drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

freebsd dvtws respect freebsd14+ PF_DIVERT

Browse Source
This commit is contained in:
bol-van 2024-03-08 11:09:14 +03:00
parent e21335255e
commit eaaa1a326c
4 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/freebsd-x64/dvtws
View File

Binary file not shown.

11
nfq/darkmagic.c
View File

@ -903,7 +903,7 @@ static int *rawsend_family_sock(sa_family_t family)
}
#ifdef BSD
static int rawsend_socket_divert(sa_family_t family)
int rawsend_socket_divert(sa_family_t family)
{
// HACK HACK HACK HACK HACK HACK HACK HACK
// FreeBSD doesnt allow IP_HDRINCL for IPV6
@ -911,7 +911,14 @@ static int rawsend_socket_divert(sa_family_t family)
// we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING
// from my point of view disabling direct ability to send ip frames is not security. its SHIT
int fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
int fd,err;
// freebsd14+ way
fd = socket(PF_DIVERT, SOCK_RAW, 0);
err=errno;
if (fd==-1 && (err==EPROTONOSUPPORT || err==EAFNOSUPPORT || err==EPFNOSUPPORT))
// legacy way
fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF))
{
close(fd);

13
nfq/darkmagic.h
View File

@ -11,6 +11,17 @@
#include <netinet/in.h>
#include <sys/socket.h>
#ifndef IPPROTO_DIVERT
#define IPPROTO_DIVERT 258
#endif
#ifndef AF_DIVERT
#define AF_DIVERT 44 /* divert(4) */
#endif
#ifndef PF_DIVERT
#define PF_DIVERT AF_DIVERT
#endif
// returns netorder value
uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment);
uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment);
@ -128,6 +139,8 @@ bool rawsend_preinit(bool bind_fix4, bool bind_fix6);
// cleans up socket autocreated by rawsend
void rawsend_cleanup(void);
int rawsend_socket_divert(sa_family_t family);
const char *proto_name(uint8_t proto);
uint16_t family_from_proto(uint8_t l3proto);
void print_ip(const struct ip *ip);

8
nfq/nfqws.c
View File

@ -35,10 +35,6 @@
#define NF_ACCEPT 1
#endif
#ifndef IPPROTO_DIVERT
#define IPPROTO_DIVERT 258
#endif
#define CTRACK_T_SYN 60
#define CTRACK_T_FIN 60
#define CTRACK_T_EST 300
@ -357,7 +353,7 @@ static int dvt_main(void)
bp4.sin_addr.s_addr = INADDR_ANY;
printf("creating divert4 socket\n");
fd[0] = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
fd[0] = rawsend_socket_divert(AF_INET);
if (fd[0] == -1) {
perror("socket (DIVERT4)");
goto exiterr;
@ -382,7 +378,7 @@ static int dvt_main(void)
bp6.sin6_port = htons(params.port);
printf("creating divert6 socket\n");
fd[1] = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT);
fd[1] = rawsend_socket_divert(AF_INET6);
if (fd[1] == -1) {
perror("socket (DIVERT6)");
goto exiterr;