drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: DHT and tamper

Browse Source
This commit is contained in:
bol-van
2023-09-07 19:03:37 +03:00
parent 91ac09a8bd
commit c91542d516
18 changed files with 97 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
nfq/desync.c
View File

@@ -75,7 +75,7 @@ bool desync_only_first_stage(enum dpi_desync_mode mode)
}
bool desync_valid_second_stage(enum dpi_desync_mode mode)
{
return mode==DESYNC_NONE || mode==DESYNC_DISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_SPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_IPFRAG2 || mode==DESYNC_UDPLEN;
return mode==DESYNC_NONE || mode==DESYNC_DISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_SPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_IPFRAG2 || mode==DESYNC_UDPLEN || mode==DESYNC_TAMPER;
}
bool desync_valid_second_stage_tcp(enum dpi_desync_mode mode)
{
@@ -83,7 +83,7 @@ bool desync_valid_second_stage_tcp(enum dpi_desync_mode mode)
}
bool desync_valid_second_stage_udp(enum dpi_desync_mode mode)
{
return mode==DESYNC_NONE || mode==DESYNC_UDPLEN || mode==DESYNC_IPFRAG2;
return mode==DESYNC_NONE || mode==DESYNC_UDPLEN || mode==DESYNC_TAMPER || mode==DESYNC_IPFRAG2;
}
enum dpi_desync_mode desync_mode_from_string(const char *s)
{
@@ -117,6 +117,8 @@ enum dpi_desync_mode desync_mode_from_string(const char *s)
return DESYNC_IPFRAG1;
else if (!strcmp(s,"udplen"))
return DESYNC_UDPLEN;
else if (!strcmp(s,"tamper"))
return DESYNC_TAMPER;
return DESYNC_INVALID;
}
@@ -734,6 +736,13 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
fake_size = params.fake_wg_size;
bKnownProtocol = true;
}
else if (IsDhtD1(data_payload,len_payload))
{
DLOG("packet contains DHT d1...e\n")
fake = params.fake_dht;
fake_size = params.fake_dht_size;
bKnownProtocol = true;
}
else
{
if (!params.desync_any_proto) return res;
@@ -846,6 +855,37 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
return res;
return drop;
case DESYNC_TAMPER:
if (IsDhtD1(data_payload,len_payload))
{
size_t szbuf,szcopy;
memcpy(pkt2,"d2:zz1:x",8);
pkt2_len=8;
szbuf=sizeof(pkt2)-pkt2_len;
szcopy=len_payload-1;
if (szcopy>szbuf)
{
DLOG("packet is too long to tamper");
return res;
}
memcpy(pkt2+pkt2_len,data_payload+1,szcopy);
pkt2_len+=szcopy;
pkt1_len = sizeof(pkt1);
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, NULL, 0 , 0, pkt2, pkt2_len, pkt1, &pkt1_len))
{
DLOG("could not construct packet with modified length. too large ?\n");
return res;
}
DLOG("resending tampered DHT\n");
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
return res;
return drop;
}
else
{
DLOG("payload is not tamperable\n");
return res;
}
case DESYNC_IPFRAG2:
{

3
nfq/desync.h
View File

@@ -34,7 +34,8 @@ enum dpi_desync_mode {
DESYNC_HOPBYHOP,
DESYNC_DESTOPT,
DESYNC_IPFRAG1,
DESYNC_UDPLEN
DESYNC_UDPLEN,
DESYNC_TAMPER
};
extern const char *fake_http_request_default;

41
nfq/nfqws.c
View File

@@ -522,7 +522,7 @@ static void exithelp()
" --hostspell\t\t\t\t\t; exact spelling of \"Host\" header. must be 4 chars. default is \"host\"\n"
" --hostnospace\t\t\t\t\t; remove space after Host: and add it to User-Agent: to preserve packet size\n"
" --domcase\t\t\t\t\t; mix domain case : Host: TeSt.cOm\n"
" --dpi-desync=[<mode0>,]<mode>[,<mode2>]\t; try to desync dpi state. modes : synack fake fakeknown rst rstack hopbyhop destopt ipfrag1 disorder disorder2 split split2 ipfrag2 udplen\n"
" --dpi-desync=[<mode0>,]<mode>[,<mode2>]\t; try to desync dpi state. modes : synack fake fakeknown rst rstack hopbyhop destopt ipfrag1 disorder disorder2 split split2 ipfrag2 udplen tamper\n"
#ifdef __linux__
" --dpi-desync-fwmark=<int|0xHEX>\t\t; override fwmark for desync packet. default = 0x%08X (%u)\n"
#elif defined(SO_USER_COOKIE)
@@ -547,6 +547,7 @@ static void exithelp()
" --dpi-desync-fake-unknown=<filename>|0xHEX\t; file containing unknown protocol fake payload\n"
" --dpi-desync-fake-quic=<filename>|0xHEX\t; file containing fake QUIC Initial\n"
" --dpi-desync-fake-wireguard=<filename>|0xHEX\t; file containing fake wireguard handshake initiation\n"
" --dpi-desync-fake-dht=<filename>|0xHEX\t\t; file containing DHT protocol fake payload (d1...e)\n"
" --dpi-desync-fake-unknown-udp=<filename>|0xHEX\t; file containing unknown udp protocol fake payload\n"
" --dpi-desync-udplen-increment=<int>\t\t; increase or decrease udp packet length by N bytes (default %u). negative values decrease length.\n"
" --dpi-desync-udplen-pattern=<filename>|0xHEX\t; udp tail fill pattern\n"
@@ -660,6 +661,7 @@ int main(int argc, char **argv)
params.fake_quic_size = 620; // must be 601+ for TSPU hack
params.fake_quic[0] = 0x40; // russian TSPU QUIC short header fake
params.fake_wg_size = 64;
params.fake_dht_size = 64;
params.fake_unknown_size = 256;
params.fake_unknown_udp_size = 64;
params.wscale=-1; // default - dont change scale factor (client)
@@ -728,15 +730,16 @@ int main(int argc, char **argv)
{"dpi-desync-fake-unknown",required_argument,0,0},// optidx=30
{"dpi-desync-fake-quic",required_argument,0,0},// optidx=31
{"dpi-desync-fake-wireguard",required_argument,0,0},// optidx=32
{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=33
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=34
{"dpi-desync-udplen-pattern",required_argument,0,0},// optidx=35
{"dpi-desync-cutoff",required_argument,0,0},// optidx=36
{"hostlist",required_argument,0,0}, // optidx=37
{"hostlist-exclude",required_argument,0,0}, // optidx=38
{"dpi-desync-fake-dht",required_argument,0,0},// optidx=33
{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=34
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=35
{"dpi-desync-udplen-pattern",required_argument,0,0},// optidx=36
{"dpi-desync-cutoff",required_argument,0,0},// optidx=37
{"hostlist",required_argument,0,0}, // optidx=38
{"hostlist-exclude",required_argument,0,0}, // optidx=39
#ifdef __linux__
{"bind-fix4",no_argument,0,0}, // optidx=39
{"bind-fix6",no_argument,0,0}, // optidx=40
{"bind-fix4",no_argument,0,0}, // optidx=40
{"bind-fix6",no_argument,0,0}, // optidx=41
#endif
{NULL,0,NULL,0}
};
@@ -1022,18 +1025,22 @@ int main(int argc, char **argv)
params.fake_wg_size = sizeof(params.fake_wg);
load_file_or_exit(optarg,params.fake_wg,&params.fake_wg_size);
break;
case 33: /* dpi-desync-fake-unknown-udp */
case 33: /* dpi-desync-fake-dht */
params.fake_dht_size = sizeof(params.fake_dht);
load_file_or_exit(optarg,params.fake_dht,&params.fake_dht_size);
break;
case 34: /* dpi-desync-fake-unknown-udp */
params.fake_unknown_udp_size = sizeof(params.fake_unknown_udp);
load_file_or_exit(optarg,params.fake_unknown_udp,&params.fake_unknown_udp_size);
break;
case 34: /* dpi-desync-udplen-increment */
case 35: /* dpi-desync-udplen-increment */
if (sscanf(optarg,"%d",&params.udplen_increment)<1 || params.udplen_increment>0x7FFF || params.udplen_increment<-0x8000)
{
fprintf(stderr, "dpi-desync-udplen-increment must be integer within -32768..32767 range\n");
exit_clean(1);
}
break;
case 35: /* dpi-desync-udplen-pattern */
case 36: /* dpi-desync-udplen-pattern */
{
char buf[sizeof(params.udplen_pattern)];
size_t sz=sizeof(buf);
@@ -1041,21 +1048,21 @@ int main(int argc, char **argv)
fill_pattern(params.udplen_pattern,sizeof(params.udplen_pattern),buf,sz);
}
break;
case 36: /* desync-cutoff */
case 37: /* desync-cutoff */
if (!parse_cutoff(optarg, &params.desync_cutoff, &params.desync_cutoff_mode))
{
fprintf(stderr, "invalid desync-cutoff value\n");
exit_clean(1);
}
break;
case 37: /* hostlist */
case 38: /* hostlist */
if (!strlist_add(&params.hostlist_files, optarg))
{
fprintf(stderr, "strlist_add failed\n");
exit_clean(1);
}
break;
case 38: /* hostlist-exclude */
case 39: /* hostlist-exclude */
if (!strlist_add(&params.hostlist_exclude_files, optarg))
{
fprintf(stderr, "strlist_add failed\n");
@@ -1063,10 +1070,10 @@ int main(int argc, char **argv)
}
break;
#ifdef __linux__
case 39: /* bind-fix4 */
case 40: /* bind-fix4 */
params.bind_fix4 = true;
break;
case 40: /* bind-fix6 */
case 41: /* bind-fix6 */
params.bind_fix6 = true;
break;
#endif

4
nfq/params.h
View File

@@ -50,8 +50,8 @@ struct params_s
uint8_t desync_fooling_mode;
uint32_t desync_fwmark; // unused in BSD
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
uint8_t fake_http[1432],fake_tls[1432],fake_quic[1472],fake_wg[1472],fake_unknown[1432],fake_unknown_udp[1472], udplen_pattern[1472];
size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_unknown_size,fake_unknown_udp_size;
uint8_t fake_http[1432],fake_tls[1432],fake_quic[1472],fake_wg[1472],fake_dht[1472],fake_unknown[1432],fake_unknown_udp[1472], udplen_pattern[1472];
size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_dht_size,fake_unknown_size,fake_unknown_udp_size;
int udplen_increment;
bool droproot;
uid_t uid;

5
nfq/protocol.c
View File

@@ -192,7 +192,10 @@ bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len)
{
return len==148 && data[0]==1 && data[1]==0 && data[2]==0 && data[3]==0;
}
bool IsDhtD1(const uint8_t *data, size_t len)
{
return len>=3 && data[0]=='d' && data[1]=='1' && data[len-1]=='e';
}
/* Returns the QUIC draft version or 0 if not applicable. */
uint8_t QUICDraftVersion(uint32_t version)

1
nfq/protocol.h
View File

@@ -16,6 +16,7 @@ bool TLSHelloExtractHost(const uint8_t *data, size_t len, char *host, size_t len
bool TLSHelloExtractHostFromHandshake(const uint8_t *data, size_t len, char *host, size_t len_host);
bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len);
bool IsDhtD1(const uint8_t *data, size_t len);
#define QUIC_MAX_CID_LENGTH 20
typedef struct quic_cid {