drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 05:22:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws,tpws: debug alpn and ech

Browse Source
This commit is contained in:
bol-van 2025-04-13 18:07:46 +03:00
parent d19f6c19a4
commit 41dbba1c4c
3 changed files with 81 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/changes.txt
View File

@ -484,4 +484,4 @@ blockcheck: use tpws --fix-seg on linux for multiple splits
v70.7 v70.7
nfqws,tpws: debug tls version nfqws,tpws: debug tls version, alpn, ech

49
nfq/desync.c
View File

@ -87,21 +87,21 @@ void TLSDebug(const uint8_t *tls,size_t sz)
{ {
if (sz<11) return; if (sz<11) return;
uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2;
DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext_supvers; const uint8_t *ext;
size_t len_supvers,len_supvers2; size_t len,len2;
if (TLSFindExt(tls,sz,43,&ext_supvers,&len_supvers,false)) if (TLSFindExt(tls,sz,43,&ext,&len,false))
{ {
if (len_supvers) if (len)
{ {
len_supvers2 = ext_supvers[0]; len2 = ext[0];
if (len_supvers2<len_supvers) if (len2<len)
{ {
for(ext_supvers++,len_supvers2&=~1 ; len_supvers2 ; len_supvers2-=2,ext_supvers+=2) for(ext++,len2&=~1 ; len2 ; len2-=2,ext+=2)
{ {
v = pntoh16(ext_supvers); v = pntoh16(ext);
DLOG("TLS supported versions ext : %s\n",TLSVersionStr(v)); DLOG("TLS supported versions ext : %s\n",TLSVersionStr(v));
} }
} }
@ -109,6 +109,37 @@ void TLSDebug(const uint8_t *tls,size_t sz)
} }
else else
DLOG("TLS supported versions ext : not present\n"); DLOG("TLS supported versions ext : not present\n");
if (TLSFindExt(tls,sz,16,&ext,&len,false))
{
if (len>=2)
{
len2 = pntoh16(ext);
if (len2<=(len-2))
{
char s[32];
for(ext+=2; len2 ;)
{
v = *ext; ext++; len2--;
if (v<=len2)
{
v2 = v<sizeof(s) ? v : sizeof(s)-1;
memcpy(s,ext,v2);
s[v2]=0;
DLOG("TLS ALPN ext : %s\n",s);
len2-=v;
ext+=v;
}
else
break;
}
}
}
}
else
DLOG("TLS ALPN ext : not present\n");
DLOG("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present");
} }

49
tpws/tamper.c
View File

@ -19,21 +19,21 @@ void TLSDebug(const uint8_t *tls,size_t sz)
{ {
if (sz<11) return; if (sz<11) return;
uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2;
VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext_supvers; const uint8_t *ext;
size_t len_supvers,len_supvers2; size_t len,len2;
if (TLSFindExt(tls,sz,43,&ext_supvers,&len_supvers,false)) if (TLSFindExt(tls,sz,43,&ext,&len,false))
{ {
if (len_supvers) if (len)
{ {
len_supvers2 = ext_supvers[0]; len2 = ext[0];
if (len_supvers2<len_supvers) if (len2<len)
{ {
for(ext_supvers++,len_supvers2&=~1 ; len_supvers2 ; len_supvers2-=2,ext_supvers+=2) for(ext++,len2&=~1 ; len2 ; len2-=2,ext+=2)
{ {
v = pntoh16(ext_supvers); v = pntoh16(ext);
VPRINT("TLS supported versions ext : %s\n",TLSVersionStr(v)); VPRINT("TLS supported versions ext : %s\n",TLSVersionStr(v));
} }
} }
@ -41,6 +41,37 @@ void TLSDebug(const uint8_t *tls,size_t sz)
} }
else else
VPRINT("TLS supported versions ext : not present\n"); VPRINT("TLS supported versions ext : not present\n");
if (TLSFindExt(tls,sz,16,&ext,&len,false))
{
if (len>=2)
{
len2 = pntoh16(ext);
if (len2<=(len-2))
{
char s[32];
for(ext+=2; len2 ;)
{
v = *ext; ext++; len2--;
if (v<=len2)
{
v2 = v<sizeof(s) ? v : sizeof(s)-1;
memcpy(s,ext,v2);
s[v2]=0;
VPRINT("TLS ALPN ext : %s\n",s);
len2-=v;
ext+=v;
}
else
break;
}
}
}
}
else
VPRINT("TLS ALPN ext : not present\n");
VPRINT("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present");
} }
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)