letv.com 15 | api.le.com 16 | api.letv.com 17 | api.live.letv.com 18 | api.mob.app.letv.com 19 | api.tv.sohu.com 20 | api.unipay.qq.com 21 | api.www.letv.com 22 | api.youku.com 23 | a.play.api.3g.youku.com 24 | app.bilibili.com 25 | ark.letv.com 26 | bangumi.bilibili.com 27 | cache.m.iqiyi.com 28 | cache.video.iqiyi.com 29 | cache.video.qiyi.com 30 | cache.vip.iqiyi.com 31 | cache.vip.qiyi.com 32 | cctv13.vtime.cntv.cloudcdn.net 33 | cctv1.vtime.cntv.cloudcdn.net 34 | cctv5plus.vtime.cntv.cloudcdn.net 35 | cctv5.vtime.cntv.cloudcdn.net 36 | chrome.2345.com 37 | client.api.ttpod.com 38 | cloud.vip.xunlei.com 39 | c.y.qq.com 40 | data.video.iqiyi.com 41 | data.video.qiyi.com 42 | dispatcher.video.sina.com.cn 43 | dmd-fifa-h5-ikuweb.youku.com 44 | dmd-fifajs-h5-ikuweb.youku.com 45 | douban.fm 46 | dynamic.app.m.letv.com 47 | dynamic.cloud.vip.xunlei.com 48 | dynamic.live.app.m.letv.com 49 | dynamic.meizi.app.m.letv.com 50 | dynamic.search.app.m.letv.com 51 | dyn.ugc.pps.tv 52 | epg.api.pptv.com 53 | example.com 54 | geo.js.kankan.com 55 | hot.vrs.letv.com 56 | hot.vrs.sohu.com 57 | iface2.iqiyi.com 58 | iface.iqiyi.com 59 | info.zb.qq.com 60 | info.zb.video.qq.com 61 | inner.kandian.com 62 | interface.bilibili.com 63 | internal.check.duokanbox.com 64 | ip2.kugou.com 65 | ip.apps.cntv.cn 66 | ipcheck.kuwo.cn 67 | ip.kankan.com 68 | ip.kugou.com 69 | i.play.api.3g.youku.com 70 | i-play.mobile.youku.com 71 | iplocation.geo.iqiyi.com 72 | iplocation.geo.qiyi.com 73 | ipservice.163.com 74 | i.y.qq.com 75 | kandian.com 76 | listso.m.areainfo.ppstream.com 77 | list.youku.com 78 | live.api.hunantv.com 79 | live.g3proxy.lecloud.com 80 | live.gslb.letv.com 81 | live.pptv.com 82 | live.tv.sohu.com 83 | lixian.vip.xunlei.com 84 | lixian.xunlei.com 85 | m10.music.126.net 86 | m.letv.com 87 | mobi.kuwo.cn 88 | mobile.api.hunantv.com 89 | mobilefeedback.kugou.com 90 | mqqplayer.3g.qq.com 91 | music.163.com 92 | music.baidu.com 93 | music.sina.com.cn 94 | my.tv.sohu.com 95 | nmobi.kuwo.cn 96 | openapi.youku.com 97 | pad.tv.sohu.com 98 | paybak.video.qq.com 99 | pay.tudou.com 100 | pay.video.qq.com 101 | pay.youku.com 102 | pcweb.api.mgtv.com 103 | pl-ali.youku.com 104 | play-ali.youku.com 105 | play.api.3g.tudou.com 106 | play.api.3g.youku.com 107 | play.api.pptv.com 108 | play.baidu.com 109 | play-dxk.youku.com 110 | player.aplus.pptv.com 111 | player-pc.le.com 112 | player.pc.le.com 113 | play.youku.com 114 | ppi.api.pptv.com 115 | proxymc.qq.com 116 | proxy.music.qq.com 117 | pstream.api.mgtv.com 118 | qzs.qq.com 119 | search.api.3g.tudou.com 120 | search.api.3g.youku.com 121 | search.lekan.letv.com 122 | serviceinfo.sdk.duomi.com 123 | sns.video.qq.com 124 | so.open.163.com 125 | spark.api.xiami.com 126 | s.plcloud.music.qq.com 127 | sports1pull.live.wscdns.com 128 | ssports.com 129 | ssports.smgbb.cn 130 | static.api.sports.letv.com 131 | static.itv.letv.com 132 | st.live.letv.com 133 | tingapi.ting.baidu.com 134 | tms.is.ysten.com:8080 135 | tools.aplusapi.pptv.com 136 | tv.api.3g.tudou.com 137 | tv.api.3g.youku.com 138 | tv.weibo.com 139 | ups.youku.com 140 | u.y.qq.com 141 | v5.pc.duomi.com 142 | v.api.hunantv.com 143 | v.api.mgtv.com 144 | vd.l.qq.com 145 | vdn.apps.cntv.cn 146 | vdn.live.cntv.cn 147 | v.iask.com 148 | video.sina.com.cn 149 | video.tudou.com 150 | vi.l.qq.com 151 | vip.sports.cntv.cn 152 | v.pps.tv 153 | v.pptv.com 154 | vxml.56.com 155 | v.youku.com 156 | web-play.pplive.cn 157 | web-play.pptv.com 158 | wtv.v.iask.com 159 | www.acfun.cn 160 | www.bilibili.com 161 | www.gnu.org 162 | www.iqiyi.com 163 | www.kugou.com 164 | www.kuwo.cn 165 | www.qie.tv 166 | www.soku.com 167 | www.tudou.com 168 | www.xiami.com 169 | www.yinyuetai.com 170 | www.youku.com 171 | zb.s.qq.com 172 | zhuzhu.org 173 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # build modules 2 | #EXTRA_CFLAGS = -Wall 3 | obj-m += natcap.o 4 | 5 | natcap-y += natcap_main.o natcap_common.o natcap_client.o natcap_server.o natcap_knock.o natcap_peer.o 6 | 7 | EXTRA_CFLAGS += -Wall -Werror 8 | 9 | ifdef NO_DEBUG 10 | EXTRA_CFLAGS += -Wno-unused -Os -DNO_DEBUG 11 | endif 12 | 13 | PWD ?= $(shell pwd) 14 | 15 | ifndef KERNELRELEASE 16 | KERNELRELEASE := $(shell uname -r) 17 | endif 18 | 19 | KERNELDIR ?= /lib/modules/$(KERNELRELEASE)/build 20 | KMAKE := $(MAKE) -C $(KERNELDIR) M=$(PWD) 21 | 22 | all: modules 23 | 24 | modules: 25 | $(KMAKE) modules 26 | 27 | modules_install: 28 | $(KMAKE) modules_install 29 | 30 | install: modules_install 31 | depmod 32 | 33 | modules_clean: 34 | $(KMAKE) clean 35 | 36 | clean: modules_clean 37 | 38 | cniplist.set: cniplist.orig.set local.set sub.set ipops.lua qq.com.set 39 | lua ipgroup_merge.lua cniplist.orig.set local.set >cniplist.set.tmp 40 | cat qq.com.set | sed 's/\(.*\)/\1\/32/' >qq.com.set.overlay 41 | lua ipgroup_merge.lua cniplist.set.tmp qq.com.set.overlay >cniplist.set.tmp.1 42 | lua ipgroup_sub.lua cniplist.set.tmp.1 sub.set >cniplist.set 43 | @rm -f cniplist.set.tmp cniplist.set.tmp.1 qq.com.set.overlay 44 | 45 | C_cniplist.set: cniplist.set local.set sub.set ipops.lua 46 | lua ipgroup_invert.lua cniplist.set >C_cniplist.orig.set.tmp 47 | lua ipgroup_merge.lua C_cniplist.orig.set.tmp local.set >C_cniplist.set.tmp 48 | lua ipgroup_sub.lua C_cniplist.set.tmp sub.set >C_cniplist.set 49 | @rm -f C_cniplist.orig.set.tmp C_cniplist.set.tmp 50 | 51 | ipset: cniplist.set C_cniplist.set cniplist6.set getflix.set hkiplist.orig.set 52 | 53 | ip.merge.txt: 54 | wget -4 https://github.com/lionsoul2014/ip2region/raw/master/data/ip.merge.txt -O ip.merge.txt.tmp 55 | @mv ip.merge.txt.tmp ip.merge.txt 56 | 57 | ipops.lua: 58 | wget -4 https://raw.githubusercontent.com/x-wrt/com.x-wrt/master/lua-ipops/src/ipops.lua -O ipops.lua.tmp 59 | @mv ipops.lua.tmp ipops.lua 60 | 61 | apnic.txt: 62 | wget -4 https://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O apnic.txt.tmp 63 | @mv apnic.txt.tmp apnic.txt 64 | @touch apnic.txt 65 | 66 | china_ip_list.txt: 67 | wget -4 https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt -O china_ip_list.txt 68 | 69 | cniplist.orig.set: cnip2cidr.lua ipops.lua ip.merge.txt apnic.txt china_ip_list.txt geoip.txt.out.cn geoip.txt.out.cn1 70 | lua cnip2cidr.lua >cniplist.orig.set.1 71 | cat apnic.txt | grep CN | grep ipv4 | cut -d\| -f4,5 >cniplist.txt.tmp 72 | lua apnic.lua cniplist.txt.tmp >cniplist.orig.set.2 73 | @rm -f cniplist.txt.tmp 74 | cat cniplist.orig.set.1 cniplist.orig.set.2 china_ip_list.txt | sort -n >cniplist.orig.set.tmp 75 | cat geoip.txt.out.cn | cut -d= -f1 | sort -n >>cniplist.orig.set.tmp 76 | cat geoip.txt.out.cn1 | cut -d= -f1 | sort -n >>cniplist.orig.set.tmp 77 | lua ipgroup_merge.lua cniplist.orig.set.tmp >cniplist.orig.set 78 | lua hkip2cidr.lua >cniplist.orig.set.cn2 79 | lua ipops.lua netStrings_sub_netStrings "$$(echo `cat cniplist.orig.set` | sed 's/ /,/g')" "$$(echo `cat cniplist.orig.set.cn2` | sed 's/ /,/g')" >cniplist.orig.set.tmp 80 | cat cniplist.orig.set.tmp | sed 's/,/\n/g' >cniplist.orig.set 81 | @rm -f cniplist.orig.set.1 cniplist.orig.set.2 cniplist.orig.set.tmp cniplist.orig.set.cn2 82 | 83 | hkiplist.orig.set: apnic.txt ipops.lua 84 | cat apnic.txt | grep HK | grep ipv4 | cut -d\| -f4,5 >hkiplist.txt.tmp 85 | lua apnic.lua hkiplist.txt.tmp >hkiplist.orig.set.tmp 86 | @rm -f hkiplist.txt.tmp 87 | @mv hkiplist.orig.set.tmp hkiplist.orig.set 88 | 89 | cniplist6.orig.set: apnic.txt 90 | cat apnic.txt | grep ipv6 | grep CN | cut -d\| -f4,5 | sed 's,|,/,' >cniplist6.orig.set.tmp 91 | @mv cniplist6.orig.set.tmp cniplist6.orig.set 92 | 93 | cniplist6.set: cniplist6.orig.set local6.set 94 | cat local6.set cniplist6.orig.set >cniplist6.set.tmp 95 | @mv cniplist6.set.tmp cniplist6.set 96 | 97 | getflix.set: 98 | wget https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/getflix.txt -O getflix.set 99 | 100 | dubai.set: 101 | wget https://raw.githubusercontent.com/uku/Unblock-Youku/master/shared/urls.js -O urls.js 102 | sh dubai.set.sh 103 | -------------------------------------------------------------------------------- /natcap_client.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Sun, 05 Jun 2016 16:24:31 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_CLIENT_H_ 22 | #define _NATCAP_CLIENT_H_ 23 | 24 | #include 25 | #include 26 | #include "natcap.h" 27 | 28 | 29 | extern unsigned int server_index_natcap_mask; 30 | 31 | extern unsigned int cnipwhitelist_mode; 32 | 33 | enum { 34 | NATCAP_ACL_NONE, 35 | NATCAP_ACL_ALLOW, 36 | NATCAP_ACL_DENY, 37 | NATCAP_ACL_MAX 38 | }; 39 | 40 | extern unsigned int macfilter; 41 | extern const char *macfilter_acl_str[NATCAP_ACL_MAX]; 42 | 43 | extern unsigned int ipfilter; 44 | extern const char *ipfilter_acl_str[NATCAP_ACL_MAX]; 45 | 46 | extern unsigned int dns_proxy_drop; 47 | extern unsigned int server_persist_lock; 48 | extern unsigned int server_persist_timeout; 49 | extern unsigned int encode_http_only; 50 | extern unsigned int http_confusion; 51 | extern unsigned int sproxy; 52 | 53 | extern unsigned int dns_server; 54 | extern unsigned short dns_port; 55 | 56 | extern struct tuple *dns_proxy_server; 57 | 58 | extern u32 default_protocol; 59 | extern u32 default_u_hash; 60 | extern unsigned char default_mac_addr[ETH_ALEN]; 61 | void default_mac_addr_init(void); 62 | 63 | enum server_group_t { 64 | SERVER_GROUP_0, 65 | SERVER_GROUP_1, 66 | SERVER_GROUP_MAX 67 | }; 68 | 69 | void natcap_server_info_change(enum server_group_t x, int change); 70 | void natcap_server_info_cleanup(enum server_group_t x); 71 | int natcap_server_info_add(enum server_group_t x, const struct tuple *dst); 72 | int natcap_server_info_delete(enum server_group_t x, const struct tuple *dst); 73 | void *natcap_server_info_get(enum server_group_t x, loff_t idx); 74 | void natcap_server_in_touch(enum server_group_t x, __be32 ip); 75 | 76 | extern unsigned int natcap_server_use_peer; 77 | 78 | const struct tuple *natcap_server_info_current(enum server_group_t x); 79 | 80 | int natcap_client_init(void); 81 | void natcap_client_exit(void); 82 | 83 | struct natcap_token_ctrl { 84 | int tokens; 85 | int tokens_per_jiffy; 86 | unsigned long jiffies; 87 | spinlock_t lock; 88 | }; 89 | 90 | extern int tx_pkts_threshold; 91 | extern int rx_pkts_threshold; 92 | 93 | extern void natcap_tx_speed_set(int speed); 94 | extern void natcap_rx_speed_set(int speed); 95 | 96 | extern int natcap_tx_speed_get(void); 97 | extern int natcap_rx_speed_get(void); 98 | 99 | extern int is_natcap_server(__be32 ip); 100 | 101 | /* for DNS decode */ 102 | static inline int get_rdata(const unsigned char *src_ptr, int src_len, int src_pos, unsigned char *dst_ptr, int dst_size) 103 | { 104 | int ptr_count = 0; 105 | int ptr_limit = src_len / 2; 106 | int pos = src_pos; 107 | int dst_len = 0; 108 | unsigned int v; 109 | while (dst_len < dst_size && pos < src_len && (v = get_byte1(src_ptr + pos)) != 0) { 110 | if (v > 0x3f) { 111 | if (pos + 1 >= src_len) { 112 | return -1; 113 | } 114 | if (++ptr_count >= ptr_limit) { 115 | return -2; 116 | } 117 | pos = ntohs(get_byte2(src_ptr + pos)) & 0x3fff; 118 | continue; 119 | } else { 120 | if (pos + v >= src_len) { 121 | return -3; 122 | } 123 | if (dst_len + v >= dst_size) { 124 | return -4; 125 | } 126 | memcpy(dst_ptr, src_ptr + pos + 1, v); 127 | dst_ptr += v; 128 | *dst_ptr = '.'; 129 | dst_ptr += 1; 130 | dst_len += v + 1; 131 | pos += v + 1; 132 | } 133 | } 134 | 135 | return dst_len; 136 | } 137 | 138 | extern void cn_domain_clean(void); 139 | extern void domain_copy(char *dst, char *from); 140 | extern int domain_cmp(char *dst, char *src); 141 | extern int cn_domain_insert(char *d); 142 | extern int domain_match(char *dst, char *src); 143 | extern int cn_domain_lookup(char *d); 144 | extern int cn_domain_load_from_path(char *path); 145 | extern int cn_domain_load_from_raw(char *path); 146 | extern int cn_domain_dump_path(char *path); 147 | 148 | #endif /* _NATCAP_CLIENT_H_ */ 149 | -------------------------------------------------------------------------------- /natcap_peer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Thu, 30 Aug 2018 11:25:35 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_PEER_H_ 22 | #define _NATCAP_PEER_H_ 23 | 24 | #if !defined(CONFIG_NF_CONNTRACK_MARK) 25 | #error Please change kernel config: must define CONFIG_NF_CONNTRACK_MARK 26 | #endif 27 | 28 | #define __ALIGN_64BITS 8 29 | 30 | struct peer_server_node { 31 | spinlock_t lock; 32 | #define PEER_SUBTYPE_SSYN_BIT 0 33 | #define PEER_SUBTYPE_SSYN (1 << PEER_SUBTYPE_SSYN_BIT) 34 | #define PEER_SUBTYPE_SYN_BIT 1 35 | #define PEER_SUBTYPE_SYN (1 << PEER_SUBTYPE_SYN_BIT) 36 | #define PEER_SUBTYPE_PUB_BIT 2 37 | #define PEER_SUBTYPE_PUB (1 << PEER_SUBTYPE_PUB_BIT) 38 | #define PEER_SUBTYPE_AUTH_BIT 3 39 | #define PEER_SUBTYPE_AUTH (1 << PEER_SUBTYPE_AUTH_BIT) 40 | #define PEER_SUBTYPE_PUB6_BIT 6 41 | #define PEER_SUBTYPE_PUB6 (1 << PEER_SUBTYPE_PUB6_BIT) 42 | unsigned short status; 43 | __be32 ip; 44 | __be16 map_port; 45 | unsigned short conn; 46 | unsigned int last_active; 47 | unsigned int last_inuse; 48 | #define MAX_PEER_CONN 8 49 | struct nf_conn *port_map[MAX_PEER_CONN]; 50 | }; 51 | 52 | struct natcap_route { 53 | /* max L2 len supoorted 54 | * mac + vlan + pppoe (=14 + 4 + 8) 55 | */ 56 | #define NF_L2_MAX_LEN (14 + 4 + 8) 57 | unsigned char l2_head[NF_L2_MAX_LEN]; 58 | unsigned short l2_head_len; 59 | struct net_device *outdev; 60 | }; 61 | 62 | struct fakeuser_expect { 63 | #define FUE_STATE_INIT 0 64 | #define FUE_STATE_CONNECTED 1 65 | unsigned char state; 66 | #define FUE_MODE_TCP 0 67 | #define FUE_MODE_UDP 1 68 | unsigned char mode; 69 | unsigned short mss; 70 | unsigned int pmi; 71 | unsigned int local_seq; 72 | unsigned int remote_seq; 73 | unsigned int last_active; 74 | unsigned int rt_out_magic; 75 | struct natcap_route rt_out; 76 | unsigned char fake_icmp_time[18]; 77 | }; 78 | 79 | struct natcap_fastpath_route { 80 | unsigned int last_rxtx; /* 0: last_rx 1: last_tx */ 81 | unsigned int last_rx_jiffies; 82 | unsigned int last_tx_jiffies; 83 | unsigned short is_dead; 84 | unsigned short weight; 85 | __be32 saddr; 86 | unsigned int rt_out_magic; 87 | struct natcap_route rt_out; 88 | #define SPEED_SAMPLE_COUNT 8 89 | atomic_t tx_speed[SPEED_SAMPLE_COUNT]; 90 | atomic_t rx_speed[SPEED_SAMPLE_COUNT]; 91 | }; 92 | 93 | #define PEER_DEAD_ADDR __constant_htonl((13<<24)|(14<<16)|(10<<8)|(13<<0)) 94 | #define PEER_SET_WEIGHT_ADDR __constant_htonl((13<<24)|(14<<16)|(10<<8)|(14<<0)) 95 | 96 | extern struct natcap_fastpath_route *natcap_pfr; 97 | 98 | extern int is_fastpath_route_ready(struct natcap_fastpath_route *pfr); 99 | 100 | static inline struct fakeuser_expect *peer_fakeuser_expect(struct nf_conn *ct) 101 | { 102 | return (void *)ct->ext + ct->ext->len; 103 | } 104 | 105 | struct peer_tuple { 106 | unsigned int local_seq; 107 | unsigned int remote_seq; 108 | __be32 sip; 109 | __be32 dip; 110 | __be16 sport; 111 | __be16 dport; 112 | unsigned short mss; 113 | unsigned char connected:7, 114 | sni_ban:1; 115 | #define PT_MODE_TCP 0 116 | #define PT_MODE_UDP 1 117 | unsigned char mode; 118 | unsigned int last_active; 119 | }; 120 | 121 | struct user_expect { 122 | spinlock_t lock; 123 | unsigned int last_active; 124 | unsigned int last_active_peer; 125 | unsigned int last_active_auth; 126 | __be32 local_ip; 127 | __be32 ip; 128 | __be16 map_port; 129 | unsigned short status; 130 | struct in6_addr in6; 131 | #define MAX_PEER_TUPLE 8 132 | struct peer_tuple tuple[MAX_PEER_TUPLE]; 133 | 134 | unsigned int rt_out_magic; 135 | struct natcap_route rt_out; 136 | }; 137 | 138 | static inline struct user_expect *peer_user_expect(struct nf_conn *ct) 139 | { 140 | return (void *)ct->ext + ct->ext->len; 141 | } 142 | 143 | static inline struct natcap_TCPOPT *natcap_peer_decode_header(struct tcphdr *tcph) 144 | { 145 | struct natcap_TCPOPT *opt; 146 | 147 | opt = (struct natcap_TCPOPT *)((void *)tcph + sizeof(struct tcphdr)); 148 | if ( 149 | !( 150 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_peer), sizeof(unsigned int)) && 151 | (opt->header.opcode == TCPOPT_PEER || opt->header.opcode == TCPOPT_PEER_V2) && 152 | (opt->header.subtype == SUBTYPE_PEER_SYN || 153 | opt->header.subtype == SUBTYPE_PEER_SSYN || 154 | opt->header.subtype == SUBTYPE_PEER_SYNACK || 155 | opt->header.subtype == SUBTYPE_PEER_ACK || 156 | opt->header.subtype == SUBTYPE_PEER_FSYNACK || 157 | opt->header.subtype == SUBTYPE_PEER_FMSG || 158 | opt->header.subtype == SUBTYPE_PEER_AUTH || 159 | opt->header.subtype == SUBTYPE_PEER_AUTHACK) && 160 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_peer), sizeof(unsigned int))) || 161 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int)) && 162 | (opt->header.opcode == TCPOPT_PEER || opt->header.opcode == TCPOPT_PEER_V2) && 163 | (opt->header.subtype == SUBTYPE_PEER_FSYN || opt->header.subtype == SUBTYPE_PEER_FACK) && 164 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int))) || 165 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_dst), sizeof(unsigned int)) && 166 | (opt->header.opcode == TCPOPT_PEER || opt->header.opcode == TCPOPT_PEER_V2) && 167 | opt->header.subtype == SUBTYPE_PEER_XSYN && 168 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_dst), sizeof(unsigned int))) 169 | ) 170 | ) 171 | { 172 | return NULL; 173 | } 174 | 175 | return opt; 176 | } 177 | 178 | int natcap_peer_init(void); 179 | void natcap_peer_exit(void); 180 | 181 | #define PEER_XSYN_MASK_ADDR __constant_htonl(0xffffffff) 182 | extern __be32 peer_xsyn_enumerate_addr(void); 183 | 184 | #define PEER_PUB_NUM 256 185 | extern __be32 peer_pub_ip[PEER_PUB_NUM]; 186 | 187 | extern __be16 peer_knock_local_port; 188 | 189 | extern __be16 peer_sni_port; 190 | 191 | extern int natcap_auth_request(const unsigned char *client_mac, __be32 client_ip); 192 | 193 | extern int peer_sni_cache_used_nodes(void); 194 | 195 | #endif /* _NATCAP_PEER_H_ */ 196 | -------------------------------------------------------------------------------- /geoip.txt.out.cn1: -------------------------------------------------------------------------------- 1 | 1.18.128.0=["中国","北京","北京","",""] 2 | 13.104.184.80=["中国","北京","北京","",""] 3 | 15.230.141.0=["中国","北京","北京","",""] 4 | 15.230.41.0=["中国","北京","北京","",""] 5 | 15.230.49.0=["中国","北京","北京","",""] 6 | 17.127.128.0=["中国","广东","深圳","",""] 7 | 20.249.255.0=["中国","上海","上海","",""] 8 | 20.251.0.0=["中国","上海","上海","",""] 9 | 20.253.4.0=["中国","上海","上海","",""] 10 | 20.253.89.0=["中国","上海","上海","",""] 11 | 20.255.255.0=["中国","上海","上海","",""] 12 | 27.0.133.0=["中国","福建","福州","",""] 13 | 39.109.120.0=["中国","广东","深圳","",""] 14 | 40.0.176.0=["中国","上海","上海","",""] 15 | 40.0.248.0=["中国","上海","上海","",""] 16 | 40.198.10.0=["中国","上海","上海","",""] 17 | 40.198.16.0=["中国","上海","上海","",""] 18 | 40.198.24.0=["中国","上海","上海","",""] 19 | 40.251.225.0=["中国","上海","上海","",""] 20 | 40.251.227.0=["中国","上海","上海","",""] 21 | 40.77.236.224=["中国","北京","北京","",""] 22 | 43.130.128.0=["中国","中国","","",""] 23 | 43.131.128.0=["中国","中国","","",""] 24 | 43.132.10.0=["中国","中国","","",""] 25 | 43.132.12.0=["中国","中国","","",""] 26 | 43.132.16.0=["中国","中国","","",""] 27 | 43.132.32.0=["中国","中国","","",""] 28 | 43.132.75.0=["中国","中国","","",""] 29 | 43.132.78.0=["中国","中国","","",""] 30 | 43.132.8.0=["中国","中国","","",""] 31 | 43.132.87.0=["中国","中国","","",""] 32 | 43.132.92.0=["中国","中国","","",""] 33 | 43.135.224.0=["中国","中国","","",""] 34 | 43.136.0.0=["中国","中国","","",""] 35 | 43.192.0.0=["中国","宁夏","中卫","",""] 36 | 43.196.0.0=["中国","北京","北京","",""] 37 | 43.237.196.0=["中国","中国","","",""] 38 | 45.120.180.128=["中国","上海","上海","",""] 39 | 45.87.53.0=["中国","中国","","",""] 40 | 45.87.54.0=["中国","中国","","",""] 41 | 52.93.242.120=["中国","宁夏","中卫","",""] 42 | 52.93.242.128=["中国","宁夏","中卫","",""] 43 | 52.94.249.0=["中国","北京","北京","",""] 44 | 59.153.159.0=["中国","中国","","",""] 45 | 59.43.249.16=["中国","中国","","",""] 46 | 62.3.6.0=["中国","中国","","",""] 47 | 64.188.38.0=["中国","中国","","",""] 48 | 64.188.40.0=["中国","中国","","",""] 49 | 64.188.44.0=["中国","中国","","",""] 50 | 72.163.240.0=["中国","上海","上海","",""] 51 | 101.198.0.0=["中国","北京","北京","",""] 52 | 103.105.60.0=["中国","山东","青岛","",""] 53 | 103.115.52.0=["中国","北京","北京","",""] 54 | 103.120.76.0=["中国","中国","","",""] 55 | 103.122.179.0=["中国","中国","","",""] 56 | 103.144.88.0=["中国","中国","","",""] 57 | 103.145.94.0=["中国","中国","","",""] 58 | 103.153.99.0=["中国","中国","","",""] 59 | 103.155.101.0=["中国","中国","","",""] 60 | 103.156.166.0=["中国","中国","","",""] 61 | 103.156.174.0=["中国","黑龙江","","",""] 62 | 103.161.139.0=["中国","中国","","",""] 63 | 103.177.70.0=["中国","中国","","",""] 64 | 103.232.17.168=["中国","上海","上海","",""] 65 | 103.242.129.0=["中国","上海","上海","",""] 66 | 103.242.130.0=["中国","上海","上海","",""] 67 | 103.65.116.0=["中国","中国","","",""] 68 | 103.72.149.0=["中国","中国","","",""] 69 | 103.72.150.0=["中国","中国","","",""] 70 | 103.97.60.0=["中国","江苏","苏州","",""] 71 | 103.99.55.0=["中国","中国","","",""] 72 | 106.75.201.0=["中国","中国","","",""] 73 | 107.176.0.0=["中国","北京","北京","",""] 74 | 111.223.248.0=["中国","中国","","",""] 75 | 114.112.129.0=["中国","中国","","",""] 76 | 115.169.9.0=["中国","广东","广州","",""] 77 | 118.184.5.0=["中国","上海","上海","",""] 78 | 118.228.152.0=["中国","北京","北京","",""] 79 | 118.26.149.0=["中国","中国","","",""] 80 | 118.26.150.0=["中国","中国","","",""] 81 | 118.26.156.0=["中国","中国","","",""] 82 | 119.252.249.0=["中国","中国","","",""] 83 | 122.112.118.0=["中国","中国","","",""] 84 | 122.8.128.0=["中国","中国","","",""] 85 | 122.8.79.0=["中国","中国","","",""] 86 | 122.8.80.0=["中国","中国","","",""] 87 | 122.8.86.0=["中国","中国","","",""] 88 | 122.8.88.0=["中国","中国","","",""] 89 | 122.8.91.0=["中国","中国","","",""] 90 | 122.8.92.0=["中国","中国","","",""] 91 | 129.223.254.0=["中国","上海","上海","",""] 92 | 130.214.218.0=["中国","上海","上海","",""] 93 | 130.36.146.0=["中国","上海","上海","",""] 94 | 131.228.96.0=["中国","浙江","杭州","",""] 95 | 131.253.12.240=["中国","北京","北京","",""] 96 | 132.237.134.0=["中国","福建","厦门","",""] 97 | 135.159.208.0=["中国","广东","广州","",""] 98 | 135.244.80.0=["中国","北京","北京","",""] 99 | 135.84.255.0=["中国","中国","","",""] 100 | 139.138.238.0=["中国","上海","上海","",""] 101 | 139.198.114.0=["中国","广东","广州","",""] 102 | 144.211.138.0=["中国","北京","北京","",""] 103 | 144.211.80.0=["中国","北京","北京","",""] 104 | 146.217.137.0=["中国","上海","上海","",""] 105 | 147.243.103.0=["中国","北京","北京","",""] 106 | 150.222.88.0=["中国","北京","北京","",""] 107 | 154.209.251.0=["中国","上海","上海","",""] 108 | 155.126.176.0=["中国","上海","上海","",""] 109 | 156.107.178.0=["中国","北京","北京","",""] 110 | 156.107.180.0=["中国","北京","北京","",""] 111 | 159.221.232.0=["中国","上海","上海","",""] 112 | 160.62.10.0=["中国","北京","北京","",""] 113 | 161.163.28.0=["中国","广东","深圳","",""] 114 | 161.49.5.7=["中国","中国","","",""] 115 | 164.52.80.0=["中国","北京","北京","",""] 116 | 165.154.104.0=["中国","中国","","",""] 117 | 165.154.112.0=["中国","中国","","",""] 118 | 165.154.128.0=["中国","中国","","",""] 119 | 165.154.192.0=["中国","中国","","",""] 120 | 165.156.30.0=["中国","上海","上海","",""] 121 | 170.225.224.0=["中国","湖北","武汉","",""] 122 | 173.39.200.0=["中国","上海","上海","",""] 123 | 180.92.176.0=["中国","广东","深圳","",""] 124 | 182.160.52.0=["中国","中国","","",""] 125 | 182.160.56.0=["中国","中国","","",""] 126 | 182.160.60.0=["中国","中国","","",""] 127 | 182.160.62.0=["中国","中国","","",""] 128 | 192.11.23.0=["中国","北京","北京","",""] 129 | 192.11.26.0=["中国","北京","北京","",""] 130 | 192.11.39.0=["中国","北京","北京","",""] 131 | 192.163.11.0=["中国","上海","上海","",""] 132 | 192.232.97.0=["中国","上海","上海","",""] 133 | 193.20.64.0=["中国","北京","北京","",""] 134 | 194.138.136.0=["中国","中国","","",""] 135 | 194.138.202.0=["中国","北京","北京","",""] 136 | 194.138.245.0=["中国","北京","北京","",""] 137 | 198.208.17.0=["中国","上海","上海","",""] 138 | 198.208.19.0=["中国","上海","上海","",""] 139 | 202.1.100.0=["中国","中国","","",""] 140 | 202.1.104.0=["中国","中国","","",""] 141 | 202.1.110.0=["中国","上海","上海","",""] 142 | 202.1.112.0=["中国","上海","上海","",""] 143 | 202.1.64.0=["中国","中国","","",""] 144 | 202.1.68.0=["中国","中国","","",""] 145 | 202.1.72.0=["中国","中国","","",""] 146 | 202.1.80.0=["中国","中国","","",""] 147 | 202.1.96.0=["中国","中国","","",""] 148 | 202.21.208.0=["中国","北京","北京","",""] 149 | 202.76.247.0=["中国","上海","上海","",""] 150 | 202.97.27.178=["中国","中国","","",""] 151 | 202.97.41.130=["中国","中国","","",""] 152 | 202.97.42.150=["中国","中国","","",""] 153 | 202.97.44.218=["中国","中国","","",""] 154 | 202.97.49.88=["中国","中国","","",""] 155 | 202.97.51.254=["中国","中国","","",""] 156 | 202.97.62.0=["中国","中国","","",""] 157 | 202.97.63.154=["中国","中国","","",""] 158 | 202.97.73.210=["中国","中国","","",""] 159 | 202.97.92.160=["中国","中国","","",""] 160 | 203.13.145.0=["中国","上海","上海","",""] 161 | 203.14.184.0=["中国","中国","","",""] 162 | 203.14.186.0=["中国","中国","","",""] 163 | 203.14.186.128=["中国","中国","","",""] 164 | 203.14.186.192=["中国","中国","","",""] 165 | 203.14.186.224=["中国","中国","","",""] 166 | 203.14.186.240=["中国","中国","","",""] 167 | 203.14.186.252=["中国","中国","","",""] 168 | 203.14.187.0=["中国","中国","","",""] 169 | 203.14.187.128=["中国","中国","","",""] 170 | 203.14.187.132=["中国","中国","","",""] 171 | 203.14.187.160=["中国","中国","","",""] 172 | 203.14.187.196=["中国","中国","","",""] 173 | 203.14.187.200=["中国","中国","","",""] 174 | 203.14.187.206=["中国","中国","","",""] 175 | 203.14.187.208=["中国","中国","","",""] 176 | 203.14.187.224=["中国","中国","","",""] 177 | 203.14.187.244=["中国","中国","","",""] 178 | 203.14.187.248=["中国","中国","","",""] 179 | 203.14.187.32=["中国","中国","","",""] 180 | 203.14.187.44=["中国","中国","","",""] 181 | 203.14.187.48=["中国","中国","","",""] 182 | 203.14.187.64=["中国","中国","","",""] 183 | 203.14.188.0=["中国","中国","","",""] 184 | 204.114.176.0=["中国","北京","北京","",""] 185 | 204.55.160.0=["中国","北京","北京","",""] 186 | 210.5.56.0=["中国","北京","北京","",""] 187 | 213.199.169.0=["中国","北京","北京","",""] 188 | 213.255.231.0=["中国","中国","","",""] 189 | 218.98.77.0=["中国","中国","","",""] 190 | 218.98.78.0=["中国","中国","","",""] 191 | 218.98.80.0=["中国","中国","","",""] 192 | 218.98.92.0=["中国","中国","","",""] 193 | 219.158.102.84=["中国","中国","","",""] 194 | 219.158.43.226=["中国","中国","","",""] 195 | 219.158.45.182=["中国","中国","","",""] 196 | 220.155.30.0=["中国","北京","北京","",""] 197 | 220.155.8.0=["中国","北京","北京","",""] 198 | 220.242.185.0=["中国","中国","","",""] 199 | 220.242.186.0=["中国","中国","","",""] 200 | 220.242.188.0=["中国","中国","","",""] 201 | 220.242.190.0=["中国","中国","","",""] 202 | 221.183.21.202=["中国","中国","","",""] 203 | 222.126.174.144=["中国","北京","北京","",""] 204 | 222.126.174.40=["中国","四川","成都","",""] 205 | 222.126.174.76=["中国","重庆","重庆","",""] 206 | 222.126.174.88=["中国","四川","成都","",""] 207 | 223.120.0.0=["中国","中国","","",""] 208 | 223.120.0.8=["中国","中国","","",""] 209 | -------------------------------------------------------------------------------- /natcap_knock.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Sun, 05 Jun 2016 16:24:04 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include "natcap_common.h" 40 | #include "natcap_knock.h" 41 | 42 | unsigned short knock_port = __constant_htons(65535); 43 | unsigned int knock_flood = 0; 44 | unsigned short knock_encryption = 0; 45 | unsigned char knock_tcp_encode = TCP_ENCODE; 46 | unsigned char knock_udp_encode = UDP_ENCODE; 47 | 48 | void natcap_knock_info_select(__be32 ip, __be16 port, struct tuple *dst) 49 | { 50 | dst->ip = ip; 51 | dst->port = knock_port; 52 | dst->encryption = knock_encryption; 53 | dst->tcp_encode = knock_tcp_encode; 54 | dst->udp_encode = knock_udp_encode; 55 | 56 | if (dst->port == __constant_htons(0)) { 57 | dst->port = port; 58 | } else if (dst->port == __constant_htons(65535)) { 59 | dst->port = ((jiffies^ip) & 0xffff); 60 | dst->port = htons(ntohs(dst->port) % (65536 - 1024) + 1024); 61 | } 62 | } 63 | 64 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0) 65 | static unsigned int natcap_knock_dnat_hook(unsigned int hooknum, 66 | struct sk_buff *skb, 67 | const struct net_device *in, 68 | const struct net_device *out, 69 | int (*okfn)(struct sk_buff *)) 70 | { 71 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0) 72 | static unsigned int natcap_knock_dnat_hook(const struct nf_hook_ops *ops, 73 | struct sk_buff *skb, 74 | const struct net_device *in, 75 | const struct net_device *out, 76 | int (*okfn)(struct sk_buff *)) 77 | { 78 | unsigned int hooknum = ops->hooknum; 79 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 80 | static unsigned int natcap_knock_dnat_hook(const struct nf_hook_ops *ops, 81 | struct sk_buff *skb, 82 | const struct nf_hook_state *state) 83 | { 84 | unsigned int hooknum = state->hook; 85 | const struct net_device *in = state->in; 86 | const struct net_device *out = state->out; 87 | #else 88 | static unsigned int natcap_knock_dnat_hook(void *priv, 89 | struct sk_buff *skb, 90 | const struct nf_hook_state *state) 91 | { 92 | unsigned int hooknum = state->hook; 93 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) 94 | const struct net_device *in = state->in; 95 | const struct net_device *out = state->out; 96 | #endif 97 | #endif 98 | enum ip_conntrack_info ctinfo; 99 | struct nf_conn *ct; 100 | struct iphdr *iph; 101 | void *l4; 102 | struct tuple server; 103 | 104 | if (disabled) 105 | return NF_ACCEPT; 106 | 107 | iph = ip_hdr(skb); 108 | if (iph->protocol != IPPROTO_TCP) { 109 | return NF_ACCEPT; 110 | } 111 | l4 = (void *)iph + iph->ihl * 4; 112 | 113 | ct = nf_ct_get(skb, &ctinfo); 114 | if (NULL == ct) { 115 | return NF_ACCEPT; 116 | } 117 | if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) { 118 | return NF_ACCEPT; 119 | } 120 | if ((IPS_NATCAP_BYPASS & ct->status)) { 121 | return NF_ACCEPT; 122 | } 123 | if ((IPS_NATCAP & ct->status)) { 124 | return NF_ACCEPT; 125 | } 126 | if (!nf_ct_is_confirmed(ct)) { 127 | if (skb->mark & natcap_ignore_mask) { 128 | set_bit(IPS_NATCAP_PRE_BIT, &ct->status); 129 | set_bit(IPS_NATCAP_BYPASS_BIT, &ct->status); 130 | set_bit(IPS_NATCAP_SERVER_BIT, &ct->status); 131 | return NF_ACCEPT; 132 | } 133 | } 134 | 135 | if (!skb_make_writable(skb, iph->ihl * 4 + sizeof(struct tcphdr))) { 136 | return NF_DROP; 137 | } 138 | iph = ip_hdr(skb); 139 | l4 = (void *)iph + iph->ihl * 4; 140 | if (TCPH(l4)->doff * 4 < sizeof(struct tcphdr)) { 141 | return NF_DROP; 142 | } 143 | 144 | if (IP_SET_test_dst_ip(state, in, out, skb, "knocklist") > 0) { 145 | natcap_knock_info_select(iph->daddr, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all, &server); 146 | NATCAP_INFO("(KD)" DEBUG_TCP_FMT ": new connection, before encode, server=" TUPLE_FMT "\n", DEBUG_TCP_ARG(iph,l4), TUPLE_ARG(&server)); 147 | } else { 148 | set_bit(IPS_NATCAP_BYPASS_BIT, &ct->status); 149 | return NF_ACCEPT; 150 | } 151 | 152 | if (!(IPS_NATCAP & ct->status) && !test_and_set_bit(IPS_NATCAP_BIT, &ct->status)) { /* first time out */ 153 | if (!TCPH(l4)->syn || TCPH(l4)->ack) { 154 | NATCAP_INFO("(KD)" DEBUG_TCP_FMT ": first packet in but not syn, bypass\n", DEBUG_TCP_ARG(iph,l4)); 155 | set_bit(IPS_NATCAP_BYPASS_BIT, &ct->status); 156 | return NF_ACCEPT; 157 | } 158 | if (natcap_dnat_setup(ct, server.ip, server.port) != NF_ACCEPT) { 159 | NATCAP_ERROR("(KD)" DEBUG_TCP_FMT ": natcap_dnat_setup failed, server=" TUPLE_FMT "\n", DEBUG_TCP_ARG(iph,l4), TUPLE_ARG(&server)); 160 | set_bit(IPS_NATCAP_BYPASS_BIT, &ct->status); 161 | return NF_DROP; 162 | } 163 | } 164 | 165 | NATCAP_DEBUG("(KD)" DEBUG_TCP_FMT ": after encode\n", DEBUG_TCP_ARG(iph,l4)); 166 | 167 | return NF_ACCEPT; 168 | } 169 | 170 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0) 171 | static unsigned int natcap_knock_post_out_hook(unsigned int hooknum, 172 | struct sk_buff *skb, 173 | const struct net_device *in, 174 | const struct net_device *out, 175 | int (*okfn)(struct sk_buff *)) 176 | { 177 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0) 178 | static unsigned int natcap_knock_post_out_hook(const struct nf_hook_ops *ops, 179 | struct sk_buff *skb, 180 | const struct net_device *in, 181 | const struct net_device *out, 182 | int (*okfn)(struct sk_buff *)) 183 | { 184 | unsigned int hooknum = ops->hooknum; 185 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 186 | static unsigned int natcap_knock_post_out_hook(const struct nf_hook_ops *ops, 187 | struct sk_buff *skb, 188 | const struct nf_hook_state *state) 189 | { 190 | unsigned int hooknum = state->hook; 191 | //const struct net_device *in = state->in; 192 | //const struct net_device *out = state->out; 193 | #else 194 | static unsigned int natcap_knock_post_out_hook(void *priv, 195 | struct sk_buff *skb, 196 | const struct nf_hook_state *state) 197 | { 198 | unsigned int hooknum = state->hook; 199 | //const struct net_device *in = state->in; 200 | //const struct net_device *out = state->out; 201 | #endif 202 | int ret = 0; 203 | enum ip_conntrack_info ctinfo; 204 | unsigned long status = NATCAP_CLIENT_MODE; 205 | struct nf_conn *ct; 206 | struct iphdr *iph; 207 | void *l4; 208 | struct natcap_TCPOPT tcpopt = { }; 209 | 210 | if (disabled) 211 | return NF_ACCEPT; 212 | 213 | iph = ip_hdr(skb); 214 | if (iph->protocol != IPPROTO_TCP) { 215 | return NF_ACCEPT; 216 | } 217 | l4 = (void *)iph + iph->ihl * 4; 218 | 219 | ct = nf_ct_get(skb, &ctinfo); 220 | if (NULL == ct) { 221 | return NF_ACCEPT; 222 | } 223 | if ((IPS_NATCAP_BYPASS & ct->status)) { 224 | return NF_ACCEPT; 225 | } 226 | if (!(IPS_NATCAP & ct->status)) { 227 | return NF_ACCEPT; 228 | } 229 | if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) { 230 | return NF_ACCEPT; 231 | } 232 | 233 | ret = natcap_tcpopt_setup(status, skb, ct, &tcpopt, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.tcp.port); 234 | if (ret == 0) { 235 | if (iph->daddr == ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip) { 236 | tcpopt.header.type |= NATCAP_TCPOPT_TARGET; 237 | } 238 | ret = natcap_tcp_encode(ct, skb, &tcpopt, IP_CT_DIR_ORIGINAL); 239 | iph = ip_hdr(skb); 240 | l4 = (void *)iph + iph->ihl * 4; 241 | } 242 | if (ret != 0) { 243 | NATCAP_ERROR("(KPO)" DEBUG_TCP_FMT ": natcap_tcp_encode() ret=%d\n", DEBUG_TCP_ARG(iph,l4), ret); 244 | return NF_DROP; 245 | } 246 | 247 | NATCAP_DEBUG("(KPO)" DEBUG_TCP_FMT ": after encode\n", DEBUG_TCP_ARG(iph,l4)); 248 | 249 | return NF_ACCEPT; 250 | } 251 | 252 | static struct nf_hook_ops knock_hooks[] = { 253 | { 254 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 255 | .owner = THIS_MODULE, 256 | #endif 257 | .hook = natcap_knock_dnat_hook, 258 | .pf = PF_INET, 259 | .hooknum = NF_INET_PRE_ROUTING, 260 | .priority = NF_IP_PRI_NAT_DST - 10 - 2, 261 | }, 262 | { 263 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 264 | .owner = THIS_MODULE, 265 | #endif 266 | .hook = natcap_knock_dnat_hook, 267 | .pf = PF_INET, 268 | .hooknum = NF_INET_LOCAL_OUT, 269 | .priority = NF_IP_PRI_NAT_DST - 10 - 2, 270 | }, 271 | { 272 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 273 | .owner = THIS_MODULE, 274 | #endif 275 | .hook = natcap_knock_post_out_hook, 276 | .pf = PF_INET, 277 | .hooknum = NF_INET_POST_ROUTING, 278 | .priority = NF_IP_PRI_LAST, 279 | }, 280 | }; 281 | 282 | int natcap_knock_init(void) 283 | { 284 | int ret = 0; 285 | 286 | need_conntrack(); 287 | 288 | ret = nf_register_hooks(knock_hooks, ARRAY_SIZE(knock_hooks)); 289 | return ret; 290 | } 291 | 292 | void natcap_knock_exit(void) 293 | { 294 | nf_unregister_hooks(knock_hooks, ARRAY_SIZE(knock_hooks)); 295 | } 296 | -------------------------------------------------------------------------------- /cniplist.orig.set.exclude1: -------------------------------------------------------------------------------- 1 | 1.18.128.0/24 2 | 13.104.184.80/28 3 | 15.230.41.0/24 4 | 15.230.49.0/24 5 | 15.230.141.0/24 6 | 17.127.128.0/23 7 | 20.249.255.0/24 8 | 20.251.0.0/22 9 | 20.253.4.0/24 10 | 20.253.89.0/24 11 | 20.255.255.0/24 12 | 39.109.120.0/23 13 | 40.0.176.0/20 14 | 40.0.248.0/21 15 | 40.77.236.224/27 16 | 40.198.10.0/24 17 | 40.198.16.0/21 18 | 40.198.24.0/23 19 | 40.251.225.0/24 20 | 40.251.227.0/24 21 | 43.130.128.0/18 22 | 43.131.128.0/18 23 | 43.132.8.0/24 24 | 43.132.10.0/23 25 | 43.132.12.0/22 26 | 43.132.16.0/20 27 | 43.132.32.0/19 28 | 43.132.75.0/24 29 | 43.132.78.0/23 30 | 43.132.87.0/24 31 | 43.132.92.0/24 32 | 43.135.224.0/19 33 | 43.136.0.0/13 34 | 43.152.4.0/22 35 | 43.152.8.0/23 36 | 43.152.11.0/24 37 | 43.152.12.0/22 38 | 43.152.16.0/20 39 | 43.152.32.0/20 40 | 43.152.48.0/22 41 | 43.152.52.0/23 42 | 43.152.55.0/24 43 | 43.152.57.0/24 44 | 43.152.60.0/22 45 | 43.152.64.0/18 46 | 43.152.128.0/17 47 | 43.153.64.0/18 48 | 43.156.0.0/16 49 | 43.157.192.0/18 50 | 43.158.0.0/15 51 | 43.192.0.0/14 52 | 43.196.0.0/15 53 | 45.87.53.0/24 54 | 45.87.54.0/24 55 | 45.120.180.128/27 56 | 52.93.242.120/29 57 | 52.93.242.128/25 58 | 52.94.249.0/27 59 | 59.43.249.16/29 60 | 59.153.159.0/24 61 | 62.3.6.0/24 62 | 64.188.38.0/23 63 | 64.188.40.0/22 64 | 64.188.44.0/23 65 | 72.163.240.0/23 66 | 101.198.0.0/22 67 | 103.65.116.0/22 68 | 103.72.149.0/24 69 | 103.72.150.0/23 70 | 103.97.60.0/23 71 | 103.99.55.0/24 72 | 103.105.60.0/22 73 | 103.115.52.0/22 74 | 103.120.76.0/24 75 | 103.122.179.0/24 76 | 103.144.88.0/24 77 | 103.145.94.0/23 78 | 103.153.99.0/24 79 | 103.155.101.0/24 80 | 103.156.166.0/23 81 | 103.156.174.0/23 82 | 103.159.80.0/23 83 | 103.161.139.0/24 84 | 103.169.216.0/23 85 | 103.177.70.0/23 86 | 103.232.17.168/29 87 | 106.75.201.0/24 88 | 107.176.0.0/15 89 | 114.112.129.0/24 90 | 115.169.9.0/24 91 | 118.26.144.0/22 92 | 118.26.149.0/24 93 | 118.26.150.0/23 94 | 118.26.156.0/22 95 | 118.184.5.0/24 96 | 119.28.28.0/24 97 | 119.252.249.0/24 98 | 121.59.0.0/22 99 | 121.59.4.0/24 100 | 121.59.5.0/25 101 | 122.8.79.0/24 102 | 122.8.80.0/22 103 | 122.8.86.0/23 104 | 122.8.88.0/24 105 | 122.8.91.0/24 106 | 122.8.92.0/22 107 | 122.8.128.0/18 108 | 122.112.118.0/24 109 | 129.223.254.0/24 110 | 130.36.146.0/23 111 | 130.214.218.0/23 112 | 131.228.96.0/24 113 | 131.253.12.240/29 114 | 132.237.134.0/24 115 | 135.84.255.0/24 116 | 135.159.208.0/20 117 | 135.244.80.0/20 118 | 139.138.238.0/28 119 | 139.198.114.0/23 120 | 144.211.80.0/24 121 | 144.211.138.0/24 122 | 146.217.137.0/24 123 | 147.243.103.0/25 124 | 150.222.88.0/23 125 | 154.209.251.0/24 126 | 155.126.176.0/23 127 | 159.221.232.0/22 128 | 160.62.10.0/24 129 | 161.49.5.7/32 130 | 161.163.28.0/23 131 | 164.52.80.0/24 132 | 165.154.100.0/22 133 | 165.154.104.0/21 134 | 165.154.112.0/20 135 | 165.154.128.0/18 136 | 165.154.192.0/19 137 | 165.156.30.0/24 138 | 170.225.224.0/23 139 | 173.39.200.0/23 140 | 180.92.176.0/23 141 | 182.160.52.0/22 142 | 182.160.56.0/22 143 | 182.160.60.0/23 144 | 182.160.62.0/24 145 | 192.11.23.0/24 146 | 192.11.26.0/24 147 | 192.11.39.0/24 148 | 192.163.11.0/24 149 | 192.232.97.0/24 150 | 193.20.64.0/22 151 | 194.138.136.0/24 152 | 194.138.202.0/23 153 | 194.138.245.0/24 154 | 198.208.17.0/24 155 | 198.208.19.0/24 156 | 202.1.64.0/23 157 | 202.1.68.0/23 158 | 202.1.72.0/21 159 | 202.1.80.0/20 160 | 202.1.96.0/23 161 | 202.1.100.0/22 162 | 202.1.104.0/22 163 | 202.1.110.0/23 164 | 202.1.112.0/23 165 | 202.21.208.0/24 166 | 202.76.247.0/24 167 | 202.97.27.178/31 168 | 202.97.41.130/31 169 | 202.97.42.150/31 170 | 202.97.44.218/31 171 | 202.97.49.88/30 172 | 202.97.51.254/31 173 | 202.97.62.0/27 174 | 202.97.63.154/31 175 | 202.97.73.210/31 176 | 202.97.92.160/28 177 | 203.14.184.0/23 178 | 203.14.186.0/25 179 | 203.14.186.128/26 180 | 203.14.186.192/27 181 | 203.14.186.224/28 182 | 203.14.186.240/29 183 | 203.14.186.252/30 184 | 203.14.187.0/27 185 | 203.14.187.32/29 186 | 203.14.187.44/30 187 | 203.14.187.48/28 188 | 203.14.187.64/26 189 | 203.14.187.128/30 190 | 203.14.187.132/31 191 | 203.14.187.160/27 192 | 203.14.187.196/30 193 | 203.14.187.200/30 194 | 203.14.187.206/31 195 | 203.14.187.208/28 196 | 203.14.187.224/28 197 | 203.14.187.244/30 198 | 203.14.187.248/29 199 | 203.14.188.0/22 200 | 204.55.160.0/24 201 | 204.114.176.0/23 202 | 213.199.169.0/24 203 | 213.255.231.0/24 204 | 218.98.77.0/24 205 | 218.98.78.0/23 206 | 218.98.80.0/24 207 | 218.98.92.0/22 208 | 219.158.43.226/31 209 | 219.158.45.182/31 210 | 219.158.102.84/30 211 | 220.242.185.0/24 212 | 220.242.186.0/24 213 | 220.242.188.0/23 214 | 220.242.190.0/24 215 | 221.183.21.202/31 216 | 222.126.174.40/29 217 | 222.126.174.76/30 218 | 222.126.174.88/29 219 | 222.126.174.144/28 220 | 223.120.0.0/29 221 | 223.120.0.8/31 222 | 1.12.0.0/20 223 | 1.12.34.0/23 224 | 1.118.32.0/24 225 | 14.192.60.0/24 226 | 27.0.133.0/24 227 | 36.51.248.0/23 228 | 36.255.172.0/24 229 | 39.97.204.0/22 230 | 42.83.130.0/23 231 | 42.83.132.0/23 232 | 43.88.0.0/17 233 | 43.92.0.0/15 234 | 43.94.0.0/16 235 | 43.95.0.0/18 236 | 43.95.120.0/21 237 | 43.95.128.0/17 238 | 43.224.160.0/24 239 | 43.224.162.0/23 240 | 43.230.84.0/22 241 | 43.237.196.0/24 242 | 43.246.113.0/24 243 | 43.246.114.0/23 244 | 43.246.149.0/24 245 | 43.246.151.0/24 246 | 43.250.116.0/23 247 | 45.120.241.0/24 248 | 45.125.139.0/24 249 | 45.251.137.0/24 250 | 49.51.56.0/24 251 | 49.128.4.0/22 252 | 59.83.132.0/22 253 | 59.83.136.0/21 254 | 59.83.176.0/22 255 | 59.83.236.0/22 256 | 59.83.240.0/21 257 | 59.83.248.0/22 258 | 59.83.252.0/23 259 | 59.83.254.0/24 260 | 61.29.192.0/23 261 | 101.134.188.0/24 262 | 101.198.129.0/24 263 | 101.198.130.0/23 264 | 101.198.132.0/22 265 | 101.198.136.0/21 266 | 101.198.144.0/20 267 | 101.198.160.0/21 268 | 101.198.168.0/23 269 | 101.198.188.0/24 270 | 103.13.144.0/24 271 | 103.13.146.0/24 272 | 103.21.241.0/24 273 | 103.23.167.0/24 274 | 103.30.202.0/23 275 | 103.31.236.0/22 276 | 103.35.182.0/23 277 | 103.41.232.0/22 278 | 103.49.128.0/22 279 | 103.61.61.0/24 280 | 103.61.62.0/23 281 | 103.75.147.0/24 282 | 103.78.68.0/22 283 | 103.94.29.0/24 284 | 103.95.28.0/24 285 | 103.95.30.0/23 286 | 103.98.127.0/24 287 | 103.98.248.0/23 288 | 103.99.60.0/22 289 | 103.103.225.0/24 290 | 103.106.202.0/23 291 | 103.108.164.0/22 292 | 103.109.107.0/24 293 | 103.119.226.0/24 294 | 103.120.100.0/22 295 | 103.122.243.0/24 296 | 103.125.248.0/22 297 | 103.142.230.0/24 298 | 103.150.131.0/24 299 | 103.151.150.0/23 300 | 103.152.113.0/24 301 | 103.153.4.0/23 302 | 103.154.243.0/24 303 | 103.155.16.0/24 304 | 103.158.13.0/24 305 | 103.158.190.0/23 306 | 103.178.56.0/23 307 | 103.192.136.0/24 308 | 103.205.120.0/24 309 | 103.209.200.0/24 310 | 103.210.160.0/22 311 | 103.221.24.0/21 312 | 103.221.32.0/22 313 | 103.235.84.0/24 314 | 103.235.86.0/24 315 | 103.242.129.0/24 316 | 103.242.130.0/24 317 | 103.244.116.0/22 318 | 106.2.158.0/23 319 | 106.48.61.0/24 320 | 106.48.62.0/24 321 | 110.76.21.0/24 322 | 110.76.23.0/24 323 | 111.66.179.0/24 324 | 111.223.248.0/24 325 | 111.235.168.0/23 326 | 113.21.233.0/24 327 | 113.21.234.0/23 328 | 114.28.193.0/24 329 | 114.28.224.0/21 330 | 114.28.236.0/22 331 | 114.66.128.0/19 332 | 114.68.100.0/24 333 | 115.169.2.0/24 334 | 115.169.4.0/23 335 | 115.169.32.0/22 336 | 115.169.36.0/23 337 | 115.169.38.0/24 338 | 115.169.41.0/24 339 | 116.85.251.0/24 340 | 116.196.200.0/24 341 | 116.196.202.0/24 342 | 116.251.65.165/32 343 | 116.251.65.166/31 344 | 116.251.65.168/29 345 | 116.251.65.176/31 346 | 116.251.65.178/32 347 | 116.251.65.196/30 348 | 116.251.65.200/31 349 | 116.251.65.204/30 350 | 116.251.65.208/29 351 | 116.251.65.254/31 352 | 116.251.79.0/24 353 | 116.251.80.0/22 354 | 116.251.88.0/22 355 | 116.251.93.0/24 356 | 116.251.94.0/23 357 | 116.251.102.0/23 358 | 116.251.104.0/21 359 | 116.251.112.0/21 360 | 116.251.124.0/22 361 | 117.51.130.0/24 362 | 118.26.100.0/23 363 | 118.26.102.0/24 364 | 118.26.126.0/23 365 | 118.184.109.0/24 366 | 118.184.110.0/23 367 | 118.184.120.0/23 368 | 118.184.122.0/24 369 | 118.188.4.0/22 370 | 118.191.16.0/21 371 | 118.191.128.0/20 372 | 118.191.152.0/24 373 | 118.191.208.0/24 374 | 118.228.152.0/22 375 | 119.38.214.32/28 376 | 119.38.214.48/29 377 | 119.89.138.0/24 378 | 119.89.182.0/24 379 | 119.89.195.0/24 380 | 119.89.216.0/24 381 | 120.53.52.0/23 382 | 120.92.196.0/23 383 | 121.4.4.0/22 384 | 121.59.29.0/24 385 | 121.59.30.0/24 386 | 121.59.32.0/24 387 | 121.59.34.0/23 388 | 121.59.100.0/24 389 | 121.59.106.0/23 390 | 121.59.120.0/24 391 | 121.59.140.0/24 392 | 121.59.144.0/24 393 | 121.59.153.0/24 394 | 121.100.192.0/18 395 | 121.200.195.0/24 396 | 122.98.168.0/22 397 | 122.112.123.0/24 398 | 122.112.124.0/24 399 | 123.0.138.0/24 400 | 123.99.189.0/24 401 | 123.108.143.0/24 402 | 123.249.128.0/17 403 | 124.68.62.0/24 404 | 124.68.227.0/24 405 | 124.68.243.0/24 406 | 124.68.246.0/23 407 | 124.68.248.0/22 408 | 124.68.252.0/23 409 | 124.68.255.0/24 410 | 124.71.248.0/23 411 | 124.71.251.0/24 412 | 125.208.32.0/22 413 | 125.208.36.0/24 414 | 125.208.38.0/23 415 | 125.208.41.0/24 416 | 125.208.42.0/23 417 | 125.208.44.0/24 418 | 139.9.99.0/24 419 | 139.159.48.18/31 420 | 139.159.113.0/28 421 | 139.159.113.16/29 422 | 139.159.118.0/23 423 | 139.220.198.0/23 424 | 139.220.210.0/23 425 | 150.242.156.0/23 426 | 150.242.158.0/24 427 | 150.242.224.0/23 428 | 156.107.178.0/24 429 | 156.107.180.0/24 430 | 162.14.8.0/22 431 | 162.14.24.0/23 432 | 180.94.99.0/24 433 | 180.223.64.0/20 434 | 180.223.80.0/23 435 | 180.223.82.0/24 436 | 180.223.129.0/24 437 | 180.223.130.0/23 438 | 180.223.132.0/22 439 | 180.223.136.0/21 440 | 180.223.144.0/20 441 | 180.223.160.0/19 442 | 180.223.192.0/18 443 | 182.254.116.0/24 444 | 182.254.118.0/24 445 | 202.84.0.0/22 446 | 202.160.176.0/26 447 | 202.160.176.77/32 448 | 203.13.145.0/24 449 | 203.22.176.0/21 450 | 203.34.192.0/22 451 | 203.34.196.0/23 452 | 203.34.199.0/24 453 | 203.56.50.0/23 454 | 203.56.52.0/22 455 | 203.80.140.0/22 456 | 203.81.0.0/21 457 | 203.82.16.0/21 458 | 203.95.128.0/24 459 | 203.99.8.0/21 460 | 203.99.22.0/23 461 | 203.99.24.0/22 462 | 203.99.28.0/24 463 | 203.107.48.0/22 464 | 203.107.64.0/22 465 | 203.107.68.0/24 466 | 203.119.31.0/24 467 | 203.128.225.0/24 468 | 203.128.226.0/23 469 | 203.128.228.0/22 470 | 203.130.50.0/24 471 | 203.130.52.0/24 472 | 203.130.63.0/24 473 | 203.191.30.0/24 474 | 210.2.4.0/24 475 | 210.5.56.0/29 476 | 210.5.56.8/30 477 | 210.16.161.0/24 478 | 210.25.186.64/26 479 | 210.52.67.0/24 480 | 210.52.68.0/24 481 | 211.100.176.0/21 482 | 211.152.136.0/22 483 | 211.155.115.0/24 484 | 218.98.101.0/24 485 | 218.246.59.0/24 486 | 219.234.9.0/24 487 | 220.155.8.0/24 488 | 220.155.30.0/24 489 | 220.242.7.0/24 490 | 220.242.51.0/24 491 | 220.242.52.0/24 492 | 220.242.54.0/24 493 | 220.242.63.0/24 494 | 220.242.193.0/24 495 | 220.242.194.0/23 496 | 220.242.201.0/24 497 | 220.242.208.0/24 498 | 220.242.212.0/23 499 | 220.242.215.0/24 500 | 220.243.245.0/24 501 | 220.243.247.0/24 502 | 220.243.248.0/24 503 | 222.126.176.8/29 504 | 222.126.176.16/28 505 | 222.126.176.32/27 506 | 222.126.176.64/26 507 | 222.126.176.128/25 508 | 222.126.177.0/24 509 | 222.126.200.0/26 510 | 222.126.200.64/27 511 | 222.126.200.96/29 512 | 222.126.200.112/28 513 | 222.126.200.128/25 514 | 222.126.201.0/24 515 | 222.126.202.0/23 516 | 222.126.204.0/23 517 | 222.126.212.120/29 518 | 223.29.252.0/22 519 | 223.201.4.0/22 520 | -------------------------------------------------------------------------------- /natcap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Wed, 19 Dec 2012 09:52:21 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_H_ 22 | #define _NATCAP_H_ 23 | 24 | #define MODULE_NAME "natcap" 25 | #ifndef NATCAP_VERSION 26 | #define NATCAP_VERSION "8.0.0" 27 | #endif 28 | 29 | #ifdef __KERNEL__ 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #define NATCAP_F_MAGIC 0xffff0099 39 | #define NATCAP_E_MAGIC 0xfffe0099 40 | #define NATCAP_E_MAGIC_A 0xfffe009a /* UDP CFM A */ 41 | #define NATCAP_D_MAGIC 0xfffd0099 42 | #define NATCAP_C_MAGIC 0xfffc0099 43 | #define NATCAP_B_MAGIC 0xfffb0099 /* KTUN_P_MAGIC */ 44 | #define NATCAP_A_MAGIC 0xfffa0099 45 | 46 | #define NATCAP_9_MAGIC 0xfff90099 /* server <-forward-> client ctrl cmd */ 47 | #define NATCAP_9_MAGIC_TYPE1 0x00000001 /* server --> client carry tuple back */ 48 | #define NATCAP_9_MAGIC_TYPE2 0x00000002 /* client --> forward carry tuple request */ 49 | #define NATCAP_9_MAGIC_TYPE3 0x00000003 /* forward --> server carry tuple request */ 50 | #define NATCAP_9_MAGIC_TYPE4 0x00000004 /* reply for CFM: to client/server */ 51 | #define NATCAP_9_MAGIC_TYPE5 0x00000005 /* notify weight changes: to server */ 52 | 53 | #define NATCAP_8_MAGIC 0xfff80099 /* client --> forward --> server pass data */ 54 | #define NATCAP_7_MAGIC 0xfff70099 /* upgrade NATCAP_F_MAGIC */ 55 | 56 | #pragma pack(push) 57 | #pragma pack(1) 58 | 59 | #define NATCAP_CLIENT_MODE (1<<0) 60 | #define NATCAP_NEED_ENC (1<<1) 61 | 62 | /* subtype: 7bits 0~127 */ 63 | #define SUBTYPE_NATCAP 0 64 | #define SUBTYPE_PEER_SYN 64 65 | #define SUBTYPE_PEER_SYNACK 65 66 | #define SUBTYPE_PEER_ACK 66 67 | #define SUBTYPE_PEER_FSYN 67 68 | #define SUBTYPE_PEER_FACK 68 69 | #define SUBTYPE_PEER_FSYNACK 69 70 | #define SUBTYPE_PEER_XSYN 70 71 | #define SUBTYPE_PEER_SSYN 71 72 | #define SUBTYPE_PEER_FMSG 72 73 | #define SUBTYPE_PEER_AUTH 73 74 | #define SUBTYPE_PEER_AUTHACK 74 75 | 76 | struct natcap_TCPOPT_header { 77 | u8 opcode; 78 | #define TCPOPT_PEER_V2 0x9b 79 | #define TCPOPT_PEER 0x9a 80 | #define TCPOPT_NATCAP 0x99 81 | u8 opsize; 82 | u8 type; 83 | #if defined(__LITTLE_ENDIAN_BITFIELD) 84 | u8 encryption:1, 85 | subtype:7; 86 | #elif defined(__BIG_ENDIAN_BITFIELD) 87 | u8 subtype:7, 88 | encryption:1; 89 | #else 90 | #error "Adjust your defines" 91 | #endif 92 | }; 93 | struct natcap_TCPOPT_data { 94 | u32 u_hash; 95 | u8 mac_addr[ETH_ALEN]; 96 | __be16 port; 97 | __be32 ip; 98 | }; 99 | 100 | struct natcap_TCPOPT_dst { 101 | __be32 ip; 102 | __be16 port; 103 | }; 104 | 105 | struct natcap_TCPOPT_user { 106 | u32 u_hash; 107 | u8 mac_addr[ETH_ALEN]; 108 | }; 109 | 110 | struct natcap_TCPOPT_peer { 111 | u16 icmp_id; 112 | u16 icmp_sequence; 113 | union { 114 | struct { 115 | u32 ip; 116 | u8 mac_addr[ETH_ALEN]; 117 | } user; 118 | u16 map_port; 119 | }; 120 | u16 icmp_payload_len; 121 | #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 122 | u8 timeval[]; 123 | #else 124 | u8 timeval[0]; 125 | #endif 126 | }; 127 | 128 | #define NATCAP_TCPOPT_SYN (1<<7) 129 | #define NATCAP_TCPOPT_TARGET (1<<6) 130 | #define NATCAP_TCPOPT_SPROXY (1<<5) 131 | #define NATCAP_TCPOPT_CONFUSION (1<<4) 132 | 133 | #define NATCAP_TCPOPT_TYPE_MASK (0x0f) 134 | #define NATCAP_TCPOPT_TYPE(t) ((t) & NATCAP_TCPOPT_TYPE_MASK) 135 | 136 | struct natcap_TCPOPT { 137 | #define NATCAP_TCPOPT_TYPE_NONE 0 138 | struct natcap_TCPOPT_header header; 139 | union { 140 | struct { 141 | #define NATCAP_TCPOPT_TYPE_ALL 1 142 | struct natcap_TCPOPT_data data; 143 | } all; 144 | struct { 145 | #define NATCAP_TCPOPT_TYPE_DST 2 146 | struct natcap_TCPOPT_dst data; 147 | } dst; 148 | struct { 149 | #define NATCAP_TCPOPT_TYPE_USER 3 150 | struct natcap_TCPOPT_user data; 151 | } user; 152 | struct { 153 | #define NATCAP_TCPOPT_TYPE_PEER 6 154 | struct natcap_TCPOPT_peer data; 155 | } peer; 156 | }; 157 | #define NATCAP_TCPOPT_TYPE_CONFUSION 4 158 | char extra_pad[4]; /* sometimes on encode/decode need 4bytes extra space */ 159 | #define NATCAP_TCPOPT_TYPE_ADD 5 160 | }; 161 | 162 | struct cone_nat_session { 163 | __be32 ip; 164 | __be16 port; 165 | #if defined(CONE_NAT_CHECK_USED_HOOK) 166 | unsigned short u16_timestamp; 167 | #endif 168 | }; 169 | 170 | struct cone_snat_session { 171 | __be32 lan_ip; 172 | __be32 wan_ip; 173 | __be16 lan_port; 174 | __be16 wan_port; 175 | #if defined(CONE_NAT_CHECK_USED_HOOK) 176 | unsigned int u32_timestamp; 177 | #endif 178 | }; 179 | 180 | #pragma pack(pop) 181 | 182 | struct tuple { 183 | u16 encryption:8, 184 | tcp_encode:4, 185 | udp_encode:4; 186 | __be16 port; 187 | __be32 ip; 188 | }; 189 | 190 | struct tuple3 { 191 | __be32 dip; 192 | __be16 dport; 193 | __be16 sport; 194 | }; 195 | 196 | struct natcap_session { 197 | #define NS_NATCAP_CONFUSION_BIT 0 198 | #define NS_NATCAP_CONFUSION (1 << NS_NATCAP_CONFUSION_BIT) 199 | #define NS_NATCAP_DST_BIT 1 200 | #define NS_NATCAP_DST (1 << NS_NATCAP_DST_BIT) 201 | #define NS_NATCAP_TCPUDPENC_BIT 2 202 | #define NS_NATCAP_TCPUDPENC (1 << NS_NATCAP_TCPUDPENC_BIT) 203 | #define NS_NATCAP_AUTH_BIT 3 204 | #define NS_NATCAP_AUTH (1 << NS_NATCAP_AUTH_BIT) 205 | #define NS_NATCAP_DROP_BIT 4 206 | #define NS_NATCAP_DROP (1 << NS_NATCAP_DROP_BIT) 207 | #define NS_NATCAP_NOLIMIT_BIT 5 208 | #define NS_NATCAP_NOLIMIT (1 << NS_NATCAP_NOLIMIT_BIT) 209 | 210 | #define NS_NATCAP_CONECFM_BIT 6 211 | #define NS_NATCAP_CONECFM (1 << NS_NATCAP_CONECFM_BIT) 212 | #define NS_NATCAP_CONESNAT_BIT 7 213 | #define NS_NATCAP_CONESNAT (1 << NS_NATCAP_CONESNAT_BIT) 214 | 215 | #define NS_NATCAP_SYN1_BIT 10 216 | #define NS_NATCAP_SYN1 (1 << NS_NATCAP_SYN1_BIT) 217 | #define NS_NATCAP_SYN2_BIT 11 218 | #define NS_NATCAP_SYN2 (1 << NS_NATCAP_SYN2_BIT) 219 | 220 | #define NS_NATCAP_CONE_BIT 12 221 | #define NS_NATCAP_CONE (1 << NS_NATCAP_CONE_BIT) 222 | 223 | #define NS_NATCAP_TCPENC_BIT 13 224 | #define NS_NATCAP_TCPENC (1 << NS_NATCAP_TCPENC_BIT) 225 | #define NS_NATCAP_UDPENC_BIT 14 226 | #define NS_NATCAP_UDPENC (1 << NS_NATCAP_UDPENC_BIT) 227 | #define NS_NATCAP_ENC_BIT 15 228 | #define NS_NATCAP_ENC (1 << NS_NATCAP_ENC_BIT) 229 | 230 | #define NS_PEER_SSYN_BIT 0 231 | #define NS_PEER_SSYN (1 << NS_PEER_SSYN_BIT) 232 | #define NS_PEER_KNOCK_BIT 1 233 | #define NS_PEER_KNOCK (1 << NS_PEER_KNOCK_BIT) 234 | #define NS_PEER_TCPUDPENC_BIT NS_NATCAP_TCPUDPENC_BIT 235 | #define NS_PEER_TCPUDPENC NS_NATCAP_TCPUDPENC 236 | union { 237 | struct { 238 | unsigned short status; 239 | unsigned short group_x; 240 | __be16 new_source; 241 | __be16 target_port; 242 | __be32 target_ip; 243 | unsigned int u_hash; 244 | union { 245 | int tcp_seq_offset; //used on HTTP confusion 246 | unsigned int current_seq; //used on UDP pack to TCP 247 | unsigned int cone_pkts; 248 | }; 249 | union { 250 | int tcp_ack_offset; //used on HTTP confusion 251 | unsigned int foreign_seq; //used on UDP pack to TCP 252 | }; 253 | } n; 254 | struct { 255 | unsigned short status; 256 | unsigned short cache_index; 257 | u16 remote_mss; //for peer used on server side 258 | __be16 peer_sport; //for peer used on server side 259 | __be32 peer_sip; //for peer used on server side 260 | unsigned int local_seq; //for peer used on both side 261 | unsigned int remote_seq; //for peer used on both side 262 | int tcp_seq_offset; 263 | } p; 264 | }; 265 | 266 | #define MAX_PEER_NUM 16 267 | union { 268 | struct { 269 | unsigned int jiffies; 270 | unsigned short mark; 271 | unsigned char ver:1, 272 | idx:7; 273 | unsigned char cnt:5, 274 | req_cnt:3; 275 | struct tuple3 tuple3[MAX_PEER_NUM]; 276 | unsigned short weight[MAX_PEER_NUM]; 277 | unsigned int total_weight; 278 | } peer; 279 | struct { 280 | unsigned int jiffies; 281 | unsigned char stage; 282 | unsigned char lock; 283 | unsigned short pad; /* conflict with peer.ver */ 284 | __be32 saddr; 285 | __be32 daddr; 286 | __be16 source; 287 | __be16 dest; 288 | 289 | __be16 remote_source; 290 | __be16 remote_dest; 291 | __be32 remote_saddr; 292 | __be32 remote_daddr; 293 | } ping; 294 | }; 295 | }; 296 | 297 | #define NATCAP_MAGIC 0x43415099 298 | /*XXX don't change */ 299 | struct nat_key_t { 300 | unsigned int magic; 301 | unsigned int ext_magic; 302 | unsigned int len; 303 | unsigned short natcap_off; 304 | unsigned short natflow_off; 305 | }; 306 | 307 | /*XXX refer to drivers/nos/src/nos.h */ 308 | #define IPS_NATFLOW_FF_STOP_BIT 18 309 | #define IPS_NATFLOW_FF_STOP (1 << IPS_NATFLOW_FF_STOP_BIT) 310 | 311 | // test t1 < t2 return 1 312 | static inline int tuple_lt(const struct tuple *t1, const struct tuple *t2) 313 | { 314 | if (ntohl(t1->ip) < ntohl(t2->ip)) 315 | return 1; 316 | else if (ntohl(t1->ip) > ntohl(t2->ip)) 317 | return 0; 318 | else if (ntohs(t1->port) < ntohs(t2->port)) 319 | return 1; 320 | else if (ntohs(t1->port) > ntohs(t2->port)) 321 | return 0; 322 | else if (t1->encryption < t2->encryption) 323 | return 1; 324 | else if (t1->encryption > t2->encryption) 325 | return 0; 326 | else if (t1->tcp_encode < t2->tcp_encode) 327 | return 1; 328 | else if (t1->tcp_encode > t2->tcp_encode) 329 | return 0; 330 | else if (t1->udp_encode < t2->udp_encode) 331 | return 1; 332 | else if (t1->udp_encode > t2->udp_encode) 333 | return 0; 334 | else 335 | return 0; 336 | } 337 | // test t1 == t2 338 | static inline int tuple_eq(const struct tuple *t1, const struct tuple *t2) 339 | { 340 | return (t1->ip == t2->ip && 341 | t1->port == t2->port && 342 | t1->encryption == t2->encryption && 343 | t1->tcp_encode == t2->tcp_encode && 344 | t1->udp_encode == t2->udp_encode); 345 | } 346 | 347 | static inline void tuple_copy(struct tuple *to, const struct tuple *from) 348 | { 349 | to->encryption = from->encryption; 350 | to->tcp_encode = from->tcp_encode; 351 | to->udp_encode = from->udp_encode; 352 | to->port = from->port; 353 | to->ip = from->ip; 354 | } 355 | 356 | #define XT_MARK_NATCAP 0x99 357 | #define XT_MARK_NATCAP_PEER1 0x91 358 | #define XT_MARK_NATCAP_PEER2 0x92 359 | #define XT_MARK_NATCAP_PEER3 0x93 360 | #define XT_MARK_NATCAP_MASK 0xff 361 | #define xt_mark_natcap_set(mark, at) *(unsigned int *)(at) = ((*(unsigned int *)(at)) & (~XT_MARK_NATCAP_MASK)) | ((mark) & XT_MARK_NATCAP_MASK) 362 | #define xt_mark_natcap_get(at) ((*(unsigned int *)(at)) & XT_MARK_NATCAP_MASK) 363 | 364 | #define IPS_NATCAP_SESSION_BIT 30 365 | #define IPS_NATCAP_SESSION (1 << IPS_NATCAP_SESSION_BIT) 366 | 367 | /* @linux/netfilter/nf_conntrack_common.h */ 368 | /* ct->status use bits:[31-24] for ecap status */ 369 | 370 | #define IPS_NATCAP_PRE_BIT 21 371 | #define IPS_NATCAP_PRE (1 << IPS_NATCAP_PRE_BIT) 372 | 373 | #define IPS_NATCAP_PEER_BIT 22 374 | #define IPS_NATCAP_PEER (1 << IPS_NATCAP_PEER_BIT) 375 | 376 | #define IPS_NATCAP_CFM_BIT 23 377 | #define IPS_NATCAP_CFM (1 << IPS_NATCAP_CFM_BIT) 378 | 379 | #define IPS_NATCAP_ACK_BIT 24 380 | #define IPS_NATCAP_ACK (1 << IPS_NATCAP_ACK_BIT) 381 | 382 | #define IPS_NATCAP_BIT 25 383 | #define IPS_NATCAP (1 << IPS_NATCAP_BIT) 384 | 385 | #define IPS_NATCAP_BYPASS_BIT 26 386 | #define IPS_NATCAP_BYPASS (1 << IPS_NATCAP_BYPASS_BIT) 387 | 388 | #define IPS_NATCAP_SERVER_BIT 27 389 | #define IPS_NATCAP_SERVER (1 << IPS_NATCAP_SERVER_BIT) 390 | 391 | #define IPS_NATCAP_DUAL_BIT 28 392 | #define IPS_NATCAP_DUAL (1 << IPS_NATCAP_DUAL_BIT) 393 | 394 | #define NATCAP_UDP_GET_TYPE(x) (__constant_htons(0x00ff) & (x)) 395 | #define NATCAP_UDP_GET_ENC(x) (__constant_htons(0x0f00) & (x)) 396 | #define NATCAP_UDP_GET_TARGET(x) (__constant_htons(0xf000) & (x)) 397 | 398 | #define NATCAP_UDP_TYPE1 __constant_htons(0x0001) 399 | #define NATCAP_UDP_TYPE2 __constant_htons(0x0002) 400 | #define NATCAP_UDP_ENC __constant_htons(0x0100) 401 | #define NATCAP_UDP_TARGET __constant_htons(0x1000) 402 | 403 | enum { 404 | E_NATCAP_OK = 0, 405 | E_NATCAP_AUTH_FAIL, 406 | E_NATCAP_INVAL, 407 | }; 408 | 409 | #endif /* __KERNEL__ */ 410 | 411 | #define SO_NATCAP_MARK 151 412 | #define SO_NATCAP_DST 153 413 | 414 | /* SOCK_NATCAP_MARK should not conflict with `enum sock_flags` in include/net/sock.h */ 415 | #define SOCK_NATCAP_MARK 31 416 | 417 | static inline int short_test_bit(int nr, const unsigned short *addr) 418 | { 419 | return 1U & (addr[nr/16] >> (nr & (16-1))); 420 | } 421 | 422 | static inline void short_clear_bit(int nr, unsigned short *addr) 423 | { 424 | unsigned short mask = (1U << ((nr) % 16)); 425 | unsigned short *p = ((unsigned short *)addr) + nr/16; 426 | *p &= ~mask; 427 | } 428 | 429 | static inline void short_set_bit(int nr, unsigned short *addr) 430 | { 431 | unsigned short mask = (1U << ((nr) % 16)); 432 | unsigned short *p = ((unsigned short *)addr) + nr/16; 433 | *p |= mask; 434 | } 435 | 436 | static inline int short_test_and_set_bit(int nr, unsigned short *addr) 437 | { 438 | unsigned short mask = (1U << ((nr) % 16)); 439 | unsigned short *p = ((unsigned short *)addr) + nr/16; 440 | unsigned short old; 441 | old = *p; 442 | *p |= mask; 443 | return (old & mask) != 0; 444 | } 445 | 446 | static inline unsigned long ulongmindiff(unsigned long a, unsigned long b) 447 | { 448 | return ((long)((b) - (a)) < 0) ? (a - b) : (b - a); 449 | } 450 | 451 | static inline unsigned int uintmindiff(unsigned int a, unsigned int b) 452 | { 453 | return ((int)((b) - (a)) < 0) ? (a - b) : (b - a); 454 | } 455 | 456 | static inline unsigned short ushortmindiff(unsigned short a, unsigned short b) 457 | { 458 | return ((short)((b) - (a)) < 0) ? (a - b) : (b - a); 459 | } 460 | 461 | static inline unsigned char ucharmindiff(unsigned char a, unsigned char b) 462 | { 463 | return ((char)((b) - (a)) < 0) ? (a - b) : (b - a); 464 | } 465 | 466 | #define MAX_IOCTL_LEN 256 467 | 468 | #endif /* _NATCAP_H_ */ 469 | -------------------------------------------------------------------------------- /getflix.set: -------------------------------------------------------------------------------- 1 | 3.0.0.0/15 2 | 3.5.0.0/20 3 | 3.5.16.0/21 4 | 3.5.128.0/22 5 | 3.5.132.0/23 6 | 3.5.208.0/22 7 | 3.5.212.0/23 8 | 3.6.0.0/15 9 | 3.8.0.0/13 10 | 3.16.0.0/13 11 | 3.24.0.0/14 12 | 3.32.0.0/16 13 | 3.34.0.0/15 14 | 3.80.0.0/12 15 | 3.96.0.0/15 16 | 3.101.0.0/16 17 | 3.104.0.0/14 18 | 3.112.0.0/14 19 | 3.120.0.0/13 20 | 3.128.0.0/12 21 | 3.208.0.0/12 22 | 3.224.0.0/12 23 | 3.248.0.0/13 24 | 13.32.0.0/15 25 | 13.34.22.160/27 26 | 13.34.22.192/26 27 | 13.34.23.0/25 28 | 13.34.23.128/26 29 | 13.34.23.192/27 30 | 13.35.0.0/16 31 | 13.48.0.0/15 32 | 13.52.0.0/14 33 | 13.56.0.0/14 34 | 13.112.0.0/14 35 | 13.124.0.0/14 36 | 13.208.0.0/14 37 | 13.212.0.0/15 38 | 13.224.0.0/12 39 | 13.244.0.0/15 40 | 13.248.0.0/18 41 | 13.248.96.0/21 42 | 13.248.104.0/22 43 | 13.248.108.0/23 44 | 13.248.111.0/24 45 | 13.248.112.0/21 46 | 13.248.120.0/22 47 | 13.248.124.0/24 48 | 13.248.126.0/23 49 | 13.248.128.0/17 50 | 13.249.0.0/16 51 | 13.250.0.0/15 52 | 15.161.0.0/16 53 | 15.164.0.0/15 54 | 15.177.0.0/18 55 | 15.177.64.0/20 56 | 15.177.80.0/21 57 | 15.177.88.0/22 58 | 15.184.0.0/15 59 | 15.188.0.0/16 60 | 15.193.0.0/19 61 | 15.197.0.0/23 62 | 15.197.2.0/24 63 | 15.197.4.0/22 64 | 15.200.0.0/16 65 | 15.206.0.0/15 66 | 15.221.0.0/22 67 | 15.221.4.0/23 68 | 15.221.8.0/21 69 | 15.221.16.0/20 70 | 15.222.0.0/15 71 | 15.228.0.0/15 72 | 15.230.0.0/24 73 | 15.230.5.0/24 74 | 15.230.6.0/24 75 | 15.230.18.0/24 76 | 15.230.21.0/24 77 | 15.230.22.0/23 78 | 15.230.24.0/21 79 | 15.230.32.0/24 80 | 15.230.35.0/24 81 | 15.230.39.0/24 82 | 15.230.40.0/23 83 | 15.230.64.0/24 84 | 15.230.65.0/25 85 | 15.236.0.0/15 86 | 15.254.0.0/16 87 | 18.130.0.0/16 88 | 18.132.0.0/14 89 | 18.136.0.0/16 90 | 18.138.0.0/15 91 | 18.140.0.0/14 92 | 18.144.0.0/15 93 | 18.153.0.0/16 94 | 18.156.0.0/14 95 | 18.162.0.0/15 96 | 18.166.0.0/15 97 | 18.175.0.0/16 98 | 18.176.0.0/13 99 | 18.184.0.0/15 100 | 18.188.0.0/14 101 | 18.192.0.0/11 102 | 18.224.0.0/13 103 | 18.232.0.0/14 104 | 18.236.0.0/15 105 | 18.246.0.0/16 106 | 18.252.0.0/15 107 | 23.20.0.0/14 108 | 23.246.0.0/18 109 | 27.0.0.0/22 110 | 34.192.0.0/10 111 | 35.72.0.0/13 112 | 35.152.0.0/13 113 | 35.160.0.0/12 114 | 35.176.0.0/13 115 | 36.103.232.0/25 116 | 36.103.232.128/26 117 | 37.77.184.0/21 118 | 38.72.126.0/24 119 | 43.250.192.0/23 120 | 44.192.0.0/10 121 | 45.57.0.0/17 122 | 46.51.128.0/18 123 | 46.51.192.0/20 124 | 46.51.216.0/21 125 | 46.51.224.0/19 126 | 46.137.0.0/16 127 | 50.16.0.0/14 128 | 50.112.0.0/16 129 | 52.0.0.0/11 130 | 52.32.0.0/13 131 | 52.40.0.0/14 132 | 52.44.0.0/15 133 | 52.46.0.0/17 134 | 52.46.128.0/19 135 | 52.46.164.0/22 136 | 52.46.168.0/21 137 | 52.46.176.0/21 138 | 52.46.184.0/22 139 | 52.46.192.0/19 140 | 52.46.224.0/20 141 | 52.46.240.0/22 142 | 52.46.249.0/24 143 | 52.46.250.0/23 144 | 52.46.252.0/22 145 | 52.47.0.0/16 146 | 52.48.0.0/12 147 | 52.64.0.0/12 148 | 52.80.0.0/15 149 | 52.82.0.0/17 150 | 52.82.128.0/19 151 | 52.82.160.0/21 152 | 52.82.168.0/24 153 | 52.82.169.0/27 154 | 52.82.176.0/21 155 | 52.82.184.0/23 156 | 52.82.187.0/24 157 | 52.82.188.0/22 158 | 52.82.192.0/18 159 | 52.83.0.0/16 160 | 52.84.0.0/14 161 | 52.88.0.0/14 162 | 52.92.16.0/20 163 | 52.92.40.0/21 164 | 52.92.60.0/22 165 | 52.92.72.0/22 166 | 52.92.88.0/22 167 | 52.93.0.0/22 168 | 52.93.4.0/23 169 | 52.93.8.0/22 170 | 52.93.12.12/31 171 | 52.93.14.18/31 172 | 52.93.16.0/23 173 | 52.93.18.178/31 174 | 52.93.19.236/31 175 | 52.93.20.0/24 176 | 52.93.21.14/31 177 | 52.93.34.56/31 178 | 52.93.35.212/31 179 | 52.93.37.222/31 180 | 52.93.38.0/24 181 | 52.93.43.0/24 182 | 52.93.48.0/24 183 | 52.93.51.28/31 184 | 52.93.56.0/23 185 | 52.93.59.0/24 186 | 52.93.60.0/24 187 | 52.93.62.0/23 188 | 52.93.64.0/24 189 | 52.93.67.0/24 190 | 52.93.69.0/24 191 | 52.93.73.0/26 192 | 52.93.75.0/24 193 | 52.93.76.0/24 194 | 52.93.78.0/24 195 | 52.93.80.0/23 196 | 52.93.96.0/22 197 | 52.93.112.0/24 198 | 52.93.120.178/32 199 | 52.93.122.131/32 200 | 52.93.126.76/32 201 | 52.93.126.132/30 202 | 52.93.126.136/30 203 | 52.93.126.144/30 204 | 52.93.126.204/31 205 | 52.93.126.212/30 206 | 52.93.129.95/32 207 | 52.93.131.217/32 208 | 52.93.133.127/32 209 | 52.93.133.129/32 210 | 52.93.133.131/32 211 | 52.93.133.133/32 212 | 52.93.133.153/32 213 | 52.93.133.155/32 214 | 52.93.133.175/32 215 | 52.93.133.177/32 216 | 52.93.133.179/32 217 | 52.93.133.181/32 218 | 52.93.134.181/32 219 | 52.93.135.195/32 220 | 52.93.137.0/24 221 | 52.93.138.252/31 222 | 52.93.139.252/31 223 | 52.93.146.5/32 224 | 52.93.149.0/24 225 | 52.93.150.0/23 226 | 52.93.153.80/32 227 | 52.93.156.0/22 228 | 52.93.178.128/26 229 | 52.93.178.192/27 230 | 52.93.178.224/29 231 | 52.93.178.232/30 232 | 52.93.236.0/23 233 | 52.93.240.130/31 234 | 52.93.240.132/30 235 | 52.93.240.136/31 236 | 52.93.245.0/24 237 | 52.93.247.0/25 238 | 52.93.248.0/22 239 | 52.93.254.0/24 240 | 52.94.0.0/20 241 | 52.94.16.0/22 242 | 52.94.20.0/24 243 | 52.94.22.0/23 244 | 52.94.24.0/22 245 | 52.94.28.0/23 246 | 52.94.30.0/24 247 | 52.94.32.0/19 248 | 52.94.64.0/22 249 | 52.94.68.0/23 250 | 52.94.72.0/21 251 | 52.94.80.0/20 252 | 52.94.96.0/19 253 | 52.94.192.0/22 254 | 52.94.196.0/23 255 | 52.94.198.0/25 256 | 52.94.198.128/27 257 | 52.94.199.0/24 258 | 52.94.200.0/24 259 | 52.94.201.0/26 260 | 52.94.204.0/22 261 | 52.94.208.0/20 262 | 52.94.224.0/20 263 | 52.94.240.0/21 264 | 52.94.248.0/25 265 | 52.94.248.128/26 266 | 52.94.248.192/27 267 | 52.94.248.224/28 268 | 52.94.249.32/27 269 | 52.94.249.64/26 270 | 52.94.249.128/26 271 | 52.94.252.0/22 272 | 52.95.0.0/20 273 | 52.95.16.0/21 274 | 52.95.24.0/22 275 | 52.95.28.0/24 276 | 52.95.29.0/26 277 | 52.95.30.0/23 278 | 52.95.34.0/23 279 | 52.95.36.0/22 280 | 52.95.40.0/23 281 | 52.95.42.0/24 282 | 52.95.48.0/20 283 | 52.95.64.0/18 284 | 52.95.128.0/21 285 | 52.95.142.0/23 286 | 52.95.144.0/20 287 | 52.95.160.0/20 288 | 52.95.176.0/24 289 | 52.95.192.0/20 290 | 52.95.208.0/21 291 | 52.95.216.0/22 292 | 52.95.224.0/22 293 | 52.95.228.0/23 294 | 52.95.230.0/24 295 | 52.95.239.0/24 296 | 52.95.240.0/21 297 | 52.95.248.0/22 298 | 52.95.252.0/23 299 | 52.95.254.0/24 300 | 52.95.255.0/25 301 | 52.95.255.128/27 302 | 52.119.128.0/18 303 | 52.119.192.0/21 304 | 52.119.205.0/24 305 | 52.119.206.0/23 306 | 52.119.208.0/20 307 | 52.119.224.0/20 308 | 52.119.240.0/21 309 | 52.119.248.0/23 310 | 52.119.252.0/22 311 | 52.124.128.0/17 312 | 52.144.192.0/24 313 | 52.144.193.0/25 314 | 52.144.193.128/26 315 | 52.144.194.0/24 316 | 52.144.195.0/26 317 | 52.144.196.192/26 318 | 52.144.197.128/25 319 | 52.144.199.128/26 320 | 52.144.200.64/26 321 | 52.144.200.128/26 322 | 52.144.201.64/26 323 | 52.144.201.128/26 324 | 52.144.208.0/30 325 | 52.144.208.64/26 326 | 52.144.208.128/25 327 | 52.144.209.0/24 328 | 52.144.210.0/24 329 | 52.144.211.0/25 330 | 52.144.211.128/26 331 | 52.144.211.192/29 332 | 52.144.211.200/30 333 | 52.144.212.64/26 334 | 52.144.212.192/26 335 | 52.144.213.64/26 336 | 52.144.214.128/26 337 | 52.144.215.0/30 338 | 52.144.215.192/29 339 | 52.144.215.200/30 340 | 52.144.216.0/29 341 | 52.144.216.8/30 342 | 52.144.218.0/25 343 | 52.144.224.64/26 344 | 52.144.224.128/25 345 | 52.144.225.0/25 346 | 52.144.225.128/26 347 | 52.144.227.64/26 348 | 52.144.227.192/26 349 | 52.144.228.64/26 350 | 52.144.228.128/25 351 | 52.144.229.0/25 352 | 52.144.230.0/26 353 | 52.144.231.64/26 354 | 52.192.0.0/12 355 | 52.208.0.0/13 356 | 52.216.0.0/15 357 | 52.218.0.0/16 358 | 52.219.0.0/19 359 | 52.219.32.0/20 360 | 52.219.48.0/22 361 | 52.219.56.0/21 362 | 52.219.64.0/21 363 | 52.219.72.0/22 364 | 52.219.80.0/20 365 | 52.219.96.0/19 366 | 52.219.128.0/21 367 | 52.219.136.0/22 368 | 52.219.140.0/24 369 | 52.219.144.0/22 370 | 52.219.148.0/23 371 | 52.220.0.0/15 372 | 52.222.0.0/16 373 | 54.64.0.0/11 374 | 54.144.0.0/12 375 | 54.160.0.0/11 376 | 54.192.0.0/12 377 | 54.208.0.0/13 378 | 54.216.0.0/14 379 | 54.220.0.0/15 380 | 54.222.0.0/19 381 | 54.222.32.0/21 382 | 54.222.48.0/21 383 | 54.222.57.0/24 384 | 54.222.58.0/28 385 | 54.222.58.32/27 386 | 54.222.59.0/24 387 | 54.222.64.0/22 388 | 54.222.70.0/24 389 | 54.222.76.0/22 390 | 54.222.128.0/17 391 | 54.223.0.0/16 392 | 54.224.0.0/14 393 | 54.228.0.0/15 394 | 54.230.0.0/16 395 | 54.231.0.0/17 396 | 54.231.128.0/19 397 | 54.231.192.0/20 398 | 54.231.232.0/21 399 | 54.231.244.0/22 400 | 54.231.248.0/22 401 | 54.231.252.0/24 402 | 54.232.0.0/14 403 | 54.236.0.0/15 404 | 54.238.0.0/16 405 | 54.239.0.0/24 406 | 54.239.1.0/25 407 | 54.239.1.128/28 408 | 54.239.2.0/23 409 | 54.239.4.0/22 410 | 54.239.8.0/21 411 | 54.239.16.0/20 412 | 54.239.32.0/21 413 | 54.239.40.152/29 414 | 54.239.48.0/20 415 | 54.239.64.0/21 416 | 54.239.96.0/24 417 | 54.239.98.0/23 418 | 54.239.100.0/23 419 | 54.239.104.0/21 420 | 54.239.112.0/23 421 | 54.239.115.0/25 422 | 54.239.116.0/22 423 | 54.239.120.0/21 424 | 54.239.128.0/18 425 | 54.239.192.0/19 426 | 54.240.17.0/24 427 | 54.240.128.0/18 428 | 54.240.192.0/21 429 | 54.240.200.0/24 430 | 54.240.202.0/23 431 | 54.240.204.0/22 432 | 54.240.208.0/20 433 | 54.240.225.0/24 434 | 54.240.226.0/23 435 | 54.240.228.0/22 436 | 54.240.232.0/22 437 | 54.240.236.1/32 438 | 54.240.236.2/32 439 | 54.240.236.5/32 440 | 54.240.236.6/32 441 | 54.240.236.9/32 442 | 54.240.236.10/32 443 | 54.240.236.13/32 444 | 54.240.236.14/32 445 | 54.240.236.17/32 446 | 54.240.236.18/32 447 | 54.240.236.21/32 448 | 54.240.236.22/32 449 | 54.240.236.25/32 450 | 54.240.236.26/32 451 | 54.240.236.29/32 452 | 54.240.236.30/32 453 | 54.240.236.33/32 454 | 54.240.236.34/32 455 | 54.240.236.37/32 456 | 54.240.236.38/32 457 | 54.240.236.41/32 458 | 54.240.236.42/32 459 | 54.240.236.45/32 460 | 54.240.236.46/32 461 | 54.240.236.49/32 462 | 54.240.236.50/32 463 | 54.240.236.53/32 464 | 54.240.236.54/32 465 | 54.240.236.57/32 466 | 54.240.236.58/32 467 | 54.240.236.61/32 468 | 54.240.236.62/32 469 | 54.240.236.65/32 470 | 54.240.236.66/32 471 | 54.240.236.69/32 472 | 54.240.236.70/32 473 | 54.240.236.73/32 474 | 54.240.236.74/32 475 | 54.240.236.77/32 476 | 54.240.236.78/32 477 | 54.240.236.81/32 478 | 54.240.236.82/32 479 | 54.240.236.85/32 480 | 54.240.236.86/32 481 | 54.240.236.89/32 482 | 54.240.236.90/32 483 | 54.240.236.93/32 484 | 54.240.236.94/32 485 | 54.240.241.0/24 486 | 54.240.244.0/22 487 | 54.240.248.0/21 488 | 54.241.0.0/16 489 | 54.242.0.0/15 490 | 54.244.0.0/14 491 | 54.248.0.0/13 492 | 58.254.138.0/25 493 | 58.254.138.128/26 494 | 63.32.0.0/14 495 | 64.120.128.0/17 496 | 64.252.64.0/18 497 | 64.252.128.0/18 498 | 65.0.0.0/14 499 | 65.8.0.0/16 500 | 65.9.0.0/17 501 | 65.9.128.0/18 502 | 66.197.128.0/17 503 | 67.202.0.0/18 504 | 68.79.0.0/18 505 | 69.53.224.0/19 506 | 69.107.6.112/28 507 | 70.132.0.0/18 508 | 70.224.192.0/18 509 | 71.152.0.0/17 510 | 72.21.192.0/19 511 | 72.44.32.0/19 512 | 75.2.0.0/17 513 | 75.101.128.0/17 514 | 76.223.0.0/17 515 | 79.125.0.0/17 516 | 87.238.80.0/21 517 | 96.127.0.0/17 518 | 99.77.128.0/18 519 | 99.77.247.0/24 520 | 99.77.250.0/24 521 | 99.77.253.0/24 522 | 99.77.254.0/24 523 | 99.78.128.0/19 524 | 99.78.160.0/21 525 | 99.78.168.0/22 526 | 99.78.172.0/24 527 | 99.78.176.0/20 528 | 99.78.192.0/21 529 | 99.78.208.0/20 530 | 99.78.228.0/22 531 | 99.78.232.0/21 532 | 99.78.240.0/20 533 | 99.79.0.0/16 534 | 99.80.0.0/15 535 | 99.82.128.0/18 536 | 99.83.64.0/21 537 | 99.83.98.0/24 538 | 99.83.128.0/17 539 | 99.84.0.0/16 540 | 99.86.0.0/16 541 | 100.20.0.0/14 542 | 100.24.0.0/13 543 | 103.4.8.0/21 544 | 103.8.172.0/22 545 | 103.87.204.0/22 546 | 103.246.148.0/22 547 | 107.20.0.0/14 548 | 108.128.0.0/13 549 | 108.136.0.0/15 550 | 108.166.224.0/19 551 | 108.175.32.0/20 552 | 108.175.48.0/21 553 | 108.175.56.0/22 554 | 111.51.66.0/24 555 | 116.129.226.0/25 556 | 116.129.226.128/26 557 | 118.193.97.64/26 558 | 118.193.97.128/25 559 | 119.147.182.0/25 560 | 119.147.182.128/26 561 | 120.52.12.64/26 562 | 120.52.22.96/27 563 | 120.52.39.128/27 564 | 120.52.153.192/26 565 | 120.232.236.0/25 566 | 120.232.236.128/26 567 | 120.253.240.192/26 568 | 120.253.241.160/27 569 | 120.253.245.128/26 570 | 120.253.245.192/27 571 | 122.248.192.0/18 572 | 130.137.180.0/23 573 | 130.176.0.0/16 574 | 140.179.0.0/16 575 | 143.204.0.0/16 576 | 144.220.0.0/16 577 | 150.222.2.0/24 578 | 150.222.5.0/24 579 | 150.222.6.0/23 580 | 150.222.10.0/24 581 | 150.222.11.0/31 582 | 150.222.12.0/23 583 | 150.222.66.0/23 584 | 150.222.69.0/24 585 | 150.222.70.0/23 586 | 150.222.72.0/21 587 | 150.222.80.0/22 588 | 150.222.84.0/23 589 | 150.222.87.0/24 590 | 150.222.88.0/21 591 | 150.222.96.0/22 592 | 150.222.100.0/23 593 | 150.222.102.0/24 594 | 150.222.104.0/23 595 | 150.222.106.0/24 596 | 150.222.108.0/23 597 | 150.222.110.0/24 598 | 150.222.112.0/24 599 | 150.222.114.0/23 600 | 150.222.116.0/22 601 | 150.222.121.0/24 602 | 150.222.129.112/28 603 | 150.222.129.128/29 604 | 150.222.129.136/30 605 | 150.222.129.140/31 606 | 150.222.133.0/24 607 | 150.222.134.0/23 608 | 150.222.136.0/24 609 | 150.222.138.0/24 610 | 150.222.140.0/22 611 | 150.222.176.0/22 612 | 150.222.180.0/24 613 | 150.222.196.0/24 614 | 150.222.199.0/25 615 | 150.222.202.0/23 616 | 150.222.204.0/22 617 | 150.222.208.64/27 618 | 150.222.208.96/31 619 | 150.222.210.0/24 620 | 150.222.213.40/31 621 | 150.222.214.0/23 622 | 150.222.218.0/23 623 | 150.222.220.0/22 624 | 150.222.224.0/24 625 | 150.222.227.0/24 626 | 150.222.228.0/23 627 | 150.222.233.0/24 628 | 150.222.234.0/23 629 | 150.222.236.0/23 630 | 150.222.239.0/24 631 | 150.222.240.131/32 632 | 150.222.240.135/32 633 | 150.222.240.137/32 634 | 150.222.240.161/32 635 | 150.222.240.207/32 636 | 150.222.240.237/32 637 | 150.222.240.239/32 638 | 150.222.240.245/32 639 | 150.222.240.247/32 640 | 150.222.240.249/32 641 | 150.222.240.251/32 642 | 150.222.242.84/31 643 | 150.222.242.97/32 644 | 150.222.242.99/32 645 | 150.222.242.214/31 646 | 150.222.242.227/32 647 | 150.222.242.229/32 648 | 150.222.242.231/32 649 | 150.222.242.233/32 650 | 150.222.243.9/32 651 | 150.222.243.11/32 652 | 150.222.243.13/32 653 | 150.222.243.15/32 654 | 150.222.243.17/32 655 | 150.222.243.19/32 656 | 150.222.243.33/32 657 | 150.222.243.35/32 658 | 150.222.243.37/32 659 | 150.222.243.39/32 660 | 150.222.243.41/32 661 | 150.222.243.43/32 662 | 150.222.243.45/32 663 | 150.222.243.47/32 664 | 150.222.243.51/32 665 | 150.222.243.53/32 666 | 150.222.243.55/32 667 | 150.222.243.57/32 668 | 150.222.243.59/32 669 | 150.222.243.177/32 670 | 150.222.244.35/32 671 | 150.222.244.37/32 672 | 150.222.245.122/31 673 | 157.175.0.0/16 674 | 160.1.0.0/16 675 | 161.189.0.0/16 676 | 162.213.232.0/22 677 | 162.250.236.0/22 678 | 172.96.97.0/24 679 | 172.96.98.0/24 680 | 174.129.0.0/16 681 | 175.41.128.0/17 682 | 176.32.64.0/19 683 | 176.32.96.0/20 684 | 176.32.112.0/21 685 | 176.32.120.0/22 686 | 176.32.124.128/25 687 | 176.32.125.0/24 688 | 176.34.0.0/16 689 | 177.71.128.0/17 690 | 177.72.240.0/21 691 | 178.236.0.0/20 692 | 180.163.57.0/25 693 | 180.163.57.128/26 694 | 184.72.0.0/15 695 | 184.169.128.0/17 696 | 185.2.220.0/22 697 | 185.9.188.0/22 698 | 185.48.120.0/22 699 | 185.143.16.0/24 700 | 192.173.64.0/18 701 | 198.38.96.0/19 702 | 198.45.48.0/20 703 | 199.127.232.0/22 704 | 203.83.220.0/22 705 | 204.236.128.0/17 706 | 204.246.160.0/19 707 | 205.251.192.0/19 708 | 205.251.224.0/20 709 | 205.251.240.0/21 710 | 205.251.248.0/22 711 | 205.251.252.0/23 712 | 205.251.254.0/24 713 | 207.171.160.0/19 714 | 208.75.76.0/22 715 | 208.86.88.0/22 716 | 210.51.40.0/24 717 | 216.137.32.0/19 718 | 216.182.224.0/20 719 | 223.71.11.0/27 720 | 223.71.71.96/27 721 | 223.71.71.128/25 722 | -------------------------------------------------------------------------------- /qq.com.set: -------------------------------------------------------------------------------- 1 | 2.16.162.189 2 | 2.16.169.15 3 | 2.16.169.231 4 | 2.16.169.247 5 | 2.16.202.16 6 | 2.16.54.145 7 | 2.16.57.43 8 | 2.16.57.73 9 | 2.17.126.100 10 | 2.18.190.205 11 | 2.18.190.215 12 | 2.19.172.197 13 | 2.19.252.197 14 | 2.19.252.217 15 | 2.19.80.161 16 | 2.19.80.184 17 | 2.20.139.176 18 | 2.20.139.178 19 | 2.21.173.33 20 | 2.21.69.17 21 | 2.22.53.147 22 | 8.25.82.165 23 | 8.25.82.177 24 | 8.25.82.179 25 | 8.45.176.195 26 | 8.45.176.209 27 | 8.45.52.201 28 | 8.45.52.203 29 | 8.45.52.204 30 | 8.45.52.229 31 | 8.48.85.199 32 | 8.48.85.200 33 | 11.168.24.175 34 | 11.177.151.93 35 | 13.250.113.75 36 | 14.0.42.21 37 | 23.1.16.165 38 | 23.14.200.172 39 | 23.192.228.140 40 | 23.192.228.146 41 | 23.192.228.148 42 | 23.192.228.154 43 | 23.192.228.20 44 | 23.192.239.87 45 | 23.192.45.96 46 | 23.192.47.64 47 | 23.193.119.200 48 | 23.193.186.45 49 | 23.197.49.144 50 | 23.197.49.169 51 | 23.197.49.50 52 | 23.199.47.139 53 | 23.200.143.85 54 | 23.200.87.216 55 | 23.2.16.80 56 | 23.2.35.161 57 | 23.201.244.231 58 | 23.202.132.217 59 | 23.202.35.49 60 | 23.203.166.43 61 | 23.203.197.228 62 | 23.204.115.110 63 | 23.204.115.213 64 | 23.204.146.136 65 | 23.204.146.138 66 | 23.205.106.154 67 | 23.205.214.171 68 | 23.206.175.176 69 | 23.206.199.27 70 | 23.206.229.111 71 | 23.206.229.139 72 | 23.206.250.91 73 | 23.208.164.250 74 | 23.209.45.51 75 | 23.209.45.59 76 | 23.209.45.75 77 | 23.209.46.158 78 | 23.209.46.17 79 | 23.209.46.75 80 | 23.209.46.90 81 | 23.209.46.93 82 | 23.210.104.17 83 | 23.210.174.88 84 | 23.210.7.166 85 | 23.210.7.179 86 | 23.211.139.200 87 | 23.211.178.8 88 | 23.212.59.24 89 | 23.212.60.161 90 | 23.212.62.202 91 | 23.212.62.206 92 | 23.212.62.72 93 | 23.212.62.87 94 | 23.212.62.97 95 | 23.213.147.167 96 | 23.214.95.200 97 | 23.214.95.201 98 | 23.214.95.207 99 | 23.214.95.211 100 | 23.214.95.212 101 | 23.214.95.218 102 | 23.214.95.220 103 | 23.215.212.9 104 | 23.215.7.5 105 | 23.216.147.64 106 | 23.216.149.146 107 | 23.216.149.147 108 | 23.216.149.149 109 | 23.216.153.68 110 | 23.216.153.93 111 | 23.217.136.145 112 | 23.218.216.28 113 | 23.218.94.197 114 | 23.218.94.203 115 | 23.219.155.19 116 | 23.219.172.105 117 | 23.220.203.9 118 | 23.220.68.143 119 | 23.220.70.44 120 | 23.220.73.67 121 | 23.220.73.72 122 | 23.220.73.74 123 | 23.220.75.247 124 | 23.220.75.248 125 | 23.222.171.199 126 | 23.222.17.71 127 | 23.222.17.74 128 | 23.223.17.165 129 | 23.223.17.167 130 | 23.223.17.179 131 | 23.223.28.38 132 | 23.223.42.229 133 | 23.32.29.9 134 | 23.32.29.99 135 | 23.32.39.41 136 | 23.33.126.148 137 | 23.33.184.240 138 | 23.34.100.53 139 | 23.36.248.182 140 | 23.36.83.245 141 | 23.38.194.215 142 | 23.38.233.207 143 | 23.39.160.6 144 | 23.42.227.195 145 | 23.44.229.199 146 | 23.44.229.210 147 | 23.44.229.211 148 | 23.44.229.228 149 | 23.45.112.169 150 | 23.45.112.186 151 | 23.45.207.202 152 | 23.45.207.206 153 | 23.45.51.121 154 | 23.45.92.181 155 | 23.46.155.201 156 | 23.46.155.219 157 | 23.46.155.220 158 | 23.46.216.200 159 | 23.46.216.91 160 | 23.46.229.161 161 | 23.47.146.164 162 | 23.47.49.141 163 | 23.47.49.165 164 | 23.48.99.148 165 | 23.48.99.154 166 | 23.49.104.177 167 | 23.49.104.212 168 | 23.49.98.205 169 | 23.49.98.210 170 | 23.50.112.222 171 | 23.50.8.179 172 | 23.5.165.66 173 | 23.51.21.161 174 | 23.52.128.15 175 | 23.52.128.6 176 | 23.52.128.9 177 | 23.52.168.17 178 | 23.53.3.137 179 | 23.53.3.148 180 | 23.54.126.137 181 | 23.54.155.103 182 | 23.54.155.112 183 | 23.55.241.161 184 | 23.55.39.166 185 | 23.55.39.177 186 | 23.55.44.79 187 | 23.55.51.220 188 | 23.56.0.140 189 | 23.56.0.201 190 | 23.56.0.212 191 | 23.56.4.32 192 | 23.57.243.25 193 | 23.58.144.138 194 | 23.58.144.144 195 | 23.58.144.201 196 | 23.59.252.65 197 | 23.59.80.112 198 | 23.59.80.162 199 | 23.60.51.247 200 | 23.61.202.200 201 | 23.61.246.208 202 | 23.61.246.210 203 | 23.61.246.212 204 | 23.61.246.218 205 | 23.61.246.222 206 | 23.61.246.224 207 | 23.61.250.19 208 | 23.62.226.239 209 | 23.62.46.101 210 | 23.62.46.102 211 | 23.62.46.116 212 | 23.62.46.118 213 | 23.62.46.120 214 | 23.62.46.164 215 | 23.62.46.180 216 | 23.62.46.200 217 | 23.62.46.213 218 | 23.62.46.218 219 | 23.63.233.166 220 | 23.63.233.188 221 | 23.63.84.153 222 | 23.64.114.201 223 | 23.64.119.179 224 | 23.67.33.139 225 | 23.67.33.153 226 | 23.67.33.155 227 | 23.67.33.215 228 | 23.67.33.219 229 | 23.67.33.33 230 | 23.67.33.39 231 | 23.67.33.41 232 | 23.67.33.88 233 | 23.67.33.90 234 | 23.7.212.166 235 | 23.77.24.199 236 | 23.78.141.74 237 | 23.79.38.211 238 | 36.155.182.126 239 | 36.97.228.52 240 | 38.109.251.135 241 | 42.56.64.130 242 | 43.128.17.30 243 | 43.128.17.61 244 | 43.129.115.110 245 | 43.129.115.13 246 | 43.129.115.16 247 | 43.129.115.172 248 | 43.129.115.198 249 | 43.129.115.202 250 | 43.129.115.81 251 | 43.129.138.120 252 | 43.129.138.148 253 | 43.129.139.165 254 | 43.129.139.7 255 | 43.129.152.247 256 | 43.129.152.57 257 | 43.129.153.33 258 | 43.129.153.64 259 | 43.129.2.108 260 | 43.129.2.170 261 | 43.129.2.172 262 | 43.129.2.182 263 | 43.129.2.193 264 | 43.129.2.230 265 | 43.129.2.244 266 | 43.129.2.38 267 | 43.129.254.124 268 | 43.129.254.137 269 | 43.129.254.138 270 | 43.129.254.146 271 | 43.129.254.155 272 | 43.129.254.156 273 | 43.129.254.174 274 | 43.129.254.250 275 | 43.129.254.4 276 | 43.129.254.62 277 | 43.129.254.79 278 | 43.129.255.160 279 | 43.129.255.166 280 | 43.129.255.215 281 | 43.129.255.246 282 | 43.129.255.26 283 | 43.129.255.87 284 | 43.129.2.77 285 | 43.130.30.115 286 | 43.130.30.126 287 | 43.130.30.170 288 | 43.130.30.185 289 | 43.130.30.237 290 | 43.130.30.240 291 | 43.130.30.247 292 | 43.130.30.61 293 | 43.130.30.62 294 | 43.130.30.74 295 | 43.130.30.86 296 | 43.132.83.184 297 | 43.132.83.190 298 | 43.132.83.220 299 | 43.132.83.231 300 | 43.132.83.245 301 | 43.132.84.185 302 | 43.132.85.110 303 | 43.132.85.126 304 | 43.132.85.151 305 | 43.132.85.167 306 | 43.132.85.192 307 | 43.132.85.92 308 | 43.132.93.144 309 | 43.134.59.209 310 | 43.134.69.243 311 | 43.135.105.174 312 | 43.135.105.208 313 | 43.135.105.217 314 | 43.135.105.94 315 | 43.135.106.117 316 | 43.135.106.184 317 | 43.135.106.188 318 | 43.135.106.19 319 | 43.135.106.201 320 | 43.135.106.212 321 | 43.135.106.225 322 | 43.135.106.241 323 | 43.135.106.244 324 | 43.135.106.3 325 | 43.135.106.42 326 | 43.135.106.65 327 | 43.135.106.77 328 | 43.136.2.161 329 | 43.141.43.110 330 | 43.152.112.101 331 | 43.152.136.155 332 | 43.152.136.198 333 | 43.152.136.203 334 | 43.152.14.43 335 | 43.152.14.44 336 | 43.152.15.102 337 | 43.152.15.37 338 | 43.152.15.39 339 | 43.152.180.26 340 | 43.152.180.41 341 | 43.152.181.30 342 | 43.152.182.19 343 | 43.152.182.31 344 | 43.152.183.74 345 | 43.152.2.144 346 | 43.152.2.151 347 | 43.152.2.154 348 | 43.152.2.159 349 | 43.152.2.162 350 | 43.152.2.199 351 | 43.152.22.21 352 | 43.152.2.243 353 | 43.152.22.76 354 | 43.152.24.204 355 | 43.152.24.53 356 | 43.152.2.73 357 | 43.152.2.78 358 | 43.153.236.122 359 | 43.153.236.237 360 | 43.153.236.68 361 | 43.153.246.130 362 | 43.153.246.139 363 | 43.153.246.75 364 | 43.153.248.120 365 | 43.153.249.101 366 | 43.153.249.12 367 | 43.153.249.158 368 | 43.153.249.92 369 | 43.153.254.142 370 | 43.153.254.173 371 | 43.153.254.240 372 | 43.153.254.46 373 | 43.153.254.58 374 | 43.154.240.161 375 | 43.154.240.217 376 | 43.154.240.235 377 | 43.154.240.32 378 | 43.154.240.58 379 | 43.154.240.64 380 | 43.154.240.84 381 | 43.154.252.110 382 | 43.154.252.183 383 | 43.154.252.244 384 | 43.154.252.250 385 | 43.154.252.31 386 | 43.154.252.43 387 | 43.154.252.67 388 | 43.154.254.135 389 | 43.154.254.142 390 | 43.154.254.185 391 | 43.154.254.56 392 | 43.154.254.89 393 | 43.154.254.90 394 | 43.155.124.103 395 | 43.155.124.11 396 | 43.155.124.118 397 | 43.155.124.138 398 | 43.155.124.141 399 | 43.155.124.145 400 | 43.155.124.18 401 | 43.155.124.188 402 | 43.155.124.207 403 | 43.155.124.219 404 | 43.155.124.238 405 | 43.155.124.248 406 | 43.155.124.47 407 | 43.155.124.51 408 | 43.159.107.192 409 | 43.159.116.22 410 | 43.159.117.33 411 | 43.159.233.74 412 | 43.159.234.88 413 | 43.159.235.159 414 | 43.159.235.229 415 | 43.159.235.61 416 | 43.159.69.81 417 | 43.159.77.142 418 | 43.159.77.144 419 | 43.159.77.146 420 | 43.159.77.16 421 | 43.163.17.61 422 | 43.174.32.118 423 | 43.174.32.88 424 | 43.175.115.113 425 | 43.175.138.210 426 | 43.175.138.229 427 | 43.175.139.72 428 | 43.175.139.73 429 | 43.175.139.75 430 | 43.175.139.86 431 | 43.175.144.12 432 | 43.175.144.13 433 | 43.175.144.14 434 | 43.175.144.16 435 | 43.175.144.17 436 | 43.175.144.18 437 | 43.175.144.23 438 | 43.175.144.24 439 | 43.175.144.25 440 | 43.175.144.28 441 | 43.175.144.30 442 | 43.175.144.32 443 | 43.175.144.34 444 | 43.175.144.37 445 | 43.175.144.39 446 | 43.175.144.47 447 | 43.175.144.48 448 | 43.175.154.12 449 | 43.175.16.126 450 | 43.175.16.76 451 | 43.175.168.19 452 | 43.175.168.24 453 | 43.175.168.26 454 | 43.175.18.53 455 | 43.175.186.87 456 | 43.175.34.20 457 | 43.175.34.35 458 | 43.175.44.26 459 | 43.175.44.52 460 | 45.116.83.9 461 | 47.246.103.10 462 | 47.246.103.25 463 | 47.246.103.58 464 | 47.246.103.59 465 | 47.246.103.69 466 | 47.246.103.9 467 | 47.246.129.193 468 | 47.246.138.129 469 | 47.246.138.134 470 | 47.246.165.34 471 | 47.246.174.103 472 | 47.246.177.10 473 | 47.246.177.13 474 | 47.246.177.212 475 | 47.246.177.216 476 | 47.246.177.220 477 | 47.246.177.224 478 | 47.246.177.7 479 | 47.246.180.83 480 | 47.246.181.10 481 | 47.246.181.17 482 | 47.246.181.20 483 | 47.246.182.10 484 | 47.246.182.16 485 | 47.246.182.18 486 | 47.246.23.177 487 | 47.246.23.214 488 | 47.246.23.222 489 | 47.246.23.223 490 | 47.246.99.131 491 | 47.246.99.148 492 | 47.246.99.152 493 | 54.169.212.66 494 | 60.220.178.61 495 | 60.28.172.100 496 | 61.151.226.37 497 | 61.151.229.57 498 | 69.192.139.101 499 | 72.247.127.227 500 | 84.53.172.187 501 | 88.221.2.173 502 | 88.221.88.11 503 | 92.123.102.27 504 | 95.101.110.155 505 | 95.101.75.121 506 | 95.101.75.80 507 | 95.101.75.94 508 | 95.101.80.229 509 | 96.16.55.100 510 | 96.16.55.14 511 | 96.16.55.149 512 | 96.16.55.19 513 | 96.16.55.26 514 | 96.16.55.28 515 | 96.16.55.30 516 | 96.16.55.35 517 | 96.16.55.39 518 | 96.16.55.4 519 | 96.16.55.72 520 | 96.16.55.74 521 | 96.16.55.77 522 | 96.16.55.96 523 | 96.17.180.189 524 | 96.17.180.44 525 | 96.6.42.179 526 | 96.7.229.89 527 | 101.32.104.104 528 | 101.32.104.41 529 | 101.32.104.56 530 | 101.32.110.92 531 | 101.32.113.63 532 | 101.32.113.90 533 | 101.32.133.16 534 | 101.32.133.209 535 | 101.32.133.53 536 | 101.32.133.83 537 | 101.32.139.115 538 | 101.32.139.136 539 | 101.32.139.236 540 | 101.32.139.250 541 | 101.32.139.31 542 | 101.32.139.53 543 | 101.32.139.67 544 | 101.32.139.98 545 | 101.32.171.239 546 | 101.33.20.107 547 | 101.33.20.125 548 | 101.33.20.163 549 | 101.33.20.165 550 | 101.33.20.185 551 | 101.33.20.32 552 | 101.91.37.29 553 | 101.91.37.39 554 | 103.107.90.100 555 | 103.107.90.101 556 | 103.107.90.104 557 | 103.107.90.107 558 | 103.107.90.109 559 | 103.107.90.113 560 | 103.107.90.133 561 | 103.107.90.134 562 | 103.107.90.140 563 | 103.107.90.153 564 | 103.107.90.178 565 | 103.107.90.183 566 | 103.107.90.196 567 | 103.107.90.215 568 | 103.107.90.227 569 | 103.107.90.239 570 | 103.107.90.245 571 | 103.107.90.250 572 | 103.107.90.27 573 | 103.107.90.3 574 | 103.107.90.31 575 | 103.107.90.32 576 | 103.107.90.37 577 | 103.107.90.41 578 | 103.107.90.46 579 | 103.107.90.57 580 | 103.107.90.73 581 | 103.107.90.79 582 | 103.107.90.99 583 | 103.43.134.25 584 | 103.43.134.26 585 | 104.102.249.59 586 | 104.117.76.80 587 | 104.123.69.48 588 | 104.193.88.112 589 | 104.71.60.65 590 | 104.71.61.129 591 | 104.75.169.122 592 | 104.76.220.147 593 | 104.76.220.42 594 | 104.76.220.56 595 | 104.77.183.17 596 | 104.77.183.32 597 | 104.83.5.154 598 | 104.84.150.34 599 | 104.91.59.105 600 | 104.91.59.112 601 | 104.97.2.135 602 | 106.39.206.21 603 | 107.155.14.171 604 | 110.173.58.162 605 | 111.6.178.157 606 | 112.65.193.155 607 | 112.65.193.167 608 | 112.86.240.245 609 | 113.108.27.88 610 | 114.222.112.57 611 | 116.196.149.100 612 | 119.147.190.111 613 | 119.28.164.155 614 | 119.28.164.173 615 | 119.28.164.184 616 | 119.29.29.29 617 | 120.220.133.52 618 | 120.220.133.54 619 | 120.221.152.18 620 | 120.221.152.37 621 | 120.223.230.214 622 | 120.223.230.37 623 | 120.223.230.93 624 | 120.223.231.50 625 | 120.232.51.154 626 | 121.14.76.247 627 | 121.14.78.51 628 | 124.156.189.109 629 | 124.156.190.179 630 | 124.156.190.79 631 | 124.156.190.80 632 | 128.14.246.120 633 | 129.226.102.183 634 | 129.226.102.234 635 | 129.226.102.244 636 | 129.226.102.247 637 | 129.226.102.43 638 | 129.226.102.50 639 | 129.226.102.75 640 | 129.226.102.81 641 | 129.226.102.98 642 | 129.226.103.11 643 | 129.226.103.12 644 | 129.226.103.123 645 | 129.226.103.145 646 | 129.226.103.162 647 | 129.226.103.182 648 | 129.226.103.217 649 | 129.226.103.233 650 | 129.226.103.24 651 | 129.226.106.171 652 | 129.226.106.18 653 | 129.226.106.210 654 | 129.226.106.211 655 | 129.226.106.225 656 | 129.226.106.233 657 | 129.226.106.84 658 | 129.226.107.124 659 | 129.226.107.134 660 | 129.226.107.149 661 | 129.226.107.152 662 | 129.226.107.210 663 | 129.226.107.233 664 | 129.226.107.33 665 | 129.226.107.79 666 | 129.226.107.80 667 | 129.226.1.35 668 | 129.226.3.47 669 | 138.113.102.15 670 | 138.113.128.92 671 | 138.113.159.20 672 | 138.113.19.147 673 | 138.113.19.16 674 | 138.113.19.248 675 | 138.113.24.189 676 | 138.113.24.194 677 | 138.113.24.200 678 | 138.113.24.201 679 | 138.113.24.59 680 | 138.113.24.64 681 | 138.113.26.196 682 | 140.150.29.41 683 | 140.150.36.50 684 | 140.150.36.52 685 | 140.207.122.197 686 | 140.207.122.242 687 | 140.207.57.215 688 | 150.109.29.169 689 | 150.109.3.9 690 | 155.102.130.200 691 | 155.102.130.201 692 | 155.102.4.165 693 | 155.102.4.166 694 | 155.102.42.36 695 | 157.148.61.213 696 | 157.185.145.100 697 | 157.185.145.11 698 | 157.185.145.81 699 | 157.185.156.117 700 | 157.185.156.141 701 | 157.185.156.194 702 | 157.185.157.50 703 | 157.185.158.28 704 | 157.185.158.98 705 | 157.185.162.49 706 | 157.185.163.113 707 | 157.185.170.135 708 | 157.185.175.105 709 | 157.185.177.217 710 | 157.185.180.23 711 | 157.185.180.41 712 | 157.185.181.108 713 | 157.185.181.84 714 | 162.62.215.117 715 | 163.171.109.220 716 | 163.171.198.7 717 | 163.181.199.199 718 | 163.181.228.204 719 | 163.181.246.204 720 | 163.181.246.226 721 | 163.181.81.191 722 | 170.106.144.189 723 | 170.106.37.107 724 | 170.106.37.221 725 | 172.65.64.216 726 | 172.65.64.217 727 | 174.35.61.116 728 | 180.153.201.124 729 | 182.50.12.202 730 | 183.47.104.112 731 | 183.47.118.145 732 | 183.47.118.249 733 | 183.47.121.205 734 | 183.47.121.90 735 | 183.47.124.53 736 | 183.47.126.116 737 | 183.60.8.150 738 | 184.24.8.87 739 | 184.25.115.161 740 | 184.25.119.168 741 | 184.25.119.180 742 | 184.25.145.161 743 | 184.25.254.170 744 | 184.25.254.48 745 | 184.25.254.66 746 | 184.25.58.74 747 | 184.25.58.83 748 | 184.26.43.68 749 | 184.27.204.161 750 | 184.28.235.51 751 | 184.28.41.37 752 | 184.28.41.70 753 | 184.28.41.72 754 | 184.28.41.77 755 | 184.28.41.91 756 | 184.28.81.150 757 | 184.28.81.178 758 | 184.28.81.218 759 | 184.28.81.220 760 | 184.30.148.77 761 | 184.30.30.224 762 | 184.31.163.179 763 | 184.51.252.175 764 | 184.51.88.67 765 | 185.10.104.115 766 | 198.18.0.30 767 | 198.18.0.47 768 | 198.18.0.9 769 | 198.18.16.130 770 | 203.205.129.166 771 | 203.205.136.105 772 | 203.205.136.151 773 | 203.205.136.188 774 | 203.205.136.219 775 | 203.205.136.243 776 | 203.205.136.58 777 | 203.205.136.61 778 | 203.205.136.77 779 | 203.205.136.80 780 | 203.205.136.81 781 | 203.205.137.101 782 | 203.205.137.181 783 | 203.205.137.184 784 | 203.205.137.227 785 | 203.205.137.234 786 | 203.205.137.235 787 | 203.205.137.72 788 | 203.205.137.76 789 | 203.205.219.40 790 | 203.205.219.56 791 | 203.205.219.79 792 | 203.205.232.101 793 | 203.205.232.110 794 | 203.205.239.154 795 | 203.205.253.150 796 | 203.205.254.103 797 | 203.205.254.142 798 | 203.205.254.156 799 | 203.205.254.184 800 | 203.205.255.185 801 | 211.93.212.170 802 | 218.12.76.154 803 | 218.29.204.195 804 | 218.56.163.81 805 | 221.181.99.30 806 | 221.181.99.34 807 | 223.109.215.29 808 | -------------------------------------------------------------------------------- /natcapd/natcapd.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include "natcapd.h" 28 | 29 | #ifndef EAGAIN 30 | #define EAGAIN EWOULDBLOCK 31 | #endif 32 | 33 | #ifndef EWOULDBLOCK 34 | #define EWOULDBLOCK EAGAIN 35 | #endif 36 | 37 | #ifndef MAXCONN 38 | #define MAXCONN 1024 39 | #endif 40 | 41 | static void signal_cb(EV_P_ ev_signal *w, int revents); 42 | static void accept_cb(EV_P_ ev_io *w, int revents); 43 | static void server_send_cb(EV_P_ ev_io *w, int revents); 44 | static void server_recv_cb(EV_P_ ev_io *w, int revents); 45 | static void remote_recv_cb(EV_P_ ev_io *w, int revents); 46 | static void remote_send_cb(EV_P_ ev_io *w, int revents); 47 | static void server_timeout_cb(EV_P_ ev_timer *watcher, int revents); 48 | 49 | static remote_t *new_remote(int fd); 50 | static server_t *new_server(int fd, listen_ctx_t *listener); 51 | #ifdef NATCAP_CLIENT_MODE 52 | static remote_t *connect_to_remote(EV_P_ struct addrinfo *res, server_t *server); 53 | #else 54 | static remote_t *connect_to_remote(EV_P_ struct addrinfo *res, struct sockaddr *bind_addr, server_t *server); 55 | #endif 56 | 57 | static void free_remote(remote_t *remote); 58 | static void close_and_free_remote(EV_P_ remote_t *remote); 59 | static void free_server(server_t *server); 60 | static void close_and_free_server(EV_P_ server_t *server); 61 | 62 | int ito = 0; 63 | int verbose = 0; 64 | int reuse_port = 0; 65 | 66 | static int set_reuseport(int socket) 67 | { 68 | int opt = 1; 69 | return setsockopt(socket, SOL_SOCKET, SO_REUSEPORT, &opt, sizeof(opt)); 70 | } 71 | 72 | static int remote_conn = 0; 73 | static int server_conn = 0; 74 | 75 | uint64_t tx = 0; 76 | uint64_t rx = 0; 77 | 78 | static struct ev_signal sigint_watcher; 79 | static struct ev_signal sigterm_watcher; 80 | static struct ev_signal sigchld_watcher; 81 | 82 | int setnonblocking(int fd) 83 | { 84 | int flags; 85 | if (-1 == (flags = fcntl(fd, F_GETFL, 0))) { 86 | flags = 0; 87 | } 88 | return fcntl(fd, F_SETFL, flags | O_NONBLOCK); 89 | } 90 | 91 | int create_and_bind(const char *host, const char *port) 92 | { 93 | struct addrinfo hints; 94 | struct addrinfo *result, *rp; 95 | int s, listen_sock; 96 | 97 | memset(&hints, 0, sizeof(struct addrinfo)); 98 | hints.ai_family = AF_INET; /* Return IPv4 only */ 99 | hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */ 100 | hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */ 101 | hints.ai_protocol = IPPROTO_TCP; 102 | 103 | result = NULL; 104 | 105 | for (int i = 1; i < 8; i++) { 106 | s = getaddrinfo(host, port, &hints, &result); 107 | if (s == 0) { 108 | break; 109 | } else { 110 | sleep(pow(2, i)); 111 | printf("failed to resolve server name, wait %.0f seconds\n", pow(2, i)); 112 | } 113 | } 114 | 115 | if (s != 0) { 116 | printf("getaddrinfo: %s\n", gai_strerror(s)); 117 | return -1; 118 | } 119 | 120 | if (result == NULL) { 121 | printf("Could not bind\n"); 122 | return -1; 123 | } 124 | 125 | rp = result; 126 | 127 | for (/*rp = result*/; rp != NULL; rp = rp->ai_next) { 128 | listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); 129 | if (listen_sock == -1) { 130 | continue; 131 | } 132 | 133 | int opt = 1; 134 | setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); 135 | #ifdef SO_NOSIGPIPE 136 | setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 137 | #endif 138 | if (reuse_port) { 139 | int err = set_reuseport(listen_sock); 140 | if (err == 0) { 141 | printf("tcp port reuse enabled\n"); 142 | } 143 | } 144 | 145 | s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); 146 | if (s == 0) { 147 | /* We managed to bind successfully! */ 148 | break; 149 | } else { 150 | perror("bind"); 151 | } 152 | 153 | close(listen_sock); 154 | listen_sock = -1; 155 | } 156 | 157 | freeaddrinfo(result); 158 | 159 | return listen_sock; 160 | } 161 | 162 | #ifdef NATCAP_CLIENT_MODE 163 | static remote_t *connect_to_remote(EV_P_ struct addrinfo *res, server_t *server) 164 | #else 165 | static remote_t *connect_to_remote(EV_P_ struct addrinfo *res, struct sockaddr *bind_addr, server_t *server) 166 | #endif 167 | { 168 | int sockfd; 169 | 170 | // initialize remote socks 171 | sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 172 | if (sockfd == -1) { 173 | perror("socket"); 174 | close(sockfd); 175 | return NULL; 176 | } 177 | 178 | #ifndef NATCAP_CLIENT_MODE 179 | if (bind_addr) { 180 | struct ifaddrs* ifaddr = NULL; 181 | struct ifaddrs* ifa; 182 | 183 | getifaddrs(&ifaddr); 184 | for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { 185 | if (ifa->ifa_addr && ifa->ifa_name && AF_INET == ifa->ifa_addr->sa_family && 186 | ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr == ((struct sockaddr_in *)bind_addr)->sin_addr.s_addr) { 187 | //bind ifname 188 | struct ifreq ifr; 189 | memset(&ifr, 0, sizeof(ifr)); 190 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", ifa->ifa_name); 191 | if (setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) < 0) { 192 | perror("setsockopt SO_BINDTODEVICE"); 193 | } 194 | break; 195 | } 196 | } 197 | freeifaddrs(ifaddr); 198 | 199 | if (bind(sockfd, bind_addr, sizeof(struct sockaddr_in))) { 200 | perror("bind"); 201 | } 202 | } 203 | #endif 204 | 205 | int opt = 1; 206 | setsockopt(sockfd, SOL_IP, SO_NATCAP_MARK, NULL, 0); 207 | setsockopt(sockfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt)); 208 | #ifdef SO_NOSIGPIPE 209 | setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 210 | #endif 211 | setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); 212 | 213 | // setup remote socks 214 | 215 | if (setnonblocking(sockfd) == -1) 216 | perror("setnonblocking"); 217 | 218 | remote_t *remote = new_remote(sockfd); 219 | 220 | int r = connect(sockfd, res->ai_addr, res->ai_addrlen); 221 | 222 | if (r == -1 && errno != EINPROGRESS) { 223 | perror("connect"); 224 | close_and_free_remote(EV_A_ remote); 225 | return NULL; 226 | } 227 | 228 | return remote; 229 | } 230 | 231 | #ifdef NATCAP_CLIENT_MODE 232 | static int getdestaddr(int fd, struct sockaddr_storage *destaddr) 233 | { 234 | socklen_t socklen = sizeof(*destaddr); 235 | int error = 0; 236 | 237 | error = getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, destaddr, &socklen); 238 | if (error) { 239 | return -1; 240 | } 241 | return 0; 242 | } 243 | #else 244 | static int getdestaddr(int fd, struct sockaddr_storage *destaddr) 245 | { 246 | socklen_t socklen = sizeof(*destaddr); 247 | int error = 0; 248 | 249 | error = getsockopt(fd, SOL_IP, SO_NATCAP_DST, destaddr, &socklen); 250 | if (error) { 251 | return -1; 252 | } 253 | return 0; 254 | } 255 | 256 | static int get_original_destaddr(int fd, struct sockaddr_storage *destaddr) 257 | { 258 | socklen_t socklen = sizeof(*destaddr); 259 | int error = 0; 260 | 261 | error = getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, destaddr, &socklen); 262 | if (error) { 263 | return -1; 264 | } 265 | return 0; 266 | } 267 | #endif 268 | 269 | static void server_recv_cb(EV_P_ ev_io *w, int revents) 270 | { 271 | server_ctx_t *server_recv_ctx = (server_ctx_t *)w; 272 | server_t *server = server_recv_ctx->server; 273 | remote_t *remote = server->remote; 274 | 275 | if (remote == NULL) { 276 | printf("invalid remote\n"); 277 | close_and_free_server(EV_A_ server); 278 | return; 279 | } 280 | 281 | ssize_t r = recv(server->fd, remote->buf->data, BUF_SIZE, 0); 282 | if (r == 0) { 283 | // connection closed 284 | if (verbose) { 285 | printf("server_recv close the connection\n"); 286 | } 287 | close_and_free_remote(EV_A_ remote); 288 | close_and_free_server(EV_A_ server); 289 | return; 290 | } else if (r == -1) { 291 | if (errno == EAGAIN || errno == EWOULDBLOCK) { 292 | // no data 293 | // continue to wait for recv 294 | return; 295 | } else { 296 | //perror("server recv"); 297 | close_and_free_remote(EV_A_ remote); 298 | close_and_free_server(EV_A_ server); 299 | return; 300 | } 301 | } 302 | tx += r; 303 | remote->buf->len = r; 304 | 305 | if (server->stage == STAGE_STREAM) { 306 | ev_timer_again(EV_A_ & server->recv_ctx->watcher); 307 | 308 | int s = send(remote->fd, remote->buf->data, remote->buf->len, 0); 309 | if (s == -1) { 310 | if (errno == EAGAIN || errno == EWOULDBLOCK) { 311 | // no data, wait for send 312 | remote->buf->idx = 0; 313 | ev_io_stop(EV_A_ & server_recv_ctx->io); 314 | ev_io_start(EV_A_ & remote->send_ctx->io); 315 | } else { 316 | perror("server_recv_send"); 317 | close_and_free_remote(EV_A_ remote); 318 | close_and_free_server(EV_A_ server); 319 | } 320 | } else if (s < remote->buf->len) { 321 | remote->buf->len -= s; 322 | remote->buf->idx = s; 323 | ev_io_stop(EV_A_ & server_recv_ctx->io); 324 | ev_io_start(EV_A_ & remote->send_ctx->io); 325 | } 326 | return; 327 | } else if (server->stage == STAGE_INIT) { 328 | // waiting on remote connected event 329 | ev_io_stop(EV_A_ & server_recv_ctx->io); 330 | ev_io_start(EV_A_ & remote->send_ctx->io); 331 | return; 332 | } 333 | } 334 | 335 | static void server_send_cb(EV_P_ ev_io *w, int revents) 336 | { 337 | server_ctx_t *server_send_ctx = (server_ctx_t *)w; 338 | server_t *server = server_send_ctx->server; 339 | remote_t *remote = server->remote; 340 | 341 | if (remote == NULL) { 342 | printf("invalid server\n"); 343 | close_and_free_server(EV_A_ server); 344 | return; 345 | } 346 | 347 | if (server->buf->len == 0) { 348 | // close and free 349 | if (verbose) { 350 | printf("server_send close the connection\n"); 351 | } 352 | close_and_free_remote(EV_A_ remote); 353 | close_and_free_server(EV_A_ server); 354 | return; 355 | } else { 356 | // has data to send 357 | ssize_t s = send(server->fd, server->buf->data + server->buf->idx, server->buf->len, 0); 358 | if (s == -1) { 359 | if (errno != EAGAIN && errno != EWOULDBLOCK) { 360 | perror("server_send_send"); 361 | close_and_free_remote(EV_A_ remote); 362 | close_and_free_server(EV_A_ server); 363 | } 364 | return; 365 | } else if (s < server->buf->len) { 366 | // partly sent, move memory, wait for the next time to send 367 | server->buf->len -= s; 368 | server->buf->idx += s; 369 | return; 370 | } else { 371 | // all sent out, wait for reading 372 | server->buf->len = 0; 373 | server->buf->idx = 0; 374 | ev_io_stop(EV_A_ & server_send_ctx->io); 375 | ev_io_start(EV_A_ & remote->recv_ctx->io); 376 | } 377 | } 378 | } 379 | 380 | static void server_timeout_cb(EV_P_ ev_timer *watcher, int revents) 381 | { 382 | server_ctx_t *server_ctx = container_of(watcher, server_ctx_t, watcher); 383 | server_t *server = server_ctx->server; 384 | remote_t *remote = server->remote; 385 | 386 | if (verbose) { 387 | printf("TCP connection timeout\n"); 388 | } 389 | 390 | close_and_free_remote(EV_A_ remote); 391 | close_and_free_server(EV_A_ server); 392 | } 393 | 394 | static void remote_recv_cb(EV_P_ ev_io *w, int revents) 395 | { 396 | remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w; 397 | remote_t *remote = remote_recv_ctx->remote; 398 | server_t *server = remote->server; 399 | 400 | if (server == NULL) { 401 | printf("invalid server\n"); 402 | close_and_free_remote(EV_A_ remote); 403 | return; 404 | } 405 | 406 | ev_timer_again(EV_A_ & server->recv_ctx->watcher); 407 | 408 | ssize_t r = recv(remote->fd, server->buf->data, BUF_SIZE, 0); 409 | if (r == 0) { 410 | // connection closed 411 | if (verbose) { 412 | printf("remote_recv close the connection\n"); 413 | } 414 | close_and_free_remote(EV_A_ remote); 415 | close_and_free_server(EV_A_ server); 416 | return; 417 | } else if (r == -1) { 418 | if (errno == EAGAIN || errno == EWOULDBLOCK) { 419 | // no data 420 | // continue to wait for recv 421 | return; 422 | } else { 423 | //perror("remote recv"); 424 | close_and_free_remote(EV_A_ remote); 425 | close_and_free_server(EV_A_ server); 426 | return; 427 | } 428 | } 429 | rx += r; 430 | server->buf->len = r; 431 | 432 | int s = send(server->fd, server->buf->data, server->buf->len, 0); 433 | if (s == -1) { 434 | if (errno == EAGAIN || errno == EWOULDBLOCK) { 435 | // no data, wait for send 436 | server->buf->idx = 0; 437 | ev_io_stop(EV_A_ & remote_recv_ctx->io); 438 | ev_io_start(EV_A_ & server->send_ctx->io); 439 | } else { 440 | perror("remote_recv_send"); 441 | close_and_free_remote(EV_A_ remote); 442 | close_and_free_server(EV_A_ server); 443 | return; 444 | } 445 | } else if (s < server->buf->len) { 446 | server->buf->len -= s; 447 | server->buf->idx = s; 448 | ev_io_stop(EV_A_ & remote_recv_ctx->io); 449 | ev_io_start(EV_A_ & server->send_ctx->io); 450 | } 451 | 452 | // Disable TCP_NODELAY after the first response are sent 453 | if (!remote->recv_ctx->connected) { 454 | int opt = 0; 455 | setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt)); 456 | setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt)); 457 | remote->recv_ctx->connected = 1; 458 | } 459 | } 460 | 461 | static void remote_send_cb(EV_P_ ev_io *w, int revents) 462 | { 463 | remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w; 464 | remote_t *remote = remote_send_ctx->remote; 465 | server_t *server = remote->server; 466 | 467 | if (server == NULL) { 468 | printf("invalid server\n"); 469 | close_and_free_remote(EV_A_ remote); 470 | return; 471 | } 472 | 473 | if (!remote_send_ctx->connected) { 474 | struct sockaddr_storage addr; 475 | socklen_t len = sizeof(struct sockaddr_storage); 476 | memset(&addr, 0, len); 477 | int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len); 478 | if (r == 0) { 479 | if (verbose) { 480 | printf("remote connected\n"); 481 | } 482 | remote_send_ctx->connected = 1; 483 | if (server->stage != STAGE_STREAM) { 484 | server->stage = STAGE_STREAM; 485 | ev_io_start(EV_A_ & remote->recv_ctx->io); 486 | } 487 | 488 | if (remote->buf->len == 0) { 489 | ev_io_stop(EV_A_ & remote_send_ctx->io); 490 | ev_io_start(EV_A_ & server->recv_ctx->io); 491 | return; 492 | } 493 | } else { 494 | perror("remote_send_getpeername"); 495 | // not connected 496 | close_and_free_remote(EV_A_ remote); 497 | close_and_free_server(EV_A_ server); 498 | return; 499 | } 500 | } 501 | 502 | if (remote->buf->len == 0) { 503 | // close and free 504 | if (verbose) { 505 | printf("remote_send close the connection\n"); 506 | } 507 | close_and_free_remote(EV_A_ remote); 508 | close_and_free_server(EV_A_ server); 509 | return; 510 | } else { 511 | // has data to send 512 | ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx, remote->buf->len, 0); 513 | if (s == -1) { 514 | if (errno != EAGAIN && errno != EWOULDBLOCK) { 515 | perror("remote_send_send"); 516 | // close and free 517 | close_and_free_remote(EV_A_ remote); 518 | close_and_free_server(EV_A_ server); 519 | return; 520 | } 521 | } else if (s < remote->buf->len) { 522 | // partly sent, move memory, wait for the next time to send 523 | remote->buf->len -= s; 524 | remote->buf->idx += s; 525 | } else { 526 | // all sent out, wait for reading 527 | remote->buf->len = 0; 528 | remote->buf->idx = 0; 529 | ev_io_stop(EV_A_ & remote_send_ctx->io); 530 | ev_io_start(EV_A_ & server->recv_ctx->io); 531 | } 532 | if (server->stage != STAGE_STREAM) { 533 | server->stage = STAGE_STREAM; 534 | ev_io_start(EV_A_ & remote->recv_ctx->io); 535 | } 536 | } 537 | } 538 | 539 | static remote_t *new_remote(int fd) 540 | { 541 | if (verbose) { 542 | remote_conn++; 543 | } 544 | 545 | remote_t *remote = malloc(sizeof(remote_t)); 546 | memset(remote, 0, sizeof(remote_t)); 547 | 548 | remote->recv_ctx = malloc(sizeof(remote_ctx_t)); 549 | remote->send_ctx = malloc(sizeof(remote_ctx_t)); 550 | remote->buf = malloc(sizeof(buffer_t)); 551 | remote->buf->len = 0; 552 | remote->buf->idx = 0; 553 | memset(remote->recv_ctx, 0, sizeof(remote_ctx_t)); 554 | memset(remote->send_ctx, 0, sizeof(remote_ctx_t)); 555 | remote->fd = fd; 556 | remote->recv_ctx->remote = remote; 557 | remote->recv_ctx->connected = 0; 558 | remote->send_ctx->remote = remote; 559 | remote->send_ctx->connected = 0; 560 | remote->server = NULL; 561 | 562 | ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ); 563 | ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE); 564 | 565 | return remote; 566 | } 567 | 568 | static void free_remote(remote_t *remote) 569 | { 570 | if (remote->server != NULL) { 571 | remote->server->remote = NULL; 572 | } 573 | if (remote->buf != NULL) { 574 | free(remote->buf); 575 | } 576 | free(remote->recv_ctx); 577 | free(remote->send_ctx); 578 | free(remote); 579 | } 580 | 581 | static void close_and_free_remote(EV_P_ remote_t *remote) 582 | { 583 | if (remote != NULL) { 584 | ev_io_stop(EV_A_ & remote->send_ctx->io); 585 | ev_io_stop(EV_A_ & remote->recv_ctx->io); 586 | close(remote->fd); 587 | free_remote(remote); 588 | if (verbose) { 589 | remote_conn--; 590 | printf("current remote connection: %d\n", remote_conn); 591 | } 592 | } 593 | } 594 | 595 | static server_t *new_server(int fd, listen_ctx_t *listener) 596 | { 597 | if (verbose) { 598 | server_conn++; 599 | } 600 | 601 | server_t *server; 602 | server = malloc(sizeof(server_t)); 603 | 604 | memset(server, 0, sizeof(server_t)); 605 | 606 | server->recv_ctx = malloc(sizeof(server_ctx_t)); 607 | server->send_ctx = malloc(sizeof(server_ctx_t)); 608 | memset(server->recv_ctx, 0, sizeof(server_ctx_t)); 609 | memset(server->send_ctx, 0, sizeof(server_ctx_t)); 610 | server->buf = malloc(sizeof(buffer_t)); 611 | server->buf->len = 0; 612 | server->buf->idx = 0; 613 | server->fd = fd; 614 | server->recv_ctx->server = server; 615 | server->recv_ctx->connected = 0; 616 | server->send_ctx->server = server; 617 | server->send_ctx->connected = 0; 618 | server->stage = STAGE_INIT; 619 | server->listen_ctx = listener; 620 | server->remote = NULL; 621 | 622 | int request_timeout = min(MAX_REQUEST_TIMEOUT, listener->timeout) 623 | + rand() % MAX_REQUEST_TIMEOUT; 624 | 625 | ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ); 626 | ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE); 627 | ev_timer_init(&server->recv_ctx->watcher, server_timeout_cb, 628 | request_timeout, listener->timeout); 629 | 630 | return server; 631 | } 632 | 633 | static void free_server(server_t *server) 634 | { 635 | if (server->remote != NULL) { 636 | server->remote->server = NULL; 637 | } 638 | if (server->buf != NULL) { 639 | free(server->buf); 640 | } 641 | 642 | free(server->recv_ctx); 643 | free(server->send_ctx); 644 | free(server); 645 | } 646 | 647 | static void close_and_free_server(EV_P_ server_t *server) 648 | { 649 | if (server != NULL) { 650 | ev_io_stop(EV_A_ & server->send_ctx->io); 651 | ev_io_stop(EV_A_ & server->recv_ctx->io); 652 | ev_timer_stop(EV_A_ & server->recv_ctx->watcher); 653 | close(server->fd); 654 | free_server(server); 655 | if (verbose) { 656 | server_conn--; 657 | printf("current server connection: %d\n", server_conn); 658 | } 659 | } 660 | } 661 | 662 | static void signal_cb(EV_P_ ev_signal *w, int revents) 663 | { 664 | if (revents & EV_SIGNAL) { 665 | switch (w->signum) { 666 | case SIGCHLD: 667 | return; 668 | case SIGINT: 669 | case SIGTERM: 670 | ev_signal_stop(EV_DEFAULT, &sigint_watcher); 671 | ev_signal_stop(EV_DEFAULT, &sigterm_watcher); 672 | ev_signal_stop(EV_DEFAULT, &sigchld_watcher); 673 | ev_unloop(EV_A_ EVUNLOOP_ALL); 674 | } 675 | } 676 | } 677 | 678 | static void accept_cb(EV_P_ ev_io *w, int revents) 679 | { 680 | listen_ctx_t *listener = (listen_ctx_t *)w; 681 | int serverfd = accept(listener->fd, NULL, NULL); 682 | if (serverfd == -1) { 683 | perror("accept"); 684 | return; 685 | } 686 | 687 | int opt = 1; 688 | setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt)); 689 | #ifdef SO_NOSIGPIPE 690 | setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 691 | #endif 692 | setnonblocking(serverfd); 693 | 694 | if (verbose) { 695 | printf("accept a connection\n"); 696 | } 697 | 698 | server_t *server = new_server(serverfd, listener); 699 | //ev_io_start(EV_A_ & server->recv_ctx->io); 700 | ev_timer_start(EV_A_ & server->recv_ctx->watcher); 701 | 702 | if (server->stage == STAGE_INIT) { 703 | struct sockaddr_in *addr; 704 | struct addrinfo info; 705 | struct sockaddr_storage storage; 706 | #ifndef NATCAP_CLIENT_MODE 707 | struct sockaddr_storage bind_storage; 708 | struct sockaddr *bind_addr = NULL; 709 | memset(&bind_storage, 0, sizeof(struct sockaddr_storage)); 710 | #endif 711 | memset(&info, 0, sizeof(struct addrinfo)); 712 | memset(&storage, 0, sizeof(struct sockaddr_storage)); 713 | 714 | if (getdestaddr(server->fd, &storage) != 0) { 715 | perror("getdestaddr"); 716 | close_and_free_server(EV_A_ server); 717 | return; 718 | } 719 | addr = (struct sockaddr_in *)&storage; 720 | info.ai_family = AF_INET; 721 | info.ai_socktype = SOCK_STREAM; 722 | info.ai_protocol = IPPROTO_TCP; 723 | info.ai_addrlen = sizeof(struct sockaddr_in); 724 | info.ai_addr = (struct sockaddr *)addr; 725 | 726 | #ifdef NATCAP_CLIENT_MODE 727 | remote_t *remote = connect_to_remote(EV_A_ & info, server); 728 | #else 729 | if (ito != 0) { 730 | if (get_original_destaddr(server->fd, &bind_storage) != 0) { 731 | perror("get_original_destaddr"); 732 | close_and_free_server(EV_A_ server); 733 | return; 734 | } 735 | bind_addr = (struct sockaddr *)&bind_storage; 736 | } 737 | 738 | remote_t *remote = connect_to_remote(EV_A_ & info, bind_addr, server); 739 | #endif 740 | if (remote == NULL) { 741 | printf("connect error\n"); 742 | close_and_free_server(EV_A_ server); 743 | return; 744 | } else { 745 | server->remote = remote; 746 | remote->server = server; 747 | //ev_io_start(EV_A_ & remote->recv_ctx->io); 748 | ev_io_start(EV_A_ & remote->send_ctx->io); 749 | } 750 | } 751 | } 752 | 753 | void usage() 754 | { 755 | printf("\n"); 756 | printf("natcapd %s\n\n", "1.0"); 757 | printf(" Chen Minqiang \n\n"); 758 | printf(" usage:\n\n"); 759 | printf(" [-s ] Local IP address to bind\n"); 760 | printf(" [-l ] Port number of your local server.\n"); 761 | #ifndef NATCAP_CLIENT_MODE 762 | printf(" [-I] Bind input as output interface\n"); 763 | #endif 764 | printf(" [-t ] Socket timeout in seconds.\n"); 765 | printf(" [-v] Verbose mode.\n"); 766 | printf(" [-h, --help] Print this message.\n"); 767 | printf("\n"); 768 | } 769 | 770 | int main(int argc, char **argv) 771 | { 772 | int c; 773 | char *timeout = NULL; 774 | char *server_port = "1080"; 775 | 776 | int server_num = 0; 777 | const char *server_host[MAX_REMOTE_NUM]; 778 | 779 | opterr = 0; 780 | 781 | #ifdef NATCAP_CLIENT_MODE 782 | while ((c = getopt_long(argc, argv, "s:l:t:hv", NULL, NULL)) != -1) { 783 | #else 784 | while ((c = getopt_long(argc, argv, "s:l:It:hv", NULL, NULL)) != -1) { 785 | #endif 786 | switch (c) { 787 | case 's': 788 | if (server_num < MAX_REMOTE_NUM) { 789 | server_host[server_num++] = optarg; 790 | } 791 | break; 792 | case 'l': 793 | server_port = optarg; 794 | break; 795 | #ifndef NATCAP_CLIENT_MODE 796 | case 'I': 797 | ito = 1; 798 | break; 799 | #endif 800 | case 't': 801 | timeout = optarg; 802 | break; 803 | case 'v': 804 | verbose = 1; 805 | break; 806 | case 'h': 807 | usage(); 808 | exit(EXIT_SUCCESS); 809 | case '?': 810 | // The option character is not recognized. 811 | opterr = 1; 812 | break; 813 | } 814 | } 815 | 816 | if (opterr) { 817 | usage(); 818 | exit(EXIT_FAILURE); 819 | } 820 | 821 | if (server_num == 0) { 822 | server_host[server_num++] = "0.0.0.0"; 823 | } 824 | 825 | if (timeout == NULL) { 826 | timeout = "60"; 827 | } 828 | 829 | // ignore SIGPIPE 830 | signal(SIGPIPE, SIG_IGN); 831 | signal(SIGABRT, SIG_IGN); 832 | 833 | ev_signal_init(&sigint_watcher, signal_cb, SIGINT); 834 | ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM); 835 | ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD); 836 | ev_signal_start(EV_DEFAULT, &sigint_watcher); 837 | ev_signal_start(EV_DEFAULT, &sigterm_watcher); 838 | ev_signal_start(EV_DEFAULT, &sigchld_watcher); 839 | 840 | // initialize ev loop 841 | struct ev_loop *loop = EV_DEFAULT; 842 | 843 | // initialize listen context 844 | listen_ctx_t listen_ctx_list[server_num]; 845 | 846 | // bind to each interface 847 | for (int i = 0; i < server_num; i++) { 848 | const char *host = server_host[i]; 849 | 850 | // Bind to port 851 | int listenfd; 852 | listenfd = create_and_bind(host, server_port); 853 | if (listenfd == -1) { 854 | FATAL("bind() error"); 855 | } 856 | if (listen(listenfd, MAXCONN) == -1) { 857 | FATAL("listen() error"); 858 | } 859 | setnonblocking(listenfd); 860 | listen_ctx_t *listen_ctx = &listen_ctx_list[i]; 861 | 862 | // Setup proxy context 863 | listen_ctx->timeout = atoi(timeout); 864 | listen_ctx->fd = listenfd; 865 | listen_ctx->loop = loop; 866 | 867 | ev_io_init(&listen_ctx->io, accept_cb, listenfd, EV_READ); 868 | ev_io_start(loop, &listen_ctx->io); 869 | 870 | printf("tcp server listening at %s:%s\n", host ? host : "0.0.0.0", server_port); 871 | } 872 | 873 | 874 | if (geteuid() == 0) { 875 | printf("running from root user\n"); 876 | } 877 | 878 | // start ev loop 879 | ev_run(loop, 0); 880 | 881 | if (verbose) { 882 | printf("closed gracefully\n"); 883 | } 884 | 885 | // Clean up 886 | for (int i = 0; i < server_num; i++) { 887 | listen_ctx_t *listen_ctx = &listen_ctx_list[i]; 888 | ev_io_stop(loop, &listen_ctx->io); 889 | close(listen_ctx->fd); 890 | } 891 | 892 | return 0; 893 | } 894 | -------------------------------------------------------------------------------- /natcap_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Author: Chen Minqiang 3 | * Date : Sun, 05 Jun 2016 16:27:20 +0800 4 | * 5 | * This file is part of the natcap. 6 | * 7 | * natcap is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * natcap is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with natcap; see the file COPYING. If not, see 19 | * . 20 | */ 21 | #ifndef _NATCAP_COMMON_H_ 22 | #define _NATCAP_COMMON_H_ 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include "natcap.h" 41 | 42 | #if defined(CONFIG_NF_CONNTRACK_MARK) 43 | #else 44 | #error "Please enable CONFIG_NF_CONNTRACK_MARK in kernel config" 45 | #endif 46 | 47 | #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) 48 | #include 49 | #else 50 | static inline int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, const struct nf_conn *ignored_conntrack) 51 | { 52 | struct nf_conntrack_tuple reply; 53 | 54 | nf_ct_invert_tuple(&reply, tuple); 55 | return nf_conntrack_tuple_taken(&reply, ignored_conntrack); 56 | } 57 | #endif 58 | 59 | enum { 60 | CLIENT_MODE = 0, 61 | SERVER_MODE = 1, 62 | MIXING_MODE = 3, 63 | KNOCK_MODE = 4, 64 | PEER_MODE = 5, 65 | }; 66 | 67 | enum { 68 | TCP_ENCODE = 0, 69 | UDP_ENCODE = 1, 70 | }; 71 | 72 | static inline void natcap_tuple_to_ns(struct natcap_session *ns, const struct tuple *t, unsigned char protocol) 73 | { 74 | if (t->encryption) { 75 | short_set_bit(NS_NATCAP_ENC_BIT, &ns->n.status); 76 | } 77 | if (((protocol == IPPROTO_TCP) && (t->tcp_encode != TCP_ENCODE)) || ((protocol == IPPROTO_UDP) && (t->udp_encode != UDP_ENCODE))) { 78 | short_set_bit(NS_NATCAP_TCPUDPENC_BIT, &ns->n.status); 79 | } 80 | ns->n.target_ip = t->ip; 81 | ns->n.target_port = t->port; 82 | } 83 | 84 | extern unsigned short natmap_start; 85 | extern unsigned short natmap_end; 86 | extern __be32 *natmap_dip; 87 | 88 | extern unsigned int peer_multipath; 89 | 90 | extern unsigned short natcap_udp_seq_lock; 91 | extern unsigned short natcap_ignore_forward; 92 | extern unsigned int natcap_ignore_mask; 93 | 94 | extern struct cone_nat_session *cone_nat_array; 95 | extern struct cone_snat_session *cone_snat_array; 96 | 97 | void cone_nat_cleanup(void); 98 | void cone_nat_drop(__be32 iip, __be16 iport, __be32 eip, __be16 eport); 99 | 100 | #define NATCAP_MIN_PMTU 68 101 | #define NATCAP_MAX_PMTU 9000 102 | 103 | extern unsigned int natcap_max_pmtu; 104 | 105 | extern unsigned int natcap_touch_timeout; 106 | 107 | extern unsigned short natcap_redirect_port; 108 | extern unsigned short natcap_client_redirect_port; 109 | 110 | extern unsigned long long flow_total_tx_bytes; 111 | extern unsigned long long flow_total_rx_bytes; 112 | 113 | #define NATCAP_AUTH_MATCH_MAC 0x01 114 | #define NATCAP_AUTH_MATCH_IP 0x02 115 | extern unsigned int auth_enabled; 116 | extern unsigned int mode; 117 | extern const char *const mode_str[]; 118 | 119 | extern unsigned int disabled; 120 | extern unsigned int debug; 121 | extern unsigned int server_seed; 122 | 123 | extern const char *const hooknames[]; 124 | 125 | extern char htp_confusion_req[1024]; 126 | extern char htp_confusion_rsp[1024]; 127 | 128 | extern char htp_confusion_host[64]; 129 | 130 | #define htp_confusion_req_format "" \ 131 | "GET /%08x HTTP/1.1\r\n" \ 132 | "Host: %s\r\n" \ 133 | "Connection: keep-alive\r\n" \ 134 | "Pragma: no-cache\r\n" \ 135 | "Cache-Control: no-cache\r\n" \ 136 | "User-Agent: Mozilla/5.0 (X11; Linux x86_64)\r\n" \ 137 | "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n" \ 138 | "Accept-Encoding: gzip, deflate, sdch\r\n" \ 139 | "Accept-Language: zh-CN,en-US;q=0.8,en;q=0.6,zh;q=0.4\r\n" \ 140 | "\r\n" 141 | 142 | #define IS_NATCAP_FIXME() (debug & 0x10) 143 | #define IS_NATCAP_DEBUG() (debug & 0x8) 144 | #define IS_NATCAP_INFO() (debug & 0x4) 145 | #define IS_NATCAP_WARN() (debug & 0x2) 146 | #define IS_NATCAP_ERROR() (debug & 0x1) 147 | 148 | #define NATCAP_println(fmt, ...) \ 149 | do { \ 150 | printk(KERN_DEFAULT "{" MODULE_NAME "}:%s(): " pr_fmt(fmt) "\n", __FUNCTION__, ##__VA_ARGS__); \ 151 | } while (0) 152 | 153 | #define NATCAP_FIXME(fmt, ...) \ 154 | do { \ 155 | if (IS_NATCAP_FIXME()) { \ 156 | printk(KERN_ALERT "fixme: " pr_fmt(fmt), ##__VA_ARGS__); \ 157 | } \ 158 | } while (0) 159 | 160 | #define NATCAP_DEBUG(fmt, ...) \ 161 | do { \ 162 | if (IS_NATCAP_DEBUG()) { \ 163 | printk(KERN_DEBUG "debug: " pr_fmt(fmt), ##__VA_ARGS__); \ 164 | } \ 165 | } while (0) 166 | 167 | #define NATCAP_INFO(fmt, ...) \ 168 | do { \ 169 | if (IS_NATCAP_INFO()) { \ 170 | printk(KERN_DEFAULT "info: " pr_fmt(fmt), ##__VA_ARGS__); \ 171 | } \ 172 | } while (0) 173 | 174 | #define NATCAP_WARN(fmt, ...) \ 175 | do { \ 176 | if (IS_NATCAP_WARN()) { \ 177 | printk(KERN_WARNING "warning: " pr_fmt(fmt), ##__VA_ARGS__); \ 178 | } \ 179 | } while (0) 180 | 181 | #define NATCAP_ERROR(fmt, ...) \ 182 | do { \ 183 | if (IS_NATCAP_ERROR()) { \ 184 | printk(KERN_ERR "error: " pr_fmt(fmt), ##__VA_ARGS__); \ 185 | } \ 186 | } while (0) 187 | 188 | #ifdef NO_DEBUG 189 | #undef NATCAP_FIXME 190 | #undef NATCAP_DEBUG 191 | #undef NATCAP_INFO 192 | #undef NATCAP_WARN 193 | #undef NATCAP_ERROR 194 | #define NATCAP_FIXME(fmt, ...) 195 | #define NATCAP_DEBUG(fmt, ...) 196 | #define NATCAP_INFO(fmt, ...) 197 | #define NATCAP_WARN(fmt, ...) 198 | #define NATCAP_ERROR(fmt, ...) 199 | #endif 200 | 201 | #define IP_TCPUDP_FMT "%pI4:%u->%pI4:%u" 202 | #define IP_TCPUDP_ARG(i,t) &(i)->saddr, ntohs(((struct tcphdr *)(t))->source), &(i)->daddr, ntohs(((struct tcphdr *)(t))->dest) 203 | #define TCP_ST_FMT "%c%c%c%c%c%c%c%c|S=%u|A=%u|" 204 | #define TCP_ST_ARG(t) \ 205 | ((struct tcphdr *)(t))->cwr ? 'C' : '.', \ 206 | ((struct tcphdr *)(t))->ece ? 'E' : '.', \ 207 | ((struct tcphdr *)(t))->urg ? 'U' : '.', \ 208 | ((struct tcphdr *)(t))->ack ? 'A' : '.', \ 209 | ((struct tcphdr *)(t))->psh ? 'P' : '.', \ 210 | ((struct tcphdr *)(t))->rst ? 'R' : '.', \ 211 | ((struct tcphdr *)(t))->syn ? 'S' : '.', \ 212 | ((struct tcphdr *)(t))->fin ? 'F' : '.', \ 213 | ntohl(((struct tcphdr *)(t))->seq), \ 214 | ntohl(((struct tcphdr *)(t))->ack_seq) 215 | 216 | #define UDP_ST_FMT "UL:%u,UC:%04x" 217 | #define UDP_ST_ARG(u) ntohs(((struct udphdr *)(u))->len), ntohs(((struct udphdr *)(u))->check) 218 | #define ICMP_ST_FMT "T:%u,C:%u,ID:%u:SEQ:%u" 219 | #define ICMP_ST_ARG(m) ((struct icmphdr *)(m))->type, ((struct icmphdr *)(m))->code, ntohs(((struct icmphdr *)(m))->un.echo.id), ntohs(((struct icmphdr *)(m))->un.echo.sequence) 220 | 221 | #define DEBUG_FMT_PREFIX "(%s:%u)" 222 | #define DEBUG_ARG_PREFIX __FUNCTION__, __LINE__ 223 | 224 | #define DEBUG_FMT_TCP "[" IP_TCPUDP_FMT "|ID:%04X,IL:%u|" TCP_ST_FMT "]" 225 | #define DEBUG_ARG_TCP(i, t) IP_TCPUDP_ARG(i,t), ntohs(((struct iphdr *)(i))->id), ntohs(((struct iphdr *)(i))->tot_len), TCP_ST_ARG(t) 226 | 227 | #define DEBUG_FMT_UDP "[" IP_TCPUDP_FMT "|ID:%04X,IL:%u|" UDP_ST_FMT "]" 228 | #define DEBUG_ARG_UDP(i, u) IP_TCPUDP_ARG(i,u), ntohs((i)->id), ntohs((i)->tot_len), UDP_ST_ARG(u) 229 | 230 | #define DEBUG_FMT_ICMP "[%pI4->%pI4|ID:%04X,IL:%u|" ICMP_ST_FMT "]" 231 | #define DEBUG_ARG_ICMP(i, m) &(i)->saddr, &(i)->daddr, ntohs((i)->id), ntohs((i)->tot_len), ICMP_ST_ARG(m) 232 | 233 | #define DEBUG_TCP_FMT "[%s]" DEBUG_FMT_PREFIX DEBUG_FMT_TCP 234 | #define DEBUG_TCP_ARG(i, t) hooknames[hooknum], DEBUG_ARG_PREFIX, DEBUG_ARG_TCP(i, t) 235 | 236 | #define DEBUG_UDP_FMT "[%s]" DEBUG_FMT_PREFIX DEBUG_FMT_UDP 237 | #define DEBUG_UDP_ARG(i, u) hooknames[hooknum], DEBUG_ARG_PREFIX, DEBUG_ARG_UDP(i, u) 238 | 239 | #define DEBUG_ICMP_FMT "[%s]" DEBUG_FMT_PREFIX DEBUG_FMT_ICMP 240 | #define DEBUG_ICMP_ARG(i, m) hooknames[hooknum], DEBUG_ARG_PREFIX, DEBUG_ARG_ICMP(i, m) 241 | 242 | #define TUPLE_FMT "%pI4:%u-%c-%c-%c" 243 | #define TUPLE_ARG(t) &((struct tuple *)(t))->ip, ntohs(((struct tuple *)(t))->port), ((struct tuple *)(t))->encryption ? 'e' : 'o', ((struct tuple *)(t))->tcp_encode == TCP_ENCODE ? 'T' : 'U', ((struct tuple *)(t))->udp_encode == UDP_ENCODE ? 'U' : 'T' 244 | 245 | #define TCPH(t) ((struct tcphdr *)(t)) 246 | #define UDPH(u) ((struct udphdr *)(u)) 247 | #define ICMPH(i) ((struct icmphdr *)(i)) 248 | 249 | extern void natcap_data_encode(unsigned char *buf, int len); 250 | extern void natcap_data_decode(unsigned char *buf, int len); 251 | extern void skb_data_hook(struct sk_buff *skb, int offset, int len, void (*update)(unsigned char *, int)); 252 | 253 | extern int skb_rcsum_verify(struct sk_buff *skb); 254 | extern int skb_rcsum_tcpudp(struct sk_buff *skb); 255 | 256 | extern int natcap_tcpopt_setup(unsigned long status, struct sk_buff *skb, struct nf_conn *ct, struct natcap_TCPOPT *tcpopt, __be32 ip, __be16 port); 257 | extern int natcap_tcp_encode(struct nf_conn *ct, struct sk_buff *skb, const struct natcap_TCPOPT *tcpopt, int dir); 258 | extern int natcap_tcp_decode(struct nf_conn *ct, struct sk_buff *skb, struct natcap_TCPOPT *tcpopt, int dir); 259 | extern int natcap_tcp_encode_fwdupdate(struct sk_buff *skb, struct tcphdr *tcph, const struct tuple *server); 260 | static inline struct natcap_TCPOPT *natcap_tcp_decode_header(struct tcphdr *tcph) 261 | { 262 | struct natcap_TCPOPT *opt; 263 | 264 | opt = (struct natcap_TCPOPT *)((void *)tcph + sizeof(struct tcphdr)); 265 | if ( 266 | !( 267 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_data), sizeof(unsigned int)) && 268 | opt->header.opcode == TCPOPT_NATCAP && 269 | NATCAP_TCPOPT_TYPE(opt->header.type) == NATCAP_TCPOPT_TYPE_ALL && 270 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_data), sizeof(unsigned int))) || 271 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_dst), sizeof(unsigned int)) && 272 | opt->header.opcode == TCPOPT_NATCAP && 273 | NATCAP_TCPOPT_TYPE(opt->header.type) == NATCAP_TCPOPT_TYPE_DST && 274 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_dst), sizeof(unsigned int))) || 275 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_user), sizeof(unsigned int)) && 276 | opt->header.opcode == TCPOPT_NATCAP && 277 | NATCAP_TCPOPT_TYPE(opt->header.type) == NATCAP_TCPOPT_TYPE_USER && 278 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header) + sizeof(struct natcap_TCPOPT_user), sizeof(unsigned int))) || 279 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int)) && 280 | opt->header.opcode == TCPOPT_NATCAP && 281 | NATCAP_TCPOPT_TYPE(opt->header.type) == NATCAP_TCPOPT_TYPE_CONFUSION && 282 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int))) || 283 | (tcph->doff * 4 >= sizeof(struct tcphdr) + ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int)) && 284 | opt->header.opcode == TCPOPT_NATCAP && 285 | NATCAP_TCPOPT_TYPE(opt->header.type) == NATCAP_TCPOPT_TYPE_ADD && 286 | opt->header.opsize >= ALIGN(sizeof(struct natcap_TCPOPT_header), sizeof(unsigned int))) 287 | 288 | ) 289 | ) 290 | { 291 | return NULL; 292 | } 293 | 294 | return opt; 295 | } 296 | 297 | static inline unsigned int optlen(const u_int8_t *opt, unsigned int offset) 298 | { 299 | /* Beware zero-length options: make finite progress */ 300 | if (opt[offset] <= TCPOPT_NOP || opt[offset+1] == 0) 301 | return 1; 302 | else 303 | return opt[offset+1]; 304 | } 305 | 306 | static inline u_int32_t tcpmss_reverse_mtu(struct net *net, const struct sk_buff *skb) 307 | { 308 | struct flowi fl; 309 | #if ! defined(NF_MOVED_ROUTE_INDIRECTION) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0) 310 | const struct nf_afinfo *ai; 311 | #endif 312 | struct rtable *rt = NULL; 313 | u_int32_t mtu = ~0U; 314 | 315 | struct flowi4 *fl4 = &fl.u.ip4; 316 | memset(fl4, 0, sizeof(*fl4)); 317 | fl4->daddr = ip_hdr(skb)->saddr; 318 | 319 | rcu_read_lock(); 320 | #if ! defined(NF_MOVED_ROUTE_INDIRECTION) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0) 321 | ai = nf_get_afinfo(PF_INET); 322 | if (ai != NULL) 323 | ai->route(net, (struct dst_entry **)&rt, &fl, false); 324 | #else 325 | nf_route(net, (struct dst_entry **)&rt, &fl, false, PF_INET); 326 | #endif 327 | rcu_read_unlock(); 328 | 329 | if (rt != NULL) { 330 | mtu = dst_mtu(&rt->dst); 331 | dst_release(&rt->dst); 332 | } 333 | return mtu; 334 | } 335 | 336 | static inline u16 natcap_tcpmss_get(const struct tcphdr *tcph) { 337 | u16 oldmss; 338 | unsigned int i; 339 | int tcp_hdrlen; 340 | u8 *opt; 341 | 342 | tcp_hdrlen = tcph->doff * 4; 343 | opt = (u_int8_t *)tcph; 344 | for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { 345 | if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { 346 | oldmss = (opt[i+2] << 8) | opt[i+3]; 347 | return oldmss; 348 | } 349 | } 350 | return 0; 351 | } 352 | 353 | static inline int natcap_tcpmss_set(struct sk_buff *skb, struct tcphdr *tcph, u16 newmss) { 354 | u16 oldmss; 355 | unsigned int i; 356 | int tcp_hdrlen; 357 | u8 *opt; 358 | 359 | tcp_hdrlen = tcph->doff * 4; 360 | opt = (u_int8_t *)tcph; 361 | for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { 362 | if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { 363 | 364 | oldmss = (opt[i+2] << 8) | opt[i+3]; 365 | if (oldmss <= newmss) { 366 | return -1; 367 | } 368 | 369 | opt[i+2] = (newmss & 0xff00) >> 8; 370 | opt[i+3] = newmss & 0x00ff; 371 | 372 | inet_proto_csum_replace2(&tcph->check, skb, htons(oldmss), htons(newmss), false); 373 | 374 | NATCAP_INFO("Change TCP MSS %d to %d\n", oldmss, newmss); 375 | return 0; 376 | } 377 | } 378 | return -1; 379 | } 380 | 381 | static inline int natcap_tcpmss_adjust(struct sk_buff *skb, struct tcphdr *tcph, int delta, unsigned int max_mss) { 382 | u16 oldmss, newmss; 383 | unsigned int i; 384 | int tcp_hdrlen; 385 | u8 *opt; 386 | 387 | tcp_hdrlen = tcph->doff * 4; 388 | opt = (u_int8_t *)tcph; 389 | for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { 390 | if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { 391 | 392 | oldmss = (opt[i+2] << 8) | opt[i+3]; 393 | if ((int)oldmss + delta <= 0) { 394 | return -1; 395 | } 396 | newmss = oldmss + delta; 397 | if (newmss > max_mss) { 398 | newmss = max_mss; 399 | } 400 | if (oldmss <= newmss) { 401 | return -1; 402 | } 403 | 404 | opt[i+2] = (newmss & 0xff00) >> 8; 405 | opt[i+3] = newmss & 0x00ff; 406 | 407 | inet_proto_csum_replace2(&tcph->check, skb, htons(oldmss), htons(newmss), false); 408 | 409 | NATCAP_INFO("Change TCP MSS %d to %d\n", oldmss, newmss); 410 | return 0; 411 | } 412 | } 413 | return -1; 414 | } 415 | 416 | static inline int natcap_tcpmss_clamp_pmtu_adjust(struct sk_buff *skb, struct net *net, struct tcphdr *tcph, int delta) { 417 | u16 oldmss, newmss; 418 | unsigned int i; 419 | unsigned int minlen, in_mtu, min_mtu; 420 | int tcp_hdrlen; 421 | u8 *opt; 422 | 423 | minlen = sizeof(struct iphdr) + sizeof(struct tcphdr); 424 | in_mtu = tcpmss_reverse_mtu(net, skb); 425 | min_mtu = min(dst_mtu(skb_dst(skb)), in_mtu); 426 | 427 | if (min_mtu <= minlen) { 428 | return -1; 429 | } 430 | newmss = min_mtu - minlen; 431 | newmss = newmss + delta; 432 | 433 | tcp_hdrlen = tcph->doff * 4; 434 | opt = (u_int8_t *)tcph; 435 | for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { 436 | if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { 437 | 438 | oldmss = (opt[i+2] << 8) | opt[i+3]; 439 | if (oldmss <= newmss) { 440 | if ((int)oldmss + delta <= 0) { 441 | return -1; 442 | } 443 | newmss = oldmss + delta; 444 | } 445 | if (oldmss <= newmss) { 446 | return -1; 447 | } 448 | 449 | opt[i+2] = (newmss & 0xff00) >> 8; 450 | opt[i+3] = newmss & 0x00ff; 451 | 452 | inet_proto_csum_replace2(&tcph->check, skb, htons(oldmss), htons(newmss), false); 453 | 454 | NATCAP_INFO("Change TCP MSS %d to %d\n", oldmss, newmss); 455 | return 0; 456 | } 457 | } 458 | return -1; 459 | } 460 | 461 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0) 462 | extern int ip_set_test_src_ipport(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 463 | #define IP_SET_test_src_ipport(state, in, out, skb, name) ip_set_test_src_ipport(state, skb, name) 464 | extern int __ip_set_test_src_ipport(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name, __be32 *ip_addr, __be32 ip, __be16 *port_addr, __be16 port); 465 | #define __IP_SET_test_src_ipport(state, in, out, skb, name, ip_addr, ip, port_addr, port) __ip_set_test_src_ipport(state, skb, name, ip_addr, ip, port_addr, port) 466 | extern int ip_set_test_src_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 467 | #define IP_SET_test_src_ip(state, in, out, skb, name) ip_set_test_src_ip(state, skb, name) 468 | extern int ip_set_test_dst_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 469 | #define IP_SET_test_dst_ip(state, in, out, skb, name) ip_set_test_dst_ip(state, skb, name) 470 | extern int ip_set_add_src_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 471 | #define IP_SET_add_src_ip(state, in, out, skb, name) ip_set_add_src_ip(state, skb, name) 472 | extern int ip_set_add_dst_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 473 | #define IP_SET_add_dst_ip(state, in, out, skb, name) ip_set_add_dst_ip(state, skb, name) 474 | extern int ip_set_del_src_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 475 | #define IP_SET_del_src_ip(state, in, out, skb, name) ip_set_del_src_ip(state, skb, name) 476 | extern int ip_set_del_dst_ip(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 477 | #define IP_SET_del_dst_ip(state, in, out, skb, name) ip_set_del_dst_ip(state, skb, name) 478 | extern int ip_set_test_src_mac(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 479 | #define IP_SET_test_src_mac(state, in, out, skb, name) ip_set_test_src_mac(state, skb, name) 480 | extern int __ip_set_test_src_port(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name, __be16 *port_addr, __be16 port); 481 | #define __IP_SET_test_src_port(state, in, out, skb, name, addr, port) __ip_set_test_src_port(state, skb, name, addr, port) 482 | extern int __ip_set_test_dst_port(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name, __be16 *port_addr, __be16 port); 483 | #define __IP_SET_test_dst_port(state, in, out, skb, name, addr, port) __ip_set_test_dst_port(state, skb, name, addr, port) 484 | extern int ip_set_test_dst_netport(const struct nf_hook_state *state, struct sk_buff *skb, const char *ip_set_name); 485 | #define IP_SET_test_dst_netport(state, in, out, skb, name) ip_set_test_dst_netport(state, skb, name) 486 | #else 487 | extern int ip_set_test_src_ipport(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 488 | #define IP_SET_test_src_ipport(state, in, out, skb, name) ip_set_test_src_ipport(in, out, skb, name) 489 | extern int __ip_set_test_src_ipport(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name, __be32 *ip_addr, __be32 ip, __be16 *port_addr, __be16 port); 490 | #define __IP_SET_test_src_ipport(state, in, out, skb, name, ip_addr, ip, port_addr, port) __ip_set_test_src_ipport(in, out, skb, name, ip_addr, ip, port_addr, port) 491 | extern int ip_set_test_src_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 492 | #define IP_SET_test_src_ip(state, in, out, skb, name) ip_set_test_src_ip(in, out, skb, name) 493 | extern int ip_set_test_dst_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 494 | #define IP_SET_test_dst_ip(state, in, out, skb, name) ip_set_test_dst_ip(in, out, skb, name) 495 | extern int ip_set_add_src_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 496 | #define IP_SET_add_src_ip(state, in, out, skb, name) ip_set_add_src_ip(in, out, skb, name) 497 | extern int ip_set_add_dst_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 498 | #define IP_SET_add_dst_ip(state, in, out, skb, name) ip_set_add_dst_ip(in, out, skb, name) 499 | extern int ip_set_del_src_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 500 | #define IP_SET_del_src_ip(state, in, out, skb, name) ip_set_del_src_ip(in, out, skb, name) 501 | extern int ip_set_del_dst_ip(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 502 | #define IP_SET_del_dst_ip(state, in, out, skb, name) ip_set_del_dst_ip(in, out, skb, name) 503 | extern int ip_set_test_src_mac(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 504 | #define IP_SET_test_src_mac(state, in, out, skb, name) ip_set_test_src_mac(in, out, skb, name) 505 | extern int __ip_set_test_src_port(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name, __be16 *port_addr, __be16 port); 506 | #define __IP_SET_test_src_port(state, in, out, skb, name, addr, port) __ip_set_test_src_port(in, out, skb, name, addr, port) 507 | extern int __ip_set_test_dst_port(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name, __be16 *port_addr, __be16 port); 508 | #define __IP_SET_test_dst_port(state, in, out, skb, name, addr, port) __ip_set_test_dst_port(in, out, skb, name, addr, port) 509 | extern int ip_set_test_dst_netport(const struct net_device *in, const struct net_device *out, struct sk_buff *skb, const char *ip_set_name); 510 | #define IP_SET_test_dst_netport(state, in, out, skb, name) ip_set_test_dst_netport(in, out, skb, name) 511 | #endif 512 | 513 | #define IP_SET_test_src_port IP_SET_test_src_ip 514 | #define IP_SET_test_dst_port IP_SET_test_dst_ip 515 | 516 | extern unsigned int natcap_dnat_setup(struct nf_conn *ct, __be32 addr, __be16 man_proto); 517 | extern unsigned int natcap_snat_setup(struct nf_conn *ct, __be32 addr, __be16 man_proto); 518 | 519 | extern u32 cone_snat_hash(__be32 ip, __be16 port, __be32 wan_ip); 520 | 521 | extern void natcap_probe_ct_ext(void); 522 | 523 | extern int natcap_session_init(struct nf_conn *ct, gfp_t gfp); 524 | extern struct natcap_session *natcap_session_get(struct nf_conn *ct); 525 | static inline struct natcap_session *natcap_session_in(struct nf_conn *ct) 526 | { 527 | struct natcap_session *ns = natcap_session_get(ct); 528 | 529 | if (ns) { 530 | return ns; 531 | } 532 | 533 | if (natcap_session_init(ct, GFP_ATOMIC) != 0) { 534 | return NULL; 535 | } 536 | 537 | return natcap_session_get(ct); 538 | } 539 | 540 | extern void natcap_clone_timeout(struct nf_conn *dst, struct nf_conn *src); 541 | extern int natcap_udp_to_tcp_pack(struct sk_buff *skb, struct natcap_session *ns, int m, struct sk_buff **ping_skb); 542 | 543 | extern int natcap_common_init(void); 544 | 545 | extern void natcap_common_exit(void); 546 | 547 | #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 2, 0) 548 | #define __RT_GATEWAY rt_gateway 549 | #else 550 | #define __RT_GATEWAY rt_gw4 551 | #endif 552 | 553 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 554 | 555 | #define compat_ip_route_me_harder(net, sk, skb, addr_type) ip_route_me_harder(skb, addr_type) 556 | 557 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 78) 558 | 559 | #define compat_ip_route_me_harder(net, sk, skb, addr_type) ip_route_me_harder(net, skb, addr_type) 560 | 561 | #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 78) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) 562 | 563 | #define compat_ip_route_me_harder(net, sk, skb, addr_type) ip_route_me_harder(net, sk, skb, addr_type) 564 | 565 | #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 9) 566 | 567 | #define compat_ip_route_me_harder(net, sk, skb, addr_type) ip_route_me_harder(net, skb, addr_type) 568 | 569 | #else 570 | 571 | #define compat_ip_route_me_harder(net, sk, skb, addr_type) ip_route_me_harder(net, sk, skb, addr_type) 572 | 573 | #endif 574 | 575 | static inline int nf_unicast_output_route(struct net *net, struct sock *sk, struct sk_buff *skb, __be32 *saddr) 576 | { 577 | const struct iphdr *iph = ip_hdr(skb); 578 | struct rtable *rt; 579 | struct flowi4 fl4 = {}; 580 | __u8 flags; 581 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) 582 | struct flow_keys flkeys; 583 | #endif 584 | unsigned int hh_len; 585 | 586 | if (!net) 587 | net = dev_net(skb->dev); 588 | 589 | sk = sk_to_full_sk(sk); 590 | flags = sk ? inet_sk_flowi_flags(sk) : 0; 591 | flags |= FLOWI_FLAG_ANYSRC; 592 | 593 | fl4.daddr = iph->daddr; 594 | fl4.saddr = 0; 595 | fl4.flowi4_tos = RT_TOS(iph->tos); 596 | fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0; 597 | fl4.flowi4_mark = skb->mark; 598 | fl4.flowi4_flags = flags; 599 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) 600 | fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys); 601 | #endif 602 | rt = ip_route_output_key(net, &fl4); 603 | if (IS_ERR(rt)) 604 | return PTR_ERR(rt); 605 | 606 | skb_dst_drop(skb); 607 | skb_dst_set(skb, &rt->dst); 608 | 609 | if (skb_dst(skb)->error) 610 | return skb_dst(skb)->error; 611 | 612 | hh_len = skb_dst(skb)->dev->hard_header_len; 613 | if (skb_headroom(skb) < hh_len && pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), 0, GFP_ATOMIC)) 614 | return -ENOMEM; 615 | 616 | *saddr = fl4.saddr; 617 | 618 | return 0; 619 | } 620 | 621 | #define NF_GW_REROUTE(skb) do { \ 622 | struct dst_entry *dst = skb_dst(skb); \ 623 | struct rtable *rt = (struct rtable *)dst; \ 624 | BUG_ON(!rt); \ 625 | if (!rt->__RT_GATEWAY) { \ 626 | compat_ip_route_me_harder(state->net, state->sk, skb, RTN_UNSPEC); \ 627 | } \ 628 | } while (0) 629 | 630 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0) 631 | #define NF_OKFN(skb) do { \ 632 | if (okfn) { \ 633 | NF_GW_REROUTE(skb); \ 634 | okfn(skb); \ 635 | } else { \ 636 | kfree_skb(skb); \ 637 | NATCAP_println("NF_OKFN is null, drop pkt=%px", skb); \ 638 | } \ 639 | } while (0) 640 | 641 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0) 642 | #define NF_OKFN(skb) do { \ 643 | if (okfn) { \ 644 | NF_GW_REROUTE(skb); \ 645 | okfn(skb); \ 646 | } else { \ 647 | kfree_skb(skb); \ 648 | NATCAP_println("NF_OKFN is null, drop pkt=%px", skb); \ 649 | } \ 650 | } while (0) 651 | 652 | #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) 653 | #define NF_OKFN(skb) do { \ 654 | if (state->okfn) { \ 655 | NF_GW_REROUTE(skb); \ 656 | state->okfn(state->sk, skb); \ 657 | } else { \ 658 | kfree_skb(skb); \ 659 | NATCAP_println("NF_OKFN is null, drop pkt=%px", skb); \ 660 | } \ 661 | } while (0) 662 | 663 | #else 664 | #define NF_OKFN(skb) do { \ 665 | if (state->net && state->okfn) { \ 666 | NF_GW_REROUTE(skb); \ 667 | state->okfn(state->net, state->sk, skb); \ 668 | } else { \ 669 | kfree_skb(skb); \ 670 | NATCAP_println("NF_OKFN is null, drop pkt=%px", skb); \ 671 | } \ 672 | } while (0) 673 | 674 | #endif 675 | 676 | static inline unsigned char get_byte1(const unsigned char *p) 677 | { 678 | return p[0]; 679 | } 680 | 681 | static inline unsigned short get_byte2(const unsigned char *p) 682 | { 683 | unsigned short v; 684 | memcpy(&v, p, sizeof(v)); 685 | return v; 686 | } 687 | 688 | static inline unsigned int get_byte4(const unsigned char *p) 689 | { 690 | unsigned int v; 691 | memcpy(&v, p, sizeof(v)); 692 | return v; 693 | } 694 | 695 | static inline void set_byte1(unsigned char *p, unsigned char v) 696 | { 697 | p[0] = v; 698 | } 699 | 700 | static inline void set_byte2(unsigned char *p, unsigned short v) 701 | { 702 | memcpy(p, &v, sizeof(v)); 703 | } 704 | 705 | static inline void set_byte4(unsigned char *p, unsigned int v) 706 | { 707 | memcpy(p, &v, sizeof(v)); 708 | } 709 | 710 | static inline void set_byte6(unsigned char *p, const unsigned char *pv) 711 | { 712 | memcpy(p, pv, 6); 713 | } 714 | 715 | static inline void get_byte6(const unsigned char *p, unsigned char *pv) 716 | { 717 | memcpy(pv, p, 6); 718 | } 719 | 720 | #if !defined(SKB_NFCT_PTRMASK) && !defined(NFCT_PTRMASK) 721 | static inline struct nf_conntrack *skb_nfct(const struct sk_buff *skb) 722 | { 723 | return (void *)skb->nfct; 724 | } 725 | #endif 726 | 727 | static inline void skb_nfct_reset(struct sk_buff *skb) 728 | { 729 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0) 730 | nf_reset_ct(skb); 731 | #else 732 | nf_reset(skb); 733 | #endif 734 | } 735 | 736 | #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0) 737 | #define skb_frag_off(f) (f)->page_offset 738 | #endif 739 | 740 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) 741 | static inline int nf_register_hooks(struct nf_hook_ops *reg, unsigned int n) 742 | { 743 | return nf_register_net_hooks(&init_net, reg, n); 744 | } 745 | 746 | static inline void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n) 747 | { 748 | nf_unregister_net_hooks(&init_net, reg, n); 749 | } 750 | #endif 751 | 752 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 20, 0) 753 | static inline unsigned int nf_conntrack_in_compat(struct net *net, u_int8_t pf, unsigned int hooknum, struct sk_buff *skb) 754 | { 755 | return nf_conntrack_in(net, pf, hooknum, skb); 756 | } 757 | #else 758 | static inline unsigned int nf_conntrack_in_compat(struct net *net, u_int8_t pf, unsigned int hooknum, struct sk_buff *skb) 759 | { 760 | struct nf_hook_state state = { 761 | .hook = hooknum, 762 | .pf = pf, 763 | .net = net, 764 | }; 765 | 766 | return nf_conntrack_in(skb, &state); 767 | } 768 | 769 | #define need_conntrack() do {} while (0) 770 | #endif 771 | 772 | #ifndef for_ifa 773 | #define for_ifa(in_dev) { struct in_ifaddr *ifa; \ 774 | in_dev_for_each_ifa_rcu(ifa, in_dev) 775 | 776 | #define endfor_ifa(in_dev) } 777 | #endif 778 | 779 | static inline int inet_is_local(const struct net_device *dev, __be32 ip) 780 | { 781 | struct in_device *in_dev; 782 | 783 | if (dev == NULL) 784 | return 0; 785 | 786 | rcu_read_lock(); 787 | in_dev = __in_dev_get_rcu(dev); 788 | if (!in_dev) { 789 | rcu_read_unlock(); 790 | return 0; 791 | } 792 | for_ifa(in_dev) { 793 | if (ifa->ifa_local == ip) { 794 | rcu_read_unlock(); 795 | return 1; 796 | } 797 | } 798 | endfor_ifa(in_dev); 799 | rcu_read_unlock(); 800 | 801 | return 0; 802 | } 803 | 804 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) 805 | #define skb_make_writable !skb_ensure_writable 806 | #endif 807 | 808 | static inline struct sk_buff *natcap_peer_ctrl_alloc(struct sk_buff *oskb, int data_len) 809 | { 810 | struct sk_buff *nskb; 811 | struct iphdr *niph; 812 | int offset, add_len; 813 | void *l4; 814 | 815 | offset = sizeof(struct iphdr) + sizeof(struct udphdr) + data_len - (skb_headlen(oskb) + skb_tailroom(oskb)); 816 | add_len = offset < 0 ? 0 : offset; 817 | offset += skb_tailroom(oskb); 818 | nskb = skb_copy_expand(oskb, skb_headroom(oskb), skb_tailroom(oskb) + add_len, GFP_ATOMIC); 819 | if (!nskb) { 820 | NATCAP_ERROR(DEBUG_FMT_PREFIX "alloc_skb fail\n", DEBUG_ARG_PREFIX); 821 | return NULL; 822 | } 823 | nskb->tail += offset; 824 | nskb->len = sizeof(struct iphdr) + sizeof(struct udphdr) + data_len; 825 | 826 | niph = ip_hdr(nskb); 827 | niph->tot_len = htons(nskb->len); 828 | niph->id = htons(jiffies); 829 | 830 | l4 = (void *)niph + niph->ihl * 4; 831 | UDPH(l4)->len = htons(ntohs(niph->tot_len) - niph->ihl * 4); 832 | UDPH(l4)->check = CSUM_MANGLED_0; 833 | 834 | return nskb; 835 | } 836 | 837 | #define PEER_USKB_SIZE (sizeof(struct iphdr) + sizeof(struct udphdr)) 838 | #define PEER_FAKEUSER_DADDR __constant_htonl(0x7ffffffe) 839 | 840 | extern struct sk_buff *uskb_of_this_cpu(void); 841 | 842 | #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0) 843 | #define get_random_u32 prandom_u32 844 | #endif 845 | 846 | #endif /* _NATCAP_COMMON_H_ */ 847 | -------------------------------------------------------------------------------- /geoip.txt.out.cn: -------------------------------------------------------------------------------- 1 | 3.5.214.0=["中国","宁夏","中卫","",""] 2 | 8.128.0.0=["中国","中国","","",""] 3 | 20.139.160.0=["中国","天津","天津","",""] 4 | 40.77.136.112=["中国","北京","北京","",""] 5 | 40.77.254.64=["中国","北京","北京","",""] 6 | 43.0.0.0=["中国","中国","","",""] 7 | 43.144.0.0=["中国","中国","","",""] 8 | 43.160.0.0=["中国","中国","","",""] 9 | 43.228.204.0=["中国","浙江","杭州","",""] 10 | 43.228.240.0=["中国","浙江","杭州","",""] 11 | 43.237.196.0=["中国","中国","","",""] 12 | 43.246.112.0=["中国","中国","","",""] 13 | 43.246.148.0=["中国","中国","","",""] 14 | 45.112.212.0=["中国","中国","","",""] 15 | 45.115.100.0=["中国","中国","","",""] 16 | 45.119.232.0=["中国","中国","","",""] 17 | 45.120.100.0=["中国","江苏","扬州","",""] 18 | 46.248.24.0=["中国","中国","","",""] 19 | 54.240.224.0=["中国","北京","北京","",""] 20 | 59.43.181.128=["中国","中国","","",""] 21 | 59.43.181.136=["中国","中国","","",""] 22 | 59.43.181.170=["中国","中国","","",""] 23 | 59.43.181.172=["中国","中国","","",""] 24 | 59.43.181.184=["中国","中国","","",""] 25 | 59.43.181.92=["中国","中国","","",""] 26 | 59.43.181.96=["中国","中国","","",""] 27 | 59.43.182.128=["中国","中国","","",""] 28 | 59.43.182.160=["中国","中国","","",""] 29 | 59.43.182.176=["中国","中国","","",""] 30 | 59.43.182.184=["中国","中国","","",""] 31 | 59.43.182.56=["中国","中国","","",""] 32 | 59.43.182.72=["中国","中国","","",""] 33 | 59.43.182.76=["中国","中国","","",""] 34 | 59.43.182.80=["中国","中国","","",""] 35 | 59.43.182.96=["中国","中国","","",""] 36 | 59.43.248.238=["中国","中国","","",""] 37 | 59.43.248.250=["中国","中国","","",""] 38 | 59.43.248.252=["中国","中国","","",""] 39 | 59.43.249.0=["中国","中国","","",""] 40 | 59.43.249.108=["中国","中国","","",""] 41 | 59.43.249.112=["中国","中国","","",""] 42 | 59.43.249.180=["中国","中国","","",""] 43 | 59.43.249.184=["中国","中国","","",""] 44 | 59.43.249.192=["中国","中国","","",""] 45 | 59.43.249.196=["中国","中国","","",""] 46 | 59.43.249.200=["中国","中国","","",""] 47 | 59.43.249.210=["中国","中国","","",""] 48 | 59.43.249.212=["中国","中国","","",""] 49 | 59.43.250.16=["中国","中国","","",""] 50 | 59.43.250.22=["中国","中国","","",""] 51 | 59.43.250.24=["中国","中国","","",""] 52 | 59.43.250.38=["中国","中国","","",""] 53 | 59.43.250.44=["中国","中国","","",""] 54 | 59.43.250.54=["中国","中国","","",""] 55 | 59.43.250.58=["中国","中国","","",""] 56 | 59.43.250.60=["中国","中国","","",""] 57 | 59.43.250.64=["中国","中国","","",""] 58 | 59.43.250.82=["中国","中国","","",""] 59 | 59.43.250.84=["中国","中国","","",""] 60 | 59.43.255.64=["中国","中国","","",""] 61 | 71.137.0.0=["中国","北京","北京","",""] 62 | 72.163.248.0=["中国","上海","上海","",""] 63 | 87.254.207.0=["中国","北京","北京","",""] 64 | 93.183.14.0=["中国","北京","北京","",""] 65 | 93.183.18.0=["中国","北京","北京","",""] 66 | 103.104.252.0=["中国","湖北","","",""] 67 | 103.105.0.0=["中国","湖北","","",""] 68 | 103.105.116.0=["中国","中国","","",""] 69 | 103.105.12.0=["中国","浙江","金华","",""] 70 | 103.105.16.0=["中国","中国","","",""] 71 | 103.105.180.0=["中国","湖北","","",""] 72 | 103.105.184.0=["中国","湖北","","",""] 73 | 103.105.200.0=["中国","北京","北京","",""] 74 | 103.105.220.0=["中国","中国","","",""] 75 | 103.110.131.0=["中国","中国","","",""] 76 | 103.110.32.0=["中国","中国","","",""] 77 | 103.113.220.0=["中国","中国","","",""] 78 | 103.114.176.0=["中国","中国","","",""] 79 | 103.114.68.0=["中国","内蒙古","呼和浩特","",""] 80 | 103.118.19.0=["中国","中国","","",""] 81 | 103.120.140.0=["中国","中国","","",""] 82 | 103.120.196.0=["中国","上海","上海","",""] 83 | 103.120.224.0=["中国","天津","天津","",""] 84 | 103.120.52.0=["中国","中国","","",""] 85 | 103.120.72.0=["中国","浙江","绍兴","",""] 86 | 103.120.88.0=["中国","中国","","",""] 87 | 103.120.96.0=["中国","北京","北京","",""] 88 | 103.121.160.0=["中国","北京","北京","",""] 89 | 103.121.250.0=["中国","北京","北京","",""] 90 | 103.121.252.0=["中国","江苏","常州","",""] 91 | 103.121.52.0=["中国","北京","北京","",""] 92 | 103.122.192.0=["中国","北京","北京","",""] 93 | 103.122.240.0=["中国","中国","","",""] 94 | 103.122.48.0=["中国","陕西","西安","",""] 95 | 103.123.4.0=["中国","四川","资阳","",""] 96 | 103.124.24.0=["中国","中国","","",""] 97 | 103.124.48.0=["中国","中国","","",""] 98 | 103.124.64.0=["中国","中国","","",""] 99 | 103.126.44.0=["中国","中国","","",""] 100 | 103.129.148.0=["中国","中国","","",""] 101 | 103.135.80.0=["中国","内蒙古","呼和浩特","",""] 102 | 103.137.58.0=["中国","中国","","",""] 103 | 103.137.60.0=["中国","北京","北京","",""] 104 | 103.139.134.0=["中国","中国","","",""] 105 | 103.140.140.0=["中国","中国","","",""] 106 | 103.140.144.0=["中国","中国","","",""] 107 | 103.140.46.0=["中国","中国","","",""] 108 | 103.141.10.0=["中国","北京","北京","",""] 109 | 103.141.128.0=["中国","中国","","",""] 110 | 103.141.186.0=["中国","中国","","",""] 111 | 103.141.58.0=["中国","中国","","",""] 112 | 103.142.0.0=["中国","中国","","",""] 113 | 103.143.124.0=["中国","中国","","",""] 114 | 103.143.132.0=["中国","中国","","",""] 115 | 103.143.174.0=["中国","中国","","",""] 116 | 103.145.98.0=["中国","中国","","",""] 117 | 103.146.72.0=["中国","中国","","",""] 118 | 103.150.24.0=["中国","山东","济南","",""] 119 | 103.150.66.0=["中国","中国","","",""] 120 | 103.152.56.0=["中国","上海","上海","",""] 121 | 103.152.80.0=["中国","中国","","",""] 122 | 103.153.114.0=["中国","中国","","",""] 123 | 103.153.122.0=["中国","中国","","",""] 124 | 103.153.132.0=["中国","中国","","",""] 125 | 103.153.146.0=["中国","中国","","",""] 126 | 103.153.160.0=["中国","中国","","",""] 127 | 103.154.162.0=["中国","山东","青岛","",""] 128 | 103.154.164.0=["中国","中国","","",""] 129 | 103.154.168.0=["中国","中国","","",""] 130 | 103.154.18.0=["中国","中国","","",""] 131 | 103.154.30.0=["中国","北京","北京","",""] 132 | 103.154.32.0=["中国","中国","","",""] 133 | 103.154.40.0=["中国","浙江","杭州","",""] 134 | 103.154.66.0=["中国","中国","","",""] 135 | 103.155.248.0=["中国","中国","","",""] 136 | 103.156.104.0=["中国","中国","","",""] 137 | 103.156.158.0=["中国","中国","","",""] 138 | 103.156.186.0=["中国","黑龙江","","",""] 139 | 103.156.228.0=["中国","中国","","",""] 140 | 103.156.28.0=["中国","中国","","",""] 141 | 103.156.68.0=["中国","上海","上海","",""] 142 | 103.156.78.0=["中国","中国","","",""] 143 | 103.157.174.0=["中国","中国","","",""] 144 | 103.157.212.0=["中国","中国","","",""] 145 | 103.157.234.0=["中国","中国","","",""] 146 | 103.157.254.0=["中国","上海","上海","",""] 147 | 103.157.30.0=["中国","中国","","",""] 148 | 103.159.122.0=["中国","上海","上海","",""] 149 | 103.159.124.0=["中国","北京","北京","",""] 150 | 103.159.134.0=["中国","中国","","",""] 151 | 103.159.142.0=["中国","中国","","",""] 152 | 103.160.112.0=["中国","中国","","",""] 153 | 103.160.244.0=["中国","中国","","",""] 154 | 103.160.254.0=["中国","中国","","",""] 155 | 103.160.32.0=["中国","中国","","",""] 156 | 103.161.102.0=["中国","中国","","",""] 157 | 103.161.14.0=["中国","中国","","",""] 158 | 103.161.208.0=["中国","中国","","",""] 159 | 103.161.220.0=["中国","贵州","贵阳","",""] 160 | 103.161.254.0=["中国","广东","深圳","",""] 161 | 103.162.10.0=["中国","北京","北京","",""] 162 | 103.162.116.0=["中国","中国","","",""] 163 | 103.162.32.0=["中国","中国","","",""] 164 | 103.163.180.0=["中国","湖北","武汉","",""] 165 | 103.163.28.0=["中国","中国","","",""] 166 | 103.163.32.0=["中国","北京","北京","",""] 167 | 103.163.46.0=["中国","内蒙古","呼和浩特","",""] 168 | 103.163.74.0=["中国","中国","","",""] 169 | 103.164.178.0=["中国","中国","","",""] 170 | 103.164.226.0=["中国","北京","北京","",""] 171 | 103.164.32.0=["中国","上海","上海","",""] 172 | 103.164.40.0=["中国","中国","","",""] 173 | 103.164.4.0=["中国","中国","","",""] 174 | 103.164.64.0=["中国","浙江","杭州","",""] 175 | 103.164.76.0=["中国","中国","","",""] 176 | 103.165.110.0=["中国","中国","","",""] 177 | 103.165.44.0=["中国","中国","","",""] 178 | 103.165.52.0=["中国","中国","","",""] 179 | 103.165.82.0=["中国","中国","","",""] 180 | 103.166.138.0=["中国","吉林","长春","",""] 181 | 103.166.242.0=["中国","中国","","",""] 182 | 103.166.50.0=["中国","中国","","",""] 183 | 103.166.52.0=["中国","中国","","",""] 184 | 103.166.84.0=["中国","中国","","",""] 185 | 103.167.0.0=["中国","中国","","",""] 186 | 103.167.36.0=["中国","中国","","",""] 187 | 103.168.170.0=["中国","中国","","",""] 188 | 103.168.98.0=["中国","中国","","",""] 189 | 103.169.108.0=["中国","中国","","",""] 190 | 103.169.162.0=["中国","中国","","",""] 191 | 103.169.202.0=["中国","北京","北京","",""] 192 | 103.169.50.0=["中国","中国","","",""] 193 | 103.169.62.0=["中国","湖北","武汉","",""] 194 | 103.170.134.0=["中国","北京","北京","",""] 195 | 103.170.212.0=["中国","中国","","",""] 196 | 103.170.4.0=["中国","广东","深圳","",""] 197 | 103.171.214.0=["中国","中国","","",""] 198 | 103.171.32.0=["中国","中国","","",""] 199 | 103.172.160.0=["中国","中国","","",""] 200 | 103.172.191.0=["中国","中国","","",""] 201 | 103.172.32.0=["中国","中国","","",""] 202 | 103.173.102.0=["中国","中国","","",""] 203 | 103.173.182.0=["中国","北京","北京","",""] 204 | 103.173.184.0=["中国","中国","","",""] 205 | 103.174.94.0=["中国","中国","","",""] 206 | 103.175.114.0=["中国","中国","","",""] 207 | 103.175.118.0=["中国","中国","","",""] 208 | 103.175.14.0=["中国","中国","","",""] 209 | 103.176.222.0=["中国","中国","","",""] 210 | 103.176.244.0=["中国","中国","","",""] 211 | 103.176.52.0=["中国","中国","","",""] 212 | 103.177.28.0=["中国","中国","","",""] 213 | 103.192.252.0=["中国","上海","上海","",""] 214 | 103.196.185.0=["中国","中国","","",""] 215 | 103.196.186.0=["中国","中国","","",""] 216 | 103.197.180.0=["中国","中国","","",""] 217 | 103.197.182.0=["中国","中国","","",""] 218 | 103.197.253.0=["中国","中国","","",""] 219 | 103.197.254.0=["中国","中国","","",""] 220 | 103.204.72.0=["中国","上海","上海","",""] 221 | 103.211.168.0=["中国","中国","","",""] 222 | 103.213.252.0=["中国","中国","","",""] 223 | 103.215.104.0=["中国","中国","","",""] 224 | 103.216.16.0=["中国","北京","北京","",""] 225 | 103.216.32.0=["中国","北京","北京","",""] 226 | 103.216.4.0=["中国","北京","北京","",""] 227 | 103.216.64.0=["中国","中国","","",""] 228 | 103.216.8.0=["中国","北京","北京","",""] 229 | 103.226.116.0=["中国","中国","","",""] 230 | 103.230.40.0=["中国","中国","","",""] 231 | 103.231.144.0=["中国","天津","天津","",""] 232 | 103.234.0.0=["中国","中国","","",""] 233 | 103.234.124.0=["中国","北京","北京","",""] 234 | 103.234.244.0=["中国","中国","","",""] 235 | 103.248.228.0=["中国","中国","","",""] 236 | 103.255.200.0=["中国","江苏","无锡","",""] 237 | 103.255.208.0=["中国","中国","","",""] 238 | 103.26.116.0=["中国","中国","","",""] 239 | 103.31.72.0=["中国","上海","上海","",""] 240 | 103.35.180.0=["中国","中国","","",""] 241 | 103.36.36.0=["中国","山东","青岛","",""] 242 | 103.38.220.0=["中国","中国","","",""] 243 | 103.38.252.0=["中国","上海","上海","",""] 244 | 103.41.116.0=["中国","浙江","杭州","",""] 245 | 103.43.240.0=["中国","中国","","",""] 246 | 103.43.26.0=["中国","中国","","",""] 247 | 103.44.152.0=["中国","中国","","",""] 248 | 103.53.160.0=["中国","中国","","",""] 249 | 103.54.228.0=["中国","中国","","",""] 250 | 103.55.240.0=["中国","中国","","",""] 251 | 103.56.100.0=["中国","浙江","杭州","",""] 252 | 103.56.104.0=["中国","浙江","杭州","",""] 253 | 103.6.108.0=["中国","上海","上海","",""] 254 | 103.6.120.0=["中国","中国","","",""] 255 | 103.65.120.0=["中国","中国","","",""] 256 | 103.65.128.0=["中国","中国","","",""] 257 | 103.65.136.0=["中国","中国","","",""] 258 | 103.65.8.0=["中国","上海","上海","",""] 259 | 103.67.40.0=["中国","中国","","",""] 260 | 103.67.48.0=["中国","中国","","",""] 261 | 103.67.64.0=["中国","中国","","",""] 262 | 103.67.96.0=["中国","中国","","",""] 263 | 103.68.88.0=["中国","中国","","",""] 264 | 103.75.87.0=["中国","中国","","",""] 265 | 103.78.56.0=["中国","中国","","",""] 266 | 103.78.64.0=["中国","江苏","苏州","",""] 267 | 103.81.148.0=["中国","天津","天津","",""] 268 | 103.81.200.0=["中国","北京","北京","",""] 269 | 103.83.132.0=["中国","中国","","",""] 270 | 103.84.56.0=["中国","中国","","",""] 271 | 103.85.164.0=["中国","北京","北京","",""] 272 | 103.85.168.0=["中国","北京","北京","",""] 273 | 103.85.176.0=["中国","北京","北京","",""] 274 | 103.85.52.0=["中国","中国","","",""] 275 | 103.85.56.0=["中国","中国","","",""] 276 | 103.86.129.0=["中国","中国","","",""] 277 | 103.88.152.0=["中国","中国","","",""] 278 | 103.92.132.0=["中国","湖南","长沙","",""] 279 | 103.94.200.0=["中国","山东","青岛","",""] 280 | 103.95.68.0=["中国","北京","北京","",""] 281 | 103.97.40.0=["中国","中国","","",""] 282 | 103.99.132.0=["中国","中国","","",""] 283 | 103.99.136.0=["中国","中国","","",""] 284 | 103.99.144.0=["中国","中国","","",""] 285 | 103.99.56.0=["中国","中国","","",""] 286 | 109.71.4.0=["中国","中国","","",""] 287 | 110.43.78.0=["中国","北京","北京","",""] 288 | 111.223.248.0=["中国","中国","","",""] 289 | 112.75.0.0=["中国","中国","","",""] 290 | 113.197.104.0=["中国","北京","北京","",""] 291 | 116.197.180.0=["中国","北京","北京","",""] 292 | 116.204.232.0=["中国","中国","","",""] 293 | 117.58.64.0=["中国","北京","北京","",""] 294 | 118.191.13.0=["中国","中国","","",""] 295 | 118.191.14.0=["中国","中国","","",""] 296 | 118.191.160.0=["中国","中国","","",""] 297 | 118.191.209.0=["中国","中国","","",""] 298 | 118.191.210.0=["中国","中国","","",""] 299 | 118.191.212.0=["中国","中国","","",""] 300 | 118.191.32.0=["中国","中国","","",""] 301 | 118.191.84.0=["中国","中国","","",""] 302 | 118.191.88.0=["中国","中国","","",""] 303 | 118.191.96.0=["中国","中国","","",""] 304 | 118.26.176.0=["中国","北京","北京","",""] 305 | 118.26.184.0=["中国","北京","北京","",""] 306 | 118.26.96.0=["中国","北京","北京","",""] 307 | 121.91.104.0=["中国","中国","","",""] 308 | 122.8.192.0=["中国","中国","","",""] 309 | 122.98.144.0=["中国","广东","","",""] 310 | 122.98.160.0=["中国","广东","","",""] 311 | 122.98.192.0=["中国","广东","","",""] 312 | 122.98.232.0=["中国","广东","","",""] 313 | 122.98.240.0=["中国","广东","","",""] 314 | 123.100.232.0=["中国","中国","","",""] 315 | 123.108.142.0=["中国","中国","","",""] 316 | 123.60.0.0=["中国","上海","上海","",""] 317 | 131.253.12.0=["中国","北京","北京","",""] 318 | 131.253.12.80=["中国","北京","北京","",""] 319 | 138.32.244.0=["中国","北京","北京","",""] 320 | 139.5.204.0=["中国","中国","","",""] 321 | 140.101.208.0=["中国","上海","上海","",""] 322 | 140.242.223.0=["中国","北京","北京","",""] 323 | 140.242.224.0=["中国","北京","北京","",""] 324 | 144.0.0.0=["中国","山东","青岛","",""] 325 | 144.36.146.0=["中国","上海","上海","",""] 326 | 146.222.79.0=["中国","广东","珠海","",""] 327 | 146.222.81.0=["中国","广东","珠海","",""] 328 | 146.222.94.0=["中国","广东","珠海","",""] 329 | 147.243.13.32=["中国","北京","北京","",""] 330 | 147.243.13.64=["中国","北京","北京","",""] 331 | 147.243.14.32=["中国","北京","北京","",""] 332 | 148.70.0.0=["中国","四川","成都","",""] 333 | 156.107.160.0=["中国","北京","北京","",""] 334 | 156.107.170.0=["中国","上海","上海","",""] 335 | 156.107.178.0=["中国","北京","北京","",""] 336 | 156.107.180.0=["中国","北京","北京","",""] 337 | 156.154.62.0=["中国","北京","北京","",""] 338 | 157.119.0.0=["中国","中国","","",""] 339 | 157.133.186.0=["中国","上海","上海","",""] 340 | 157.133.192.0=["中国","上海","上海","",""] 341 | 157.133.212.0=["中国","上海","上海","",""] 342 | 157.133.236.0=["中国","上海","上海","",""] 343 | 158.60.0.0=["中国","中国","","",""] 344 | 159.27.0.0=["中国","北京","北京","",""] 345 | 160.19.208.0=["中国","广东","佛山","",""] 346 | 160.83.109.0=["中国","上海","上海","",""] 347 | 160.83.110.0=["中国","上海","上海","",""] 348 | 161.163.0.0=["中国","广东","深圳","",""] 349 | 163.228.0.0=["中国","北京","北京","",""] 350 | 163.244.246.0=["中国","福建","厦门","",""] 351 | 168.159.144.0=["中国","上海","上海","",""] 352 | 168.159.152.0=["中国","上海","上海","",""] 353 | 168.159.156.0=["中国","上海","上海","",""] 354 | 168.159.158.0=["中国","上海","上海","",""] 355 | 168.230.0.0=["中国","北京","北京","",""] 356 | 170.252.152.0=["中国","辽宁","大连","",""] 357 | 185.109.236.0=["中国","中国","","",""] 358 | 192.102.206.0=["中国","上海","上海","",""] 359 | 192.11.236.0=["中国","北京","北京","",""] 360 | 192.137.31.0=["中国","中国","","",""] 361 | 192.23.191.0=["中国","北京","北京","",""] 362 | 192.55.10.0=["中国","江苏","无锡","",""] 363 | 192.55.40.0=["中国","上海","上海","",""] 364 | 192.55.46.0=["中国","上海","上海","",""] 365 | 193.17.120.0=["中国","上海","上海","",""] 366 | 193.200.222.160=["中国","中国","","",""] 367 | 199.244.144.0=["中国","北京","北京","",""] 368 | 199.65.192.0=["中国","上海","上海","",""] 369 | 199.7.72.0=["中国","北京","北京","",""] 370 | 202.136.254.0=["中国","北京","北京","",""] 371 | 202.160.140.0=["中国","上海","上海","",""] 372 | 202.41.142.0=["中国","中国","","",""] 373 | 202.94.0.0=["中国","中国","","",""] 374 | 202.97.18.146=["中国","中国","","",""] 375 | 202.97.18.56=["中国","中国","","",""] 376 | 202.97.19.190=["中国","中国","","",""] 377 | 202.97.19.94=["中国","中国","","",""] 378 | 202.97.22.122=["中国","中国","","",""] 379 | 202.97.22.126=["中国","中国","","",""] 380 | 202.97.22.130=["中国","中国","","",""] 381 | 202.97.24.14=["中国","中国","","",""] 382 | 202.97.24.18=["中国","中国","","",""] 383 | 202.97.24.26=["中国","中国","","",""] 384 | 202.97.24.28=["中国","中国","","",""] 385 | 202.97.24.32=["中国","中国","","",""] 386 | 202.97.24.46=["中国","中国","","",""] 387 | 202.97.24.4=["中国","中国","","",""] 388 | 202.97.25.210=["中国","中国","","",""] 389 | 202.97.25.212=["中国","中国","","",""] 390 | 202.97.25.218=["中国","中国","","",""] 391 | 202.97.25.222=["中国","中国","","",""] 392 | 202.97.25.226=["中国","中国","","",""] 393 | 202.97.25.230=["中国","中国","","",""] 394 | 202.97.25.234=["中国","中国","","",""] 395 | 202.97.27.180=["中国","中国","","",""] 396 | 202.97.27.184=["中国","中国","","",""] 397 | 202.97.27.194=["中国","中国","","",""] 398 | 202.97.27.196=["中国","中国","","",""] 399 | 202.97.30.226=["中国","中国","","",""] 400 | 202.97.30.228=["中国","中国","","",""] 401 | 202.97.30.232=["中国","中国","","",""] 402 | 202.97.30.240=["中国","中国","","",""] 403 | 202.97.30.246=["中国","中国","","",""] 404 | 202.97.30.248=["中国","中国","","",""] 405 | 202.97.30.254=["中国","中国","","",""] 406 | 202.97.32.10=["中国","中国","","",""] 407 | 202.97.32.120=["中国","中国","","",""] 408 | 202.97.32.124=["中国","中国","","",""] 409 | 202.97.32.128=["中国","中国","","",""] 410 | 202.97.32.12=["中国","中国","","",""] 411 | 202.97.32.20=["中国","中国","","",""] 412 | 202.97.32.30=["中国","中国","","",""] 413 | 202.97.32.50=["中国","中国","","",""] 414 | 202.97.32.84=["中国","中国","","",""] 415 | 202.97.32.88=["中国","中国","","",""] 416 | 202.97.32.96=["中国","中国","","",""] 417 | 202.97.32.98=["中国","中国","","",""] 418 | 202.97.33.92=["中国","中国","","",""] 419 | 202.97.34.112=["中国","中国","","",""] 420 | 202.97.34.128=["中国","中国","","",""] 421 | 202.97.34.192=["中国","中国","","",""] 422 | 202.97.34.200=["中国","中国","","",""] 423 | 202.97.34.206=["中国","中国","","",""] 424 | 202.97.37.238=["中国","中国","","",""] 425 | 202.97.37.242=["中国","中国","","",""] 426 | 202.97.38.162=["中国","中国","","",""] 427 | 202.97.38.2=["中国","中国","","",""] 428 | 202.97.39.192=["中国","中国","","",""] 429 | 202.97.39.238=["中国","中国","","",""] 430 | 202.97.39.40=["中国","中国","","",""] 431 | 202.97.40.102=["中国","中国","","",""] 432 | 202.97.40.114=["中国","中国","","",""] 433 | 202.97.40.20=["中国","中国","","",""] 434 | 202.97.40.32=["中国","中国","","",""] 435 | 202.97.40.70=["中国","中国","","",""] 436 | 202.97.41.100=["中国","中国","","",""] 437 | 202.97.41.118=["中国","中国","","",""] 438 | 202.97.41.134=["中国","中国","","",""] 439 | 202.97.41.136=["中国","中国","","",""] 440 | 202.97.41.142=["中国","中国","","",""] 441 | 202.97.41.154=["中国","中国","","",""] 442 | 202.97.41.50=["中国","中国","","",""] 443 | 202.97.41.58=["中国","中国","","",""] 444 | 202.97.42.190=["中国","中国","","",""] 445 | 202.97.43.234=["中国","中国","","",""] 446 | 202.97.43.242=["中国","中国","","",""] 447 | 202.97.4.48=["中国","中国","","",""] 448 | 202.97.45.8=["中国","中国","","",""] 449 | 202.97.46.182=["中国","中国","","",""] 450 | 202.97.4.70=["中国","中国","","",""] 451 | 202.97.47.136=["中国","中国","","",""] 452 | 202.97.4.74=["中国","中国","","",""] 453 | 202.97.4.76=["中国","中国","","",""] 454 | 202.97.4.80=["中国","中国","","",""] 455 | 202.97.48.60=["中国","中国","","",""] 456 | 202.97.48.64=["中国","中国","","",""] 457 | 202.97.49.0=["中国","中国","","",""] 458 | 202.97.49.142=["中国","中国","","",""] 459 | 202.97.49.144=["中国","中国","","",""] 460 | 202.97.49.160=["中国","中国","","",""] 461 | 202.97.49.176=["中国","中国","","",""] 462 | 202.97.49.186=["中国","中国","","",""] 463 | 202.97.49.192=["中国","中国","","",""] 464 | 202.97.49.244=["中国","中国","","",""] 465 | 202.97.49.248=["中国","中国","","",""] 466 | 202.97.49.24=["中国","中国","","",""] 467 | 202.97.49.44=["中国","中国","","",""] 468 | 202.97.49.48=["中国","中国","","",""] 469 | 202.97.49.64=["中国","中国","","",""] 470 | 202.97.49.80=["中国","中国","","",""] 471 | 202.97.49.92=["中国","中国","","",""] 472 | 202.97.50.106=["中国","中国","","",""] 473 | 202.97.50.10=["中国","中国","","",""] 474 | 202.97.50.110=["中国","中国","","",""] 475 | 202.97.50.118=["中国","中国","","",""] 476 | 202.97.50.122=["中国","中国","","",""] 477 | 202.97.50.126=["中国","中国","","",""] 478 | 202.97.50.12=["中国","中国","","",""] 479 | 202.97.50.130=["中国","中国","","",""] 480 | 202.97.50.16=["中国","中国","","",""] 481 | 202.97.50.2=["中国","中国","","",""] 482 | 202.97.50.34=["中国","中国","","",""] 483 | 202.97.50.36=["中国","中国","","",""] 484 | 202.97.50.40=["中国","中国","","",""] 485 | 202.97.50.52=["中国","中国","","",""] 486 | 202.97.50.56=["中国","中国","","",""] 487 | 202.97.50.64=["中国","中国","","",""] 488 | 202.97.50.80=["中国","中国","","",""] 489 | 202.97.50.90=["中国","中国","","",""] 490 | 202.97.51.106=["中国","中国","","",""] 491 | 202.97.51.110=["中国","中国","","",""] 492 | 202.97.51.114=["中国","中国","","",""] 493 | 202.97.51.118=["中国","中国","","",""] 494 | 202.97.51.122=["中国","中国","","",""] 495 | 202.97.51.124=["中国","中国","","",""] 496 | 202.97.51.128=["中国","中国","","",""] 497 | 202.97.51.144=["中国","中国","","",""] 498 | 202.97.51.158=["中国","中国","","",""] 499 | 202.97.51.166=["中国","中国","","",""] 500 | 202.97.51.170=["中国","中国","","",""] 501 | 202.97.51.174=["中国","中国","","",""] 502 | 202.97.51.178=["中国","中国","","",""] 503 | 202.97.51.182=["中国","中国","","",""] 504 | 202.97.51.186=["中国","中国","","",""] 505 | 202.97.51.188=["中国","中国","","",""] 506 | 202.97.51.192=["中国","中国","","",""] 507 | 202.97.51.30=["中国","中国","","",""] 508 | 202.97.51.34=["中国","中国","","",""] 509 | 202.97.51.38=["中国","中国","","",""] 510 | 202.97.51.42=["中国","中国","","",""] 511 | 202.97.51.54=["中国","中国","","",""] 512 | 202.97.51.58=["中国","中国","","",""] 513 | 202.97.51.62=["中国","中国","","",""] 514 | 202.97.51.66=["中国","中国","","",""] 515 | 202.97.51.70=["中国","中国","","",""] 516 | 202.97.51.72=["中国","中国","","",""] 517 | 202.97.51.80=["中国","中国","","",""] 518 | 202.97.51.90=["中国","中国","","",""] 519 | 202.97.51.94=["中国","中国","","",""] 520 | 202.97.54.120=["中国","中国","","",""] 521 | 202.97.54.124=["中国","中国","","",""] 522 | 202.97.55.150=["中国","中国","","",""] 523 | 202.97.55.198=["中国","中国","","",""] 524 | 202.97.55.204=["中国","中国","","",""] 525 | 202.97.55.208=["中国","中国","","",""] 526 | 202.97.55.74=["中国","中国","","",""] 527 | 202.97.55.86=["中国","中国","","",""] 528 | 202.97.55.94=["中国","中国","","",""] 529 | 202.97.55.96=["中国","中国","","",""] 530 | 202.97.58.10=["中国","中国","","",""] 531 | 202.97.58.130=["中国","中国","","",""] 532 | 202.97.58.134=["中国","中国","","",""] 533 | 202.97.58.138=["中国","中国","","",""] 534 | 202.97.58.148=["中国","中国","","",""] 535 | 202.97.58.14=["中国","中国","","",""] 536 | 202.97.58.158=["中国","中国","","",""] 537 | 202.97.58.160=["中国","中国","","",""] 538 | 202.97.58.174=["中国","中国","","",""] 539 | 202.97.58.178=["中国","中国","","",""] 540 | 202.97.58.182=["中国","中国","","",""] 541 | 202.97.58.186=["中国","中国","","",""] 542 | 202.97.58.194=["中国","中国","","",""] 543 | 202.97.58.198=["中国","中国","","",""] 544 | 202.97.58.202=["中国","中国","","",""] 545 | 202.97.58.206=["中国","中国","","",""] 546 | 202.97.58.214=["中国","中国","","",""] 547 | 202.97.58.218=["中国","中国","","",""] 548 | 202.97.58.222=["中国","中国","","",""] 549 | 202.97.58.226=["中国","中国","","",""] 550 | 202.97.58.22=["中国","中国","","",""] 551 | 202.97.58.234=["中国","中国","","",""] 552 | 202.97.58.238=["中国","中国","","",""] 553 | 202.97.58.242=["中国","中国","","",""] 554 | 202.97.58.246=["中国","中国","","",""] 555 | 202.97.58.26=["中国","中国","","",""] 556 | 202.97.58.2=["中国","中国","","",""] 557 | 202.97.59.84=["中国","中国","","",""] 558 | 202.97.59.90=["中国","中国","","",""] 559 | 202.97.59.94=["中国","中国","","",""] 560 | 202.97.60.210=["中国","中国","","",""] 561 | 202.97.60.214=["中国","中国","","",""] 562 | 202.97.60.238=["中国","中国","","",""] 563 | 202.97.60.242=["中国","中国","","",""] 564 | 202.97.60.246=["中国","中国","","",""] 565 | 202.97.60.250=["中国","中国","","",""] 566 | 202.97.60.252=["中国","中国","","",""] 567 | 202.97.60.60=["中国","中国","","",""] 568 | 202.97.61.130=["中国","中国","","",""] 569 | 202.97.61.132=["中国","中国","","",""] 570 | 202.97.61.136=["中国","中国","","",""] 571 | 202.97.61.144=["中国","中国","","",""] 572 | 202.97.61.160=["中国","中国","","",""] 573 | 202.97.61.166=["中国","中国","","",""] 574 | 202.97.61.186=["中国","中国","","",""] 575 | 202.97.61.188=["中国","中国","","",""] 576 | 202.97.61.192=["中国","中国","","",""] 577 | 202.97.61.208=["中国","中国","","",""] 578 | 202.97.61.30=["中国","中国","","",""] 579 | 202.97.61.38=["中国","中国","","",""] 580 | 202.97.61.40=["中国","中国","","",""] 581 | 202.97.61.54=["中国","中国","","",""] 582 | 202.97.61.58=["中国","中国","","",""] 583 | 202.97.61.62=["中国","中国","","",""] 584 | 202.97.62.128=["中国","中国","","",""] 585 | 202.97.62.32=["中国","中国","","",""] 586 | 202.97.62.48=["中国","中国","","",""] 587 | 202.97.62.56=["中国","中国","","",""] 588 | 202.97.62.66=["中国","中国","","",""] 589 | 202.97.62.70=["中国","中国","","",""] 590 | 202.97.62.80=["中国","中国","","",""] 591 | 202.97.62.96=["中国","中国","","",""] 592 | 202.97.63.110=["中国","中国","","",""] 593 | 202.97.63.118=["中国","中国","","",""] 594 | 202.97.63.126=["中国","中国","","",""] 595 | 202.97.63.22=["中国","中国","","",""] 596 | 202.97.63.24=["中国","中国","","",""] 597 | 202.97.63.42=["中国","中国","","",""] 598 | 202.97.63.92=["中国","中国","","",""] 599 | 202.97.66.182=["中国","中国","","",""] 600 | 202.97.70.210=["中国","中国","","",""] 601 | 202.97.70.218=["中国","中国","","",""] 602 | 202.97.70.222=["中国","中国","","",""] 603 | 202.97.71.110=["中国","中国","","",""] 604 | 202.97.71.194=["中国","中国","","",""] 605 | 202.97.71.198=["中国","中国","","",""] 606 | 202.97.71.74=["中国","中国","","",""] 607 | 202.97.72.102=["中国","中国","","",""] 608 | 202.97.73.122=["中国","中国","","",""] 609 | 202.97.73.218=["中国","中国","","",""] 610 | 202.97.76.34=["中国","中国","","",""] 611 | 202.97.76.42=["中国","中国","","",""] 612 | 202.97.79.134=["中国","中国","","",""] 613 | 202.97.79.94=["中国","中国","","",""] 614 | 202.97.83.24=["中国","中国","","",""] 615 | 202.97.86.80=["中国","中国","","",""] 616 | 202.97.89.110=["中国","中国","","",""] 617 | 202.97.89.114=["中国","中国","","",""] 618 | 202.97.89.116=["中国","中国","","",""] 619 | 202.97.89.120=["中国","中国","","",""] 620 | 202.97.89.128=["中国","中国","","",""] 621 | 202.97.89.132=["中国","中国","","",""] 622 | 202.97.89.138=["中国","中国","","",""] 623 | 202.97.89.142=["中国","中国","","",""] 624 | 202.97.89.146=["中国","中国","","",""] 625 | 202.97.89.148=["中国","中国","","",""] 626 | 202.97.89.154=["中国","中国","","",""] 627 | 202.97.90.0=["中国","中国","","",""] 628 | 202.97.90.112=["中国","中国","","",""] 629 | 202.97.90.124=["中国","中国","","",""] 630 | 202.97.90.132=["中国","中国","","",""] 631 | 202.97.90.136=["中国","中国","","",""] 632 | 202.97.90.144=["中国","中国","","",""] 633 | 202.97.90.152=["中国","中国","","",""] 634 | 202.97.90.16=["中国","中国","","",""] 635 | 202.97.90.172=["中国","中国","","",""] 636 | 202.97.90.182=["中国","中国","","",""] 637 | 202.97.90.184=["中国","中国","","",""] 638 | 202.97.90.190=["中国","中国","","",""] 639 | 202.97.90.192=["中国","中国","","",""] 640 | 202.97.90.254=["中国","中国","","",""] 641 | 202.97.90.46=["中国","中国","","",""] 642 | 202.97.90.48=["中国","中国","","",""] 643 | 202.97.90.60=["中国","中国","","",""] 644 | 202.97.90.8=["中国","中国","","",""] 645 | 202.97.91.102=["中国","中国","","",""] 646 | 202.97.91.110=["中国","中国","","",""] 647 | 202.97.91.114=["中国","中国","","",""] 648 | 202.97.91.116=["中国","中国","","",""] 649 | 202.97.91.126=["中国","中国","","",""] 650 | 202.97.91.82=["中国","中国","","",""] 651 | 202.97.91.84=["中国","中国","","",""] 652 | 202.97.91.90=["中国","中国","","",""] 653 | 202.97.91.92=["中国","中国","","",""] 654 | 202.97.92.208=["中国","中国","","",""] 655 | 202.97.92.36=["中国","中国","","",""] 656 | 202.97.92.44=["中国","中国","","",""] 657 | 202.97.93.16=["中国","中国","","",""] 658 | 202.97.93.2=["中国","中国","","",""] 659 | 202.97.93.4=["中国","中国","","",""] 660 | 202.97.93.8=["中国","中国","","",""] 661 | 202.97.94.152=["中国","中国","","",""] 662 | 203.128.128.0=["中国","北京","北京","",""] 663 | 203.13.145.0=["中国","上海","上海","",""] 664 | 203.14.186.248=["中国","中国","","",""] 665 | 203.14.187.134=["中国","中国","","",""] 666 | 203.14.187.136=["中国","中国","","",""] 667 | 203.14.187.144=["中国","中国","","",""] 668 | 203.14.187.192=["中国","中国","","",""] 669 | 203.14.187.204=["中国","中国","","",""] 670 | 203.14.187.240=["中国","中国","","",""] 671 | 203.14.187.40=["中国","中国","","",""] 672 | 203.142.12.0=["中国","中国","","",""] 673 | 203.144.96.0=["中国","中国","","",""] 674 | 203.22.78.0=["中国","福建","","",""] 675 | 203.30.27.0=["中国","中国","","",""] 676 | 203.65.240.0=["中国","北京","北京","",""] 677 | 203.86.96.0=["中国","中国","","",""] 678 | 204.74.96.0=["中国","北京","北京","",""] 679 | 211.136.1.100=["中国","中国","","",""] 680 | 211.136.1.104=["中国","中国","","",""] 681 | 211.136.1.108=["中国","中国","","",""] 682 | 211.136.1.114=["中国","中国","","",""] 683 | 211.136.1.118=["中国","中国","","",""] 684 | 211.136.1.93=["中国","中国","","",""] 685 | 211.136.1.96=["中国","中国","","",""] 686 | 211.155.114.0=["中国","福建","福州","",""] 687 | 211.155.96.0=["中国","福建","福州","",""] 688 | 219.158.100.16=["中国","中国","","",""] 689 | 219.158.100.22=["中国","中国","","",""] 690 | 219.158.100.24=["中国","中国","","",""] 691 | 219.158.100.30=["中国","中国","","",""] 692 | 219.158.101.198=["中国","中国","","",""] 693 | 219.158.102.110=["中国","中国","","",""] 694 | 219.158.102.112=["中国","中国","","",""] 695 | 219.158.102.128=["中国","中国","","",""] 696 | 219.158.102.134=["中国","中国","","",""] 697 | 219.158.102.138=["中国","中国","","",""] 698 | 219.158.102.146=["中国","中国","","",""] 699 | 219.158.102.154=["中国","中国","","",""] 700 | 219.158.102.158=["中国","中国","","",""] 701 | 219.158.102.232=["中国","中国","","",""] 702 | 219.158.102.82=["中国","中国","","",""] 703 | 219.158.102.88=["中国","中国","","",""] 704 | 219.158.10.30=["中国","中国","","",""] 705 | 219.158.104.110=["中国","中国","","",""] 706 | 219.158.10.50=["中国","中国","","",""] 707 | 219.158.10.54=["中国","中国","","",""] 708 | 219.158.10.56=["中国","中国","","",""] 709 | 219.158.107.110=["中国","中国","","",""] 710 | 219.158.107.114=["中国","中国","","",""] 711 | 219.158.107.92=["中国","中国","","",""] 712 | 219.158.112.206=["中国","中国","","",""] 713 | 219.158.116.234=["中国","中国","","",""] 714 | 219.158.116.236=["中国","中国","","",""] 715 | 219.158.116.240=["中国","中国","","",""] 716 | 219.158.116.254=["中国","中国","","",""] 717 | 219.158.117.16=["中国","中国","","",""] 718 | 219.158.117.6=["中国","中国","","",""] 719 | 219.158.117.8=["中国","中国","","",""] 720 | 219.158.23.208=["中国","中国","","",""] 721 | 219.158.24.26=["中国","中国","","",""] 722 | 219.158.24.74=["中国","中国","","",""] 723 | 219.158.25.128=["中国","中国","","",""] 724 | 219.158.25.138=["中国","中国","","",""] 725 | 219.158.25.140=["中国","中国","","",""] 726 | 219.158.25.144=["中国","中国","","",""] 727 | 219.158.25.168=["中国","中国","","",""] 728 | 219.158.25.176=["中国","中国","","",""] 729 | 219.158.25.72=["中国","中国","","",""] 730 | 219.158.25.80=["中国","中国","","",""] 731 | 219.158.25.96=["中国","中国","","",""] 732 | 219.158.34.210=["中国","中国","","",""] 733 | 219.158.34.212=["中国","中国","","",""] 734 | 219.158.34.246=["中国","中国","","",""] 735 | 219.158.34.250=["中国","中国","","",""] 736 | 219.158.34.252=["中国","中国","","",""] 737 | 219.158.34.62=["中国","中国","","",""] 738 | 219.158.35.2=["中国","中国","","",""] 739 | 219.158.35.4=["中国","中国","","",""] 740 | 219.158.37.224=["中国","中国","","",""] 741 | 219.158.39.100=["中国","中国","","",""] 742 | 219.158.39.104=["中国","中国","","",""] 743 | 219.158.39.114=["中国","中国","","",""] 744 | 219.158.39.116=["中国","中国","","",""] 745 | 219.158.39.124=["中国","中国","","",""] 746 | 219.158.39.132=["中国","中国","","",""] 747 | 219.158.39.144=["中国","中国","","",""] 748 | 219.158.39.150=["中国","中国","","",""] 749 | 219.158.39.152=["中国","中国","","",""] 750 | 219.158.39.158=["中国","中国","","",""] 751 | 219.158.39.178=["中国","中国","","",""] 752 | 219.158.39.190=["中国","中国","","",""] 753 | 219.158.39.194=["中国","中国","","",""] 754 | 219.158.39.196=["中国","中国","","",""] 755 | 219.158.39.206=["中国","中国","","",""] 756 | 219.158.40.104=["中国","中国","","",""] 757 | 219.158.40.110=["中国","中国","","",""] 758 | 219.158.40.116=["中国","中国","","",""] 759 | 219.158.40.120=["中国","中国","","",""] 760 | 219.158.40.128=["中国","中国","","",""] 761 | 219.158.40.140=["中国","中国","","",""] 762 | 219.158.40.144=["中国","中国","","",""] 763 | 219.158.40.154=["中国","中国","","",""] 764 | 219.158.40.156=["中国","中国","","",""] 765 | 219.158.40.162=["中国","中国","","",""] 766 | 219.158.40.178=["中国","中国","","",""] 767 | 219.158.40.182=["中国","中国","","",""] 768 | 219.158.40.188=["中国","中国","","",""] 769 | 219.158.40.200=["中国","中国","","",""] 770 | 219.158.40.226=["中国","中国","","",""] 771 | 219.158.40.230=["中国","中国","","",""] 772 | 219.158.40.232=["中国","中国","","",""] 773 | 219.158.40.252=["中国","中国","","",""] 774 | 219.158.40.30=["中国","中国","","",""] 775 | 219.158.40.32=["中国","中国","","",""] 776 | 219.158.40.48=["中国","中国","","",""] 777 | 219.158.40.92=["中国","中国","","",""] 778 | 219.158.40.96=["中国","中国","","",""] 779 | 219.158.41.10=["中国","中国","","",""] 780 | 219.158.41.12=["中国","中国","","",""] 781 | 219.158.41.136=["中国","中国","","",""] 782 | 219.158.41.16=["中国","中国","","",""] 783 | 219.158.42.122=["中国","中国","","",""] 784 | 219.158.43.110=["中国","中国","","",""] 785 | 219.158.43.142=["中国","中国","","",""] 786 | 219.158.43.146=["中国","中国","","",""] 787 | 219.158.43.160=["中国","中国","","",""] 788 | 219.158.43.168=["中国","中国","","",""] 789 | 219.158.43.176=["中国","中国","","",""] 790 | 219.158.43.190=["中国","中国","","",""] 791 | 219.158.43.96=["中国","中国","","",""] 792 | 219.158.45.184=["中国","中国","","",""] 793 | 219.158.45.190=["中国","中国","","",""] 794 | 219.158.45.28=["中国","中国","","",""] 795 | 219.158.97.178=["中国","中国","","",""] 796 | 219.158.97.194=["中国","中国","","",""] 797 | 219.158.97.246=["中国","中国","","",""] 798 | 219.158.97.248=["中国","中国","","",""] 799 | 219.158.97.4=["中国","中国","","",""] 800 | 219.158.97.8=["中国","中国","","",""] 801 | 219.158.98.134=["中国","中国","","",""] 802 | 219.158.98.14=["中国","中国","","",""] 803 | 219.158.98.154=["中国","中国","","",""] 804 | 219.158.98.174=["中国","中国","","",""] 805 | 219.158.98.18=["中国","中国","","",""] 806 | 219.158.98.224=["中国","中国","","",""] 807 | 219.158.98.28=["中国","中国","","",""] 808 | 219.158.98.34=["中国","中国","","",""] 809 | 219.158.98.38=["中国","中国","","",""] 810 | 219.158.98.50=["中国","中国","","",""] 811 | 219.158.98.58=["中国","中国","","",""] 812 | 219.158.98.62=["中国","中国","","",""] 813 | 220.158.240.0=["中国","中国","","",""] 814 | 220.158.242.0=["中国","中国","","",""] 815 | 220.242.192.0=["中国","中国","","",""] 816 | 220.242.196.0=["中国","中国","","",""] 817 | 220.242.198.0=["中国","中国","","",""] 818 | 220.242.200.0=["中国","中国","","",""] 819 | 220.242.204.0=["中国","中国","","",""] 820 | 220.242.206.0=["中国","中国","","",""] 821 | 221.176.23.86=["中国","中国","","",""] 822 | 221.176.23.90=["中国","中国","","",""] 823 | 221.176.23.94=["中国","中国","","",""] 824 | 221.183.20.246=["中国","中国","","",""] 825 | 221.183.20.250=["中国","中国","","",""] 826 | 221.183.20.254=["中国","中国","","",""] 827 | 221.183.21.0=["中国","中国","","",""] 828 | 221.183.21.10=["中国","中国","","",""] 829 | 221.183.21.14=["中国","中国","","",""] 830 | 221.183.21.16=["中国","中国","","",""] 831 | 221.183.21.182=["中国","中国","","",""] 832 | 221.183.21.186=["中国","中国","","",""] 833 | 221.183.21.190=["中国","中国","","",""] 834 | 221.183.21.198=["中国","中国","","",""] 835 | 221.183.21.24=["中国","中国","","",""] 836 | 221.183.21.56=["中国","中国","","",""] 837 | 222.126.176.0=["中国","广东","深圳","",""] 838 | 223.120.0.10=["中国","中国","","",""] 839 | 223.120.0.128=["中国","中国","","",""] 840 | 223.120.0.12=["中国","中国","","",""] 841 | 223.120.0.16=["中国","中国","","",""] 842 | 223.120.0.32=["中国","中国","","",""] 843 | 223.120.0.64=["中国","中国","","",""] 844 | 223.120.1.0=["中国","中国","","",""] 845 | 223.120.16.0=["中国","中国","","",""] 846 | 223.120.2.0=["中国","中国","","",""] 847 | 223.120.32.0=["中国","中国","","",""] 848 | 223.120.4.0=["中国","中国","","",""] 849 | 223.120.64.0=["中国","中国","","",""] 850 | 223.120.8.0=["中国","中国","","",""] 851 | 223.121.0.0=["中国","中国","","",""] 852 | --------------------------------------------------------------------------------