mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 20:20:53 +03:00
nfqws: separate ipv4/6 ttl setting
This commit is contained in:
parent
e926172ed8
commit
545c9a4730
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
2
config
2
config
@ -43,7 +43,7 @@ MODE_FILTER=none
|
|||||||
|
|
||||||
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
|
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
|
||||||
DESYNC_MARK=0x40000000
|
DESYNC_MARK=0x40000000
|
||||||
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badsum"
|
||||||
#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
||||||
#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
||||||
#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
|
#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
|
||||||
|
@ -163,7 +163,8 @@ packet_process_result dpi_desync_packet(uint8_t *data_pkt, size_t len_pkt, struc
|
|||||||
if (params.desync_mode0!=DESYNC_NONE || params.desync_mode!=DESYNC_NONE) // save some cpu
|
if (params.desync_mode0!=DESYNC_NONE || params.desync_mode!=DESYNC_NONE) // save some cpu
|
||||||
{
|
{
|
||||||
ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
|
ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
|
||||||
ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
|
if (ip6hdr) ttl_fake = params.desync_ttl6 ? params.desync_ttl6 : ttl_orig;
|
||||||
|
else ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
|
||||||
flags_orig = *((uint8_t*)tcphdr+13);
|
flags_orig = *((uint8_t*)tcphdr+13);
|
||||||
scale_factor = tcp_find_scale_factor(tcphdr);
|
scale_factor = tcp_find_scale_factor(tcphdr);
|
||||||
timestamps = tcp_find_timestamps(tcphdr);
|
timestamps = tcp_find_timestamps(tcphdr);
|
||||||
|
48
nfq/nfqws.c
48
nfq/nfqws.c
@ -486,6 +486,7 @@ static void exithelp()
|
|||||||
" --dpi-desync-sockarg=<int|0xHEX>\t; override sockarg (SO_USER_COOKIE) for desync packet. default = 0x%08X (%u)\n"
|
" --dpi-desync-sockarg=<int|0xHEX>\t; override sockarg (SO_USER_COOKIE) for desync packet. default = 0x%08X (%u)\n"
|
||||||
#endif
|
#endif
|
||||||
" --dpi-desync-ttl=<int>\t\t\t; set ttl for desync packet\n"
|
" --dpi-desync-ttl=<int>\t\t\t; set ttl for desync packet\n"
|
||||||
|
" --dpi-desync-ttl6=<int>\t\t; set ipv6 hop limit for desync packet. by default ttl value is used.\n"
|
||||||
" --dpi-desync-fooling=<mode>[,<mode>]\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum\n"
|
" --dpi-desync-fooling=<mode>[,<mode>]\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum\n"
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
" --dpi-desync-retrans=0|1\t\t; 0(default)=reinject original data packet after fake 1=drop original data packet to force its retransmission\n"
|
" --dpi-desync-retrans=0|1\t\t; 0(default)=reinject original data packet after fake 1=drop original data packet to force its retransmission\n"
|
||||||
@ -552,6 +553,7 @@ int main(int argc, char **argv)
|
|||||||
params.ctrack_t_syn = CTRACK_T_SYN;
|
params.ctrack_t_syn = CTRACK_T_SYN;
|
||||||
params.ctrack_t_est = CTRACK_T_EST;
|
params.ctrack_t_est = CTRACK_T_EST;
|
||||||
params.ctrack_t_fin = CTRACK_T_FIN;
|
params.ctrack_t_fin = CTRACK_T_FIN;
|
||||||
|
params.desync_ttl6 = 0xFF; // unused
|
||||||
|
|
||||||
if (can_drop_root()) // are we root ?
|
if (can_drop_root()) // are we root ?
|
||||||
{
|
{
|
||||||
@ -589,16 +591,17 @@ int main(int argc, char **argv)
|
|||||||
{"disabled_argument_2",no_argument,0,0}, // optidx=15
|
{"disabled_argument_2",no_argument,0,0}, // optidx=15
|
||||||
#endif
|
#endif
|
||||||
{"dpi-desync-ttl",required_argument,0,0}, // optidx=16
|
{"dpi-desync-ttl",required_argument,0,0}, // optidx=16
|
||||||
{"dpi-desync-fooling",required_argument,0,0}, // optidx=17
|
{"dpi-desync-ttl6",required_argument,0,0}, // optidx=17
|
||||||
{"dpi-desync-retrans",optional_argument,0,0}, // optidx=18
|
{"dpi-desync-fooling",required_argument,0,0}, // optidx=18
|
||||||
{"dpi-desync-repeats",required_argument,0,0}, // optidx=19
|
{"dpi-desync-retrans",optional_argument,0,0}, // optidx=19
|
||||||
{"dpi-desync-skip-nosni",optional_argument,0,0},// optidx=20
|
{"dpi-desync-repeats",required_argument,0,0}, // optidx=20
|
||||||
{"dpi-desync-split-pos",required_argument,0,0},// optidx=21
|
{"dpi-desync-skip-nosni",optional_argument,0,0},// optidx=21
|
||||||
{"dpi-desync-any-protocol",optional_argument,0,0},// optidx=22
|
{"dpi-desync-split-pos",required_argument,0,0},// optidx=22
|
||||||
{"dpi-desync-fake-http",required_argument,0,0},// optidx=23
|
{"dpi-desync-any-protocol",optional_argument,0,0},// optidx=23
|
||||||
{"dpi-desync-fake-tls",required_argument,0,0},// optidx=24
|
{"dpi-desync-fake-http",required_argument,0,0},// optidx=24
|
||||||
{"dpi-desync-cutoff",required_argument,0,0},// optidx=25
|
{"dpi-desync-fake-tls",required_argument,0,0},// optidx=25
|
||||||
{"hostlist",required_argument,0,0}, // optidx=26
|
{"dpi-desync-cutoff",required_argument,0,0},// optidx=26
|
||||||
|
{"hostlist",required_argument,0,0}, // optidx=27
|
||||||
{NULL,0,NULL,0}
|
{NULL,0,NULL,0}
|
||||||
};
|
};
|
||||||
if (argc < 2) exithelp();
|
if (argc < 2) exithelp();
|
||||||
@ -754,7 +757,10 @@ int main(int argc, char **argv)
|
|||||||
case 16: /* dpi-desync-ttl */
|
case 16: /* dpi-desync-ttl */
|
||||||
params.desync_ttl = (uint8_t)atoi(optarg);
|
params.desync_ttl = (uint8_t)atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 17: /* dpi-desync-fooling */
|
case 17: /* dpi-desync-ttl6 */
|
||||||
|
params.desync_ttl6 = (uint8_t)atoi(optarg);
|
||||||
|
break;
|
||||||
|
case 18: /* dpi-desync-fooling */
|
||||||
{
|
{
|
||||||
char *e,*p = optarg;
|
char *e,*p = optarg;
|
||||||
while (p)
|
while (p)
|
||||||
@ -783,7 +789,7 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 18: /* dpi-desync-retrans */
|
case 19: /* dpi-desync-retrans */
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
params.desync_retrans = !optarg || atoi(optarg);
|
params.desync_retrans = !optarg || atoi(optarg);
|
||||||
#else
|
#else
|
||||||
@ -791,7 +797,7 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case 19: /* dpi-desync-repeats */
|
case 20: /* dpi-desync-repeats */
|
||||||
params.desync_repeats = atoi(optarg);
|
params.desync_repeats = atoi(optarg);
|
||||||
if (params.desync_repeats<=0 || params.desync_repeats>20)
|
if (params.desync_repeats<=0 || params.desync_repeats>20)
|
||||||
{
|
{
|
||||||
@ -799,10 +805,10 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 20: /* dpi-desync-skip-nosni */
|
case 21: /* dpi-desync-skip-nosni */
|
||||||
params.desync_skip_nosni = !optarg || atoi(optarg);
|
params.desync_skip_nosni = !optarg || atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 21: /* dpi-desync-split-pos */
|
case 22: /* dpi-desync-split-pos */
|
||||||
params.desync_split_pos = atoi(optarg);
|
params.desync_split_pos = atoi(optarg);
|
||||||
if (params.desync_split_pos<1 || params.desync_split_pos>DPI_DESYNC_MAX_FAKE_LEN)
|
if (params.desync_split_pos<1 || params.desync_split_pos>DPI_DESYNC_MAX_FAKE_LEN)
|
||||||
{
|
{
|
||||||
@ -810,10 +816,10 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 22: /* dpi-desync-any-protocol */
|
case 23: /* dpi-desync-any-protocol */
|
||||||
params.desync_any_proto = !optarg || atoi(optarg);
|
params.desync_any_proto = !optarg || atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 23: /* dpi-desync-fake-http */
|
case 24: /* dpi-desync-fake-http */
|
||||||
params.fake_http_size = sizeof(params.fake_http);
|
params.fake_http_size = sizeof(params.fake_http);
|
||||||
if (!load_file_nonempty(optarg,params.fake_http,¶ms.fake_http_size))
|
if (!load_file_nonempty(optarg,params.fake_http,¶ms.fake_http_size))
|
||||||
{
|
{
|
||||||
@ -821,7 +827,7 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 24: /* dpi-desync-fake-tls */
|
case 25: /* dpi-desync-fake-tls */
|
||||||
params.fake_tls_size = sizeof(params.fake_tls);
|
params.fake_tls_size = sizeof(params.fake_tls);
|
||||||
if (!load_file_nonempty(optarg,params.fake_tls,¶ms.fake_tls_size))
|
if (!load_file_nonempty(optarg,params.fake_tls,¶ms.fake_tls_size))
|
||||||
{
|
{
|
||||||
@ -829,14 +835,14 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 25: /* desync-cutoff */
|
case 26: /* desync-cutoff */
|
||||||
if (!sscanf(optarg, "%u", ¶ms.desync_cutoff))
|
if (!sscanf(optarg, "%u", ¶ms.desync_cutoff))
|
||||||
{
|
{
|
||||||
fprintf(stderr, "invalid desync-cutoff value\n");
|
fprintf(stderr, "invalid desync-cutoff value\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 26: /* hostlist */
|
case 27: /* hostlist */
|
||||||
if (!LoadHostList(¶ms.hostlist, optarg))
|
if (!LoadHostList(¶ms.hostlist, optarg))
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
strncpy(params.hostfile,optarg,sizeof(params.hostfile));
|
strncpy(params.hostfile,optarg,sizeof(params.hostfile));
|
||||||
@ -844,6 +850,8 @@ int main(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// not specified - use desync_ttl value instead
|
||||||
|
if (params.desync_ttl6 == 0xFF) params.desync_ttl6=params.desync_ttl;
|
||||||
#ifdef BSD
|
#ifdef BSD
|
||||||
if (!params.port)
|
if (!params.port)
|
||||||
{
|
{
|
||||||
|
@ -34,7 +34,7 @@ struct params_s
|
|||||||
bool desync_retrans,desync_skip_nosni,desync_any_proto;
|
bool desync_retrans,desync_skip_nosni,desync_any_proto;
|
||||||
int desync_repeats,desync_split_pos;
|
int desync_repeats,desync_split_pos;
|
||||||
unsigned int desync_cutoff;
|
unsigned int desync_cutoff;
|
||||||
uint8_t desync_ttl;
|
uint8_t desync_ttl, desync_ttl6;
|
||||||
uint8_t desync_tcp_fooling_mode;
|
uint8_t desync_tcp_fooling_mode;
|
||||||
uint32_t desync_fwmark; // unused in BSD
|
uint32_t desync_fwmark; // unused in BSD
|
||||||
char hostfile[256];
|
char hostfile[256];
|
||||||
|
Loading…
Reference in New Issue
Block a user