3

I'm setting a local vpn environment, and I want to capture traffic locally through virtual network interface then forwarding them to real destinations through a physical network interface binding socket. However, I cannot even connect real destination after setting up a tun virtual network interface.

My testing machine: Linux testing-VirtualBox 3.19.0-15-generic #15-Ubuntu SMP Thu Apr 16 23:32:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

First I successfully create a virtual network interface named tun0 as below:

      tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:192.168.2.1  P-t-P:192.168.2.1  Mask:255.0.0.0
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:500 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

For brevity, I just add the target server's ip address into route table: route add -host 45.113.192.102 dev tun0 The route table is as below: Kernel IP routing table

     Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
     0.0.0.0         xxx.xx.xxx.xxx   0.0.0.0         UG        0 0          0 eth0
     45.113.192.102  0.0.0.0         255.255.255.255 UH        0 0          0 tun0
     xxx.xx.xxx.xxx   0.0.0.0         255.255.255.128 U         0 0          0 eth0
     192.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 tun0

xxx.xx.xxx.xxx is my internal host/gateway ip address.

At last, I create a socket and bind the socket into physical network interface. I use libuv here and should no matter to the issue.

struct sockaddr_in remote_addr;
memset(&remote_addr, 0, sizeof(remote_addr));
remote_addr.sin_family = AF_INET;
remote_addr.sin_port = ntohs(443);
inet_pton(AF_INET, "45.113.192.102", &remote_addr.sin_addr);
uv_os_sock_t sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock < 0) {
    std::cout << "ERROR--- create socket failed\n";
    return -1;
}
int32_t r;
r = setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, "eth0", strlen("eth0"));
if (r != 0) {
    std::cout << "setsockopt failed: " << errno;
    return -1;
}

uv_tcp_init(g_uv_loop, &socket_handle);
r = uv_tcp_open(&socket_handle, sock);
uv_connect_t connect_req;
r = uv_tcp_connect(&connect_req, &socket_handle,
        (struct sockaddr *) &remote_addr, _tcp_connect_cb);

I run my code and found I cannot connect to "45.113.192.102". I capture the traffic through wireshark and found that my program has sent SYN to "45.113.192.102", and "45.113.192.102" also replied SYN,ACK. However, after that seems my program did not send ACK, which causes connecting failed. In the following, Client continuously sends [TCP Spurious Retransmission] SYN and Server replys [TCP Retransmission] SYN,ACK.

MarchChang
  • 31
  • 2

0 Answers0