tpws: --mss

tpws/params.h

@@ -24,6 +24,12 @@ struct bind_s
 	int bind_wait_ifup,bind_wait_ip,bind_wait_ip_ll;
 };
 
+typedef struct
+{
+	uint16_t from,to;
+	bool neg;
+} port_filter;
+
 struct params_s
 {
 	struct bind_s binds[MAX_BINDS];
@@ -55,6 +61,9 @@ struct params_s
 	uint8_t oob_byte;
 	int ttl_default;
 
+	int mss;
+	port_filter mss_pf;
+
 	char pidfile[256];
 
 	strpool *hostlist, *hostlist_exclude;

tpws/tpws.c

@@ -189,6 +189,10 @@ static void exithelp(void)
 		" --unixeol\t\t\t\t; replace 0D0A to 0A\n"
 		" --tlsrec=sni\t\t\t\t; make 2 TLS records. split at SNI. don't split if SNI is not present\n"
 		" --tlsrec-pos=<pos>\t\t\t; make 2 TLS records. split at specified pos\n"
+#ifdef __linux__
+		" --mss=<int>\t\t\t\t; set client MSS. forces server to split messages but significantly decreases speed !\n"
+		" --mss-pf=[~]port1[-port2]\t\t; MSS port filter. ~ means negation\n"
+#endif
 		" --tamper-start=[n]<pos>\t\t; start tampering only from specified outbound stream position. default is 0. 'n' means data block number.\n"
 		" --tamper-cutoff=[n]<pos>\t\t; do not tamper anymore after specified outbound stream position. default is unlimited.\n",
 		HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT, HOSTLIST_AUTO_FAIL_TIME_DEFAULT
@@ -324,6 +328,9 @@ void parse_params(int argc, char *argv[])
 		{ "tamper-cutoff",required_argument,0,0 },// optidx=51
 #if defined(BSD) && !defined(__OpenBSD__) && !defined(__APPLE__)
 		{ "enable-pf",no_argument,0,0 },// optidx=52
+#elif defined(__linux__)
+		{ "mss",required_argument,0,0 },// optidx=52
+		{ "mss-pf",required_argument,0,0 },// optidx=53
 #endif
 		{ "hostlist-auto-retrans-threshold",optional_argument,0,0}, // ignored. for nfqws command line compatibility
 		{ NULL,0,NULL,0 }
@@ -723,6 +730,23 @@ void parse_params(int argc, char *argv[])
 		case 52: /* enable-pf */
 			params.pf_enable = true;
 			break;
+#elif defined(__linux__)
+		case 52: /* mss */
+			// this option does not work in any BSD and MacOS. OS may accept but it changes nothing
+			params.mss = atoi(optarg);
+			if (params.mss<88 || params.mss>32767)
+			{
+				fprintf(stderr, "Invalid value for MSS. Linux accepts MSS 88-32767.\n");
+				exit_clean(1);
+			}
+			break;
+		case 53: /* mss-pf */
+			if (!pf_parse(optarg,&params.mss_pf))
+			{
+				fprintf(stderr, "Invalid MSS port filter.\n");
+				exit_clean(1);
+			}
+			break;
 #endif
 		}
 	}

tpws/tpws_conn.c

@@ -20,7 +20,6 @@
 #include "tpws_conn.h"
 #include "redirect.h"
 #include "tamper.h"
-#include "params.h"
 #include "socks.h"
 #include "helpers.h"
 
@@ -336,7 +335,7 @@ static bool proxy_remote_conn_ack(tproxy_conn_t *conn, int sock_err)
 //Returns -1 if something fails, >0 on success (socket fd).
 static int connect_remote(const struct sockaddr *remote_addr)
 {
-	int remote_fd = 0, yes = 1, no = 0;
+	int remote_fd = 0, yes = 1, no = 0, v;
     
 	
  	if((remote_fd = socket(remote_addr->sa_family, SOCK_STREAM, 0)) < 0)
@@ -368,10 +367,28 @@ static int connect_remote(const struct sockaddr *remote_addr)
 	}
 	if (setsockopt(remote_fd, IPPROTO_TCP, TCP_NODELAY, params.skip_nodelay ? &no : &yes, sizeof(int)) <0)
 	{
-		perror("setsockopt (SO_NODELAY, connect_remote)");
+		perror("setsockopt (TCP_NODELAY, connect_remote)");
 		close(remote_fd);
 		return -1;
 	}
+	if (params.mss)
+	{
+		uint16_t port = saport(remote_addr);
+		if (pf_in_range(port,&params.mss_pf))
+		{
+			VPRINT("Setting MSS %d",params.mss)
+			if (setsockopt(remote_fd, IPPROTO_TCP, TCP_MAXSEG, &params.mss, sizeof(int)) <0)
+			{
+				perror("setsockopt (TCP_MAXSEG, connect_remote)");
+				close(remote_fd);
+				return -1;
+			}
+		}
+		else
+		{
+			VPRINT("Not setting MSS. Port %u is out of MSS port range.",port)
+		}
+	}
 	if(connect(remote_fd, remote_addr, remote_addr->sa_family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)) < 0)
 	{
 		if(errno != EINPROGRESS)
@@ -1043,7 +1060,7 @@ static bool handle_epoll(tproxy_conn_t *conn, struct tailhead *conn_list, uint32
 				if (split_pos)
 				{
 					VPRINT("Splitting at pos %zu%s", split_pos, (split_flags & SPLIT_FLAG_DISORDER) ? " with disorder" : "")
-					if (split_flags && SPLIT_FLAG_OOB)
+					if (split_flags & SPLIT_FLAG_OOB)
 					{
 						VPRINT("Sending OOB byte %02X", params.oob_byte)
 						uint8_t oob_save;
@@ -1394,3 +1411,37 @@ ex:
 	if (listen_conn) free(listen_conn);
 	return retval;
 }
+
+
+bool pf_in_range(uint16_t port, const port_filter *pf)
+{
+	return port && ((!pf->from && !pf->to || port>=pf->from && port<=pf->to) ^ pf->neg);
+}
+bool pf_parse(const char *s, port_filter *pf)
+{
+	unsigned int v1,v2;
+
+	if (!s) return false;
+	if (*s=='~') 
+	{
+		pf->neg=true;
+		s++;
+	}
+	else
+		pf->neg=false;
+	if (sscanf(s,"%u-%u",&v1,&v2)==2)
+	{
+		if (!v1 || v1>65535 || v2>65535 || v1>v2) return false;
+		pf->from=(uint16_t)v1;
+		pf->to=(uint16_t)v2;
+	}
+	else if (sscanf(s,"%u",&v1)==1)
+	{
+		if (!v1 || v1>65535) return false;
+		pf->to=pf->from=(uint16_t)v1;
+	}
+	else
+		return false;
+	return true;
+}
+

tpws/tpws_conn.h

@@ -5,6 +5,7 @@
 #include <sys/queue.h>
 #include <time.h>
 #include "tamper.h"
+#include "params.h"
 
 #define BACKLOG 10
 #define MAX_EPOLL_EVENTS 64
@@ -87,7 +88,7 @@ struct tproxy_conn
 	struct send_buffer wr_buf[4];
 
 	t_ctrack track;
-	
+
 	//Create the struct which contains ptrs to next/prev element
 	TAILQ_ENTRY(tproxy_conn) conn_ptrs;
 };
@@ -99,3 +100,6 @@ TAILQ_HEAD(tailhead, tproxy_conn);
 
 
 bool set_socket_buffers(int fd, int rcvbuf, int sndbuf);
+
+bool pf_in_range(uint16_t port, const port_filter *pf);
+bool pf_parse(const char *s, port_filter *pf);