diff --git a/binaries/aarch64/nfqws b/binaries/aarch64/nfqws index bfb04f4..73e0590 100755 Binary files a/binaries/aarch64/nfqws and b/binaries/aarch64/nfqws differ diff --git a/binaries/arm/nfqws b/binaries/arm/nfqws index 201b23c..62697e8 100755 Binary files a/binaries/arm/nfqws and b/binaries/arm/nfqws differ diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws index c0edc07..9eeae39 100755 Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ diff --git a/binaries/mips32r1-lsb/nfqws b/binaries/mips32r1-lsb/nfqws index c2324b5..af349e1 100755 Binary files a/binaries/mips32r1-lsb/nfqws and b/binaries/mips32r1-lsb/nfqws differ diff --git a/binaries/mips32r1-msb/nfqws b/binaries/mips32r1-msb/nfqws index db01231..b321e90 100755 Binary files a/binaries/mips32r1-msb/nfqws and b/binaries/mips32r1-msb/nfqws differ diff --git a/binaries/mips64r2-msb/nfqws b/binaries/mips64r2-msb/nfqws index 7cefb01..2b50deb 100755 Binary files a/binaries/mips64r2-msb/nfqws and b/binaries/mips64r2-msb/nfqws differ diff --git a/binaries/ppc/nfqws b/binaries/ppc/nfqws index ad43ed4..2615ffe 100755 Binary files a/binaries/ppc/nfqws and b/binaries/ppc/nfqws differ diff --git a/binaries/x86/nfqws b/binaries/x86/nfqws index 3525302..6666d21 100755 Binary files a/binaries/x86/nfqws and b/binaries/x86/nfqws differ diff --git a/binaries/x86_64/nfqws b/binaries/x86_64/nfqws index 15c3f4a..e5dcf6e 100755 Binary files a/binaries/x86_64/nfqws and b/binaries/x86_64/nfqws differ diff --git a/nfq/conntrack.c b/nfq/conntrack.c index 34e6ebd..a03c16b 100644 --- a/nfq/conntrack.c +++ b/nfq/conntrack.c @@ -142,13 +142,13 @@ static void ConntrackFeedPacket(t_ctrack *t, bool bReverse, const struct tcphdr if (tcp_syn_segment(tcphdr)) { if (t->state!=SYN) ConntrackReInitTrack(t); // erase current entry - t->seq0 = htonl(tcphdr->th_seq); + t->seq0 = ntohl(tcphdr->th_seq); } else if (tcp_synack_segment(tcphdr)) { if (t->state!=SYN) ConntrackReInitTrack(t); // erase current entry - if (!t->seq0) t->seq0 = htonl(tcphdr->th_ack)-1; - t->ack0 = htonl(tcphdr->th_seq); + if (!t->seq0) t->seq0 = ntohl(tcphdr->th_ack)-1; + t->ack0 = ntohl(tcphdr->th_seq); } else if (tcphdr->th_flags & (TH_FIN|TH_RST)) { @@ -159,25 +159,25 @@ static void ConntrackFeedPacket(t_ctrack *t, bool bReverse, const struct tcphdr if (t->state==SYN) { t->state=ESTABLISHED; - if (!bReverse && !t->ack0) t->ack0 = htonl(tcphdr->th_ack)-1; + if (!bReverse && !t->ack0) t->ack0 = ntohl(tcphdr->th_ack)-1; } } scale = tcp_find_scale_factor(tcphdr); if (bReverse) { - t->pos_orig = t->seq_last = htonl(tcphdr->th_ack); - t->ack_last = htonl(tcphdr->th_seq); + t->pos_orig = t->seq_last = ntohl(tcphdr->th_ack); + t->ack_last = ntohl(tcphdr->th_seq); t->pos_reply = t->ack_last + len_payload; - t->winsize_reply = htons(tcphdr->th_win); + t->winsize_reply = ntohs(tcphdr->th_win); if (scale!=SCALE_NONE) t->scale_reply = scale; } else { - t->seq_last = htonl(tcphdr->th_seq); + t->seq_last = ntohl(tcphdr->th_seq); t->pos_orig = t->seq_last + len_payload; - t->pos_reply = t->ack_last = htonl(tcphdr->th_ack); - t->winsize_orig = htons(tcphdr->th_win); + t->pos_reply = t->ack_last = ntohl(tcphdr->th_ack); + t->winsize_orig = ntohs(tcphdr->th_win); if (scale!=SCALE_NONE) t->scale_orig = scale; } } @@ -387,7 +387,7 @@ bool ReasmResize(t_reassemble *reasm, size_t new_size) if (reasm->size_present > new_size) reasm->size_present = new_size; return true; } -bool ReasmFeed(t_reassemble *reasm, size_t seq, const void *payload, size_t len) +bool ReasmFeed(t_reassemble *reasm, uint32_t seq, const void *payload, size_t len) { if (reasm->seq!=seq) return false; // fail session if out of sequence diff --git a/nfq/conntrack.h b/nfq/conntrack.h index 86366e2..e7cb035 100644 --- a/nfq/conntrack.h +++ b/nfq/conntrack.h @@ -39,7 +39,7 @@ typedef struct // this structure helps to reassemble continuous packets streams. it does not support out-of-orders typedef struct { uint8_t *packet; // allocated for size during reassemble request. requestor must know the message size. - size_t seq; // current seq number. if a packet comes with an unexpected seq - it fails reassemble session. + uint32_t seq; // current seq number. if a packet comes with an unexpected seq - it fails reassemble session. size_t size; // expected message size. success means that we have received exactly 'size' bytes and have them in 'packet' size_t size_present; // how many bytes already stored in 'packet' } t_reassemble; @@ -109,7 +109,7 @@ bool ReasmInit(t_reassemble *reasm, size_t size_requested, uint32_t seq_start); bool ReasmResize(t_reassemble *reasm, size_t new_size); void ReasmClear(t_reassemble *reasm); // false means reassemble session has failed and we should ReasmClear() it -bool ReasmFeed(t_reassemble *reasm, size_t seq, const void *payload, size_t len); +bool ReasmFeed(t_reassemble *reasm, uint32_t seq, const void *payload, size_t len); // check if it has enough space to buffer 'len' bytes bool ReasmHasSpace(t_reassemble *reasm, size_t len); inline static bool ReasmIsEmpty(t_reassemble *reasm) {return !reasm->size;} diff --git a/nfq/desync.c b/nfq/desync.c index 08c83ec..4b3f09c 100644 --- a/nfq/desync.c +++ b/nfq/desync.c @@ -269,14 +269,15 @@ static bool send_delayed(t_ctrack *ctrack) } -static bool reasm_start(t_ctrack *ctrack, t_reassemble *reasm, size_t sz, size_t szMax, const uint8_t *data_payload, size_t len_payload) +static bool reasm_start(t_ctrack *ctrack, t_reassemble *reasm, uint8_t proto, size_t sz, size_t szMax, const uint8_t *data_payload, size_t len_payload) { ReasmClear(reasm); if (sz<=szMax) { - if (ReasmInit(reasm,sz,ctrack->seq_last)) + uint32_t seq = (proto==IPPROTO_TCP) ? ctrack->seq_last : 0; + if (ReasmInit(reasm,sz,seq)) { - ReasmFeed(reasm,ctrack->seq_last,data_payload,len_payload); + ReasmFeed(reasm,seq,data_payload,len_payload); DLOG("starting reassemble. now we have %zu/%zu\n",reasm->size_present,reasm->size); return true; } @@ -287,15 +288,16 @@ static bool reasm_start(t_ctrack *ctrack, t_reassemble *reasm, size_t sz, size_t DLOG("unexpected large payload for reassemble: size=%zu\n",sz); return false; } -static bool reasm_orig_start(t_ctrack *ctrack, size_t sz, size_t szMax, const uint8_t *data_payload, size_t len_payload) +static bool reasm_orig_start(t_ctrack *ctrack, uint8_t proto, size_t sz, size_t szMax, const uint8_t *data_payload, size_t len_payload) { - return reasm_start(ctrack,&ctrack->reasm_orig,sz,szMax,data_payload,len_payload); + return reasm_start(ctrack,&ctrack->reasm_orig,proto,sz,szMax,data_payload,len_payload); } static bool reasm_feed(t_ctrack *ctrack, t_reassemble *reasm, uint8_t proto, const uint8_t *data_payload, size_t len_payload) { if (ctrack && !ReasmIsEmpty(reasm)) { - if (ReasmFeed(reasm,proto==IPPROTO_TCP ? (size_t)ctrack->seq_last : reasm->size_present, data_payload, len_payload)) + uint32_t seq = (proto==IPPROTO_TCP) ? ctrack->seq_last : (uint32_t)reasm->size_present; + if (ReasmFeed(reasm, seq, data_payload, len_payload)) { DLOG("reassemble : feeding data payload size=%zu. now we have %zu/%zu\n", len_payload,reasm->size_present,reasm->size) return true; @@ -698,7 +700,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, uint32_t fwmark, const ch !(ctrack->req_seq_finalized && seq_within(ctrack->seq_last, ctrack->req_seq_start, ctrack->req_seq_end))) { // do not reconstruct unexpected large payload (they are feeding garbage ?) - if (!reasm_orig_start(ctrack,TLSRecordLen(data_payload),16384,data_payload,len_payload)) + if (!reasm_orig_start(ctrack,IPPROTO_TCP,TLSRecordLen(data_payload),16384,data_payload,len_payload)) { reasm_orig_cancel(ctrack); return verdict; @@ -1189,7 +1191,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, uint32_t fwmark, const ch if (bIsHello && !bReqFull && ReasmIsEmpty(&ctrack->reasm_orig)) { // preallocate max buffer to avoid reallocs that cause memory copy - if (!reasm_orig_start(ctrack,16384,16384,clean,clean_len)) + if (!reasm_orig_start(ctrack,IPPROTO_UDP,16384,16384,clean,clean_len)) { reasm_orig_cancel(ctrack); return verdict; diff --git a/nfq/protocol.c b/nfq/protocol.c index 9e9ce22..714fe45 100644 --- a/nfq/protocol.c +++ b/nfq/protocol.c @@ -131,7 +131,7 @@ size_t TLSHandshakeLen(const uint8_t *data) } bool IsTLSHandshakeClientHello(const uint8_t *data, size_t len) { - return len>=4 && data[0]==0x01; + return len>=4 && data[0]==0x01 && TLSHandshakeLen(data)>0; } bool IsTLSHandshakeFull(const uint8_t *data, size_t len) {