drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-11 00:02:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: do not reconstruct synack-split in syn mode

Browse Source
This commit is contained in:
bol-van 2025-05-10 09:41:26 +03:00
parent 4b632313e2
commit 6d52b49b98
3 changed files with 40 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
nfq/desync.c
View File

@ -1188,11 +1188,20 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
//ConntrackPoolDump(&params.conntrack); //ConntrackPoolDump(&params.conntrack);
if (dp->wsize && tcp_synack_segment(dis->tcp)) if (tcp_synack_segment(dis->tcp))
{
if (dp->wsize)
{ {
tcp_rewrite_winsize(dis->tcp, dp->wsize, dp->wscale); tcp_rewrite_winsize(dis->tcp, dp->wsize, dp->wscale);
verdict=VERDICT_MODIFY; verdict=VERDICT_MODIFY;
} }
if (dp->synack_split==SS_SYN)
{
DLOG("split SYNACK : clearing ACK bit\n");
dis->tcp->th_flags &= ~TH_ACK;
verdict=VERDICT_MODIFY;
}
}
if (bReverse) if (bReverse)
{ {
@ -1280,20 +1289,14 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
} }
} }
if (dp->synack_split!=SS_NONE && tcp_synack_segment(dis->tcp)) if ((dp->synack_split==SS_SYNACK || dp->synack_split==SS_ACKSYN) && tcp_synack_segment(dis->tcp))
{ {
// reconstruct required
dis->tcp->th_flags &= ~TH_ACK; dis->tcp->th_flags &= ~TH_ACK;
tcp_fix_checksum(dis->tcp,dis->transport_len, dis->ip, dis->ip6); tcp_fix_checksum(dis->tcp,dis->transport_len, dis->ip, dis->ip6);
char ss[2],i,ct; char ss[2],i;
if (dp->synack_split==SS_SYN)
{
ct=1;
ss[0] = 'S';
}
else
{
ct=2;
if (dp->synack_split==SS_SYNACK) if (dp->synack_split==SS_SYNACK)
{ {
ss[0] = 'S'; ss[0] = 'S';
@ -1312,18 +1315,17 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
DLOG_ERR("cannot prepare split SYNACK ACK part\n"); DLOG_ERR("cannot prepare split SYNACK ACK part\n");
goto send_orig; goto send_orig;
} }
} for (int i=0;i<2;i++)
for (int i=0;i<ct;i++)
{ {
switch(ss[i]) switch(ss[i])
{ {
case 'S': case 'S':
DLOG("sending split SYNACK : SYN\n"); DLOG("split SYNACK : SYN\n");
if (!rawsend_rep(dp->desync_repeats,(struct sockaddr *)&dst, desync_fwmark, ifout , dis->data_pkt, dis->len_pkt)) if (!rawsend_rep(dp->desync_repeats,(struct sockaddr *)&dst, desync_fwmark, ifout , dis->data_pkt, dis->len_pkt))
goto send_orig; goto send_orig;
break; break;
case 'A': case 'A':
DLOG("sending split SYNACK : ACK\n"); DLOG("split SYNACK : ACK\n");
if (!rawsend_rep(dp->desync_repeats,(struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len)) if (!rawsend_rep(dp->desync_repeats,(struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
goto send_orig; goto send_orig;
break; break;

8
nfq/nfqws.c
View File

@ -527,13 +527,7 @@ static int win_main(const char *windivert_filter)
WINDIVERT_ADDRESS wa; WINDIVERT_ADDRESS wa;
char ifname[IFNAMSIZ]; char ifname[IFNAMSIZ];
if (params.daemon) if (params.daemon) daemonize();
{
// cygwin loses current dir
char *cwd = get_current_dir_name();
daemonize();
chdir(cwd);
}
if (*params.pidfile && !writepid(params.pidfile)) if (*params.pidfile && !writepid(params.pidfile))
{ {

8
nfq/sec.c
View File

@ -343,9 +343,13 @@ void print_id(void)
#endif #endif
void daemonize(void) void daemonize(void)
{ {
int pid; int pid;
#ifdef __CYGWIN__
char *cwd = get_current_dir_name();
#endif
pid = fork(); pid = fork();
if (pid == -1) if (pid == -1)
@ -356,6 +360,10 @@ void daemonize(void)
else if (pid != 0) else if (pid != 0)
exit(0); exit(0);
#ifdef __CYGWIN__
chdir(get_current_dir_name());
#endif
if (setsid() == -1) if (setsid() == -1)
exit(2); exit(2);
if (chdir("/") == -1) if (chdir("/") == -1)