From d2c9ff50cd1acd2c8b7895fc315bbb83700ac291 Mon Sep 17 00:00:00 2001 From: bol-van Date: Tue, 29 Apr 2025 13:35:31 +0300 Subject: [PATCH] nfqws: copy DF ip flag --- nfq/darkmagic.c | 21 +++++++++++++------ nfq/darkmagic.h | 6 ++++++ nfq/desync.c | 54 ++++++++++++++++++++++++++++--------------------- 3 files changed, 52 insertions(+), 29 deletions(-) diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c index dd8fdfb..23e4868 100644 --- a/nfq/darkmagic.c +++ b/nfq/darkmagic.c @@ -38,6 +38,11 @@ uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment) return htons(ntohs(netorder_value)+cpuorder_increment); } +bool ip_has_df(const struct ip *ip) +{ + return ip && !!(ntohs(ip->ip_off) & IP_DF); +} + uint8_t *tcp_find_option(struct tcphdr *tcp, uint8_t kind) { uint8_t *t = (uint8_t*)(tcp+1); @@ -189,11 +194,11 @@ static void fill_udphdr(struct udphdr *udp, uint16_t nsport, uint16_t ndport, ui udp->uh_sum = 0; } -static void fill_iphdr(struct ip *ip, const struct in_addr *src, const struct in_addr *dst, uint16_t pktlen, uint8_t proto, uint8_t ttl, uint8_t tos, uint16_t ip_id) +static void fill_iphdr(struct ip *ip, const struct in_addr *src, const struct in_addr *dst, uint16_t pktlen, uint8_t proto, bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id) { ip->ip_tos = tos; ip->ip_sum = 0; - ip->ip_off = 0; + ip->ip_off = DF ? htons(IP_DF) : 0; ip->ip_v = 4; ip->ip_hl = 5; ip->ip_len = htons(pktlen); @@ -222,6 +227,7 @@ bool prepare_tcp_segment4( uint16_t nwsize, uint8_t scale_factor, uint32_t *timestamps, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -240,7 +246,7 @@ bool prepare_tcp_segment4( struct tcphdr *tcp = (struct tcphdr*)(ip+1); uint8_t *payload = (uint8_t*)(tcp+1)+tcpoptlen; - fill_iphdr(ip, &src->sin_addr, &dst->sin_addr, pktlen, IPPROTO_TCP, ttl, tos, ip_id); + fill_iphdr(ip, &src->sin_addr, &dst->sin_addr, pktlen, IPPROTO_TCP, DF, ttl, tos, ip_id); fill_tcphdr(tcp,fooling,tcp_flags,sack,nmss,nseq,nack_seq,src->sin_port,dst->sin_port,nwsize,scale_factor,timestamps,badseq_increment,badseq_ack_increment,len); memcpy(payload,data,len); @@ -346,6 +352,7 @@ bool prepare_tcp_segment( uint16_t nwsize, uint8_t scale_factor, uint32_t *timestamps, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -357,7 +364,7 @@ bool prepare_tcp_segment( uint8_t *buf, size_t *buflen) { return (src->sa_family==AF_INET && dst->sa_family==AF_INET) ? - prepare_tcp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,tcp_flags,sack,nmss,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,tos,ip_id,fooling,badseq_increment,badseq_ack_increment,data,len,buf,buflen) : + prepare_tcp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,tcp_flags,sack,nmss,nseq,nack_seq,nwsize,scale_factor,timestamps,DF,ttl,tos,ip_id,fooling,badseq_increment,badseq_ack_increment,data,len,buf,buflen) : (src->sa_family==AF_INET6 && dst->sa_family==AF_INET6) ? prepare_tcp_segment6((struct sockaddr_in6 *)src,(struct sockaddr_in6 *)dst,tcp_flags,sack,nmss,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,flow_label,fooling,badseq_increment,badseq_ack_increment,data,len,buf,buflen) : false; @@ -367,6 +374,7 @@ bool prepare_tcp_segment( // padlen<0 means payload shrinking bool prepare_udp_segment4( const struct sockaddr_in *src, const struct sockaddr_in *dst, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -393,7 +401,7 @@ bool prepare_udp_segment4( uint8_t *payload = (uint8_t*)(udp+1); - fill_iphdr(ip, &src->sin_addr, &dst->sin_addr, pktlen, IPPROTO_UDP, ttl, tos, ip_id); + fill_iphdr(ip, &src->sin_addr, &dst->sin_addr, pktlen, IPPROTO_UDP, DF, ttl, tos, ip_id); fill_udphdr(udp, src->sin_port, dst->sin_port, datalen); memcpy(payload,data,len); @@ -498,6 +506,7 @@ bool prepare_udp_segment6( } bool prepare_udp_segment( const struct sockaddr *src, const struct sockaddr *dst, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -509,7 +518,7 @@ bool prepare_udp_segment( uint8_t *buf, size_t *buflen) { return (src->sa_family==AF_INET && dst->sa_family==AF_INET) ? - prepare_udp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,ttl,tos,ip_id,fooling,padding,padding_size,padlen,data,len,buf,buflen) : + prepare_udp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,DF,ttl,tos,ip_id,fooling,padding,padding_size,padlen,data,len,buf,buflen) : (src->sa_family==AF_INET6 && dst->sa_family==AF_INET6) ? prepare_udp_segment6((struct sockaddr_in6 *)src,(struct sockaddr_in6 *)dst,ttl,flow_label,fooling,padding,padding_size,padlen,data,len,buf,buflen) : false; diff --git a/nfq/darkmagic.h b/nfq/darkmagic.h index 9a11e1a..621ecd7 100644 --- a/nfq/darkmagic.h +++ b/nfq/darkmagic.h @@ -75,6 +75,7 @@ bool prepare_tcp_segment4( uint16_t nwsize, uint8_t scale_factor, uint32_t *timestamps, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -108,6 +109,7 @@ bool prepare_tcp_segment( uint16_t nwsize, uint8_t scale_factor, uint32_t *timestamps, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -121,6 +123,7 @@ bool prepare_tcp_segment( bool prepare_udp_segment4( const struct sockaddr_in *src, const struct sockaddr_in *dst, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -140,6 +143,7 @@ bool prepare_udp_segment6( uint8_t *buf, size_t *buflen); bool prepare_udp_segment( const struct sockaddr *src, const struct sockaddr *dst, + bool DF, uint8_t ttl, uint8_t tos, uint16_t ip_id, @@ -181,6 +185,8 @@ bool tcp_has_sack(struct tcphdr *tcp); bool tcp_has_fastopen(const struct tcphdr *tcp); +bool ip_has_df(const struct ip *ip); + #ifdef __CYGWIN__ extern uint32_t w_win32_error; diff --git a/nfq/desync.c b/nfq/desync.c index c8eef91..56097bf 100644 --- a/nfq/desync.c +++ b/nfq/desync.c @@ -890,7 +890,7 @@ static bool tcp_orig_send(uint8_t verdict, uint32_t fwmark, const char *ifout, c struct sockaddr_storage src, dst; uint8_t ttl_orig,ttl_fake,flags_orig,scale_factor; uint32_t *timestamps; - bool sack; + bool sack,DF; extract_endpoints(dis->ip, dis->ip6, dis->tcp, NULL, &src, &dst); @@ -910,12 +910,13 @@ static bool tcp_orig_send(uint8_t verdict, uint32_t fwmark, const char *ifout, c sack = tcp_has_sack(dis->tcp); nmss = tcp_find_mss(dis->tcp); ip_id = IP4_IP_ID_FIX(dis->ip); + DF = ip_has_df(dis->ip); len = sizeof(pkt); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, sack, nmss, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->dup_fooling_mode,dp->dup_badseq_increment,dp->dup_badseq_ack_increment, dis->data_payload, dis->len_payload, pkt, &len)) { @@ -967,6 +968,7 @@ static bool udp_orig_send(uint8_t verdict, uint32_t fwmark, const char *ifout, c uint16_t ip_id; struct sockaddr_storage src, dst; uint8_t ttl_orig,ttl_fake; + bool DF; extract_endpoints(dis->ip, dis->ip6, NULL, dis->udp, &src, &dst); @@ -977,6 +979,7 @@ static bool udp_orig_send(uint8_t verdict, uint32_t fwmark, const char *ifout, c ttl_orig = dis->ip ? dis->ip->ip_ttl : dis->ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim; ttl_fake = dis->ip6 ? dp->dup_ttl6 : dp->dup_ttl; if (!ttl_fake) ttl_fake = ttl_orig; + DF = ip_has_df(dis->ip); if (dp->dup_fooling_mode) { @@ -984,7 +987,7 @@ static bool udp_orig_send(uint8_t verdict, uint32_t fwmark, const char *ifout, c len = sizeof(pkt); if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, - ttl_fake, IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake, IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->dup_fooling_mode, NULL, 0, 0, dis->data_payload, dis->len_payload, pkt, &len)) { @@ -1045,7 +1048,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint size_t pkt1_len, pkt2_len; uint8_t ttl_orig,ttl_fake,flags_orig,scale_factor; uint32_t *timestamps; - bool bSack; + bool bSack,DF; uint16_t nmss; uint32_t desync_fwmark = fwmark | params.desync_fwmark; @@ -1210,6 +1213,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint timestamps = tcp_find_timestamps(dis->tcp); bSack = tcp_has_sack(dis->tcp); nmss = tcp_find_mss(dis->tcp); + DF = ip_has_df(dis->ip); if (!replay) { @@ -1220,7 +1224,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint case DESYNC_SYNACK: pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, TH_SYN|TH_ACK, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, NULL, 0, pkt1, &pkt1_len)) { @@ -1244,7 +1248,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint } pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, bSack, nmss, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), + DF,ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), 0,0,0, dp->fake_syndata,dp->fake_syndata_size, pkt1,&pkt1_len)) { goto send_orig; @@ -1698,7 +1702,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint } pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, fake_data, fake_item->size, pkt1, &pkt1_len)) { @@ -1722,7 +1726,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint if (reasm_offset) break; pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, TH_RST | (dp->desync_mode==DESYNC_RSTACK ? TH_ACK:0), false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, NULL, 0, pkt1, &pkt1_len)) { @@ -1750,7 +1754,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,0,0,IP6_FLOW(dis->ip6), + DF,ttl_orig,0,0,IP6_FLOW(dis->ip6), fooling_orig,0,0, dis->data_payload, dis->len_payload, pkt1, &pkt1_len)) { @@ -1818,7 +1822,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,from-seqovl), dis->tcp->th_ack, - dis->tcp->th_win, scale_factor, timestamps,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + dis->tcp->th_win, scale_factor, timestamps, + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,0,0, seg, seg_len, pkt1, &pkt1_len)) goto send_orig; @@ -1887,7 +1892,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,from-seqovl), dis->tcp->th_ack, - dis->tcp->th_win, scale_factor, timestamps,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + dis->tcp->th_win, scale_factor, timestamps, + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,0,0, seg, seg_len, pkt1, &pkt1_len)) goto send_orig; @@ -1946,7 +1952,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint fakeseg2_len = sizeof(fakeseg2); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,split_pos), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, pat+split_pos, dis->len_payload-split_pos, fakeseg2, &fakeseg2_len)) goto send_orig; @@ -1958,7 +1964,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq , split_pos - seqovl), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, seg, seg_len, pkt1, &pkt1_len)) goto send_orig; @@ -1978,7 +1984,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint seg_len = sizeof(fakeseg); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, pat, split_pos, fakeseg, &seg_len)) goto send_orig; @@ -1990,7 +1996,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, dis->data_payload, split_pos, pkt1, &pkt1_len)) goto send_orig; @@ -2026,7 +2032,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint fakeseg_len = sizeof(fakeseg); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, pat, split_pos, fakeseg, &fakeseg_len)) goto send_orig; @@ -2062,7 +2068,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,-seqovl), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, seg, seg_len, pkt1, &pkt1_len)) goto send_orig; @@ -2093,7 +2099,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint fakeseg_len = sizeof(fakeseg); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,split_pos), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, pat+split_pos, dis->len_payload-split_pos, fakeseg, &fakeseg_len)) goto send_orig; @@ -2105,7 +2111,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint pkt1_len = sizeof(pkt1); if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, net32_add(dis->tcp->th_seq,split_pos), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, - ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_orig,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), fooling_orig,dp->desync_badseq_increment,dp->desync_badseq_ack_increment, dis->data_payload+split_pos, dis->len_payload-split_pos, pkt1, &pkt1_len)) goto send_orig; @@ -2216,6 +2222,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint uint8_t pkt1[DPI_DESYNC_MAX_FAKE_LEN+100], pkt2[DPI_DESYNC_MAX_FAKE_LEN+100]; size_t pkt1_len, pkt2_len; uint8_t ttl_orig,ttl_fake; + bool DF; t_l7proto l7proto = UNKNOWN; extract_endpoints(dis->ip, dis->ip6, NULL, dis->udp, &src, &dst); @@ -2300,6 +2307,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint uint32_t desync_fwmark = fwmark | params.desync_fwmark; ttl_orig = dis->ip ? dis->ip->ip_ttl : dis->ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim; + DF = ip_has_df(dis->ip); if (dis->len_payload) { @@ -2639,7 +2647,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint n++; pkt1_len = sizeof(pkt1); if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, - ttl_fake, IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), + DF,ttl_fake, IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6), dp->desync_fooling_mode, NULL, 0, 0, fake_item->data, fake_item->size, pkt1, &pkt1_len)) { @@ -2662,7 +2670,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint { pkt1_len = sizeof(pkt1); if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, - ttl_orig,0,0,IP6_FLOW(dis->ip6),fooling_orig,NULL,0,0, + DF,ttl_orig,0,0,IP6_FLOW(dis->ip6),fooling_orig,NULL,0,0, dis->data_payload, dis->len_payload, pkt1, &pkt1_len)) { goto send_orig; @@ -2684,7 +2692,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint { case DESYNC_UDPLEN: pkt1_len = sizeof(pkt1); - if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), fooling_orig, dp->udplen_pattern, sizeof(dp->udplen_pattern), dp->udplen_increment, dis->data_payload, dis->len_payload, pkt1, &pkt1_len)) + if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, DF, ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), fooling_orig, dp->udplen_pattern, sizeof(dp->udplen_pattern), dp->udplen_increment, dis->data_payload, dis->len_payload, pkt1, &pkt1_len)) { DLOG("could not construct packet with modified length. too large ?\n"); break; @@ -2709,7 +2717,7 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint memcpy(pkt2+pkt2_len,dis->data_payload+1,szcopy); pkt2_len+=szcopy; pkt1_len = sizeof(pkt1); - if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), fooling_orig, NULL, 0 , 0, pkt2, pkt2_len, pkt1, &pkt1_len)) + if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, DF, ttl_orig,IP4_TOS(dis->ip),IP4_IP_ID_FIX(dis->ip),IP6_FLOW(dis->ip6), fooling_orig, NULL, 0 , 0, pkt2, pkt2_len, pkt1, &pkt1_len)) { DLOG("could not construct packet with modified length. too large ?\n"); break;