udp2raw-tunnel: new tool

2025-12-06 08:25:01 +01:00 · 2019-03-18 13:24:19 +03:00 · 2019-03-18 13:24:19 +03:00 · f9f791f010
commit f9f791f010
parent e2100ba947
5 changed files with 243 additions and 0 deletions
--- a/net-vpn/udp2raw-tunnel/files/udp2raw-daemon.confd
+++ b/net-vpn/udp2raw-tunnel/files/udp2raw-daemon.confd
@ -0,0 +1,10 @@
+# /etc/conf.d/udp2raw-daemon: config file for /etc/init.d/udp2raw-daemon
+
+# Server side configuration (needs to be absolute path)
+#UDP2RAW_CONFIGFILE="/etc/udp2raw/example.conf"
+
+# Path to log file (needs to be absolute path)
+#UDP2RAW_LOGFILE=""
+
+# See more: udp2raw -h
+UDP2RAW_OPTS="--disable-color"
--- a/net-vpn/udp2raw-tunnel/files/udp2raw-daemon.initd
+++ b/net-vpn/udp2raw-tunnel/files/udp2raw-daemon.initd
@ -0,0 +1,85 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+UDP2RAW_BINARY="${UDP2RAW_BINARY:-/usr/bin/udp2raw}"
+UDP2RAW_LOGFILE="${UDP2RAW_LOGFILE:-/var/log/udp2raw.log}"
+UDP2RAW_PIDFILE="${UDP2RAW_PIDFILE:-/run/${RC_SVCNAME}.pid}"
+UDP2RAW_TERMTIMEOUT="${UDP2RAW_TERMTIMEOUT:-"TERM/25/KILL/5"}"
+
+USER="nobody"
+GROUP="nobody"
+
+description="A tunnel which turns UDP Traffic into encrypted FakeTCP/UDP/ICMP traffic"
+command="${UDP2RAW_BINARY}"
+command_background=true
+command_user="${USER}:${GROUP}"
+command_args="
+	--conf-file ${UDP2RAW_CONFIGFILE}
+	${UDP2RAW_OPTS}"
+
+pidfile="${UDP2RAW_PIDFILE}"
+start_stop_daemon_args="--quiet -1 ${UDP2RAW_LOGFILE}"
+retry="${UDP2RAW_TERMTIMEOUT}"
+
+extra_commands="checkconfig"
+
+depend() {
+	need iptables
+	before net
+}
+
+_gen_ipt_rule() {
+	echo $(${UDP2RAW_BINARY} -g --conf-file "${UDP2RAW_CONFIGFILE}" \
+		| grep -oE "^iptables -I (.*) -j DROP$" \
+		| awk 'FS=" "{$1="";$2=""; print}')
+}
+
+_update_ipt_rule() {
+	local rule command=${1}
+	local ipt_binary=$(which iptables)
+
+	if [[ "${UDP2RAW_IPT_DISABLED}" == "1" ]]; then
+		return
+	fi
+
+	ebegin "Updating iptables rules"
+	if [ -n "${UDP2RAW_IPT_CMDLINE}" ]; then
+		einfo "Using custom rule: ${UDP2RAW_IPT_CMDLINE}"
+		rule="${UDP2RAW_IPT_CMDLINE}"
+	else
+		rule=$(_gen_ipt_rule)
+	fi
+
+	case ${command} in
+		add) ${ipt_binary} -t filter -C ${rule} > /dev/null 2>&1 || ${ipt_binary} -t filter -I ${rule} > /dev/null 2>&1;;
+		del) ${ipt_binary} -t filter -D ${rule} > /dev/null 2>&1;;
+	esac
+	eend ${?} "Failed to update a iptables rules"
+}
+
+checkconfig() {
+	if [ ! -e "${UDP2RAW_CONFIGFILE}" ] ; then
+		eerror "You need an /etc/udp2raw/*.conf file to run udp2raw"
+		eerror "There is a sample file in /usr/share/doc/udp2raw-tunnel-*"
+		return 1
+	fi
+
+	if ! [ -f "${UDP2RAW_LOGFILE}" ]; then
+		touch "${UDP2RAW_LOGFILE}" \
+			&& chmod 0660 "${UDP2RAW_LOGFILE}" \
+			&& chown ${USER}:${GROUP} "${UDP2RAW_LOGFILE}" > /dev/null 2>&1 \
+			|| eerror "Failed to create: ${UDP2RAW_LOGFILE}"
+	fi
+}
+
+start_pre() {
+	checkconfig || return 1
+	_update_ipt_rule add
+}
+
+stop_post() {
+	_update_ipt_rule del
+}
+
+# vim: set ft=gentoo-init-d ts=4 :
--- a/net-vpn/udp2raw-tunnel/metadata.xml
+++ b/net-vpn/udp2raw-tunnel/metadata.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>email@linxon.ru</email>
+		<name>Yury Martynov</name>
+	</maintainer>
+</pkgmetadata>
--- a/net-vpn/udp2raw-tunnel/udp2raw-tunnel-20181113.0.ebuild
+++ b/net-vpn/udp2raw-tunnel/udp2raw-tunnel-20181113.0.ebuild
@ -0,0 +1,70 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit git-r3 fcaps flag-o-matic toolchain-funcs
+
+DESCRIPTION="A tunnel which turns UDP traffic into encrypted FakeTCP/UDP/ICMP traffic"
+HOMEPAGE="https://github.com/wangyu-/udp2raw-tunnel"
+SRC_URI=""
+
+EGIT_REPO_URI="https://github.com/wangyu-/udp2raw-tunnel"
+if [[ ${PV} != *9999 ]]; then
+	EGIT_COMMIT="${PV}"
+	KEYWORDS="~amd64 ~arm ~x86"
+fi
+
+LICENSE="MIT"
+RESTRICT="mirror"
+SLOT="0"
+IUSE="cpu_flags_x86_aes doc"
+
+DEPEND=""
+RDEPEND="${DEPEND}
+	net-firewall/iptables"
+
+src_prepare() {
+	# Disable optimisation flags and remove prefixes of exec files
+	sed -e 's/ -O[0-3a-z]*//' \
+		-e 's/\${NAME}_[a-zA-Z0-9\$@]*/\${NAME}/' \
+		-e 's/ -static//' \
+		-e "s/\${cc_[a-zA-Z0-9_]*}/$(tc-getCXX)/" \
+		-i makefile || die 'sed failed!'
+
+	eapply_user
+}
+
+src_compile() {
+	append-cxxflags -Wa,--noexecstack
+	emake OPT="${CXXFLAGS}" \
+		$(use cpu_flags_x86_aes && use amd64 && echo amd64_hw_aes) \
+		$(use arm && echo arm_asm_aes) \
+		$(use x86 && echo x86_asm_aes)
+}
+
+src_install() {
+	local exec_name=${PN%-tunnel}
+
+	insinto "/etc/${exec_name}"
+	fowners root:nobody "/etc/${exec_name}"
+	fperms 750 "/etc/${exec_name}"
+	doins example.conf
+
+	newinitd "${FILESDIR}"/udp2raw-daemon.initd udp2raw-daemon
+	newconfd "${FILESDIR}"/udp2raw-daemon.confd udp2raw-daemon
+
+	dodoc -r $(use doc && echo 'images doc/*') README.md example.conf Dockerfile
+	dobin ${exec_name}
+}
+
+pkg_postinst() {
+	fcaps cap_net_raw+ep /usr/bin/${PN%-tunnel}
+
+	if ! use cpu_flags_x86_aes && use amd64; then
+		ewarn "Please add CPU_FLAGS_X86=\"aes\" to /etc/portage/make.conf"
+		ewarn "if your CPU support the AES instruction. Just run:"
+		ewarn "    ~# emerge -uDN @world"
+	fi
+	elog "\nSee documentation: https://github.com/wangyu-/udp2raw-tunnel#getting-started\n"
+}
--- a/net-vpn/udp2raw-tunnel/udp2raw-tunnel-99999999.ebuild
+++ b/net-vpn/udp2raw-tunnel/udp2raw-tunnel-99999999.ebuild
@ -0,0 +1,70 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit git-r3 fcaps flag-o-matic toolchain-funcs
+
+DESCRIPTION="A tunnel which turns UDP traffic into encrypted FakeTCP/UDP/ICMP traffic"
+HOMEPAGE="https://github.com/wangyu-/udp2raw-tunnel"
+SRC_URI=""
+
+EGIT_REPO_URI="https://github.com/wangyu-/udp2raw-tunnel"
+if [[ ${PV} != *9999 ]]; then
+	EGIT_COMMIT="${PV}"
+	KEYWORDS="~amd64 ~arm ~x86"
+fi
+
+LICENSE="MIT"
+RESTRICT="mirror"
+SLOT="0"
+IUSE="cpu_flags_x86_aes doc"
+
+DEPEND=""
+RDEPEND="${DEPEND}
+	net-firewall/iptables"
+
+src_prepare() {
+	# Disable optimisation flags and remove prefixes of exec files
+	sed -e 's/ -O[0-3a-z]*//' \
+		-e 's/\${NAME}_[a-zA-Z0-9\$@]*/\${NAME}/' \
+		-e 's/ -static//' \
+		-e "s/\${cc_[a-zA-Z0-9_]*}/$(tc-getCXX)/" \
+		-i makefile || die 'sed failed!'
+
+	eapply_user
+}
+
+src_compile() {
+	append-cxxflags -Wa,--noexecstack
+	emake OPT="${CXXFLAGS}" \
+		$(use cpu_flags_x86_aes && use amd64 && echo amd64_hw_aes) \
+		$(use arm && echo arm_asm_aes) \
+		$(use x86 && echo x86_asm_aes)
+}
+
+src_install() {
+	local exec_name=${PN%-tunnel}
+
+	insinto "/etc/${exec_name}"
+	fowners root:nobody "/etc/${exec_name}"
+	fperms 750 "/etc/${exec_name}"
+	doins example.conf
+
+	newinitd "${FILESDIR}"/udp2raw-daemon.initd udp2raw-daemon
+	newconfd "${FILESDIR}"/udp2raw-daemon.confd udp2raw-daemon
+
+	dodoc -r $(use doc && echo 'images doc/*') README.md example.conf Dockerfile
+	dobin ${exec_name}
+}
+
+pkg_postinst() {
+	fcaps cap_net_raw+ep /usr/bin/${PN%-tunnel}
+
+	if ! use cpu_flags_x86_aes && use amd64; then
+		ewarn "Please add CPU_FLAGS_X86=\"aes\" to /etc/portage/make.conf"
+		ewarn "if your CPU support the AES instruction. Just run:"
+		ewarn "    ~# emerge -uDN @world"
+	fi
+	elog "\nSee documentation: https://github.com/wangyu-/udp2raw-tunnel#getting-started\n"
+}