drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-01 11:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: prepare for +- autottl

Browse Source
This commit is contained in:
bol-van 2025-04-29 17:45:34 +03:00
parent 68a538daed
commit d21175b4a3
4 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nfq/darkmagic.c
View File

@ -1837,6 +1837,7 @@ bool rawsend_queue(struct rawpacket_tailhead *q)
uint8_t autottl_guess(uint8_t ttl, const autottl *attl) uint8_t autottl_guess(uint8_t ttl, const autottl *attl)
{ {
uint8_t orig, path, fake; uint8_t orig, path, fake;
int d;
// 18.65.168.125 ( cloudfront ) 255 // 18.65.168.125 ( cloudfront ) 255
// 157.254.246.178 128 // 157.254.246.178 128
@ -1853,11 +1854,13 @@ uint8_t autottl_guess(uint8_t ttl, const autottl *attl)
path = orig - ttl; path = orig - ttl;
fake = path > attl->delta ? path - attl->delta : attl->min; d = (int)path + attl->delta;
if (fake<attl->min) fake=attl->min; if (d<attl->min) fake=attl->min;
else if (fake>attl->max) fake=attl->max; else if (d>attl->max) fake=attl->max;
else fake=(uint8_t)d;
if (fake>=path) return 0; if (attl->delta<0 && fake>=path || attl->delta>=0 && fake<path)
return 0;
return fake; return fake;
} }

5
nfq/darkmagic.h
View File

@ -258,9 +258,10 @@ void tcp_rewrite_winsize(struct tcphdr *tcp, uint16_t winsize, uint8_t scale_fac
typedef struct typedef struct
{ {
uint8_t delta, min, max; int8_t delta;
uint8_t min, max;
} autottl; } autottl;
#define AUTOTTL_DEFAULT_DELTA 1 #define AUTOTTL_DEFAULT_DELTA -1
#define AUTOTTL_DEFAULT_MIN 3 #define AUTOTTL_DEFAULT_MIN 3
#define AUTOTTL_DEFAULT_MAX 20 #define AUTOTTL_DEFAULT_MAX 20
#define AUTOTTL_ENABLED(a) (!!(a).delta) #define AUTOTTL_ENABLED(a) (!!(a).delta)

4
nfq/desync.c
View File

@ -1461,6 +1461,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
if (!replay) if (!replay)
{ {
maybe_cutoff(ctrack, IPPROTO_TCP); maybe_cutoff(ctrack, IPPROTO_TCP);
if (orig_mod(dp,ctrack,dis)) // ttl can change !
verdict = VERDICT_MODIFY;
if (!process_desync_interval(dp, ctrack)) if (!process_desync_interval(dp, ctrack))
{ {
reasm_orig_cancel(ctrack); reasm_orig_cancel(ctrack);
@ -2558,6 +2560,8 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
if (!replay) if (!replay)
{ {
maybe_cutoff(ctrack, IPPROTO_UDP); maybe_cutoff(ctrack, IPPROTO_UDP);
if (orig_mod(dp,ctrack,dis)) // ttl can change !
verdict = VERDICT_MODIFY;
if (!process_desync_interval(dp, ctrack)) goto send_orig; if (!process_desync_interval(dp, ctrack)) goto send_orig;
} }
} }

17
nfq/nfqws.c
View File

@ -692,11 +692,18 @@ static void load_file_or_exit(const char *filename, void *buf, size_t *size)
static bool parse_autottl(const char *s, autottl *t) static bool parse_autottl(const char *s, autottl *t)
{ {
bool neg=true;
unsigned int delta,min,max; unsigned int delta,min,max;
AUTOTTL_SET_DEFAULT(*t); AUTOTTL_SET_DEFAULT(*t);
if (s) if (s)
{ {
max = t->max; max = t->max;
if (*s=='+')
{
neg=false;
s++;
} else if (*s=='-')
s++;
switch (sscanf(s,"%u:%u-%u",&delta,&min,&max)) switch (sscanf(s,"%u:%u-%u",&delta,&min,&max))
{ {
case 3: case 3:
@ -706,8 +713,8 @@ static bool parse_autottl(const char *s, autottl *t)
if ((delta && !min) || min>255 || min>max) return false; if ((delta && !min) || min>255 || min>max) return false;
t->min=(uint8_t)min; t->min=(uint8_t)min;
case 1: case 1:
if (delta>255) return false; if (delta>127) return false;
t->delta=(uint8_t)delta; t->delta=(int8_t)(neg ? -delta : delta);
break; break;
default: default:
return false; return false;
@ -1475,7 +1482,7 @@ static void exithelp(void)
#endif #endif
" --dpi-desync-ttl=<int>\t\t\t\t; set ttl for fakes packets\n" " --dpi-desync-ttl=<int>\t\t\t\t; set ttl for fakes packets\n"
" --dpi-desync-ttl6=<int>\t\t\t; set ipv6 hop limit for fake packet. by default --dpi-desync-ttl value is used.\n" " --dpi-desync-ttl6=<int>\t\t\t; set ipv6 hop limit for fake packet. by default --dpi-desync-ttl value is used.\n"
" --dpi-desync-autottl=[<delta>[:<min>[-<max>]]]\t; auto ttl mode for both ipv4 and ipv6. default: %u:%u-%u\n" " --dpi-desync-autottl=[<delta>[:<min>[-<max>]]]\t; auto ttl mode for both ipv4 and ipv6. default: %d:%u-%u\n"
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n" " --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig badseq badsum datanoack hopbyhop hopbyhop2\n" " --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig badseq badsum datanoack hopbyhop hopbyhop2\n"
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n" " --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
@ -2783,9 +2790,9 @@ int main(int argc, char **argv)
if (dp->orig_mod_ttl6 == 0xFF) dp->orig_mod_ttl6=dp->orig_mod_ttl; if (dp->orig_mod_ttl6 == 0xFF) dp->orig_mod_ttl6=dp->orig_mod_ttl;
if (!AUTOTTL_ENABLED(dp->desync_autottl6)) dp->desync_autottl6 = dp->desync_autottl; if (!AUTOTTL_ENABLED(dp->desync_autottl6)) dp->desync_autottl6 = dp->desync_autottl;
if (AUTOTTL_ENABLED(dp->desync_autottl)) if (AUTOTTL_ENABLED(dp->desync_autottl))
DLOG("profile %d autottl ipv4 %u:%u-%u\n",dp->n,dp->desync_autottl.delta,dp->desync_autottl.min,dp->desync_autottl.max); DLOG("profile %d autottl ipv4 %d:%u-%u\n",dp->n,dp->desync_autottl.delta,dp->desync_autottl.min,dp->desync_autottl.max);
if (AUTOTTL_ENABLED(dp->desync_autottl6)) if (AUTOTTL_ENABLED(dp->desync_autottl6))
DLOG("profile %d autottl ipv6 %u:%u-%u\n",dp->n,dp->desync_autottl6.delta,dp->desync_autottl6.min,dp->desync_autottl6.max); DLOG("profile %d autottl ipv6 %d:%u-%u\n",dp->n,dp->desync_autottl6.delta,dp->desync_autottl6.min,dp->desync_autottl6.max);
split_compat(dp); split_compat(dp);
if (!dp_fake_defaults(dp)) if (!dp_fake_defaults(dp))
{ {