mirror of
https://github.com/bol-van/zapret.git
synced 2025-01-18 04:12:22 +03:00
tpws: fix socks-hostname hostlist checks
This commit is contained in:
parent
09378553b9
commit
46284938ce
@ -140,11 +140,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
||||
|
||||
if (bHaveHost)
|
||||
VPRINT("request hostname: %s\n", Host);
|
||||
if (ctrack->b_not_act)
|
||||
{
|
||||
VPRINT("Not acting on this request\n");
|
||||
return;
|
||||
}
|
||||
|
||||
bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN;
|
||||
if (bDiscoveredL7)
|
||||
@ -169,17 +164,25 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
||||
struct desync_profile *dp_prev = ctrack->dp;
|
||||
apply_desync_profile(ctrack, dest);
|
||||
if (ctrack->dp!=dp_prev)
|
||||
{
|
||||
VPRINT("desync profile changed by revealed l7 protocol or hostname !\n");
|
||||
ctrack->b_host_checked = ctrack->b_ah_check = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (bDiscoveredHostname && ctrack->dp->hostlist_auto)
|
||||
if (l7proto!=UNKNOWN && ctrack->dp->hostlist_auto)
|
||||
{
|
||||
bool bHostExcluded;
|
||||
if (!HostlistCheck(ctrack->dp, Host, &bHostExcluded, false))
|
||||
if (bHaveHost && !ctrack->b_host_checked)
|
||||
{
|
||||
bool bHostExcluded;
|
||||
ctrack->b_host_matches = HostlistCheck(ctrack->dp, Host, &bHostExcluded, false);
|
||||
ctrack->b_host_checked = true;
|
||||
if (!ctrack->b_host_matches)
|
||||
ctrack->b_ah_check = !bHostExcluded;
|
||||
}
|
||||
if (!ctrack->b_host_matches)
|
||||
{
|
||||
ctrack->b_ah_check = !bHostExcluded;
|
||||
VPRINT("Not acting on this request\n");
|
||||
ctrack->b_not_act = true;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -14,8 +14,7 @@ typedef struct
|
||||
// common state
|
||||
t_l7proto l7proto;
|
||||
bool bTamperInCutoff;
|
||||
bool b_ah_check;
|
||||
bool b_not_act;
|
||||
bool b_host_checked,b_host_matches,b_ah_check;
|
||||
char *hostname;
|
||||
struct desync_profile *dp; // desync profile cache
|
||||
} t_ctrack;
|
||||
|
@ -479,6 +479,30 @@ static int connect_remote(const struct sockaddr *remote_addr, int mss)
|
||||
return remote_fd;
|
||||
}
|
||||
|
||||
static bool connect_remote_conn(tproxy_conn_t *conn)
|
||||
{
|
||||
int mss=0;
|
||||
|
||||
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
||||
|
||||
if (conn->track.dp)
|
||||
{
|
||||
mss = conn->track.dp->mss;
|
||||
if (conn->track.dp->hostlist_auto)
|
||||
{
|
||||
if (conn->track.hostname)
|
||||
{
|
||||
bool bHostExcluded;
|
||||
conn->track.b_host_matches = HostlistCheck(conn->track.dp, conn->track.hostname, &bHostExcluded, false);
|
||||
conn->track.b_host_checked = true;
|
||||
if (!conn->track.b_host_matches) conn->track.b_ah_check = !bHostExcluded;
|
||||
if (!conn->track.b_host_matches) mss = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return (conn->partner->fd = connect_remote((struct sockaddr *)&conn->dest, mss))>=0;
|
||||
}
|
||||
|
||||
//Free resources occupied by this connection
|
||||
static void free_conn(tproxy_conn_t *conn)
|
||||
@ -636,9 +660,7 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
|
||||
conn->partner->client = conn->client;
|
||||
conn->partner->dest = conn->dest;
|
||||
|
||||
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
||||
|
||||
if ((conn->partner->fd = connect_remote((struct sockaddr *)&orig_dst, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
|
||||
if (!connect_remote_conn(conn))
|
||||
{
|
||||
DLOG_ERR("Failed to connect\n");
|
||||
free_conn(conn->partner);
|
||||
@ -811,14 +833,7 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
|
||||
return false;
|
||||
}
|
||||
|
||||
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
||||
|
||||
if ((remote_fd = connect_remote((struct sockaddr *)&conn->dest, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
|
||||
{
|
||||
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
|
||||
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
|
||||
return false;
|
||||
}
|
||||
if (!(conn->partner = new_conn(remote_fd, true)))
|
||||
{
|
||||
close(remote_fd);
|
||||
@ -830,6 +845,15 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
|
||||
conn->partner->efd = conn->efd;
|
||||
conn->partner->client = conn->client;
|
||||
conn->partner->dest = conn->dest;
|
||||
|
||||
if (!connect_remote_conn(conn))
|
||||
{
|
||||
free_conn(conn->partner); conn->partner = NULL;
|
||||
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
|
||||
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!epoll_set(conn->partner, EPOLLOUT))
|
||||
{
|
||||
DLOG_ERR("socks epoll_set error %d\n", errno);
|
||||
|
Loading…
Reference in New Issue
Block a user