drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: do not perform syndata desync if TCP fast open

Browse Source
This commit is contained in:
bol-van 2024-03-19 21:58:53 +03:00
parent 205d17df01
commit f8e6302844
12 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/aarch64/nfqws
View File

Binary file not shown.

BIN
binaries/arm/nfqws
View File

Binary file not shown.

BIN
binaries/freebsd-x64/dvtws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/nfqws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/nfqws
View File

Binary file not shown.

BIN
binaries/mips64r2-msb/nfqws
View File

Binary file not shown.

BIN
binaries/ppc/nfqws
View File

Binary file not shown.

BIN
binaries/x86/nfqws
View File

Binary file not shown.

BIN
binaries/x86_64/nfqws
View File

Binary file not shown.

10
nfq/darkmagic.c
View File

@ -56,6 +56,16 @@ uint8_t tcp_find_scale_factor(const struct tcphdr *tcp)
if (scale && scale[1]==3) return scale[2]; if (scale && scale[1]==3) return scale[2];
return SCALE_NONE; return SCALE_NONE;
} }
bool tcp_has_fastopen(const struct tcphdr *tcp)
{
uint8_t *opt;
// new style RFC7413
opt = tcp_find_option((struct tcphdr*)tcp, 34);
if (opt) return true;
// old style RFC6994
opt = tcp_find_option((struct tcphdr*)tcp, 254);
return opt && opt[1]>=4 && opt[2]==0xF9 && opt[3]==0x89;
}
// n prefix (nsport, nwsize) means network byte order // n prefix (nsport, nwsize) means network byte order
static void fill_tcphdr( static void fill_tcphdr(

1
nfq/darkmagic.h
View File

@ -132,6 +132,7 @@ void extract_endpoints(const struct ip *ip,const struct ip6_hdr *ip6hdr,const st
uint8_t *tcp_find_option(struct tcphdr *tcp, uint8_t kind); uint8_t *tcp_find_option(struct tcphdr *tcp, uint8_t kind);
uint32_t *tcp_find_timestamps(struct tcphdr *tcp); uint32_t *tcp_find_timestamps(struct tcphdr *tcp);
uint8_t tcp_find_scale_factor(const struct tcphdr *tcp); uint8_t tcp_find_scale_factor(const struct tcphdr *tcp);
bool tcp_has_fastopen(const struct tcphdr *tcp);
// auto creates internal socket and uses it for subsequent calls // auto creates internal socket and uses it for subsequent calls
bool rawsend(const struct sockaddr* dst,uint32_t fwmark,const char *ifout,const void *data,size_t len); bool rawsend(const struct sockaddr* dst,uint32_t fwmark,const char *ifout,const void *data,size_t len);

11
nfq/desync.c
View File

@ -456,6 +456,17 @@ packet_process_result dpi_desync_tcp_packet(uint32_t fwmark, const char *ifout,
return res; return res;
break; break;
case DESYNC_SYNDATA: case DESYNC_SYNDATA:
// make sure we are not breaking TCP fast open
if (tcp_has_fastopen(tcphdr))
{
DLOG("received SYN with TCP fast open option. syndata desync is not applied.\n");
break;
}
if (len_payload)
{
DLOG("received SYN with data payload. syndata desync is not applied.\n");
break;
}
pkt1_len = sizeof(pkt1); pkt1_len = sizeof(pkt1);
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps, if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
ttl_orig,0,0,0, params.fake_syndata,params.fake_syndata_size, pkt1,&pkt1_len)) ttl_orig,0,0,0, params.fake_syndata,params.fake_syndata_size, pkt1,&pkt1_len))