mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-30 05:50:53 +03:00
nfqws: allow to decrease udp length
This commit is contained in:
parent
2d2217073a
commit
895af0f629
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -294,15 +294,23 @@ bool prepare_tcp_segment(
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// padlen<0 means payload shrinking
|
||||||
bool prepare_udp_segment4(
|
bool prepare_udp_segment4(
|
||||||
const struct sockaddr_in *src, const struct sockaddr_in *dst,
|
const struct sockaddr_in *src, const struct sockaddr_in *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen)
|
uint8_t *buf, size_t *buflen)
|
||||||
{
|
{
|
||||||
uint16_t datalen = len + padlen;
|
if ((len+padlen)<=0) padlen=-(int)len+1; // do not allow payload to be less that 1 byte
|
||||||
|
if ((len+padlen)>0xFFFF) padlen=0xFFFF-len; // do not allow payload size to exceed u16 range
|
||||||
|
if (padlen<0)
|
||||||
|
{
|
||||||
|
len+=padlen;
|
||||||
|
padlen=0;
|
||||||
|
}
|
||||||
|
uint16_t datalen = (uint16_t)(len + padlen);
|
||||||
uint16_t ip_payload_len = sizeof(struct udphdr) + datalen;
|
uint16_t ip_payload_len = sizeof(struct udphdr) + datalen;
|
||||||
uint16_t pktlen = sizeof(struct ip) + ip_payload_len;
|
uint16_t pktlen = sizeof(struct ip) + ip_payload_len;
|
||||||
if (pktlen>*buflen) return false;
|
if (pktlen>*buflen) return false;
|
||||||
@ -327,11 +335,18 @@ bool prepare_udp_segment6(
|
|||||||
const struct sockaddr_in6 *src, const struct sockaddr_in6 *dst,
|
const struct sockaddr_in6 *src, const struct sockaddr_in6 *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen)
|
uint8_t *buf, size_t *buflen)
|
||||||
{
|
{
|
||||||
uint16_t datalen = len + padlen;
|
if ((len+padlen)<=0) padlen=-(int)len+1; // do not allow payload to be less that 1 byte
|
||||||
|
if ((len+padlen)>0xFFFF) padlen=0xFFFF-len; // do not allow payload size to exceed u16 range
|
||||||
|
if (padlen<0)
|
||||||
|
{
|
||||||
|
len+=padlen;
|
||||||
|
padlen=0;
|
||||||
|
}
|
||||||
|
uint16_t datalen = (uint16_t)(len + padlen);
|
||||||
uint16_t transport_payload_len = sizeof(struct udphdr) + datalen;
|
uint16_t transport_payload_len = sizeof(struct udphdr) + datalen;
|
||||||
uint16_t ip_payload_len = transport_payload_len +
|
uint16_t ip_payload_len = transport_payload_len +
|
||||||
8*!!((fooling & (FOOL_HOPBYHOP|FOOL_HOPBYHOP2))==FOOL_HOPBYHOP) +
|
8*!!((fooling & (FOOL_HOPBYHOP|FOOL_HOPBYHOP2))==FOOL_HOPBYHOP) +
|
||||||
@ -404,7 +419,7 @@ bool prepare_udp_segment(
|
|||||||
const struct sockaddr *src, const struct sockaddr *dst,
|
const struct sockaddr *src, const struct sockaddr *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen)
|
uint8_t *buf, size_t *buflen)
|
||||||
{
|
{
|
||||||
|
@ -73,21 +73,21 @@ bool prepare_udp_segment4(
|
|||||||
const struct sockaddr_in *src, const struct sockaddr_in *dst,
|
const struct sockaddr_in *src, const struct sockaddr_in *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen);
|
uint8_t *buf, size_t *buflen);
|
||||||
bool prepare_udp_segment6(
|
bool prepare_udp_segment6(
|
||||||
const struct sockaddr_in6 *src, const struct sockaddr_in6 *dst,
|
const struct sockaddr_in6 *src, const struct sockaddr_in6 *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen);
|
uint8_t *buf, size_t *buflen);
|
||||||
bool prepare_udp_segment(
|
bool prepare_udp_segment(
|
||||||
const struct sockaddr *src, const struct sockaddr *dst,
|
const struct sockaddr *src, const struct sockaddr *dst,
|
||||||
uint8_t ttl,
|
uint8_t ttl,
|
||||||
uint8_t fooling,
|
uint8_t fooling,
|
||||||
uint16_t padlen,
|
int padlen,
|
||||||
const void *data, uint16_t len,
|
const void *data, uint16_t len,
|
||||||
uint8_t *buf, size_t *buflen);
|
uint8_t *buf, size_t *buflen);
|
||||||
|
|
||||||
|
@ -831,8 +831,11 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
|
|||||||
case DESYNC_UDPLEN:
|
case DESYNC_UDPLEN:
|
||||||
pkt1_len = sizeof(pkt1);
|
pkt1_len = sizeof(pkt1);
|
||||||
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, params.udplen_increment, data_payload, len_payload, pkt1, &pkt1_len))
|
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, params.udplen_increment, data_payload, len_payload, pkt1, &pkt1_len))
|
||||||
|
{
|
||||||
|
DLOG("could not construct packet with modified length. too large ?\n");
|
||||||
return res;
|
return res;
|
||||||
DLOG("resending original packet with increased by %u length\n", params.udplen_increment);
|
}
|
||||||
|
DLOG("resending original packet with increased by %d length\n", params.udplen_increment);
|
||||||
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
|
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
|
||||||
return res;
|
return res;
|
||||||
return drop;
|
return drop;
|
||||||
|
@ -545,7 +545,7 @@ static void exithelp()
|
|||||||
" --dpi-desync-fake-unknown=<filename>\t; file containing unknown protocol fake payload\n"
|
" --dpi-desync-fake-unknown=<filename>\t; file containing unknown protocol fake payload\n"
|
||||||
" --dpi-desync-fake-quic=<filename>\t; file containing fake QUIC Initial\n"
|
" --dpi-desync-fake-quic=<filename>\t; file containing fake QUIC Initial\n"
|
||||||
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
|
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
|
||||||
" --dpi-desync-udplen-increment=<int>\t; increase udp packet length by N bytes (default %u)\n"
|
" --dpi-desync-udplen-increment=<int>\t; increase or decrease udp packet length by N bytes (default %u). negative values decrease length.\n"
|
||||||
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
|
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
|
||||||
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
" --hostlist-exclude=<filename>\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n",
|
" --hostlist-exclude=<filename>\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n",
|
||||||
@ -1004,7 +1004,11 @@ int main(int argc, char **argv)
|
|||||||
load_file_or_exit(optarg,params.fake_unknown_udp,¶ms.fake_unknown_udp_size);
|
load_file_or_exit(optarg,params.fake_unknown_udp,¶ms.fake_unknown_udp_size);
|
||||||
break;
|
break;
|
||||||
case 33: /* dpi-desync-udplen-increment */
|
case 33: /* dpi-desync-udplen-increment */
|
||||||
params.udplen_increment = (uint16_t)atoi(optarg);
|
if (sscanf(optarg,"%d",¶ms.udplen_increment)<1 || params.udplen_increment>0x7FFF || params.udplen_increment<-0x8000)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "dpi-desync-udplen-increment must be integer within -32768..32767 range\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 34: /* desync-cutoff */
|
case 34: /* desync-cutoff */
|
||||||
if (!parse_cutoff(optarg, ¶ms.desync_cutoff, ¶ms.desync_cutoff_mode))
|
if (!parse_cutoff(optarg, ¶ms.desync_cutoff, ¶ms.desync_cutoff_mode))
|
||||||
|
@ -52,7 +52,7 @@ struct params_s
|
|||||||
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
||||||
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
|
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
|
||||||
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
|
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
|
||||||
uint16_t udplen_increment;
|
int udplen_increment;
|
||||||
bool droproot;
|
bool droproot;
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
@ -99,7 +99,7 @@ static void strlist_entry_destroy(struct str_list *entry)
|
|||||||
void strlist_destroy(struct str_list_head *head)
|
void strlist_destroy(struct str_list_head *head)
|
||||||
{
|
{
|
||||||
struct str_list *entry;
|
struct str_list *entry;
|
||||||
while (entry = LIST_FIRST(head))
|
while ((entry = LIST_FIRST(head)))
|
||||||
{
|
{
|
||||||
LIST_REMOVE(entry, next);
|
LIST_REMOVE(entry, next);
|
||||||
strlist_entry_destroy(entry);
|
strlist_entry_destroy(entry);
|
||||||
|
@ -99,7 +99,7 @@ static void strlist_entry_destroy(struct str_list *entry)
|
|||||||
void strlist_destroy(struct str_list_head *head)
|
void strlist_destroy(struct str_list_head *head)
|
||||||
{
|
{
|
||||||
struct str_list *entry;
|
struct str_list *entry;
|
||||||
while (entry = LIST_FIRST(head))
|
while ((entry = LIST_FIRST(head)))
|
||||||
{
|
{
|
||||||
LIST_REMOVE(entry, next);
|
LIST_REMOVE(entry, next);
|
||||||
strlist_entry_destroy(entry);
|
strlist_entry_destroy(entry);
|
||||||
|
Loading…
Reference in New Issue
Block a user