zapret/nfq/params.h

#pragma once

#include "pools.h"
#include "conntrack.h"
#include "desync.h"
#include "protocol.h"
#include "helpers.h"

#include <sys/param.h>
#include <sys/types.h>
#include <net/if.h>
#include <stdint.h>
#include <stdbool.h>
#include <stdio.h>
#include <time.h>
#include <sys/queue.h>

#define TLS_PARTIALS_ENABLE	true

#define Q_RCVBUF	(128*1024)	// in bytes
#define Q_SNDBUF	(64*1024)	// in bytes
#define RAW_SNDBUF	(64*1024)	// in bytes

#define Q_MAXLEN	1024		// in packets

#define BADSEQ_INCREMENT_DEFAULT 	-10000
#define BADSEQ_ACK_INCREMENT_DEFAULT 	-66000

#define IPFRAG_UDP_DEFAULT 8
#define IPFRAG_TCP_DEFAULT 32

#define UDPLEN_INCREMENT_DEFAULT 	2

#define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT	3
#define	HOSTLIST_AUTO_FAIL_TIME_DEFAULT 	60
#define	HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT	3

enum log_target { LOG_TARGET_CONSOLE=0, LOG_TARGET_FILE, LOG_TARGET_SYSLOG };

struct desync_profile
{
	int n;	// number of the profile

	uint16_t wsize,wssize;
	uint8_t wscale,wsscale;
	char wssize_cutoff_mode; // n - packets, d - data packets, s - relative sequence
	unsigned int wssize_cutoff;

	bool hostcase, hostnospace, domcase;
	char hostspell[4];
	enum dpi_desync_mode desync_mode0,desync_mode,desync_mode2;
	bool desync_retrans,desync_skip_nosni,desync_any_proto;
	unsigned int desync_repeats,desync_split_pos,desync_seqovl,desync_ipfrag_pos_tcp,desync_ipfrag_pos_udp;
	enum httpreqpos desync_split_http_req;
	enum tlspos desync_split_tls;
	char desync_start_mode, desync_cutoff_mode; // n - packets, d - data packets, s - relative sequence
	unsigned int desync_start, desync_cutoff;
	uint8_t desync_ttl, desync_ttl6;
	autottl desync_autottl, desync_autottl6;
	uint32_t desync_fooling_mode;
	uint32_t desync_badseq_increment, desync_badseq_ack_increment;
	uint8_t fake_http[1460],fake_tls[1460],fake_unknown[1460],fake_syndata[1460],seqovl_pattern[1460];
	uint8_t fake_unknown_udp[1472],udplen_pattern[1472],fake_quic[1472],fake_wg[1472],fake_dht[1472];
	size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_dht_size,fake_unknown_size,fake_syndata_size,fake_unknown_udp_size;
	int udplen_increment;

	bool filter_ipv4,filter_ipv6;
	port_filter pf_tcp,pf_udp;
	uint32_t filter_l7;	// L7_PROTO_* bits
	ipset ips,ips_exclude;
	struct str_list_head ipset_files, ipset_exclude_files;

	strpool *hostlist, *hostlist_exclude;
	struct str_list_head hostlist_files, hostlist_exclude_files;
	char hostlist_auto_filename[PATH_MAX];
	int hostlist_auto_fail_threshold, hostlist_auto_fail_time, hostlist_auto_retrans_threshold;
	time_t hostlist_auto_mod_time;
	hostfail_pool *hostlist_auto_fail_counters;
};

#define PROFILE_IPSETS_EMPTY(dp) (IPSET_EMPTY(&dp->ips) && IPSET_EMPTY(&dp->ips_exclude))

struct desync_profile_list {
	struct desync_profile dp;
	LIST_ENTRY(desync_profile_list) next;
};
LIST_HEAD(desync_profile_list_head, desync_profile_list);
struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head);
void dp_list_destroy(struct desync_profile_list_head *head);
bool dp_list_have_autohostlist(struct desync_profile_list_head *head);

struct params_s
{
	enum log_target debug_target;
	char debug_logfile[PATH_MAX];
	bool debug;

#ifdef __linux__
	int qnum;
#elif defined(BSD)
	uint16_t port; // divert port
#endif
	char bind_fix4,bind_fix6;
	uint32_t desync_fwmark; // unused in BSD
	
	struct desync_profile_list_head desync_profiles;
	
#ifdef __CYGWIN__
	struct str_list_head ssid_filter,nlm_filter;
#else
	bool droproot;
	uid_t uid;
	gid_t gid;
#endif

	char hostlist_auto_debuglog[PATH_MAX];
	
	unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
	t_conntrack conntrack;
};

extern struct params_s params;
extern const char *progname;

int DLOG(const char *format, ...);
int DLOG_ERR(const char *format, ...);
int DLOG_PERROR(const char *s);
int DLOG_CONDUP(const char *format, ...);
int HOSTLIST_DEBUGLOG_APPEND(const char *format, ...);
history purge 2021-03-04 14:30:38 +03:00			`#pragma once`

autohostlist mode 2023-10-26 15:12:32 +03:00			`#include "pools.h"`
nfqws: conntrack 2021-03-18 17:21:25 +03:00			`#include "conntrack.h"`
history purge 2021-03-04 14:30:38 +03:00			`#include "desync.h"`
nfqws: split-http-req,split-tls 2024-06-18 17:39:06 +03:00			`#include "protocol.h"`
nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`#include "helpers.h"`
history purge 2021-03-04 14:30:38 +03:00
			`#include <sys/param.h>`
			`#include <sys/types.h>`
nfqws: preserve fwmark. bind-fix 2022-05-15 15:54:35 +03:00			`#include <net/if.h>`
history purge 2021-03-04 14:30:38 +03:00			`#include <stdint.h>`
			`#include <stdbool.h>`
			`#include <stdio.h>`
tpws,nfqws: autohostlist reread on modify 2024-03-23 22:57:05 +03:00			`#include <time.h>`
nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`#include <sys/queue.h>`
history purge 2021-03-04 14:30:38 +03:00
nfqws: tls client hello reassemble 2023-11-15 19:36:34 +03:00			`#define TLS_PARTIALS_ENABLE true`

history purge 2021-03-04 14:30:38 +03:00			`#define Q_RCVBUF (128*1024) // in bytes`
			`#define Q_SNDBUF (64*1024) // in bytes`
			`#define RAW_SNDBUF (64*1024) // in bytes`

			`#define Q_MAXLEN 1024 // in packets`

nfqws: tunable badseq/badack increment, changed defaults 2021-12-26 17:11:21 +03:00			`#define BADSEQ_INCREMENT_DEFAULT -10000`
nfqws: change default badack increment -65000=>-66000 2021-12-28 12:50:04 +03:00			`#define BADSEQ_ACK_INCREMENT_DEFAULT -66000`
nfqws: tunable badseq/badack increment, changed defaults 2021-12-26 17:11:21 +03:00
nfqws: ipfrag 2022-01-03 12:38:18 +03:00			`#define IPFRAG_UDP_DEFAULT 8`
			`#define IPFRAG_TCP_DEFAULT 32`

nfqws: fakeknown, udplen desync modes 2022-04-12 15:52:06 +03:00			`#define UDPLEN_INCREMENT_DEFAULT 2`

autottl, datanoack, oob, postnat 2024-03-02 17:53:37 +03:00			`#define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT 3`
autohostlist mode 2023-10-26 15:12:32 +03:00			`#define HOSTLIST_AUTO_FAIL_TIME_DEFAULT 60`
			`#define HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT 3`

nfqws: --debug to file and syslog 2024-08-23 14:42:21 +03:00			`enum log_target { LOG_TARGET_CONSOLE=0, LOG_TARGET_FILE, LOG_TARGET_SYSLOG };`

nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`struct desync_profile`
history purge 2021-03-04 14:30:38 +03:00			`{`
nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`int n; // number of the profile`
nfqws: --debug to file and syslog 2024-08-23 14:42:21 +03:00
nfqws: wssize 2021-03-12 14:33:48 +03:00			`uint16_t wsize,wssize;`
			`uint8_t wscale,wsscale;`
nfqws: n\|d\|s cutoff modes 2021-12-27 16:51:30 +03:00			`char wssize_cutoff_mode; // n - packets, d - data packets, s - relative sequence`
nfqws: conntrack 2021-03-18 17:21:25 +03:00			`unsigned int wssize_cutoff;`
nfqws: multi strategy 2024-09-17 19:57:21 +03:00
history purge 2021-03-04 14:30:38 +03:00			`bool hostcase, hostnospace, domcase;`
			`char hostspell[4];`
nfqws: synack desync mode 2021-04-07 12:13:46 +03:00			`enum dpi_desync_mode desync_mode0,desync_mode,desync_mode2;`
history purge 2021-03-04 14:30:38 +03:00			`bool desync_retrans,desync_skip_nosni,desync_any_proto;`
nfqws: seqovl 2024-06-24 16:51:06 +03:00			`unsigned int desync_repeats,desync_split_pos,desync_seqovl,desync_ipfrag_pos_tcp,desync_ipfrag_pos_udp;`
nfqws: split-http-req,split-tls 2024-06-18 17:39:06 +03:00			`enum httpreqpos desync_split_http_req;`
			`enum tlspos desync_split_tls;`
nfqws: --dpi-desync-start 2024-04-13 11:13:11 +03:00			`char desync_start_mode, desync_cutoff_mode; // n - packets, d - data packets, s - relative sequence`
			`unsigned int desync_start, desync_cutoff;`
nfqws: separate ipv4/6 ttl setting 2021-12-10 22:08:52 +03:00			`uint8_t desync_ttl, desync_ttl6;`
autottl, datanoack, oob, postnat 2024-03-02 17:53:37 +03:00			`autottl desync_autottl, desync_autottl6;`
			`uint32_t desync_fooling_mode;`
nfqws: tunable badseq/badack increment, changed defaults 2021-12-26 17:11:21 +03:00			`uint32_t desync_badseq_increment, desync_badseq_ack_increment;`
nfqws: seqovl 2024-06-24 16:51:06 +03:00			`uint8_t fake_http[1460],fake_tls[1460],fake_unknown[1460],fake_syndata[1460],seqovl_pattern[1460];`
syndata desync mode 2024-03-19 13:50:20 +03:00			`uint8_t fake_unknown_udp[1472],udplen_pattern[1472],fake_quic[1472],fake_wg[1472],fake_dht[1472];`
			`size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_dht_size,fake_unknown_size,fake_syndata_size,fake_unknown_udp_size;`
nfqws: allow to decrease udp length 2022-07-27 12:00:36 +03:00			`int udplen_increment;`
winws 2024-04-26 21:36:27 +03:00
nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`bool filter_ipv4,filter_ipv6;`
			`port_filter pf_tcp,pf_udp;`
nfqws: user mode ipset support 2024-10-16 13:42:59 +03:00			`uint32_t filter_l7; // L7_PROTO_* bits`
			`ipset ips,ips_exclude;`
			`struct str_list_head ipset_files, ipset_exclude_files;`

nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`strpool hostlist, hostlist_exclude;`
			`struct str_list_head hostlist_files, hostlist_exclude_files;`
			`char hostlist_auto_filename[PATH_MAX];`
			`int hostlist_auto_fail_threshold, hostlist_auto_fail_time, hostlist_auto_retrans_threshold;`
			`time_t hostlist_auto_mod_time;`
			`hostfail_pool *hostlist_auto_fail_counters;`
			`};`

nfqws: user mode ipset support 2024-10-16 13:42:59 +03:00			`#define PROFILE_IPSETS_EMPTY(dp) (IPSET_EMPTY(&dp->ips) && IPSET_EMPTY(&dp->ips_exclude))`

nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`struct desync_profile_list {`
			`struct desync_profile dp;`
			`LIST_ENTRY(desync_profile_list) next;`
			`};`
			`LIST_HEAD(desync_profile_list_head, desync_profile_list);`
			`struct desync_profile_list dp_list_add(struct desync_profile_list_head head);`
			`void dp_list_destroy(struct desync_profile_list_head *head);`
			`bool dp_list_have_autohostlist(struct desync_profile_list_head *head);`

			`struct params_s`
			`{`
			`enum log_target debug_target;`
			`char debug_logfile[PATH_MAX];`
			`bool debug;`

			`#ifdef __linux__`
			`int qnum;`
			`#elif defined(BSD)`
			`uint16_t port; // divert port`
			`#endif`
			`char bind_fix4,bind_fix6;`
			`uint32_t desync_fwmark; // unused in BSD`

			`struct desync_profile_list_head desync_profiles;`

winws: ssid-filter 2024-06-19 19:46:16 +03:00			`#ifdef __CYGWIN__`
winws: NLM filter 2024-07-12 15:13:18 +03:00			`struct str_list_head ssid_filter,nlm_filter;`
winws: ssid-filter 2024-06-19 19:46:16 +03:00			`#else`
history purge 2021-03-04 14:30:38 +03:00			`bool droproot;`
			`uid_t uid;`
			`gid_t gid;`
winws 2024-04-26 21:36:27 +03:00			`#endif`
nfqws: conntrack 2021-03-18 17:21:25 +03:00
nfqws: multi strategy 2024-09-17 19:57:21 +03:00			`char hostlist_auto_debuglog[PATH_MAX];`

nfqws: udp protocol desync 2022-01-01 20:22:04 +03:00			`unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;`
nfqws: conntrack 2021-03-18 17:21:25 +03:00			`t_conntrack conntrack;`
history purge 2021-03-04 14:30:38 +03:00			`};`

			`extern struct params_s params;`
nfqws: --debug to file and syslog 2024-08-23 14:42:21 +03:00			`extern const char *progname;`
history purge 2021-03-04 14:30:38 +03:00
nfqws: --debug to file and syslog 2024-08-23 14:42:21 +03:00			`int DLOG(const char *format, ...);`
			`int DLOG_ERR(const char *format, ...);`
			`int DLOG_PERROR(const char *s);`
			`int DLOG_CONDUP(const char *format, ...);`
			`int HOSTLIST_DEBUGLOG_APPEND(const char *format, ...);`