在main函數(shù)中,有一行,
clear_nat_hack_flags(svr);
在cfg_file.y中定義,
/* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */
inline void clear_nat_hack_flags(int svr)
{
??? if (svr)
???????
llist_trav(&host_list,clear_nat_hack_server,NULL);
??? else
???????
llist_trav(&host_list,clear_nat_hack_client,NULL);
}
先看svr=1,也就是server端的情況,
llist_trav(&host_list,clear_nat_hack_server,NULL);
在llist.c中,
/* Travel list from head to tail */
void * llist_trav(llist *l, int (*f)(void *d, void *u), void *u)
{
??? llist_elm *i = l->head;
??? while( i ){
????
? if( f(i->data,u) ) return i->data;
?????? i = i->next;
??? }
??? return NULL;
}
為搞清l是什么,需搞清host_list是什么,
經(jīng)分析host_list是配置文件中所有會(huì)話名。
再看clear_nat_hack_server函數(shù),
int clear_nat_hack_server(void *d, void *u)
{
?
?
((struct vtun_host*)d)->flags &= ~VTUN_NAT_HACK_CLIENT;
//清除VTUN_NAT_HACK_CLIENT標(biāo)志
??? return 0;
}
其中
/* Flags for the NAT hack with delayed UDP socket connect */
#define VTUN_NAT_HACK_CLIENT??? 0x4000
#define VTUN_NAT_HACK_SERVER??? 0x8000
?
結(jié)合
while( i ){
????
? if( f(i->data,u) ) return i->data;
?????? i = i->next;
??? }
可知 llist_trav(&host_list,clear_nat_hack_server,NULL);
就是清除所有會(huì)話的nat_hack的flags.
?
?
最終關(guān)于main函數(shù)中 clear_nat_hack_flags(svr); 的結(jié)論:
當(dāng)是server端時(shí),清除所有會(huì)話的表示client的nat_hack的flags.
當(dāng)是client端時(shí),清除所有會(huì)話的表示server的nat_hack的flags.(client端分析略)
nat_hack的flags在server端和client端并不相同,因?yàn)?
#define VTUN_NAT_HACK_CLIENT??? 0x4000#define VTUN_NAT_HACK_SERVER??? 0x8000
為什么要這樣做呢?因?yàn)閚at_hack只能在client和server一端使用,不能兩端一起使用。
?
那么又為什么只能在一端使用呢,看下面分析,
?
http://permalink.gmane.org/gmane.network.vtun.devel/6 這個(gè)maillist討論了此問題,關(guān)于vtun中涉及nat的源碼就是第一個(gè)發(fā)郵件的那個(gè)人寫的,他說這個(gè)nat_hack只能用于一端。 好像源碼中關(guān)于nat的部分是為了解決——使用udp時(shí)client經(jīng)過nat到達(dá)server時(shí)的連接問題,即隧道中有nat的問題。
理解到此為止,那就看一下源碼中的nat_hack到底做了何種操作,影響了誰,搞清楚源碼做了什么,那么nat_hack也就好理解了。
?
下面再分析源碼中關(guān)于nat的代碼。
在linkfd.c中,
/* Delay sending of first UDP packet over broken NAT routers
??? because we will probably be disconnected.? Wait for the remote
??? end to send us something first, and use that connection. */
??? if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
在vtun.h中,
#ifdef ENABLE_NAT_HACK
/* Flags for the NAT hack with delayed UDP socket connect */
#define VTUN_NAT_HACK_CLIENT??? 0x4000
#define VTUN_NAT_HACK_SERVER??? 0x8000
#define VTUN_NAT_HACK_MASK??? (VTUN_NAT_HACK_CLIENT | VTUN_NAT_HACK_SERVER)
#define VTUN_USE_NAT_HACK(host)??? ((host)->flags & VTUN_NAT_HACK_MASK)
#else
#define VTUN_USE_NAT_HACK(host)??? 0
#endif
在ENABLE_NAT_HACK已經(jīng)定義的情況下,
#define VTUN_USE_NAT_HACK(host)??? ((host)->flags & VTUN_NAT_HACK_MASK)
該宏VTUN_USE_NAT_HACK(host)?? 到底是多少?
容易得出VTUN_NAT_HACK_MASK是0xc000
host->flags呢?host最終值從配置文件得來,根據(jù)文件cfg_file.y知host->flags是當(dāng)配置文件中配置相關(guān)選項(xiàng)時(shí),給flags賦予相應(yīng)值,如下代碼,
?
?
| K_SPEED NUM???? {
????????????? if( $2 ){
???????????????? parse_host->spd_in = parse_host->spd_out = $2;
???????????????? parse_host->flags |= VTUN_SHAPE;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_SHAPE;
??????????? }
? | K_SPEED DNUM???? {
????????????? if( yylval.dnum.num1 || yylval.dnum.num2 ){
???????????????? parse_host->spd_out = yylval.dnum.num1;
???????????????????? parse_host->spd_in = yylval.dnum.num2;????
???????????????? parse_host->flags |= VTUN_SHAPE;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_SHAPE;
??????????? }
? | K_COMPRESS???????? {
????????????? parse_host->flags &= ~(VTUN_ZLIB | VTUN_LZO);
??????????? }
??????????? compress
? | K_ENCRYPT NUM???? {?
????????????? if( $2 ){
???????????????? parse_host->flags |= VTUN_ENCRYPT;
???????????????? parse_host->cipher = $2;
????????????? } else
???????????????? parse_host->flags &= ~VTUN_ENCRYPT;
??????????? }
? | K_KALIVE???????? {
????????????? parse_host->flags &= ~VTUN_KEEP_ALIVE;
??????????? }
??????????? keepalive???
? | K_STAT NUM??????? {
????????????? if( $2 )
???????????????? parse_host->flags |= VTUN_STAT;
????????????? else
???????????????? parse_host->flags &= ~VTUN_STAT;
??????????? }
? | K_PERSIST NUM???? {
??????????????????? parse_host->persist = $2;
????????????? if(vtun.persist == -1)
???????????????? vtun.persist = $2;????
??????????? }
? | K_TYPE NUM???????? {?
????????????? parse_host->flags &= ~VTUN_TYPE_MASK;
????????????? parse_host->flags |= $2;
??????????? }???
? | K_PROT NUM???????? {?
????????????? parse_host->flags &= ~VTUN_PROT_MASK;
????????????? parse_host->flags |= $2;
??????????? }
? | K_NAT_HACK NUM???? {?
#ifdef ENABLE_NAT_HACK
????????????? parse_host->flags &= ~VTUN_NAT_HACK_MASK;
????????????? parse_host->flags |= $2;
所以(host)->flags & VTUN_NAT_HACK_MASK相與的意思是——只要host設(shè)置了VTUN_NAT_HACK那個(gè)選項(xiàng),(host)->flags & VTUN_NAT_HACK_MASK的結(jié)果就不為0.(很好理解,比如先定義好使用加密時(shí)的flags為0010,那么將flags和0010進(jìn)行與運(yùn)算,結(jié)果為0010則說明采用加密了,為0000則沒使用。)
而ENABLE_NAT_HACK的定義是在軟件開始安裝前就設(shè)置了,即在./configure的選項(xiàng)中就指明了是否nat_hack,在configure文件中,
if test "$NATHACK" = "yes"; then
?? cat >>confdefs.h <<\_ACEOF
#define ENABLE_NAT_HACK 1
_ACEOF
fi
之后nat_hack是否使用取決于配置文件 (即若安裝時(shí)沒定義nat_hack,則后續(xù)不管配置文件是否對nat_hack進(jìn)行配置,宏VTUN_USE_NAT_HACK(host) 的值始終為0;若安裝時(shí)定義了nat_hack, 宏VTUN_USE_NAT_HACK(host) 的值取決于配置文件中對nat_hack的配置)。
?
回到linkfd.c
if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
當(dāng)proto_write=udp_write時(shí),
int udp_write(int fd, char *buf, int len)
{
??? register char *ptr;
??? register int wlen;
??? if (!is_rmt_fd_connected) return 0;
??? ptr = buf - sizeof(short);??????? //sizeof(short) = 2
??? *((unsigned short *)ptr) = htons(len);
??? len? = (len & VTUN_FSIZE_MASK) + sizeof(short);
??? while( 1 )
??? {
??????? if( (wlen = write(fd, ptr, len)) < 0 )//發(fā)送出錯(cuò)
??????? {
??????????? if( errno == EAGAIN || errno == EINTR )//重復(fù)發(fā)送
????????????? continue;
??????????? if( errno == ENOBUFS )//沒內(nèi)存空間啦,返回吧
????????????? return 0;
??????? }
??????? /*
??????? * Even if we wrote only part of the frame
??????? * we can't use second write since it will produce
??????? * another UDP frame
??????? */
??????? return wlen;
??? }
}//end udp_write
結(jié)合netlib.c
if (VTUN_USE_NAT_HACK(host))
???????? is_rmt_fd_connected=0;
???? else
???? {
???????? if( connect(s,(struct sockaddr *)&saddr,sizeof(saddr)) )
???????? {
???????????? vtun_syslog(LOG_ERR,"Can't connect socket");
???????????? return -1;
???????? }
????????
is_rmt_fd_connected=1;
???? }
結(jié)合上面分析知,當(dāng)
VTUN_USE_NAT_HACK(host)為0時(shí) ,linkfd .c的
if (!VTUN_USE_NAT_HACK(lfd_host))??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
做了一次發(fā)送空信息的操作 ,因?yàn)閂TUN_USE_NAT_HACK(host)為0---》
is_rmt_fd_connected=1;---》udp_write中if (!is_rmt_fd_connected) return 0;….write();….
?
很不理解linkfd.c中下面這段代碼的意思,
if (!VTUN_USE_NAT_HACK(lfd_host))
??????? proto_write(fd1, buf, VTUN_ECHO_REQ);//此處的buf為空?
?
當(dāng)VTUN_USE_NAT_HACK(host)不為0時(shí),
is_rmt_fd_connected=0;linkfd .c的
if (!VTUN_USE_NAT_HACK(lfd_host))??????? proto_write(fd1, buf, VTUN_ECHO_REQ);
啥也沒做!!
分析is_rmt_fd_connected最終得出結(jié)論,
VTUN_USE_NAT_HACK(lfd_host)主要影響的是udp_read.
也就是源碼中的nat啟用與否實(shí)際主要影響下面的函數(shù),
int udp_read(int fd, char *buf)
{
???? unsigned short hdr, flen;
???? struct iovec iv[2];
???? register int rlen;
???? struct sockaddr_in from;
???? socklen_t fromlen = sizeof(struct sockaddr);
???? /* Late connect (NAT hack enabled) */
???? if (!is_rmt_fd_connected)
???? {
??????? while( 1 )
??????? {
??????????? if( (rlen = recvfrom(fd,buf,2,MSG_PEEK,(struct sockaddr *)&from,&fromlen)) < 0 ){
??????????????? if( errno == EAGAIN || errno == EINTR ) continue;
??????????????? else return rlen;
??????????? }
??????????? else break;
??????? }
??????? if( connect(fd,(struct sockaddr *)&from,fromlen) )
??????? {
??????????? vtun_syslog(LOG_ERR,"Can't connect socket");
??????????? return -1;
??????? }
??????? is_rmt_fd_connected = 1;
???? }
???? /* Read frame */
???? iv[0].iov_len? = sizeof(short);
???? iv[0].iov_base = (char *) &hdr;
???? iv[1].iov_len? = VTUN_FRAME_SIZE + VTUN_FRAME_OVERHEAD;
???? iv[1].iov_base = buf;
???? while( 1 )
???? {
???????? //本函數(shù)的核心代碼,將fd中的數(shù)據(jù)讀出賦到iv中,iv[0]存接收到數(shù)據(jù)的前兩個(gè)字節(jié),也就是封裝時(shí)添加的數(shù)據(jù)包長度那兩個(gè)字節(jié);
???????? //iv[1]就是解封后的數(shù)據(jù),buf指向的是iv[1]部分,即buf就是解封后的數(shù)據(jù)!
??
????? if( (rlen = readv(fd, iv, 2)) < 0 )
??????? {
??????????? if( errno == EAGAIN || errno == EINTR )
??????????????? continue;
??????????? else
??????????????? return rlen;
??????? }
??????? hdr = ntohs(hdr);
??????? flen = hdr & VTUN_FSIZE_MASK;
??????? if( rlen < 2 || (rlen-2) != flen )
??????????? return VTUN_BAD_FRAME;
??????? return hdr;
???? }
}//end udp_read
最終結(jié)論:使用nat_hack時(shí)(配置文件決定使用與否),源碼中實(shí)際影響的操作是udp_read中多了一段代碼rlen = recvfrom(fd,buf,2,MSG_PEEK,(struct sockaddr *)&from,&fromlen).
要深刻理解源碼中的nat_hack,就是要深刻理解套接字編程recvfrom等函數(shù)的使用,及這些函數(shù)的深刻含義。
后續(xù)將分析套接字編程的這些函數(shù)。
更多文章、技術(shù)交流、商務(wù)合作、聯(lián)系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號(hào)聯(lián)系: 360901061
您的支持是博主寫作最大的動(dòng)力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點(diǎn)擊下面給點(diǎn)支持吧,站長非常感激您!手機(jī)微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點(diǎn)擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對您有幫助就好】元
