Merge branch 'bol-van:master' into master

This commit is contained in:
Nik 2024-11-23 01:20:39 +03:00 committed by GitHub
commit 797a51004a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 51 additions and 23 deletions

View File

@ -140,11 +140,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
if (bHaveHost) if (bHaveHost)
VPRINT("request hostname: %s\n", Host); VPRINT("request hostname: %s\n", Host);
if (ctrack->b_not_act)
{
VPRINT("Not acting on this request\n");
return;
}
bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN; bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN;
if (bDiscoveredL7) if (bDiscoveredL7)
@ -169,17 +164,25 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
struct desync_profile *dp_prev = ctrack->dp; struct desync_profile *dp_prev = ctrack->dp;
apply_desync_profile(ctrack, dest); apply_desync_profile(ctrack, dest);
if (ctrack->dp!=dp_prev) if (ctrack->dp!=dp_prev)
{
VPRINT("desync profile changed by revealed l7 protocol or hostname !\n"); VPRINT("desync profile changed by revealed l7 protocol or hostname !\n");
ctrack->b_host_checked = ctrack->b_ah_check = false;
}
} }
if (bDiscoveredHostname && ctrack->dp->hostlist_auto) if (l7proto!=UNKNOWN && ctrack->dp->hostlist_auto)
{ {
bool bHostExcluded; if (bHaveHost && !ctrack->b_host_checked)
if (!HostlistCheck(ctrack->dp, Host, &bHostExcluded, false)) {
bool bHostExcluded;
ctrack->b_host_matches = HostlistCheck(ctrack->dp, Host, &bHostExcluded, false);
ctrack->b_host_checked = true;
if (!ctrack->b_host_matches)
ctrack->b_ah_check = !bHostExcluded;
}
if (!ctrack->b_host_matches)
{ {
ctrack->b_ah_check = !bHostExcluded;
VPRINT("Not acting on this request\n"); VPRINT("Not acting on this request\n");
ctrack->b_not_act = true;
return; return;
} }
} }

View File

@ -14,8 +14,7 @@ typedef struct
// common state // common state
t_l7proto l7proto; t_l7proto l7proto;
bool bTamperInCutoff; bool bTamperInCutoff;
bool b_ah_check; bool b_host_checked,b_host_matches,b_ah_check;
bool b_not_act;
char *hostname; char *hostname;
struct desync_profile *dp; // desync profile cache struct desync_profile *dp; // desync profile cache
} t_ctrack; } t_ctrack;

View File

@ -479,6 +479,33 @@ static int connect_remote(const struct sockaddr *remote_addr, int mss)
return remote_fd; return remote_fd;
} }
static bool connect_remote_conn(tproxy_conn_t *conn)
{
int mss=0;
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
if (conn->track.dp)
{
mss = conn->track.dp->mss;
if (conn->track.dp->hostlist_auto)
{
if (conn->track.hostname)
{
bool bHostExcluded;
conn->track.b_host_matches = HostlistCheck(conn->track.dp, conn->track.hostname, &bHostExcluded, false);
conn->track.b_host_checked = true;
if (!conn->track.b_host_matches)
{
conn->track.b_ah_check = !bHostExcluded;
mss = 0;
}
}
}
}
return (conn->partner->fd = connect_remote((struct sockaddr *)&conn->dest, mss))>=0;
}
//Free resources occupied by this connection //Free resources occupied by this connection
static void free_conn(tproxy_conn_t *conn) static void free_conn(tproxy_conn_t *conn)
@ -636,9 +663,7 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
conn->partner->client = conn->client; conn->partner->client = conn->client;
conn->partner->dest = conn->dest; conn->partner->dest = conn->dest;
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest); if (!connect_remote_conn(conn))
if ((conn->partner->fd = connect_remote((struct sockaddr *)&orig_dst, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
{ {
DLOG_ERR("Failed to connect\n"); DLOG_ERR("Failed to connect\n");
free_conn(conn->partner); free_conn(conn->partner);
@ -811,14 +836,7 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
return false; return false;
} }
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
if ((remote_fd = connect_remote((struct sockaddr *)&conn->dest, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
{
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
return false;
}
if (!(conn->partner = new_conn(remote_fd, true))) if (!(conn->partner = new_conn(remote_fd, true)))
{ {
close(remote_fd); close(remote_fd);
@ -830,6 +848,15 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
conn->partner->efd = conn->efd; conn->partner->efd = conn->efd;
conn->partner->client = conn->client; conn->partner->client = conn->client;
conn->partner->dest = conn->dest; conn->partner->dest = conn->dest;
if (!connect_remote_conn(conn))
{
free_conn(conn->partner); conn->partner = NULL;
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
return false;
}
if (!epoll_set(conn->partner, EPOLLOUT)) if (!epoll_set(conn->partner, EPOLLOUT))
{ {
DLOG_ERR("socks epoll_set error %d\n", errno); DLOG_ERR("socks epoll_set error %d\n", errno);
@ -1652,7 +1679,6 @@ int event_loop(const int *listen_fd, size_t listen_fd_ct)
} }
else else
{ {
DBGPRINT("conn fd=%d has no unsent\n", conn->fd); DBGPRINT("conn fd=%d has no unsent\n", conn->fd);
conn->bFlowIn = false; conn->bFlowIn = false;
epoll_update_flow(conn); epoll_update_flow(conn);