fix net2net kcp proxy

2025-09-26 20:51:17 +08:00 · 2025-02-08 19:14:21 +08:00
parent 51e0fac72c
commit 53c449b9fb
4 changed files with 67 additions and 15 deletions
--- a/easytier/locales/app.yml
+++ b/easytier/locales/app.yml
@@ -100,8 +100,8 @@ core_clap:
    en: "do not create TUN device, can use subnet proxy to access node"
    zh-CN: "不创建TUN设备，可以使用子网代理访问节点"
  use_smoltcp:
-    en: "enable smoltcp stack for subnet proxy"
-    zh-CN: "为子网代理启用smoltcp堆栈"
+    en: "enable smoltcp stack for subnet proxy and kcp proxy"
+    zh-CN: "为子网代理和 KCP 代理启用smoltcp堆栈"
  manual_routes:
    en: "assign routes cidr manually, will disable subnet proxy and wireguard routes propagated from peers. e.g.: 192.168.0.0/16"
    zh-CN: "手动分配路由CIDR，将禁用子网代理和从对等节点传播的wireguard路由。例如：192.168.0.0/16"
--- a/easytier/src/easytier-cli.rs
+++ b/easytier/src/easytier-cli.rs
@@ -51,14 +51,23 @@ struct Cli {

 #[derive(Subcommand, Debug)]
 enum SubCommand {
+    #[command(about = "show peers info")]
    Peer(PeerArgs),
+    #[command(about = "manage connectors")]
    Connector(ConnectorArgs),
+    #[command(about = "do stun test")]
    Stun,
+    #[command(about = "show route info")]
    Route(RouteArgs),
+    #[command(about = "show global peers info")]
    PeerCenter,
+    #[command(about = "show vpn portal (wireguard) info")]
    VpnPortal,
+    #[command(about = "inspect self easytier-core status")]
    Node(NodeArgs),
+    #[command(about = "manage easytier-core as a system service")]
    Service(ServiceArgs),
+    #[command(about = "show tcp/kcp proxy status")]
    Proxy,
 }

@@ -116,7 +125,9 @@ enum ConnectorSubCommand {

 #[derive(Subcommand, Debug)]
 enum NodeSubCommand {
+    #[command(about = "show node info")]
    Info,
+    #[command(about = "show node config")]
    Config,
 }

@@ -137,10 +148,15 @@ struct ServiceArgs {

 #[derive(Subcommand, Debug)]
 enum ServiceSubCommand {
+    #[command(about = "register easytier-core as a system service")]
    Install(InstallArgs),
+    #[command(about = "unregister easytier-core system service")]
    Uninstall,
+    #[command(about = "check easytier-core system service status")]
    Status,
+    #[command(about = "start easytier-core system service")]
    Start,
+    #[command(about = "stop easytier-core system service")]
    Stop,
 }

@@ -155,13 +171,17 @@ struct InstallArgs {
    #[arg(long, default_value = "false")]
    disable_autostart: bool,

-    #[arg(long)]
+    #[arg(long, help = "path to easytier-core binary")]
    core_path: Option<PathBuf>,

    #[arg(long)]
    service_work_dir: Option<PathBuf>,

-    #[arg(trailing_var_arg = true, allow_hyphen_values = true)]
+    #[arg(
+        trailing_var_arg = true,
+        allow_hyphen_values = true,
+        help = "args to pass to easytier-core"
+    )]
    core_args: Option<Vec<OsString>>,
 }

@@ -662,12 +682,22 @@ impl Service {
            environment: None,
        };
        if self.status()? != ServiceStatus::NotInstalled {
-            return Err(anyhow::anyhow!("Service is already installed"));
+            return Err(anyhow::anyhow!(
+                "Service is already installed! Service Name: {}",
+                self.lable
+            ));
        }

        self.service_manager
-            .install(ctx)
-            .map_err(|e| anyhow::anyhow!("failed to install service: {}", e))
+            .install(ctx.clone())
+            .map_err(|e| anyhow::anyhow!("failed to install service: {:?}", e))?;
+
+        println!(
+            "Service installed successfully! Service Name: {}",
+            self.lable
+        );
+
+        Ok(())
    }

    pub fn uninstall(&self) -> Result<(), Error> {
@@ -784,7 +814,8 @@ impl Service {
        writeln!(unit_content, "Type=simple")?;
        writeln!(unit_content, "WorkingDirectory={work_dir}")?;
        writeln!(unit_content, "ExecStart={target_app} {args}")?;
-        writeln!(unit_content, "Restart=Always")?;
+        writeln!(unit_content, "Restart=always")?;
+        writeln!(unit_content, "RestartSec=1")?;
        writeln!(unit_content, "LimitNOFILE=infinity")?;
        writeln!(unit_content)?;
        writeln!(unit_content, "[Install]")?;
@@ -1141,6 +1172,8 @@ async fn main() -> Result<(), Error> {
                        (e.start_time * 1000) as i64,
                    )
                    .unwrap()
+                    .with_timezone(&chrono::Local)
+                    .format("%Y-%m-%d %H:%M:%S")
                    .to_string(),
                    state: format!("{:?}", TcpProxyEntryState::try_from(e.state).unwrap()),
                    transport_type: format!(
--- a/easytier/src/gateway/kcp_proxy.rs
+++ b/easytier/src/gateway/kcp_proxy.rs
@@ -206,9 +206,7 @@ impl NicPacketFilter for TcpProxyForKcpSrc {
        let data = zc_packet.payload();
        let ip_packet = Ipv4Packet::new(data).unwrap();
        if ip_packet.get_version() != 4
-        // TODO: how to support net to net kcp proxy?
            || ip_packet.get_next_level_protocol() != IpNextHeaderProtocols::Tcp
-            || !self.check_dst_allow_kcp_input(&ip_packet.get_destination()).await
        {
            return false;
        }
@@ -217,15 +215,33 @@ impl NicPacketFilter for TcpProxyForKcpSrc {
        let tcp_packet = TcpPacket::new(ip_packet.payload()).unwrap();
        let is_syn = tcp_packet.get_flags() & TcpFlags::SYN != 0
            && tcp_packet.get_flags() & TcpFlags::ACK == 0;
-        if !is_syn
-            && !self.0.is_tcp_proxy_connection(SocketAddr::new(
+        if is_syn {
+            // only check dst feature flag when SYN packet
+            if !self
+                .check_dst_allow_kcp_input(&ip_packet.get_destination())
+                .await
+            {
+                return false;
+            }
+        } else {
+            // if not syn packet, only allow established connection
+            if !self.0.is_tcp_proxy_connection(SocketAddr::new(
                IpAddr::V4(ip_packet.get_source()),
                tcp_packet.get_source(),
-            ))
-        {
-            return false;
+            )) {
+                return false;
+            }
        }

+        if let Some(my_ipv4) = self.0.get_global_ctx().get_ipv4() {
+            // this is a net-to-net packet, only allow it when smoltcp is enabled
+            // because the syn-ack packet will not be through and handled by the tun device when
+            // the source ip is in the local network
+            if ip_packet.get_source() != my_ipv4.address() && !self.0.is_smoltcp_enabled() {
+                return false;
+            }
+        };
+
        zc_packet.mut_peer_manager_header().unwrap().to_peer_id = self.0.get_my_peer_id().into();

        true
--- a/easytier/src/gateway/tokio_smoltcp/socket_allocator.rs
+++ b/easytier/src/gateway/tokio_smoltcp/socket_allocator.rs
@@ -2,6 +2,7 @@ use parking_lot::Mutex;
 use smoltcp::{
    iface::{SocketHandle as InnerSocketHandle, SocketSet},
    socket::tcp,
+    time::Duration,
 };
 use std::{
    ops::{Deref, DerefMut},
@@ -53,6 +54,8 @@ impl SocketAlloctor {
        let tx_buffer = tcp::SocketBuffer::new(vec![0; self.buffer_size.tcp_tx_size]);
        let mut tcp = tcp::Socket::new(rx_buffer, tx_buffer);
        tcp.set_nagle_enabled(false);
+        tcp.set_keep_alive(Some(Duration::from_secs(10)));
+        tcp.set_timeout(Some(Duration::from_secs(60)));

        tcp
    }