在main函數中,有一行,
clear_nat_hack_flags(svr);
在cfg_file.y中定義,
/* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */
inline void clear_nat_hack_flags(int svr)
{
??? if (svr)
???????
llist_trav(&host_list,clear_nat_hack_server,NULL);
??? else
???????
llist_trav(&host_list,clear_nat_hack_client,NULL);
}
先看svr=1,也就是server端的情況,
llist_trav(&host_list,clear_nat_hack_server,NULL);
在llist.c中,
/* Travel list from head to tail */
void * llist_trav(llist *l, int (*f)(void *d, void *u), void *u)
{
??? llist_elm *i = l->head;
??? while( i ){
????
? if( f(i->data,u) ) return i->data;
?????? i = i->next;
??? }
??? return NULL;
}
為搞清l是什么,需搞清host_list是什么,
經分析host_list是配置文件中所有會話名。
再看clear_nat_hack_server函數,
int clear_nat_hack_server(void *d, void *u)
{
?
?
((struct vtun_host*)d)->flags &= ~VTUN_NAT_HACK_CLIENT;
//清除VTUN_NAT_HACK_CLIENT標志
??? return 0;
}
其中
/* Flags for the NAT hack with delayed UDP socket connect */
#define VTUN_NAT_HACK_CLIENT??? 0x4000
#define VTUN_NAT_HACK_SERVER??? 0x8000
?
結合
while( i ){
????
? if( f(i->data,u) ) return i->data;
?????? i = i->next;
??? }
可知 llist_trav(&host_list,clear_nat_hack_server,NULL);
就是清除所有會話的nat_hack的flags.
?
?
最終關于main函數中 clear_nat_hack_flags(svr); 的結論:
當是server端時,清除所有會話的表示client的nat_hack的flags.
當是client端時,清除所有會話的表示server的nat_hack的flags.(client端分析略)
nat_hack的flags在server端和client端并不相同,因為
#define VTUN_NAT_HACK_CLIENT??? 0x4000#define VTUN_NAT_HACK_SERVER??? 0x8000
為什么要這樣做呢?因為nat_hack只能在client和server一端使用,不能兩端一起使用。
?
那么又為什么只能在一端使用呢,看下面分析,
?
http://permalink.gmane.org/gmane.network.vtun.devel/6 這個maillist討論了此問題,關于vtun中涉及nat的源碼就是第一個發郵件的那個人寫的,他說這個nat_hack只能用于一端。 好像源碼中關于nat的部分是為了解決——使用udp時client經過nat到達server時的連接問題,即隧道中有nat的問題。
理解到此為止,那就看一下源碼中的nat_hack到底做了何種操作,影響了誰,搞清楚源碼做了什么,那么nat_hack也就好理解了。
?
下面再分析源碼中關于nat的代碼。
在linkfd.c中,
/* Delay sending of first UDP packet over broken NAT routers
??? because we will probably be disconnected.? Wait for the remote
??? end to send us something first, and use that connection. */
??? if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
在vtun.h中,
#ifdef ENABLE_NAT_HACK
/* Flags for the NAT hack with delayed UDP socket connect */
#define VTUN_NAT_HACK_CLIENT??? 0x4000
#define VTUN_NAT_HACK_SERVER??? 0x8000
#define VTUN_NAT_HACK_MASK??? (VTUN_NAT_HACK_CLIENT | VTUN_NAT_HACK_SERVER)
#define VTUN_USE_NAT_HACK(host)??? ((host)->flags & VTUN_NAT_HACK_MASK)
#else
#define VTUN_USE_NAT_HACK(host)??? 0
#endif
在ENABLE_NAT_HACK已經定義的情況下,
#define VTUN_USE_NAT_HACK(host)??? ((host)->flags & VTUN_NAT_HACK_MASK)
該宏VTUN_USE_NAT_HACK(host)?? 到底是多少?
容易得出VTUN_NAT_HACK_MASK是0xc000
host->flags呢?host最終值從配置文件得來,根據文件cfg_file.y知host->flags是當配置文件中配置相關選項時,給flags賦予相應值,如下代碼,
?
?
| K_SPEED NUM???? {
????????????? if( $2 ){
???????????????? parse_host->spd_in = parse_host->spd_out = $2;
???????????????? parse_host->flags |= VTUN_SHAPE;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_SHAPE;
??????????? }
? | K_SPEED DNUM???? {
????????????? if( yylval.dnum.num1 || yylval.dnum.num2 ){
???????????????? parse_host->spd_out = yylval.dnum.num1;
???????????????????? parse_host->spd_in = yylval.dnum.num2;????
???????????????? parse_host->flags |= VTUN_SHAPE;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_SHAPE;
??????????? }
? | K_COMPRESS???????? {
????????????? parse_host->flags &= ~(VTUN_ZLIB | VTUN_LZO);
??????????? }
??????????? compress
? | K_ENCRYPT NUM???? {?
????????????? if( $2 ){
???????????????? parse_host->flags |= VTUN_ENCRYPT;
???????????????? parse_host->cipher = $2;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_ENCRYPT;
??????????? }
? | K_KALIVE???????? {
????????????? parse_host->flags &= ~VTUN_KEEP_ALIVE;
??????????? }
??????????? keepalive???
? | K_STAT NUM??????? {
????????????? if( $2 )
???????????????? parse_host->flags |= VTUN_STAT;
????????????? else
???????????????? parse_host->flags &= ~VTUN_STAT;
??????????? }
? | K_PERSIST NUM???? {
??????????????????? parse_host->persist = $2;
????????????? if(vtun.persist == -1)
???????????????? vtun.persist = $2;????
??????????? }
? | K_TYPE NUM???????? {?
????????????? parse_host->flags &= ~VTUN_TYPE_MASK;
????????????? parse_host->flags |= $2;
??????????? }???
? | K_PROT NUM???????? {?
????????????? parse_host->flags &= ~VTUN_PROT_MASK;
????????????? parse_host->flags |= $2;
??????????? }
? | K_NAT_HACK NUM???? {?
#ifdef ENABLE_NAT_HACK
????????????? parse_host->flags &= ~VTUN_NAT_HACK_MASK;
????????????? parse_host->flags |= $2;
所以(host)->flags & VTUN_NAT_HACK_MASK相與的意思是——只要host設置了VTUN_NAT_HACK那個選項,(host)->flags & VTUN_NAT_HACK_MASK的結果就不為0.(很好理解,比如先定義好使用加密時的flags為0010,那么將flags和0010進行與運算,結果為0010則說明采用加密了,為0000則沒使用。)
而ENABLE_NAT_HACK的定義是在軟件開始安裝前就設置了,即在./configure的選項中就指明了是否nat_hack,在configure文件中,
if test "$NATHACK" = "yes"; then
?? cat >>confdefs.h <<\_ACEOF
#define ENABLE_NAT_HACK 1
_ACEOF
fi
之后nat_hack是否使用取決于配置文件 (即若安裝時沒定義nat_hack,則后續不管配置文件是否對nat_hack進行配置,宏VTUN_USE_NAT_HACK(host) 的值始終為0;若安裝時定義了nat_hack, 宏VTUN_USE_NAT_HACK(host) 的值取決于配置文件中對nat_hack的配置)。
?
回到linkfd.c
if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
當proto_write=udp_write時,
int udp_write(int fd, char *buf, int len)
{
??? register char *ptr;
??? register int wlen;
??? if (!is_rmt_fd_connected) return 0;
??? ptr = buf - sizeof(short);??????? //sizeof(short) = 2
??? *((unsigned short *)ptr) = htons(len);
??? len? = (len & VTUN_FSIZE_MASK) + sizeof(short);
??? while( 1 )
??? {
??????? if( (wlen = write(fd, ptr, len)) < 0 )//發送出錯
??????? {
??????????? if( errno == EAGAIN || errno == EINTR )//重復發送
????????????? continue;
??????????? if( errno == ENOBUFS )//沒內存空間啦,返回吧
????????????? return 0;
??????? }
??????? /*
??????? * Even if we wrote only part of the frame
??????? * we can't use second write since it will produce
??????? * another UDP frame
??????? */
??????? return wlen;
??? }
}//end udp_write
結合netlib.c
if (VTUN_USE_NAT_HACK(host))
???????? is_rmt_fd_connected=0;
???? else
???? {
???????? if( connect(s,(struct sockaddr *)&saddr,sizeof(saddr)) )
???????? {
???????????? vtun_syslog(LOG_ERR,"Can't connect socket");
???????????? return -1;
???????? }
????????
is_rmt_fd_connected=1;
???? }
結合上面分析知,當
VTUN_USE_NAT_HACK(host)為0時 ,linkfd .c的
if (!VTUN_USE_NAT_HACK(lfd_host))??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
做了一次發送空信息的操作 ,因為VTUN_USE_NAT_HACK(host)為0---》
is_rmt_fd_connected=1;---》udp_write中if (!is_rmt_fd_connected) return 0;….write();….
?
很不理解linkfd.c中下面這段代碼的意思,
if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);//此處的buf為空?
?
當VTUN_USE_NAT_HACK(host)不為0時,
is_rmt_fd_connected=0;linkfd .c的
if (!VTUN_USE_NAT_HACK(lfd_host))??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
啥也沒做!!
分析is_rmt_fd_connected最終得出結論,
VTUN_USE_NAT_HACK(lfd_host)主要影響的是udp_read.
也就是源碼中的nat啟用與否實際主要影響下面的函數,
int udp_read(int fd, char *buf)
{
???? unsigned short hdr, flen;
???? struct iovec iv[2];
???? register int rlen;
???? struct sockaddr_in from;
???? socklen_t fromlen = sizeof(struct sockaddr);
???? /* Late connect (NAT hack enabled) */
???? if (!is_rmt_fd_connected)
???? {
??????? while( 1 )
??????? {
??????????? if( (rlen = recvfrom(fd,buf,2,MSG_PEEK,(struct sockaddr *)&from,&fromlen)) < 0 ){
??????????????? if( errno == EAGAIN || errno == EINTR ) continue;
??????????????? else return rlen;
??????????? }
??????????? else break;
??????? }
??????? if( connect(fd,(struct sockaddr *)&from,fromlen) )
??????? {
??????????? vtun_syslog(LOG_ERR,"Can't connect socket");
??????????? return -1;
??????? }
??????? is_rmt_fd_connected = 1;
???? }
???? /* Read frame */
???? iv[0].iov_len? = sizeof(short);
???? iv[0].iov_base = (char *) &hdr;
???? iv[1].iov_len? = VTUN_FRAME_SIZE + VTUN_FRAME_OVERHEAD;
???? iv[1].iov_base = buf;
???? while( 1 )
???? {
???????? //本函數的核心代碼,將fd中的數據讀出賦到iv中,iv[0]存接收到數據的前兩個字節,也就是封裝時添加的數據包長度那兩個字節;
???????? //iv[1]就是解封后的數據,buf指向的是iv[1]部分,即buf就是解封后的數據!
??
????? if( (rlen = readv(fd, iv, 2)) < 0 )
??????? {
??????????? if( errno == EAGAIN || errno == EINTR )
??????????????? continue;
??????????? else
??????????????? return rlen;
??????? }
??????? hdr = ntohs(hdr);
??????? flen = hdr & VTUN_FSIZE_MASK;
??????? if( rlen < 2 || (rlen-2) != flen )
??????????? return VTUN_BAD_FRAME;
??????? return hdr;
???? }
}//end udp_read
最終結論:使用nat_hack時(配置文件決定使用與否),源碼中實際影響的操作是udp_read中多了一段代碼rlen = recvfrom(fd,buf,2,MSG_PEEK,(struct sockaddr *)&from,&fromlen).
要深刻理解源碼中的nat_hack,就是要深刻理解套接字編程recvfrom等函數的使用,及這些函數的深刻含義。
后續將分析套接字編程的這些函數。
更多文章、技術交流、商務合作、聯系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號聯系: 360901061
您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對您有幫助就好】元
