mirror of
https://github.com/bol-van/zapret.git
synced 2025-05-24 22:32:58 +03:00
nfqws,tpws: multiple hostlist support, exclude hostlist support
This commit is contained in:
bol-van
@@ -323,7 +323,7 @@ packet_process_result dpi_desync_tcp_packet(uint32_t fwmark, const char *ifout,
|
||||
if (bHaveHost)
|
||||
{
|
||||
DLOG("hostname: %s\n",host)
|
||||
if (params.hostlist && !SearchHostList(params.hostlist,host,params.debug))
|
||||
if ((params.hostlist || params.hostlist_exclude) && !HostlistCheck(params.hostlist, params.hostlist_exclude, host))
|
||||
{
|
||||
DLOG("not applying tampering to this request\n")
|
||||
return res;
|
||||
@@ -738,7 +738,7 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
|
||||
if (bHaveHost)
|
||||
{
|
||||
DLOG("hostname: %s\n",host)
|
||||
if (params.hostlist && !SearchHostList(params.hostlist,host,params.debug))
|
||||
if ((params.hostlist || params.hostlist_exclude) && !HostlistCheck(params.hostlist, params.hostlist_exclude, host))
|
||||
{
|
||||
DLOG("not applying tampering to this request\n")
|
||||
return res;
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
#include <stdio.h>
|
||||
#include "hostlist.h"
|
||||
#include "gzip.h"
|
||||
#include "params.h"
|
||||
|
||||
|
||||
static bool addpool(strpool **hostlist, char **s, const char *end)
|
||||
@@ -22,20 +23,16 @@ static bool addpool(strpool **hostlist, char **s, const char *end)
|
||||
}
|
||||
|
||||
|
||||
bool LoadHostList(strpool **hostlist, char *filename)
|
||||
bool AppendHostList(strpool **hostlist, char *filename)
|
||||
{
|
||||
char *p, *e, s[256], *zbuf;
|
||||
size_t zsize;
|
||||
int ct = 0;
|
||||
FILE *F;
|
||||
int r;
|
||||
|
||||
if (*hostlist)
|
||||
{
|
||||
StrPoolDestroy(hostlist);
|
||||
*hostlist = NULL;
|
||||
}
|
||||
|
||||
|
||||
printf("Loading hostlist %s\n",filename);
|
||||
|
||||
if (!(F = fopen(filename, "rb")))
|
||||
{
|
||||
fprintf(stderr, "Could not open %s\n", filename);
|
||||
@@ -92,8 +89,25 @@ bool LoadHostList(strpool **hostlist, char *filename)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list)
|
||||
{
|
||||
struct str_list *file;
|
||||
|
||||
bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
||||
if (*hostlist)
|
||||
{
|
||||
StrPoolDestroy(hostlist);
|
||||
*hostlist = NULL;
|
||||
}
|
||||
|
||||
LIST_FOREACH(file, file_list, next)
|
||||
{
|
||||
if (!AppendHostList(hostlist, file->str)) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool SearchHostList(strpool *hostlist, const char *host)
|
||||
{
|
||||
if (hostlist)
|
||||
{
|
||||
@@ -102,7 +116,7 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
||||
while (p)
|
||||
{
|
||||
bInHostList = StrPoolCheckStr(hostlist, p);
|
||||
if (debug) printf("Hostlist check for %s : %s\n", p, bInHostList ? "positive" : "negative");
|
||||
if (params.debug) printf("Hostlist check for %s : %s\n", p, bInHostList ? "positive" : "negative");
|
||||
if (bInHostList) return true;
|
||||
p = strchr(p, '.');
|
||||
if (p) p++;
|
||||
@@ -110,3 +124,19 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// return : true = apply fooling, false = do not apply
|
||||
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host)
|
||||
{
|
||||
if (hostlist_exclude)
|
||||
{
|
||||
if (params.debug) printf("Checking exclude hostlist\n");
|
||||
if (SearchHostList(hostlist_exclude, host)) return false;
|
||||
}
|
||||
if (hostlist)
|
||||
{
|
||||
if (params.debug) printf("Checking include hostlist\n");
|
||||
return SearchHostList(hostlist, host);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -3,5 +3,8 @@
|
||||
#include <stdbool.h>
|
||||
#include "strpool.h"
|
||||
|
||||
bool LoadHostList(strpool **hostlist, char *filename);
|
||||
bool SearchHostList(strpool *hostlist, const char *host,bool debug);
|
||||
bool AppendHostList(strpool **hostlist, char *filename);
|
||||
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list);
|
||||
bool SearchHostList(strpool *hostlist, const char *host);
|
||||
// return : true = apply fooling, false = do not apply
|
||||
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host);
|
||||
|
||||
62
nfq/nfqws.c
62
nfq/nfqws.c
@@ -48,7 +48,7 @@ static bool bHup = false;
|
||||
static void onhup(int sig)
|
||||
{
|
||||
printf("HUP received !\n");
|
||||
if (params.hostlist)
|
||||
if (params.hostlist || params.hostlist_exclude)
|
||||
printf("Will reload hostlist on next request\n");
|
||||
bHup = true;
|
||||
}
|
||||
@@ -57,13 +57,11 @@ static void dohup()
|
||||
{
|
||||
if (bHup)
|
||||
{
|
||||
if (params.hostlist)
|
||||
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files) ||
|
||||
!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||
{
|
||||
if (!LoadHostList(¶ms.hostlist, params.hostfile))
|
||||
{
|
||||
// what will we do without hostlist ?? sure, gonna die
|
||||
exit(1);
|
||||
}
|
||||
// what will we do without hostlist ?? sure, gonna die
|
||||
exit(1);
|
||||
}
|
||||
bHup = false;
|
||||
}
|
||||
@@ -549,7 +547,8 @@ static void exithelp()
|
||||
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
|
||||
" --dpi-desync-udplen-increment=<int>\t; increase udp packet length by N bytes (default %u)\n"
|
||||
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
|
||||
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply)\n",
|
||||
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||
" --hostlist-exclude=<filename>\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n",
|
||||
CTRACK_T_SYN, CTRACK_T_EST, CTRACK_T_FIN, CTRACK_T_UDP,
|
||||
#if defined(__linux__) || defined(SO_USER_COOKIE)
|
||||
DPI_DESYNC_FWMARK_DEFAULT,DPI_DESYNC_FWMARK_DEFAULT,
|
||||
@@ -565,12 +564,20 @@ static void exithelp()
|
||||
|
||||
static void cleanup_params()
|
||||
{
|
||||
ConntrackPoolDestroy(¶ms.conntrack);
|
||||
|
||||
strlist_destroy(¶ms.hostlist_files);
|
||||
strlist_destroy(¶ms.hostlist_exclude_files);
|
||||
if (params.hostlist_exclude)
|
||||
{
|
||||
StrPoolDestroy(¶ms.hostlist_exclude);
|
||||
params.hostlist_exclude = NULL;
|
||||
}
|
||||
if (params.hostlist)
|
||||
{
|
||||
StrPoolDestroy(¶ms.hostlist);
|
||||
params.hostlist = NULL;
|
||||
}
|
||||
ConntrackPoolDestroy(¶ms.conntrack);
|
||||
}
|
||||
static void exithelp_clean()
|
||||
{
|
||||
@@ -649,6 +656,9 @@ int main(int argc, char **argv)
|
||||
params.wssize_cutoff_mode = params.desync_cutoff_mode = 'n'; // packet number by default
|
||||
params.udplen_increment = UDPLEN_INCREMENT_DEFAULT;
|
||||
|
||||
LIST_INIT(¶ms.hostlist_files);
|
||||
LIST_INIT(¶ms.hostlist_exclude_files);
|
||||
|
||||
if (can_drop_root()) // are we root ?
|
||||
{
|
||||
params.uid = params.gid = 0x7FFFFFFF; // default uid:gid
|
||||
@@ -704,9 +714,10 @@ int main(int argc, char **argv)
|
||||
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=33
|
||||
{"dpi-desync-cutoff",required_argument,0,0},// optidx=34
|
||||
{"hostlist",required_argument,0,0}, // optidx=35
|
||||
{"hostlist-exclude",required_argument,0,0}, // optidx=36
|
||||
#ifdef __linux__
|
||||
{"bind-fix4",no_argument,0,0}, // optidx=36
|
||||
{"bind-fix6",no_argument,0,0}, // optidx=37
|
||||
{"bind-fix4",no_argument,0,0}, // optidx=37
|
||||
{"bind-fix6",no_argument,0,0}, // optidx=38
|
||||
#endif
|
||||
{NULL,0,NULL,0}
|
||||
};
|
||||
@@ -1003,16 +1014,24 @@ int main(int argc, char **argv)
|
||||
}
|
||||
break;
|
||||
case 35: /* hostlist */
|
||||
if (!LoadHostList(¶ms.hostlist, optarg))
|
||||
if (!strlist_add(¶ms.hostlist_files, optarg))
|
||||
{
|
||||
fprintf(stderr, "strlist_add failed\n");
|
||||
exit_clean(1);
|
||||
strncpy(params.hostfile,optarg,sizeof(params.hostfile));
|
||||
params.hostfile[sizeof(params.hostfile)-1]='\0';
|
||||
}
|
||||
break;
|
||||
case 36: /* hostlist-exclude */
|
||||
if (!strlist_add(¶ms.hostlist_exclude_files, optarg))
|
||||
{
|
||||
fprintf(stderr, "strlist_add failed\n");
|
||||
exit_clean(1);
|
||||
}
|
||||
break;
|
||||
#ifdef __linux__
|
||||
case 36: /* bind-fix4 */
|
||||
case 37: /* bind-fix4 */
|
||||
params.bind_fix4 = true;
|
||||
break;
|
||||
case 37: /* bind-fix6 */
|
||||
case 38: /* bind-fix6 */
|
||||
params.bind_fix6 = true;
|
||||
break;
|
||||
#endif
|
||||
@@ -1028,6 +1047,17 @@ int main(int argc, char **argv)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files))
|
||||
{
|
||||
fprintf(stderr, "Include hostlist load failed\n");
|
||||
exit_clean(1);
|
||||
}
|
||||
if (!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||
{
|
||||
fprintf(stderr, "Exclude hostlist load failed\n");
|
||||
exit_clean(1);
|
||||
}
|
||||
|
||||
if (daemon) daemonize();
|
||||
|
||||
if (*pidfile && !writepid(pidfile))
|
||||
|
||||
@@ -50,8 +50,6 @@ struct params_s
|
||||
uint8_t desync_fooling_mode;
|
||||
uint32_t desync_fwmark; // unused in BSD
|
||||
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
||||
char hostfile[256];
|
||||
strpool *hostlist;
|
||||
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
|
||||
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
|
||||
uint16_t udplen_increment;
|
||||
@@ -59,6 +57,9 @@ struct params_s
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
|
||||
strpool *hostlist, *hostlist_exclude;
|
||||
struct str_list_head hostlist_files, hostlist_exclude_files;
|
||||
|
||||
unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
|
||||
t_conntrack conntrack;
|
||||
};
|
||||
|
||||
@@ -74,3 +74,34 @@ void StrPoolDestroy(strpool **p)
|
||||
}
|
||||
*p = NULL;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
bool strlist_add(struct str_list_head *head, const char *filename)
|
||||
{
|
||||
struct str_list *entry = malloc(sizeof(struct str_list));
|
||||
if (!entry) return false;
|
||||
entry->str = strdup(filename);
|
||||
if (!entry->str)
|
||||
{
|
||||
free(entry);
|
||||
return false;
|
||||
}
|
||||
LIST_INSERT_HEAD(head, entry, next);
|
||||
return true;
|
||||
}
|
||||
static void strlist_entry_destroy(struct str_list *entry)
|
||||
{
|
||||
if (entry->str) free(entry->str);
|
||||
free(entry);
|
||||
}
|
||||
void strlist_destroy(struct str_list_head *head)
|
||||
{
|
||||
struct str_list *entry;
|
||||
while (entry = LIST_FIRST(head))
|
||||
{
|
||||
LIST_REMOVE(entry, next);
|
||||
strlist_entry_destroy(entry);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <ctype.h>
|
||||
#include <sys/queue.h>
|
||||
|
||||
//#define HASH_BLOOM 20
|
||||
#define HASH_NONFATAL_OOM 1
|
||||
#undef HASH_FUNCTION
|
||||
#define HASH_FUNCTION HASH_BER
|
||||
#include "uthash.h"
|
||||
|
||||
@@ -18,3 +18,12 @@ void StrPoolDestroy(strpool **p);
|
||||
bool StrPoolAddStr(strpool **pp,const char *s);
|
||||
bool StrPoolAddStrLen(strpool **pp,const char *s,size_t slen);
|
||||
bool StrPoolCheckStr(strpool *p,const char *s);
|
||||
|
||||
struct str_list {
|
||||
char *str;
|
||||
LIST_ENTRY(str_list) next;
|
||||
};
|
||||
LIST_HEAD(str_list_head, str_list);
|
||||
|
||||
bool strlist_add(struct str_list_head *head, const char *filename);
|
||||
void strlist_destroy(struct str_list_head *head);
|
||||
|
||||
Reference in New Issue
Block a user