mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-02 22:50:53 +03:00
Compare commits
No commits in common. "0f6d1f40202b84071001806ac05a160b3c8216f4" and "8c94e3230e2d94993e0085a4eda718c5a858c4fd" have entirely different histories.
0f6d1f4020
...
8c94e3230e
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
0
binaries/win64/zapret-winws/autohostlist.txt
Normal file
0
binaries/win64/zapret-winws/autohostlist.txt
Normal file
@ -1,3 +0,0 @@
|
|||||||
googlevideo.com
|
|
||||||
youtubei.googleapis.com
|
|
||||||
i.ytimg.com
|
|
@ -1,2 +1,2 @@
|
|||||||
start "zapret: http,https,quic" /min "%~dp0winws.exe" --wf-tcp=80,443 --wf-udp=443 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig
|
start "zapret: http,https" /min "%~dp0winws.exe" --wf-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig
|
||||||
|
start "zapret: quic" /min "%~dp0winws.exe" --wf-udp=443 --dpi-desync=fake --dpi-desync-repeats=11
|
@ -1 +1,2 @@
|
|||||||
start "zapret: http,https,quic" /min "%~dp0winws.exe" --wf-tcp=80,443 --wf-udp=443 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --hostlist-auto="%~dp0autohostlist.txt" --new --filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --hostlist-auto="%~dp0autohostlist.txt"
|
start "zapret: http,https,autohostlist" /min "%~dp0winws.exe" --wf-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --hostlist-auto="%~dp0autohostlist.txt"
|
||||||
|
start "zapret: quic,autohostlist" /min "%~dp0winws.exe" /min --wf-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --hostlist-auto="%~dp0autohostlist.txt"
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -308,8 +308,3 @@ nfqws,tpws: detect TLS 1.2 ClientHello from very old libraries with SSL 3.0 vers
|
|||||||
nfqws,tpws: debug log to file and syslog
|
nfqws,tpws: debug log to file and syslog
|
||||||
tpws: --connect-bind-addr option
|
tpws: --connect-bind-addr option
|
||||||
tpws: log local endpoint (including source port number) for remote leg
|
tpws: log local endpoint (including source port number) for remote leg
|
||||||
|
|
||||||
v62:
|
|
||||||
|
|
||||||
tpws: connection close logic rewrite. tcp user timeout parameters for local and remote leg.
|
|
||||||
nfqws: multi-strategy
|
|
||||||
|
@ -206,10 +206,6 @@ nfqws takes the following parameters:
|
|||||||
--hostlist-auto-fail-time=<int> ; all failed attemps must be within these seconds (default : 60)
|
--hostlist-auto-fail-time=<int> ; all failed attemps must be within these seconds (default : 60)
|
||||||
--hostlist-auto-retrans-threshold=<int> ; how many request retransmissions cause attempt to fail (default : 3)
|
--hostlist-auto-retrans-threshold=<int> ; how many request retransmissions cause attempt to fail (default : 3)
|
||||||
--hostlist-auto-debug=<logfile> ; debug auto hostlist positives
|
--hostlist-auto-debug=<logfile> ; debug auto hostlist positives
|
||||||
--new ; begin new strategy
|
|
||||||
--filter-l3=ipv4|ipv6 ; L3 protocol filter. multiple comma separated values allowed.
|
|
||||||
--filter-tcp=[~]port1[-port2] ; TCP port filter. ~ means negation. setting tcp and not setting udp filter denies udp.
|
|
||||||
--filter-udp=[~]port1[-port2] ; UDP port filter. ~ means negation. setting udp and not setting tcp filter denies tcp.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The manipulation parameters can be combined in any way.
|
The manipulation parameters can be combined in any way.
|
||||||
@ -569,32 +565,6 @@ nfqws sees packets with internal network source address. If fragmented NAT does
|
|||||||
This results in attempt to send packets to internet with internal IP address.
|
This results in attempt to send packets to internet with internal IP address.
|
||||||
You need to use nftables instead with hook priority 101 or higher.
|
You need to use nftables instead with hook priority 101 or higher.
|
||||||
|
|
||||||
### multiple strategies
|
|
||||||
|
|
||||||
`nfqws` can apply different strategies to different requests. It's done with multiple desync profiles.
|
|
||||||
Profiles are delimited by the `--new` parameter. First profile is created automatically and does not require `--new`.
|
|
||||||
Each profile has a filter. By default it's empty and profile matches any packet.
|
|
||||||
Filter can have hard parameters : ip version and tcp/udp port range.
|
|
||||||
Hard parameters are always identified unambiguously even on zero-phase when hostname is unknown yet.
|
|
||||||
Hostlist can also act as a filter. They can be combined with hard parameters.
|
|
||||||
When a packet comes profiles are matched from the first to the last until first filter condition match.
|
|
||||||
Hard filter is matched first. If it does not match verification goes to the next profile.
|
|
||||||
If a profile matches hard filter and has autohostlist it's selected immediately.
|
|
||||||
If a profile matches hard filter and has normal hostlist(s) and hostname is unknown yet verification goes to the next profile.
|
|
||||||
Otherwise profile hostlist(s) are checked for the hostname. If it matches profile is selected.
|
|
||||||
Otherwise verification goes to the next profile.
|
|
||||||
|
|
||||||
It's possible that before getting hostname connection is served by one profile and after
|
|
||||||
hostname is revealed it's switched to another profile.
|
|
||||||
If you use 0-phase desync methods think carefully what can happen during strategy switch.
|
|
||||||
Use `--debug` logging to understand better what `nfqws` does.
|
|
||||||
|
|
||||||
Profiles are numbered from 1 to N. There's last empty profile in the chain numbered 0.
|
|
||||||
It's used when no filter matched.
|
|
||||||
|
|
||||||
IMPORTANT : multiple strategies exist only for the case when it's not possible to combine all to one strategy.
|
|
||||||
Copy-pasting blockcheck results of different websites to multiple strategies lead to the mess.
|
|
||||||
This way you may never unblock all resources and only confuse yourself.
|
|
||||||
|
|
||||||
## tpws
|
## tpws
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
zapret v.62
|
zapret v.61
|
||||||
|
|
||||||
English
|
English
|
||||||
-------
|
-------
|
||||||
@ -276,10 +276,6 @@ nfqws
|
|||||||
--hostlist-auto-fail-time=<int> ; все эти ситуации должны быть в пределах указанного количества секунд (по умолчанию: 60)
|
--hostlist-auto-fail-time=<int> ; все эти ситуации должны быть в пределах указанного количества секунд (по умолчанию: 60)
|
||||||
--hostlist-auto-retrans-threshold=<int> ; сколько ретрансмиссий запроса считать блокировкой (по умолчанию: 3)
|
--hostlist-auto-retrans-threshold=<int> ; сколько ретрансмиссий запроса считать блокировкой (по умолчанию: 3)
|
||||||
--hostlist-auto-debug=<logfile> ; лог положительных решений по autohostlist. позволяет разобраться почему там появляются хосты.
|
--hostlist-auto-debug=<logfile> ; лог положительных решений по autohostlist. позволяет разобраться почему там появляются хосты.
|
||||||
--new ; начало новой стратегии
|
|
||||||
--filter-l3=ipv4|ipv6 ; фильтр версии ip для текущей стратегии
|
|
||||||
--filter-tcp=[~]port1[-port2] ; фильтр портов tcp для текущей стратегии. ~ означает инверсию. установка фильтра tcp и неустановка фильтра udp запрещает udp.
|
|
||||||
--filter-udp=[~]port1[-port2] ; фильтр портов udp для текущей стратегии. ~ означает инверсию. установка фильтра udp и неустановка фильтра tcp запрещает udp.
|
|
||||||
|
|
||||||
Параметры манипуляции могут сочетаться в любых комбинациях.
|
Параметры манипуляции могут сочетаться в любых комбинациях.
|
||||||
|
|
||||||
@ -658,35 +654,6 @@ options ip6table_raw raw_before_defrag=1
|
|||||||
Видимо единственный рабочий метод - отказаться от iptables и использовать nftables.
|
Видимо единственный рабочий метод - отказаться от iptables и использовать nftables.
|
||||||
Хук должен быть с приоритетом 101 или выше.
|
Хук должен быть с приоритетом 101 или выше.
|
||||||
|
|
||||||
МНОЖЕСТВЕННЫЕ СТРАТЕГИИ
|
|
||||||
nfqws способен по-разному реагировать на различные запросы и применять разные стратегии дурения.
|
|
||||||
Это реализовано посредством поддержки множества профилей дурения.
|
|
||||||
Профили разделяются в командной строке параметром --new. Первый профиль создается автоматически.
|
|
||||||
Для него не нужно --new. Каждый профиль имеет фильтр. По умолчанию он пуст, то есть профиль удовлетворяет
|
|
||||||
любым условиям.
|
|
||||||
Фильтр может содержать жесткие параметры : версия ip протокола или порты tcp/udp.
|
|
||||||
Они всегда однозначно идентифицируются даже на нулевой фазе десинхронизации, когда еще хост неизвестен.
|
|
||||||
В качестве фильтра могут выступать и хост-листы. Они могут сочетаться с жесткими параметрами.
|
|
||||||
При поступлении запроса идет проверка профилей в порядке от первого до последнего до
|
|
||||||
достижения первого совпадения с фильтром.
|
|
||||||
Жесткие параметры фильтра сверяются первыми. При несовпадении идет сразу же переход к следующему профилю.
|
|
||||||
Если какой-то профиль удовлетворяет жесткому фильтру и содержит авто-хостлист, он выбирается сразу.
|
|
||||||
Если профиль удовлетворяет жесткому фильтру, для него задан хостлист, и у нас еще нет имени хоста,
|
|
||||||
идет переход к следующему профилю. В противном случае идет проверка по хостлистам этого профиля.
|
|
||||||
Если имя хоста удовлетворяет листам, выбирается этот профиль. Иначе идет переход к следующему.
|
|
||||||
Может так случиться, что до получения имени хоста соединение идет по одному профилю, а при получении
|
|
||||||
хоста профиль меняется на лету. Поэтому если у вас есть параметры дурения нулевой фазы, тщательно
|
|
||||||
продумывайте что может произойти при переключении стратегии. Смотрите debug log, чтобы лучше
|
|
||||||
понять что делает nfqws.
|
|
||||||
Нумерация профилей идет с 1 до N. Последним в цепочке создается пустой профиль с номером 0.
|
|
||||||
Он используется, когда никакие условия фильтров не совпали.
|
|
||||||
|
|
||||||
ВАЖНО : множественные стратегии создавались только для случаев, когда невозможно обьединить
|
|
||||||
имеющиеся стратегии для разных ресурсов. Копирование стратегий из blockcheck для разных сайтов
|
|
||||||
во множество профилей без понимания как они работают приведет к нагромождению параметров, которые все равно
|
|
||||||
не покроют все возможные заблокированные ресурсы. Вы только увязните в этой каше.
|
|
||||||
|
|
||||||
|
|
||||||
tpws
|
tpws
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -55,10 +55,6 @@ typedef enum {SYN=0, ESTABLISHED, FIN} t_connstate;
|
|||||||
typedef enum {UNKNOWN=0, HTTP, TLS, QUIC, WIREGUARD, DHT} t_l7proto;
|
typedef enum {UNKNOWN=0, HTTP, TLS, QUIC, WIREGUARD, DHT} t_l7proto;
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
struct desync_profile *dp; // desync profile cache
|
|
||||||
bool dp_search_complete;
|
|
||||||
bool bCheckDone, bCheckResult, bCheckExcluded; // hostlist check result cache
|
|
||||||
|
|
||||||
// common state
|
// common state
|
||||||
time_t t_start, t_last;
|
time_t t_start, t_last;
|
||||||
uint64_t pcounter_orig, pcounter_reply; // packet counter
|
uint64_t pcounter_orig, pcounter_reply; // packet counter
|
||||||
|
596
nfq/desync.c
596
nfq/desync.c
File diff suppressed because it is too large
Load Diff
@ -1,13 +1,12 @@
|
|||||||
#define _GNU_SOURCE
|
#define _GNU_SOURCE
|
||||||
|
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <libgen.h>
|
|
||||||
|
|
||||||
#include "params.h"
|
#include "params.h"
|
||||||
|
|
||||||
@ -321,7 +320,7 @@ bool pf_parse(const char *s, port_filter *pf)
|
|||||||
unsigned int v1,v2;
|
unsigned int v1,v2;
|
||||||
|
|
||||||
if (!s) return false;
|
if (!s) return false;
|
||||||
if (*s=='~')
|
if (*s=='~')
|
||||||
{
|
{
|
||||||
pf->neg=true;
|
pf->neg=true;
|
||||||
s++;
|
s++;
|
||||||
@ -330,25 +329,19 @@ bool pf_parse(const char *s, port_filter *pf)
|
|||||||
pf->neg=false;
|
pf->neg=false;
|
||||||
if (sscanf(s,"%u-%u",&v1,&v2)==2)
|
if (sscanf(s,"%u-%u",&v1,&v2)==2)
|
||||||
{
|
{
|
||||||
if (v1>65535 || v2>65535 || v1>v2) return false;
|
if (!v1 || v1>65535 || v2>65535 || v1>v2) return false;
|
||||||
pf->from=(uint16_t)v1;
|
pf->from=(uint16_t)v1;
|
||||||
pf->to=(uint16_t)v2;
|
pf->to=(uint16_t)v2;
|
||||||
}
|
}
|
||||||
else if (sscanf(s,"%u",&v1)==1)
|
else if (sscanf(s,"%u",&v1)==1)
|
||||||
{
|
{
|
||||||
if (v1>65535) return false;
|
if (!v1 || v1>65535) return false;
|
||||||
pf->to=pf->from=(uint16_t)v1;
|
pf->to=pf->from=(uint16_t)v1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return false;
|
return false;
|
||||||
// deny all case
|
|
||||||
if (!pf->from && !pf->to) pf->neg=true;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
bool pf_is_empty(const port_filter *pf)
|
|
||||||
{
|
|
||||||
return !pf->neg && !pf->from && !pf->to;
|
|
||||||
}
|
|
||||||
|
|
||||||
void fill_random_bytes(uint8_t *p,size_t sz)
|
void fill_random_bytes(uint8_t *p,size_t sz)
|
||||||
{
|
{
|
||||||
@ -371,16 +364,3 @@ void fill_random_az09(uint8_t *p,size_t sz)
|
|||||||
p[k] = rnd<10 ? rnd+'0' : 'a'+rnd-10;
|
p[k] = rnd<10 ? rnd+'0' : 'a'+rnd-10;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool cd_to_exe_dir(const char *argv0)
|
|
||||||
{
|
|
||||||
char *s,*d;
|
|
||||||
bool bOK=false;
|
|
||||||
if ((s = strdup(argv0)))
|
|
||||||
{
|
|
||||||
if ((d = dirname(s)))
|
|
||||||
bOK = !chdir(d);
|
|
||||||
free(s);
|
|
||||||
}
|
|
||||||
return bOK;
|
|
||||||
}
|
|
||||||
|
@ -57,10 +57,7 @@ typedef struct
|
|||||||
} port_filter;
|
} port_filter;
|
||||||
bool pf_in_range(uint16_t port, const port_filter *pf);
|
bool pf_in_range(uint16_t port, const port_filter *pf);
|
||||||
bool pf_parse(const char *s, port_filter *pf);
|
bool pf_parse(const char *s, port_filter *pf);
|
||||||
bool pf_is_empty(const port_filter *pf);
|
|
||||||
|
|
||||||
void fill_random_bytes(uint8_t *p,size_t sz);
|
void fill_random_bytes(uint8_t *p,size_t sz);
|
||||||
void fill_random_az(uint8_t *p,size_t sz);
|
void fill_random_az(uint8_t *p,size_t sz);
|
||||||
void fill_random_az09(uint8_t *p,size_t sz);
|
void fill_random_az09(uint8_t *p,size_t sz);
|
||||||
|
|
||||||
bool cd_to_exe_dir(const char *argv0);
|
|
@ -1,6 +1,7 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "hostlist.h"
|
#include "hostlist.h"
|
||||||
#include "gzip.h"
|
#include "gzip.h"
|
||||||
|
#include "params.h"
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
// inplace tolower() and add to pool
|
// inplace tolower() and add to pool
|
||||||
@ -153,53 +154,36 @@ static bool HostlistCheck_(strpool *hostlist, strpool *hostlist_exclude, const c
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool LoadIncludeHostListsForProfile(struct desync_profile *dp)
|
|
||||||
{
|
|
||||||
if (!LoadHostLists(&dp->hostlist, &dp->hostlist_files))
|
|
||||||
return false;
|
|
||||||
if (*dp->hostlist_auto_filename)
|
|
||||||
{
|
|
||||||
dp->hostlist_auto_mod_time = file_mod_time(dp->hostlist_auto_filename);
|
|
||||||
NonEmptyHostlist(&dp->hostlist);
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// return : true = apply fooling, false = do not apply
|
// return : true = apply fooling, false = do not apply
|
||||||
bool HostlistCheck(struct desync_profile *dp, const char *host, bool *excluded)
|
bool HostlistCheck(const char *host, bool *excluded)
|
||||||
{
|
{
|
||||||
DLOG("* Hostlist check for profile %d\n",dp->n);
|
if (*params.hostlist_auto_filename)
|
||||||
if (*dp->hostlist_auto_filename)
|
|
||||||
{
|
{
|
||||||
time_t t = file_mod_time(dp->hostlist_auto_filename);
|
time_t t = file_mod_time(params.hostlist_auto_filename);
|
||||||
if (t!=dp->hostlist_auto_mod_time)
|
if (t!=params.hostlist_auto_mod_time)
|
||||||
{
|
{
|
||||||
DLOG_CONDUP("Autohostlist '%s' from profile %d was modified. Reloading include hostlists for this profile.\n",dp->hostlist_auto_filename, dp->n);
|
DLOG_CONDUP("Autohostlist was modified by another process. Reloading include hostslist.\n");
|
||||||
if (!LoadIncludeHostListsForProfile(dp))
|
if (!LoadIncludeHostLists())
|
||||||
{
|
{
|
||||||
// what will we do without hostlist ?? sure, gonna die
|
// what will we do without hostlist ?? sure, gonna die
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
dp->hostlist_auto_mod_time = t;
|
params.hostlist_auto_mod_time = t;
|
||||||
NonEmptyHostlist(&dp->hostlist);
|
NonEmptyHostlist(¶ms.hostlist);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return HostlistCheck_(dp->hostlist, dp->hostlist_exclude, host, excluded);
|
return HostlistCheck_(params.hostlist, params.hostlist_exclude, host, excluded);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool LoadIncludeHostLists()
|
bool LoadIncludeHostLists()
|
||||||
{
|
{
|
||||||
struct desync_profile_list *dpl;
|
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files))
|
||||||
LIST_FOREACH(dpl, ¶ms.desync_profiles, next)
|
return false;
|
||||||
if (!LoadIncludeHostListsForProfile(&dpl->dp))
|
if (*params.hostlist_auto_filename)
|
||||||
return false;
|
params.hostlist_auto_mod_time = file_mod_time(params.hostlist_auto_filename);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
bool LoadExcludeHostLists()
|
bool LoadExcludeHostLists()
|
||||||
{
|
{
|
||||||
struct desync_profile_list *dpl;
|
return LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files);
|
||||||
LIST_FOREACH(dpl, ¶ms.desync_profiles, next)
|
|
||||||
if (!LoadHostLists(&dpl->dp.hostlist_exclude, &dpl->dp.hostlist_exclude_files))
|
|
||||||
return false;
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
|
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include "pools.h"
|
#include "pools.h"
|
||||||
#include "params.h"
|
|
||||||
|
|
||||||
bool AppendHostList(strpool **hostlist, char *filename);
|
bool AppendHostList(strpool **hostlist, char *filename);
|
||||||
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list);
|
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list);
|
||||||
@ -11,4 +10,4 @@ bool LoadExcludeHostLists();
|
|||||||
bool NonEmptyHostlist(strpool **hostlist);
|
bool NonEmptyHostlist(strpool **hostlist);
|
||||||
bool SearchHostList(strpool *hostlist, const char *host);
|
bool SearchHostList(strpool *hostlist, const char *host);
|
||||||
// return : true = apply fooling, false = do not apply
|
// return : true = apply fooling, false = do not apply
|
||||||
bool HostlistCheck(struct desync_profile *dp,const char *host, bool *excluded);
|
bool HostlistCheck(const char *host, bool *excluded);
|
410
nfq/nfqws.c
410
nfq/nfqws.c
@ -54,7 +54,8 @@ static bool bHup = false;
|
|||||||
static void onhup(int sig)
|
static void onhup(int sig)
|
||||||
{
|
{
|
||||||
printf("HUP received !\n");
|
printf("HUP received !\n");
|
||||||
printf("Will reload hostlist on next request (if any)\n");
|
if (params.hostlist || params.hostlist_exclude)
|
||||||
|
printf("Will reload hostlist on next request\n");
|
||||||
bHup = true;
|
bHup = true;
|
||||||
}
|
}
|
||||||
// should be called in normal execution
|
// should be called in normal execution
|
||||||
@ -80,16 +81,7 @@ static void onusr1(int sig)
|
|||||||
static void onusr2(int sig)
|
static void onusr2(int sig)
|
||||||
{
|
{
|
||||||
printf("\nHOSTFAIL POOL DUMP\n");
|
printf("\nHOSTFAIL POOL DUMP\n");
|
||||||
|
HostFailPoolDump(params.hostlist_auto_fail_counters);
|
||||||
struct desync_profile_list *dpl;
|
|
||||||
int n=0;
|
|
||||||
LIST_FOREACH(dpl, ¶ms.desync_profiles, next)
|
|
||||||
{
|
|
||||||
printf("\nDESYNC PROFILE %d\n",n);
|
|
||||||
HostFailPoolDump(dpl->dp.hostlist_auto_fail_counters);
|
|
||||||
n++;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -571,8 +563,11 @@ static void cleanup_params(void)
|
|||||||
{
|
{
|
||||||
ConntrackPoolDestroy(¶ms.conntrack);
|
ConntrackPoolDestroy(¶ms.conntrack);
|
||||||
|
|
||||||
dp_list_destroy(¶ms.desync_profiles);
|
strlist_destroy(¶ms.hostlist_files);
|
||||||
|
strlist_destroy(¶ms.hostlist_exclude_files);
|
||||||
|
StrPoolDestroy(¶ms.hostlist_exclude);
|
||||||
|
StrPoolDestroy(¶ms.hostlist);
|
||||||
|
HostFailPoolDestroy(¶ms.hostlist_auto_fail_counters);
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
strlist_destroy(¶ms.ssid_filter);
|
strlist_destroy(¶ms.ssid_filter);
|
||||||
strlist_destroy(¶ms.nlm_filter);
|
strlist_destroy(¶ms.nlm_filter);
|
||||||
@ -593,7 +588,7 @@ static bool parse_badseq_increment(const char *opt, uint32_t *value)
|
|||||||
{
|
{
|
||||||
if (((opt[0]=='0' && opt[1]=='x') || (opt[0]=='-' && opt[1]=='0' && opt[2]=='x')) && sscanf(opt+2+(opt[0]=='-'), "%X", (int32_t*)value)>0)
|
if (((opt[0]=='0' && opt[1]=='x') || (opt[0]=='-' && opt[1]=='0' && opt[2]=='x')) && sscanf(opt+2+(opt[0]=='-'), "%X", (int32_t*)value)>0)
|
||||||
{
|
{
|
||||||
if (opt[0]=='-') *value = -*value;
|
if (opt[0]=='-') params.desync_badseq_increment = -params.desync_badseq_increment;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -649,32 +644,6 @@ bool parse_autottl(const char *s, autottl *t)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool wf_make_l3(char *opt, bool *ipv4, bool *ipv6)
|
|
||||||
{
|
|
||||||
char *e,*p,c;
|
|
||||||
|
|
||||||
for (p=opt,*ipv4=*ipv6=false ; p ; )
|
|
||||||
{
|
|
||||||
if ((e = strchr(p,',')))
|
|
||||||
{
|
|
||||||
c=*e;
|
|
||||||
*e=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!strcmp(p,"ipv4"))
|
|
||||||
*ipv4 = true;
|
|
||||||
else if (!strcmp(p,"ipv6"))
|
|
||||||
*ipv6 = true;
|
|
||||||
else return false;
|
|
||||||
|
|
||||||
if (e)
|
|
||||||
{
|
|
||||||
*e++=c;
|
|
||||||
}
|
|
||||||
p = e;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
static bool wf_make_pf(char *opt, const char *l4, const char *portname, char *buf, size_t len)
|
static bool wf_make_pf(char *opt, const char *l4, const char *portname, char *buf, size_t len)
|
||||||
{
|
{
|
||||||
@ -709,6 +678,32 @@ static bool wf_make_pf(char *opt, const char *l4, const char *portname, char *bu
|
|||||||
strncat(buf, ")", len-strlen(buf)-1);
|
strncat(buf, ")", len-strlen(buf)-1);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
static bool wf_make_l3(char *opt, bool *ipv4, bool *ipv6)
|
||||||
|
{
|
||||||
|
char *e,*p,c;
|
||||||
|
|
||||||
|
for (p=opt,*ipv4=*ipv6=false ; p ; )
|
||||||
|
{
|
||||||
|
if ((e = strchr(p,',')))
|
||||||
|
{
|
||||||
|
c=*e;
|
||||||
|
*e=0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!strcmp(p,"ipv4"))
|
||||||
|
*ipv4 = true;
|
||||||
|
else if (!strcmp(p,"ipv6"))
|
||||||
|
*ipv6 = true;
|
||||||
|
else return false;
|
||||||
|
|
||||||
|
if (e)
|
||||||
|
{
|
||||||
|
*e++=c;
|
||||||
|
}
|
||||||
|
p = e;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
#define DIVERT_NO_LOCALNETSv4_DST "(" \
|
#define DIVERT_NO_LOCALNETSv4_DST "(" \
|
||||||
"(ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and " \
|
"(ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and " \
|
||||||
@ -755,7 +750,7 @@ static bool wf_make_filter(
|
|||||||
{
|
{
|
||||||
char pf_dst_buf[512],iface[64];
|
char pf_dst_buf[512],iface[64];
|
||||||
const char *pf_dst;
|
const char *pf_dst;
|
||||||
const char *f_tcpin = *pf_tcp_src ? dp_list_have_autohostlist(¶ms.desync_profiles) ? "(" DIVERT_TCP_INBOUNDS " or (" DIVERT_HTTP_REDIRECT "))" : DIVERT_TCP_INBOUNDS : "";
|
const char *f_tcpin = *pf_tcp_src ? *params.hostlist_auto_filename ? "(" DIVERT_TCP_INBOUNDS " or (" DIVERT_HTTP_REDIRECT "))" : DIVERT_TCP_INBOUNDS : "";
|
||||||
|
|
||||||
snprintf(iface,sizeof(iface)," ifIdx=%u and subIfIdx=%u and",IfIdx,SubIfIdx);
|
snprintf(iface,sizeof(iface)," ifIdx=%u and subIfIdx=%u and",IfIdx,SubIfIdx);
|
||||||
|
|
||||||
@ -828,11 +823,6 @@ static void exithelp(void)
|
|||||||
" --nlm-filter=net1[,net2,net3,...]\t\t; enable winws only if any of specified NLM network is connected. names and GUIDs are accepted.\n"
|
" --nlm-filter=net1[,net2,net3,...]\t\t; enable winws only if any of specified NLM network is connected. names and GUIDs are accepted.\n"
|
||||||
" --nlm-list[=all]\t\t\t\t; list Network List Manager (NLM) networks. connected only or all.\n"
|
" --nlm-list[=all]\t\t\t\t; list Network List Manager (NLM) networks. connected only or all.\n"
|
||||||
#endif
|
#endif
|
||||||
"\nMULTI-STRATEGY:\n"
|
|
||||||
" --new\t\t\t\t\t\t; begin new strategy\n"
|
|
||||||
" --filter-l3=ipv4|ipv6\t\t\t\t; L3 protocol filter. multiple comma separated values allowed.\n"
|
|
||||||
" --filter-tcp=[~]port1[-port2]\t\t\t; TCP port filter. ~ means negation. setting tcp and not setting udp filter denies udp.\n"
|
|
||||||
" --filter-udp=[~]port1[-port2]\t\t\t; UDP port filter. ~ means negation. setting udp and not setting tcp filter denies tcp.\n"
|
|
||||||
"\nHOSTLIST FILTER:\n"
|
"\nHOSTLIST FILTER:\n"
|
||||||
" --hostlist=<filename>\t\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
" --hostlist=<filename>\t\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
" --hostlist-exclude=<filename>\t\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
" --hostlist-exclude=<filename>\t\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
@ -927,8 +917,6 @@ bool parse_tlspos(const char *s, enum tlspos *pos)
|
|||||||
|
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
cd_to_exe_dir(argv[0]);
|
|
||||||
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
if (service_run(argc, argv))
|
if (service_run(argc, argv))
|
||||||
{
|
{
|
||||||
@ -947,33 +935,50 @@ int main(int argc, char **argv)
|
|||||||
unsigned int hash_wf_tcp=0,hash_wf_udp=0,hash_wf_raw=0,hash_ssid_filter=0,hash_nlm_filter=0;
|
unsigned int hash_wf_tcp=0,hash_wf_udp=0,hash_wf_raw=0,hash_ssid_filter=0,hash_nlm_filter=0;
|
||||||
*windivert_filter = *wf_pf_tcp_src = *wf_pf_tcp_dst = *wf_pf_udp_src = *wf_pf_udp_dst = *wf_save_file = 0;
|
*windivert_filter = *wf_pf_tcp_src = *wf_pf_tcp_dst = *wf_pf_udp_src = *wf_pf_udp_dst = *wf_save_file = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
srandom(time(NULL));
|
srandom(time(NULL));
|
||||||
|
|
||||||
memset(¶ms, 0, sizeof(params));
|
memset(¶ms, 0, sizeof(params));
|
||||||
|
memcpy(params.hostspell, "host", 4); // default hostspell
|
||||||
*pidfile = 0;
|
*pidfile = 0;
|
||||||
|
|
||||||
struct desync_profile_list *dpl;
|
|
||||||
struct desync_profile *dp;
|
|
||||||
int desync_profile_count=0;
|
|
||||||
if (!(dpl = dp_list_add(¶ms.desync_profiles)))
|
|
||||||
{
|
|
||||||
DLOG_ERR("desync_profile_add: out of memory\n");
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
dp = &dpl->dp;
|
|
||||||
dp->n = ++desync_profile_count;
|
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
params.qnum = -1;
|
params.qnum = -1;
|
||||||
#elif defined(BSD)
|
|
||||||
params.port = 0;
|
|
||||||
#endif
|
#endif
|
||||||
params.desync_fwmark = DPI_DESYNC_FWMARK_DEFAULT;
|
params.desync_fwmark = DPI_DESYNC_FWMARK_DEFAULT;
|
||||||
|
params.desync_skip_nosni = true;
|
||||||
|
params.desync_split_pos = 2;
|
||||||
|
params.desync_ipfrag_pos_udp = IPFRAG_UDP_DEFAULT;
|
||||||
|
params.desync_ipfrag_pos_tcp = IPFRAG_TCP_DEFAULT;
|
||||||
|
params.desync_repeats = 1;
|
||||||
|
params.fake_tls_size = sizeof(fake_tls_clienthello_default);
|
||||||
|
memcpy(params.fake_tls,fake_tls_clienthello_default,params.fake_tls_size);
|
||||||
|
randomize_default_tls_payload(params.fake_tls);
|
||||||
|
params.fake_http_size = strlen(fake_http_request_default);
|
||||||
|
memcpy(params.fake_http,fake_http_request_default,params.fake_http_size);
|
||||||
|
params.fake_quic_size = 620; // must be 601+ for TSPU hack
|
||||||
|
params.fake_quic[0] = 0x40; // russian TSPU QUIC short header fake
|
||||||
|
params.fake_wg_size = 64;
|
||||||
|
params.fake_dht_size = 64;
|
||||||
|
params.fake_unknown_size = 256;
|
||||||
|
params.fake_syndata_size = 16;
|
||||||
|
params.fake_unknown_udp_size = 64;
|
||||||
|
params.wscale=-1; // default - dont change scale factor (client)
|
||||||
params.ctrack_t_syn = CTRACK_T_SYN;
|
params.ctrack_t_syn = CTRACK_T_SYN;
|
||||||
params.ctrack_t_est = CTRACK_T_EST;
|
params.ctrack_t_est = CTRACK_T_EST;
|
||||||
params.ctrack_t_fin = CTRACK_T_FIN;
|
params.ctrack_t_fin = CTRACK_T_FIN;
|
||||||
params.ctrack_t_udp = CTRACK_T_UDP;
|
params.ctrack_t_udp = CTRACK_T_UDP;
|
||||||
|
params.desync_ttl6 = 0xFF; // unused
|
||||||
|
params.desync_badseq_increment = BADSEQ_INCREMENT_DEFAULT;
|
||||||
|
params.desync_badseq_ack_increment = BADSEQ_ACK_INCREMENT_DEFAULT;
|
||||||
|
params.wssize_cutoff_mode = params.desync_start_mode = params.desync_cutoff_mode = 'n'; // packet number by default
|
||||||
|
params.udplen_increment = UDPLEN_INCREMENT_DEFAULT;
|
||||||
|
params.hostlist_auto_fail_threshold = HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT;
|
||||||
|
params.hostlist_auto_fail_time = HOSTLIST_AUTO_FAIL_TIME_DEFAULT;
|
||||||
|
params.hostlist_auto_retrans_threshold = HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT;
|
||||||
|
|
||||||
|
LIST_INIT(¶ms.hostlist_files);
|
||||||
|
LIST_INIT(¶ms.hostlist_exclude_files);
|
||||||
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
LIST_INIT(¶ms.ssid_filter);
|
LIST_INIT(¶ms.ssid_filter);
|
||||||
@ -1056,23 +1061,20 @@ int main(int argc, char **argv)
|
|||||||
{"hostlist-auto-fail-time",required_argument,0,0}, // optidx=49
|
{"hostlist-auto-fail-time",required_argument,0,0}, // optidx=49
|
||||||
{"hostlist-auto-retrans-threshold",required_argument,0,0}, // optidx=50
|
{"hostlist-auto-retrans-threshold",required_argument,0,0}, // optidx=50
|
||||||
{"hostlist-auto-debug",required_argument,0,0}, // optidx=51
|
{"hostlist-auto-debug",required_argument,0,0}, // optidx=51
|
||||||
{"new",no_argument,0,0}, // optidx=52
|
|
||||||
{"filter-l3",required_argument,0,0}, // optidx=53
|
|
||||||
{"filter-tcp",required_argument,0,0}, // optidx=54
|
|
||||||
{"filter-udp",required_argument,0,0}, // optidx=55
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
{"bind-fix4",no_argument,0,0}, // optidx=56
|
{"bind-fix4",no_argument,0,0}, // optidx=52
|
||||||
{"bind-fix6",no_argument,0,0}, // optidx=57
|
{"bind-fix6",no_argument,0,0}, // optidx=53
|
||||||
#elif defined(__CYGWIN__)
|
#elif defined(__CYGWIN__)
|
||||||
{"wf-iface",required_argument,0,0}, // optidx=56
|
{"wf-iface",required_argument,0,0}, // optidx=52
|
||||||
{"wf-l3",required_argument,0,0}, // optidx=57
|
{"wf-l3",required_argument,0,0}, // optidx=53
|
||||||
{"wf-tcp",required_argument,0,0}, // optidx=58
|
{"wf-tcp",required_argument,0,0}, // optidx=54
|
||||||
{"wf-udp",required_argument,0,0}, // optidx=59
|
{"wf-udp",required_argument,0,0}, // optidx=55
|
||||||
{"wf-raw",required_argument,0,0}, // optidx=60
|
{"wf-raw",required_argument,0,0}, // optidx=56
|
||||||
{"wf-save",required_argument,0,0}, // optidx=61
|
{"wf-save",required_argument,0,0}, // optidx=57
|
||||||
{"ssid-filter",required_argument,0,0}, // optidx=62
|
{"ssid-filter",required_argument,0,0}, // optidx=58
|
||||||
{"nlm-filter",required_argument,0,0}, // optidx=63
|
{"nlm-filter",required_argument,0,0}, // optidx=59
|
||||||
{"nlm-list",optional_argument,0,0}, // optidx=64
|
{"nlm-list",optional_argument,0,0}, // optidx=60
|
||||||
#endif
|
#endif
|
||||||
{NULL,0,NULL,0}
|
{NULL,0,NULL,0}
|
||||||
};
|
};
|
||||||
@ -1174,15 +1176,15 @@ int main(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case 6: /* wsize */
|
case 6: /* wsize */
|
||||||
if (!parse_ws_scale_factor(optarg,&dp->wsize,&dp->wscale))
|
if (!parse_ws_scale_factor(optarg,¶ms.wsize,¶ms.wscale))
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
break;
|
break;
|
||||||
case 7: /* wssize */
|
case 7: /* wssize */
|
||||||
if (!parse_ws_scale_factor(optarg,&dp->wssize,&dp->wsscale))
|
if (!parse_ws_scale_factor(optarg,¶ms.wssize,¶ms.wsscale))
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
break;
|
break;
|
||||||
case 8: /* wssize-cutoff */
|
case 8: /* wssize-cutoff */
|
||||||
if (!parse_cutoff(optarg, &dp->wssize_cutoff, &dp->wssize_cutoff_mode))
|
if (!parse_cutoff(optarg, ¶ms.wssize_cutoff, ¶ms.wssize_cutoff_mode))
|
||||||
{
|
{
|
||||||
DLOG_ERR("invalid wssize-cutoff value\n");
|
DLOG_ERR("invalid wssize-cutoff value\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1196,7 +1198,7 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 10: /* hostcase */
|
case 10: /* hostcase */
|
||||||
dp->hostcase = true;
|
params.hostcase = true;
|
||||||
break;
|
break;
|
||||||
case 11: /* hostspell */
|
case 11: /* hostspell */
|
||||||
if (strlen(optarg) != 4)
|
if (strlen(optarg) != 4)
|
||||||
@ -1204,14 +1206,14 @@ int main(int argc, char **argv)
|
|||||||
DLOG_ERR("hostspell must be exactly 4 chars long\n");
|
DLOG_ERR("hostspell must be exactly 4 chars long\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
dp->hostcase = true;
|
params.hostcase = true;
|
||||||
memcpy(dp->hostspell, optarg, 4);
|
memcpy(params.hostspell, optarg, 4);
|
||||||
break;
|
break;
|
||||||
case 12: /* hostnospace */
|
case 12: /* hostnospace */
|
||||||
dp->hostnospace = true;
|
params.hostnospace = true;
|
||||||
break;
|
break;
|
||||||
case 13: /* domcase */
|
case 13: /* domcase */
|
||||||
dp->domcase = true;
|
params.domcase = true;
|
||||||
break;
|
break;
|
||||||
case 14: /* dpi-desync */
|
case 14: /* dpi-desync */
|
||||||
{
|
{
|
||||||
@ -1221,8 +1223,8 @@ int main(int argc, char **argv)
|
|||||||
mode3 = mode2 ? strchr(mode2,',') : NULL;
|
mode3 = mode2 ? strchr(mode2,',') : NULL;
|
||||||
if (mode3) *mode3++=0;
|
if (mode3) *mode3++=0;
|
||||||
|
|
||||||
dp->desync_mode0 = desync_mode_from_string(mode);
|
params.desync_mode0 = desync_mode_from_string(mode);
|
||||||
if (desync_valid_zero_stage(dp->desync_mode0))
|
if (desync_valid_zero_stage(params.desync_mode0))
|
||||||
{
|
{
|
||||||
mode = mode2;
|
mode = mode2;
|
||||||
mode2 = mode3;
|
mode2 = mode3;
|
||||||
@ -1230,11 +1232,11 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
dp->desync_mode0 = DESYNC_NONE;
|
params.desync_mode0 = DESYNC_NONE;
|
||||||
}
|
}
|
||||||
dp->desync_mode = desync_mode_from_string(mode);
|
params.desync_mode = desync_mode_from_string(mode);
|
||||||
dp->desync_mode2 = desync_mode_from_string(mode2);
|
params.desync_mode2 = desync_mode_from_string(mode2);
|
||||||
if (dp->desync_mode0==DESYNC_INVALID || dp->desync_mode==DESYNC_INVALID || dp->desync_mode2==DESYNC_INVALID)
|
if (params.desync_mode0==DESYNC_INVALID || params.desync_mode==DESYNC_INVALID || params.desync_mode2==DESYNC_INVALID)
|
||||||
{
|
{
|
||||||
DLOG_ERR("invalid dpi-desync mode\n");
|
DLOG_ERR("invalid dpi-desync mode\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1244,13 +1246,13 @@ int main(int argc, char **argv)
|
|||||||
DLOG_ERR("invalid desync combo : %s+%s+%s\n",mode,mode2,mode3);
|
DLOG_ERR("invalid desync combo : %s+%s+%s\n",mode,mode2,mode3);
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
if (dp->desync_mode2 && (desync_only_first_stage(dp->desync_mode) || !(desync_valid_first_stage(dp->desync_mode) && desync_valid_second_stage(dp->desync_mode2))))
|
if (params.desync_mode2 && (desync_only_first_stage(params.desync_mode) || !(desync_valid_first_stage(params.desync_mode) && desync_valid_second_stage(params.desync_mode2))))
|
||||||
{
|
{
|
||||||
DLOG_ERR("invalid desync combo : %s+%s\n", mode,mode2);
|
DLOG_ERR("invalid desync combo : %s+%s\n", mode,mode2);
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
#if defined(__OpenBSD__)
|
#if defined(__OpenBSD__)
|
||||||
if (dp->desync_mode==DESYNC_IPFRAG2 || dp->desync_mode2==DESYNC_IPFRAG2)
|
if (params.desync_mode==DESYNC_IPFRAG2 || params.desync_mode2==DESYNC_IPFRAG2)
|
||||||
{
|
{
|
||||||
DLOG_ERR("OpenBSD has checksum issues with fragmented packets. ipfrag disabled.\n");
|
DLOG_ERR("OpenBSD has checksum issues with fragmented packets. ipfrag disabled.\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1275,20 +1277,20 @@ int main(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case 16: /* dpi-desync-ttl */
|
case 16: /* dpi-desync-ttl */
|
||||||
dp->desync_ttl = (uint8_t)atoi(optarg);
|
params.desync_ttl = (uint8_t)atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 17: /* dpi-desync-ttl6 */
|
case 17: /* dpi-desync-ttl6 */
|
||||||
dp->desync_ttl6 = (uint8_t)atoi(optarg);
|
params.desync_ttl6 = (uint8_t)atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 18: /* dpi-desync-autottl */
|
case 18: /* dpi-desync-autottl */
|
||||||
if (!parse_autottl(optarg, &dp->desync_autottl))
|
if (!parse_autottl(optarg, ¶ms.desync_autottl))
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-autottl value error\n");
|
DLOG_ERR("dpi-desync-autottl value error\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 19: /* dpi-desync-autottl6 */
|
case 19: /* dpi-desync-autottl6 */
|
||||||
if (!parse_autottl(optarg, &dp->desync_autottl6))
|
if (!parse_autottl(optarg, ¶ms.desync_autottl6))
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-autottl6 value error\n");
|
DLOG_ERR("dpi-desync-autottl6 value error\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1302,24 +1304,24 @@ int main(int argc, char **argv)
|
|||||||
e = strchr(p,',');
|
e = strchr(p,',');
|
||||||
if (e) *e++=0;
|
if (e) *e++=0;
|
||||||
if (!strcmp(p,"md5sig"))
|
if (!strcmp(p,"md5sig"))
|
||||||
dp->desync_fooling_mode |= FOOL_MD5SIG;
|
params.desync_fooling_mode |= FOOL_MD5SIG;
|
||||||
else if (!strcmp(p,"ts"))
|
else if (!strcmp(p,"ts"))
|
||||||
dp->desync_fooling_mode |= FOOL_TS;
|
params.desync_fooling_mode |= FOOL_TS;
|
||||||
else if (!strcmp(p,"badsum"))
|
else if (!strcmp(p,"badsum"))
|
||||||
{
|
{
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
DLOG_CONDUP("\nWARNING !!! OpenBSD may forcibly recompute tcp/udp checksums !!! In this case badsum fooling will not work.\nYou should check tcp checksum correctness in tcpdump manually before using badsum.\n\n");
|
DLOG_CONDUP("\nWARNING !!! OpenBSD may forcibly recompute tcp/udp checksums !!! In this case badsum fooling will not work.\nYou should check tcp checksum correctness in tcpdump manually before using badsum.\n\n");
|
||||||
#endif
|
#endif
|
||||||
dp->desync_fooling_mode |= FOOL_BADSUM;
|
params.desync_fooling_mode |= FOOL_BADSUM;
|
||||||
}
|
}
|
||||||
else if (!strcmp(p,"badseq"))
|
else if (!strcmp(p,"badseq"))
|
||||||
dp->desync_fooling_mode |= FOOL_BADSEQ;
|
params.desync_fooling_mode |= FOOL_BADSEQ;
|
||||||
else if (!strcmp(p,"datanoack"))
|
else if (!strcmp(p,"datanoack"))
|
||||||
dp->desync_fooling_mode |= FOOL_DATANOACK;
|
params.desync_fooling_mode |= FOOL_DATANOACK;
|
||||||
else if (!strcmp(p,"hopbyhop"))
|
else if (!strcmp(p,"hopbyhop"))
|
||||||
dp->desync_fooling_mode |= FOOL_HOPBYHOP;
|
params.desync_fooling_mode |= FOOL_HOPBYHOP;
|
||||||
else if (!strcmp(p,"hopbyhop2"))
|
else if (!strcmp(p,"hopbyhop2"))
|
||||||
dp->desync_fooling_mode |= FOOL_HOPBYHOP2;
|
params.desync_fooling_mode |= FOOL_HOPBYHOP2;
|
||||||
else if (strcmp(p,"none"))
|
else if (strcmp(p,"none"))
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-fooling allowed values : none,md5sig,ts,badseq,badsum,datanoack,hopbyhop,hopbyhop2\n");
|
DLOG_ERR("dpi-desync-fooling allowed values : none,md5sig,ts,badseq,badsum,datanoack,hopbyhop,hopbyhop2\n");
|
||||||
@ -1330,38 +1332,38 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 21: /* dpi-desync-repeats */
|
case 21: /* dpi-desync-repeats */
|
||||||
if (sscanf(optarg,"%u",&dp->desync_repeats)<1 || !dp->desync_repeats || dp->desync_repeats>20)
|
if (sscanf(optarg,"%u",¶ms.desync_repeats)<1 || !params.desync_repeats || params.desync_repeats>20)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-repeats must be within 1..20\n");
|
DLOG_ERR("dpi-desync-repeats must be within 1..20\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 22: /* dpi-desync-skip-nosni */
|
case 22: /* dpi-desync-skip-nosni */
|
||||||
dp->desync_skip_nosni = !optarg || atoi(optarg);
|
params.desync_skip_nosni = !optarg || atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 23: /* dpi-desync-split-pos */
|
case 23: /* dpi-desync-split-pos */
|
||||||
if (sscanf(optarg,"%u",&dp->desync_split_pos)<1 || dp->desync_split_pos<1)
|
if (sscanf(optarg,"%u",¶ms.desync_split_pos)<1 || params.desync_split_pos<1)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-split-pos is not valid\n");
|
DLOG_ERR("dpi-desync-split-pos is not valid\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 24: /* dpi-desync-split-http-req */
|
case 24: /* dpi-desync-split-http-req */
|
||||||
if (!parse_httpreqpos(optarg, &dp->desync_split_http_req))
|
if (!parse_httpreqpos(optarg, ¶ms.desync_split_http_req))
|
||||||
{
|
{
|
||||||
DLOG_ERR("Invalid argument for dpi-desync-split-http-req\n");
|
DLOG_ERR("Invalid argument for dpi-desync-split-http-req\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 25: /* dpi-desync-split-tls */
|
case 25: /* dpi-desync-split-tls */
|
||||||
if (!parse_tlspos(optarg, &dp->desync_split_tls))
|
if (!parse_tlspos(optarg, ¶ms.desync_split_tls))
|
||||||
{
|
{
|
||||||
DLOG_ERR("Invalid argument for dpi-desync-split-tls\n");
|
DLOG_ERR("Invalid argument for dpi-desync-split-tls\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 26: /* dpi-desync-split-seqovl */
|
case 26: /* dpi-desync-split-seqovl */
|
||||||
if (sscanf(optarg,"%u",&dp->desync_seqovl)<1)
|
if (sscanf(optarg,"%u",¶ms.desync_seqovl)<1)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-split-seqovl is not valid\n");
|
DLOG_ERR("dpi-desync-split-seqovl is not valid\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1369,87 +1371,87 @@ int main(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
case 27: /* dpi-desync-split-seqovl-pattern */
|
case 27: /* dpi-desync-split-seqovl-pattern */
|
||||||
{
|
{
|
||||||
char buf[sizeof(dp->seqovl_pattern)];
|
char buf[sizeof(params.seqovl_pattern)];
|
||||||
size_t sz=sizeof(buf);
|
size_t sz=sizeof(buf);
|
||||||
load_file_or_exit(optarg,buf,&sz);
|
load_file_or_exit(optarg,buf,&sz);
|
||||||
fill_pattern(dp->seqovl_pattern,sizeof(dp->seqovl_pattern),buf,sz);
|
fill_pattern(params.seqovl_pattern,sizeof(params.seqovl_pattern),buf,sz);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 28: /* dpi-desync-ipfrag-pos-tcp */
|
case 28: /* dpi-desync-ipfrag-pos-tcp */
|
||||||
if (sscanf(optarg,"%u",&dp->desync_ipfrag_pos_tcp)<1 || dp->desync_ipfrag_pos_tcp<1 || dp->desync_ipfrag_pos_tcp>DPI_DESYNC_MAX_FAKE_LEN)
|
if (sscanf(optarg,"%u",¶ms.desync_ipfrag_pos_tcp)<1 || params.desync_ipfrag_pos_tcp<1 || params.desync_ipfrag_pos_tcp>DPI_DESYNC_MAX_FAKE_LEN)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-ipfrag-pos-tcp must be within 1..%u range\n",DPI_DESYNC_MAX_FAKE_LEN);
|
DLOG_ERR("dpi-desync-ipfrag-pos-tcp must be within 1..%u range\n",DPI_DESYNC_MAX_FAKE_LEN);
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
if (dp->desync_ipfrag_pos_tcp & 7)
|
if (params.desync_ipfrag_pos_tcp & 7)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-ipfrag-pos-tcp must be multiple of 8\n");
|
DLOG_ERR("dpi-desync-ipfrag-pos-tcp must be multiple of 8\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 29: /* dpi-desync-ipfrag-pos-udp */
|
case 29: /* dpi-desync-ipfrag-pos-udp */
|
||||||
if (sscanf(optarg,"%u",&dp->desync_ipfrag_pos_udp)<1 || dp->desync_ipfrag_pos_udp<1 || dp->desync_ipfrag_pos_udp>DPI_DESYNC_MAX_FAKE_LEN)
|
if (sscanf(optarg,"%u",¶ms.desync_ipfrag_pos_udp)<1 || params.desync_ipfrag_pos_udp<1 || params.desync_ipfrag_pos_udp>DPI_DESYNC_MAX_FAKE_LEN)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-ipfrag-pos-udp must be within 1..%u range\n",DPI_DESYNC_MAX_FAKE_LEN);
|
DLOG_ERR("dpi-desync-ipfrag-pos-udp must be within 1..%u range\n",DPI_DESYNC_MAX_FAKE_LEN);
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
if (dp->desync_ipfrag_pos_udp & 7)
|
if (params.desync_ipfrag_pos_udp & 7)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-ipfrag-pos-udp must be multiple of 8\n");
|
DLOG_ERR("dpi-desync-ipfrag-pos-udp must be multiple of 8\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 30: /* dpi-desync-badseq-increments */
|
case 30: /* dpi-desync-badseq-increments */
|
||||||
if (!parse_badseq_increment(optarg,&dp->desync_badseq_increment))
|
if (!parse_badseq_increment(optarg,¶ms.desync_badseq_increment))
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-badseq-increment should be signed decimal or signed 0xHEX\n");
|
DLOG_ERR("dpi-desync-badseq-increment should be signed decimal or signed 0xHEX\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 31: /* dpi-desync-badack-increment */
|
case 31: /* dpi-desync-badack-increment */
|
||||||
if (!parse_badseq_increment(optarg,&dp->desync_badseq_ack_increment))
|
if (!parse_badseq_increment(optarg,¶ms.desync_badseq_ack_increment))
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-badack-increment should be signed decimal or signed 0xHEX\n");
|
DLOG_ERR("dpi-desync-badack-increment should be signed decimal or signed 0xHEX\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 32: /* dpi-desync-any-protocol */
|
case 32: /* dpi-desync-any-protocol */
|
||||||
dp->desync_any_proto = !optarg || atoi(optarg);
|
params.desync_any_proto = !optarg || atoi(optarg);
|
||||||
break;
|
break;
|
||||||
case 33: /* dpi-desync-fake-http */
|
case 33: /* dpi-desync-fake-http */
|
||||||
dp->fake_http_size = sizeof(dp->fake_http);
|
params.fake_http_size = sizeof(params.fake_http);
|
||||||
load_file_or_exit(optarg,dp->fake_http,&dp->fake_http_size);
|
load_file_or_exit(optarg,params.fake_http,¶ms.fake_http_size);
|
||||||
break;
|
break;
|
||||||
case 34: /* dpi-desync-fake-tls */
|
case 34: /* dpi-desync-fake-tls */
|
||||||
dp->fake_tls_size = sizeof(dp->fake_tls);
|
params.fake_tls_size = sizeof(params.fake_tls);
|
||||||
load_file_or_exit(optarg,dp->fake_tls,&dp->fake_tls_size);
|
load_file_or_exit(optarg,params.fake_tls,¶ms.fake_tls_size);
|
||||||
break;
|
break;
|
||||||
case 35: /* dpi-desync-fake-unknown */
|
case 35: /* dpi-desync-fake-unknown */
|
||||||
dp->fake_unknown_size = sizeof(dp->fake_unknown);
|
params.fake_unknown_size = sizeof(params.fake_unknown);
|
||||||
load_file_or_exit(optarg,dp->fake_unknown,&dp->fake_unknown_size);
|
load_file_or_exit(optarg,params.fake_unknown,¶ms.fake_unknown_size);
|
||||||
break;
|
break;
|
||||||
case 36: /* dpi-desync-fake-syndata */
|
case 36: /* dpi-desync-fake-syndata */
|
||||||
dp->fake_syndata_size = sizeof(dp->fake_syndata);
|
params.fake_syndata_size = sizeof(params.fake_syndata);
|
||||||
load_file_or_exit(optarg,dp->fake_syndata,&dp->fake_syndata_size);
|
load_file_or_exit(optarg,params.fake_syndata,¶ms.fake_syndata_size);
|
||||||
break;
|
break;
|
||||||
case 37: /* dpi-desync-fake-quic */
|
case 37: /* dpi-desync-fake-quic */
|
||||||
dp->fake_quic_size = sizeof(dp->fake_quic);
|
params.fake_quic_size = sizeof(params.fake_quic);
|
||||||
load_file_or_exit(optarg,dp->fake_quic,&dp->fake_quic_size);
|
load_file_or_exit(optarg,params.fake_quic,¶ms.fake_quic_size);
|
||||||
break;
|
break;
|
||||||
case 38: /* dpi-desync-fake-wireguard */
|
case 38: /* dpi-desync-fake-wireguard */
|
||||||
dp->fake_wg_size = sizeof(dp->fake_wg);
|
params.fake_wg_size = sizeof(params.fake_wg);
|
||||||
load_file_or_exit(optarg,dp->fake_wg,&dp->fake_wg_size);
|
load_file_or_exit(optarg,params.fake_wg,¶ms.fake_wg_size);
|
||||||
break;
|
break;
|
||||||
case 39: /* dpi-desync-fake-dht */
|
case 39: /* dpi-desync-fake-dht */
|
||||||
dp->fake_dht_size = sizeof(dp->fake_dht);
|
params.fake_dht_size = sizeof(params.fake_dht);
|
||||||
load_file_or_exit(optarg,dp->fake_dht,&dp->fake_dht_size);
|
load_file_or_exit(optarg,params.fake_dht,¶ms.fake_dht_size);
|
||||||
break;
|
break;
|
||||||
case 40: /* dpi-desync-fake-unknown-udp */
|
case 40: /* dpi-desync-fake-unknown-udp */
|
||||||
dp->fake_unknown_udp_size = sizeof(dp->fake_unknown_udp);
|
params.fake_unknown_udp_size = sizeof(params.fake_unknown_udp);
|
||||||
load_file_or_exit(optarg,dp->fake_unknown_udp,&dp->fake_unknown_udp_size);
|
load_file_or_exit(optarg,params.fake_unknown_udp,¶ms.fake_unknown_udp_size);
|
||||||
break;
|
break;
|
||||||
case 41: /* dpi-desync-udplen-increment */
|
case 41: /* dpi-desync-udplen-increment */
|
||||||
if (sscanf(optarg,"%d",&dp->udplen_increment)<1 || dp->udplen_increment>0x7FFF || dp->udplen_increment<-0x8000)
|
if (sscanf(optarg,"%d",¶ms.udplen_increment)<1 || params.udplen_increment>0x7FFF || params.udplen_increment<-0x8000)
|
||||||
{
|
{
|
||||||
DLOG_ERR("dpi-desync-udplen-increment must be integer within -32768..32767 range\n");
|
DLOG_ERR("dpi-desync-udplen-increment must be integer within -32768..32767 range\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1457,44 +1459,44 @@ int main(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
case 42: /* dpi-desync-udplen-pattern */
|
case 42: /* dpi-desync-udplen-pattern */
|
||||||
{
|
{
|
||||||
char buf[sizeof(dp->udplen_pattern)];
|
char buf[sizeof(params.udplen_pattern)];
|
||||||
size_t sz=sizeof(buf);
|
size_t sz=sizeof(buf);
|
||||||
load_file_or_exit(optarg,buf,&sz);
|
load_file_or_exit(optarg,buf,&sz);
|
||||||
fill_pattern(dp->udplen_pattern,sizeof(dp->udplen_pattern),buf,sz);
|
fill_pattern(params.udplen_pattern,sizeof(params.udplen_pattern),buf,sz);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 43: /* desync-cutoff */
|
case 43: /* desync-cutoff */
|
||||||
if (!parse_cutoff(optarg, &dp->desync_cutoff, &dp->desync_cutoff_mode))
|
if (!parse_cutoff(optarg, ¶ms.desync_cutoff, ¶ms.desync_cutoff_mode))
|
||||||
{
|
{
|
||||||
DLOG_ERR("invalid desync-cutoff value\n");
|
DLOG_ERR("invalid desync-cutoff value\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 44: /* desync-start */
|
case 44: /* desync-start */
|
||||||
if (!parse_cutoff(optarg, &dp->desync_start, &dp->desync_start_mode))
|
if (!parse_cutoff(optarg, ¶ms.desync_start, ¶ms.desync_start_mode))
|
||||||
{
|
{
|
||||||
DLOG_ERR("invalid desync-start value\n");
|
DLOG_ERR("invalid desync-start value\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 45: /* hostlist */
|
case 45: /* hostlist */
|
||||||
if (!strlist_add(&dp->hostlist_files, optarg))
|
if (!strlist_add(¶ms.hostlist_files, optarg))
|
||||||
{
|
{
|
||||||
DLOG_ERR("strlist_add failed\n");
|
DLOG_ERR("strlist_add failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 46: /* hostlist-exclude */
|
case 46: /* hostlist-exclude */
|
||||||
if (!strlist_add(&dp->hostlist_exclude_files, optarg))
|
if (!strlist_add(¶ms.hostlist_exclude_files, optarg))
|
||||||
{
|
{
|
||||||
DLOG_ERR("strlist_add failed\n");
|
DLOG_ERR("strlist_add failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 47: /* hostlist-auto */
|
case 47: /* hostlist-auto */
|
||||||
if (*dp->hostlist_auto_filename)
|
if (*params.hostlist_auto_filename)
|
||||||
{
|
{
|
||||||
DLOG_ERR("only one auto hostlist per profile is supported\n");
|
DLOG_ERR("only one auto hostlist is supported\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -1516,33 +1518,33 @@ int main(int argc, char **argv)
|
|||||||
DLOG_ERR("could not chown %s. auto hostlist file may not be writable after privilege drop\n", optarg);
|
DLOG_ERR("could not chown %s. auto hostlist file may not be writable after privilege drop\n", optarg);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if (!strlist_add(&dp->hostlist_files, optarg))
|
if (!strlist_add(¶ms.hostlist_files, optarg))
|
||||||
{
|
{
|
||||||
DLOG_ERR("strlist_add failed\n");
|
DLOG_ERR("strlist_add failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
strncpy(dp->hostlist_auto_filename, optarg, sizeof(dp->hostlist_auto_filename));
|
strncpy(params.hostlist_auto_filename, optarg, sizeof(params.hostlist_auto_filename));
|
||||||
dp->hostlist_auto_filename[sizeof(dp->hostlist_auto_filename) - 1] = '\0';
|
params.hostlist_auto_filename[sizeof(params.hostlist_auto_filename) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
case 48: /* hostlist-auto-fail-threshold */
|
case 48: /* hostlist-auto-fail-threshold */
|
||||||
dp->hostlist_auto_fail_threshold = (uint8_t)atoi(optarg);
|
params.hostlist_auto_fail_threshold = (uint8_t)atoi(optarg);
|
||||||
if (dp->hostlist_auto_fail_threshold<1 || dp->hostlist_auto_fail_threshold>20)
|
if (params.hostlist_auto_fail_threshold<1 || params.hostlist_auto_fail_threshold>20)
|
||||||
{
|
{
|
||||||
DLOG_ERR("auto hostlist fail threshold must be within 1..20\n");
|
DLOG_ERR("auto hostlist fail threshold must be within 1..20\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 49: /* hostlist-auto-fail-time */
|
case 49: /* hostlist-auto-fail-time */
|
||||||
dp->hostlist_auto_fail_time = (uint8_t)atoi(optarg);
|
params.hostlist_auto_fail_time = (uint8_t)atoi(optarg);
|
||||||
if (dp->hostlist_auto_fail_time<1)
|
if (params.hostlist_auto_fail_time<1)
|
||||||
{
|
{
|
||||||
DLOG_ERR("auto hostlist fail time is not valid\n");
|
DLOG_ERR("auto hostlist fail time is not valid\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 50: /* hostlist-auto-retrans-threshold */
|
case 50: /* hostlist-auto-retrans-threshold */
|
||||||
dp->hostlist_auto_retrans_threshold = (uint8_t)atoi(optarg);
|
params.hostlist_auto_retrans_threshold = (uint8_t)atoi(optarg);
|
||||||
if (dp->hostlist_auto_retrans_threshold<2 || dp->hostlist_auto_retrans_threshold>10)
|
if (params.hostlist_auto_retrans_threshold<2 || params.hostlist_auto_retrans_threshold>10)
|
||||||
{
|
{
|
||||||
DLOG_ERR("auto hostlist fail threshold must be within 2..10\n");
|
DLOG_ERR("auto hostlist fail threshold must be within 2..10\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
@ -1565,65 +1567,29 @@ int main(int argc, char **argv)
|
|||||||
params.hostlist_auto_debuglog[sizeof(params.hostlist_auto_debuglog) - 1] = '\0';
|
params.hostlist_auto_debuglog[sizeof(params.hostlist_auto_debuglog) - 1] = '\0';
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 52: /* new */
|
|
||||||
if (!(dpl = dp_list_add(¶ms.desync_profiles)))
|
|
||||||
{
|
|
||||||
DLOG_ERR("desync_profile_add: out of memory\n");
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
dp = &dpl->dp;
|
|
||||||
dp->n = ++desync_profile_count;
|
|
||||||
break;
|
|
||||||
case 53: /* filter-l3 */
|
|
||||||
if (!wf_make_l3(optarg,&dp->filter_ipv4,&dp->filter_ipv6))
|
|
||||||
{
|
|
||||||
DLOG_ERR("bad value for --filter-l3\n");
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 54: /* filter-tcp */
|
|
||||||
if (!pf_parse(optarg,&dp->pf_tcp))
|
|
||||||
{
|
|
||||||
DLOG_ERR("Invalid port filter : %s\n",optarg);
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
// deny udp if not set
|
|
||||||
if (pf_is_empty(&dp->pf_udp)) dp->pf_udp.neg=true;
|
|
||||||
break;
|
|
||||||
case 55: /* filter-udp */
|
|
||||||
if (!pf_parse(optarg,&dp->pf_udp))
|
|
||||||
{
|
|
||||||
DLOG_ERR("Invalid port filter : %s\n",optarg);
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
// deny tcp if not set
|
|
||||||
if (pf_is_empty(&dp->pf_tcp)) dp->pf_tcp.neg=true;
|
|
||||||
break;
|
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
case 56: /* bind-fix4 */
|
case 52: /* bind-fix4 */
|
||||||
params.bind_fix4 = true;
|
params.bind_fix4 = true;
|
||||||
break;
|
break;
|
||||||
case 57: /* bind-fix6 */
|
case 53: /* bind-fix6 */
|
||||||
params.bind_fix6 = true;
|
params.bind_fix6 = true;
|
||||||
break;
|
break;
|
||||||
#elif defined(__CYGWIN__)
|
#elif defined(__CYGWIN__)
|
||||||
case 56: /* wf-iface */
|
case 52: /* wf-iface */
|
||||||
if (!sscanf(optarg,"%u.%u",&IfIdx,&SubIfIdx))
|
if (!sscanf(optarg,"%u.%u",&IfIdx,&SubIfIdx))
|
||||||
{
|
{
|
||||||
DLOG_ERR("bad value for --wf-iface\n");
|
DLOG_ERR("bad value for --wf-iface\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 57: /* wf-l3 */
|
case 53: /* wf-l3 */
|
||||||
if (!wf_make_l3(optarg,&wf_ipv4,&wf_ipv6))
|
if (!wf_make_l3(optarg,&wf_ipv4,&wf_ipv6))
|
||||||
{
|
{
|
||||||
DLOG_ERR("bad value for --wf-l3\n");
|
DLOG_ERR("bad value for --wf-l3\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 58: /* wf-tcp */
|
case 54: /* wf-tcp */
|
||||||
hash_wf_tcp=hash_jen(optarg,strlen(optarg));
|
hash_wf_tcp=hash_jen(optarg,strlen(optarg));
|
||||||
if (!wf_make_pf(optarg,"tcp","SrcPort",wf_pf_tcp_src,sizeof(wf_pf_tcp_src)) ||
|
if (!wf_make_pf(optarg,"tcp","SrcPort",wf_pf_tcp_src,sizeof(wf_pf_tcp_src)) ||
|
||||||
!wf_make_pf(optarg,"tcp","DstPort",wf_pf_tcp_dst,sizeof(wf_pf_tcp_dst)))
|
!wf_make_pf(optarg,"tcp","DstPort",wf_pf_tcp_dst,sizeof(wf_pf_tcp_dst)))
|
||||||
@ -1632,7 +1598,7 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 59: /* wf-udp */
|
case 55: /* wf-udp */
|
||||||
hash_wf_udp=hash_jen(optarg,strlen(optarg));
|
hash_wf_udp=hash_jen(optarg,strlen(optarg));
|
||||||
if (!wf_make_pf(optarg,"udp","SrcPort",wf_pf_udp_src,sizeof(wf_pf_udp_src)) ||
|
if (!wf_make_pf(optarg,"udp","SrcPort",wf_pf_udp_src,sizeof(wf_pf_udp_src)) ||
|
||||||
!wf_make_pf(optarg,"udp","DstPort",wf_pf_udp_dst,sizeof(wf_pf_udp_dst)))
|
!wf_make_pf(optarg,"udp","DstPort",wf_pf_udp_dst,sizeof(wf_pf_udp_dst)))
|
||||||
@ -1641,7 +1607,7 @@ int main(int argc, char **argv)
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 60: /* wf-raw */
|
case 56: /* wf-raw */
|
||||||
hash_wf_raw=hash_jen(optarg,strlen(optarg));
|
hash_wf_raw=hash_jen(optarg,strlen(optarg));
|
||||||
if (optarg[0]=='@')
|
if (optarg[0]=='@')
|
||||||
{
|
{
|
||||||
@ -1655,11 +1621,11 @@ int main(int argc, char **argv)
|
|||||||
windivert_filter[sizeof(windivert_filter) - 1] = '\0';
|
windivert_filter[sizeof(windivert_filter) - 1] = '\0';
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 61: /* wf-save */
|
case 57: /* wf-save */
|
||||||
strncpy(wf_save_file, optarg, sizeof(wf_save_file));
|
strncpy(wf_save_file, optarg, sizeof(wf_save_file));
|
||||||
wf_save_file[sizeof(wf_save_file) - 1] = '\0';
|
wf_save_file[sizeof(wf_save_file) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
case 62: /* ssid-filter */
|
case 58: /* ssid-filter */
|
||||||
hash_ssid_filter=hash_jen(optarg,strlen(optarg));
|
hash_ssid_filter=hash_jen(optarg,strlen(optarg));
|
||||||
{
|
{
|
||||||
char *e,*p = optarg;
|
char *e,*p = optarg;
|
||||||
@ -1677,7 +1643,7 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 63: /* nlm-filter */
|
case 59: /* nlm-filter */
|
||||||
hash_nlm_filter=hash_jen(optarg,strlen(optarg));
|
hash_nlm_filter=hash_jen(optarg,strlen(optarg));
|
||||||
{
|
{
|
||||||
char *e,*p = optarg;
|
char *e,*p = optarg;
|
||||||
@ -1695,7 +1661,7 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 64: /* nlm-list */
|
case 60: /* nlm-list */
|
||||||
if (!nlm_list(optarg && !strcmp(optarg,"all")))
|
if (!nlm_list(optarg && !strcmp(optarg,"all")))
|
||||||
{
|
{
|
||||||
DLOG_ERR("could not get list of NLM networks\n");
|
DLOG_ERR("could not get list of NLM networks\n");
|
||||||
@ -1706,7 +1672,7 @@ int main(int argc, char **argv)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
if (params.qnum<0)
|
if (params.qnum<0)
|
||||||
{
|
{
|
||||||
@ -1763,43 +1729,29 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
DLOG("adding low-priority default empty desync profile\n");
|
// not specified - use desync_ttl value instead
|
||||||
// add default empty profile
|
if (params.desync_ttl6 == 0xFF) params.desync_ttl6=params.desync_ttl;
|
||||||
if (!(dpl = dp_list_add(¶ms.desync_profiles)))
|
if (!AUTOTTL_ENABLED(params.desync_autottl6)) params.desync_autottl6 = params.desync_autottl;
|
||||||
{
|
if (AUTOTTL_ENABLED(params.desync_autottl))
|
||||||
DLOG_ERR("desync_profile_add: out of memory\n");
|
DLOG("autottl ipv4 %u:%u-%u\n",params.desync_autottl.delta,params.desync_autottl.min,params.desync_autottl.max);
|
||||||
exit_clean(1);
|
if (AUTOTTL_ENABLED(params.desync_autottl6))
|
||||||
}
|
DLOG("autottl ipv6 %u:%u-%u\n",params.desync_autottl6.delta,params.desync_autottl6.min,params.desync_autottl6.max);
|
||||||
|
if (params.desync_split_tls==tlspos_none && params.desync_split_pos) params.desync_split_tls=tlspos_pos;
|
||||||
DLOG_CONDUP("we have %d user defined desync profile(s) and default low priority profile 0\n",desync_profile_count);
|
if (params.desync_split_http_req==httpreqpos_none && params.desync_split_pos) params.desync_split_http_req=httpreqpos_pos;
|
||||||
|
|
||||||
v=0;
|
|
||||||
LIST_FOREACH(dpl, ¶ms.desync_profiles, next)
|
|
||||||
{
|
|
||||||
dp = &dpl->dp;
|
|
||||||
// not specified - use desync_ttl value instead
|
|
||||||
if (dp->desync_ttl6 == 0xFF) dp->desync_ttl6=dp->desync_ttl;
|
|
||||||
if (!AUTOTTL_ENABLED(dp->desync_autottl6)) dp->desync_autottl6 = dp->desync_autottl;
|
|
||||||
if (AUTOTTL_ENABLED(dp->desync_autottl))
|
|
||||||
DLOG("[profile %d] autottl ipv4 %u:%u-%u\n",v,dp->desync_autottl.delta,dp->desync_autottl.min,dp->desync_autottl.max);
|
|
||||||
if (AUTOTTL_ENABLED(dp->desync_autottl6))
|
|
||||||
DLOG("[profile %d] autottl ipv6 %u:%u-%u\n",v,dp->desync_autottl6.delta,dp->desync_autottl6.min,dp->desync_autottl6.max);
|
|
||||||
if (dp->desync_split_tls==tlspos_none && dp->desync_split_pos) dp->desync_split_tls=tlspos_pos;
|
|
||||||
if (dp->desync_split_http_req==httpreqpos_none && dp->desync_split_pos) dp->desync_split_http_req=httpreqpos_pos;
|
|
||||||
v++;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!LoadIncludeHostLists())
|
if (!LoadIncludeHostLists())
|
||||||
{
|
{
|
||||||
DLOG_ERR("Include hostlists load failed\n");
|
DLOG_ERR("Include hostlist load failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
|
if (*params.hostlist_auto_filename)
|
||||||
|
NonEmptyHostlist(¶ms.hostlist);
|
||||||
if (!LoadExcludeHostLists())
|
if (!LoadExcludeHostLists())
|
||||||
{
|
{
|
||||||
DLOG_ERR("Exclude hostlists load failed\n");
|
DLOG_ERR("Exclude hostlist load failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (daemon) daemonize();
|
if (daemon) daemonize();
|
||||||
|
|
||||||
if (*pidfile && !writepid(pidfile))
|
if (*pidfile && !writepid(pidfile))
|
||||||
|
81
nfq/params.c
81
nfq/params.c
@ -1,12 +1,8 @@
|
|||||||
#include "params.h"
|
#include "params.h"
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
||||||
#include "pools.h"
|
|
||||||
#include "desync.h"
|
|
||||||
|
|
||||||
#ifdef BSD
|
#ifdef BSD
|
||||||
const char *progname = "dvtws";
|
const char *progname = "dvtws";
|
||||||
#elif defined(__CYGWIN__)
|
#elif defined(__CYGWIN__)
|
||||||
@ -153,80 +149,3 @@ int HOSTLIST_DEBUGLOG_APPEND(const char *format, ...)
|
|||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head)
|
|
||||||
{
|
|
||||||
struct desync_profile_list *entry = calloc(1,sizeof(struct desync_profile_list));
|
|
||||||
if (!entry) return NULL;
|
|
||||||
|
|
||||||
LIST_INIT(&entry->dp.hostlist_files);
|
|
||||||
LIST_INIT(&entry->dp.hostlist_exclude_files);
|
|
||||||
memcpy(entry->dp.hostspell, "host", 4); // default hostspell
|
|
||||||
entry->dp.desync_skip_nosni = true;
|
|
||||||
entry->dp.desync_split_pos = 2;
|
|
||||||
entry->dp.desync_ipfrag_pos_udp = IPFRAG_UDP_DEFAULT;
|
|
||||||
entry->dp.desync_ipfrag_pos_tcp = IPFRAG_TCP_DEFAULT;
|
|
||||||
entry->dp.desync_repeats = 1;
|
|
||||||
entry->dp.fake_tls_size = sizeof(fake_tls_clienthello_default);
|
|
||||||
memcpy(entry->dp.fake_tls,fake_tls_clienthello_default,entry->dp.fake_tls_size);
|
|
||||||
randomize_default_tls_payload(entry->dp.fake_tls);
|
|
||||||
entry->dp.fake_http_size = strlen(fake_http_request_default);
|
|
||||||
memcpy(entry->dp.fake_http,fake_http_request_default,entry->dp.fake_http_size);
|
|
||||||
entry->dp.fake_quic_size = 620; // must be 601+ for TSPU hack
|
|
||||||
entry->dp.fake_quic[0] = 0x40; // russian TSPU QUIC short header fake
|
|
||||||
entry->dp.fake_wg_size = 64;
|
|
||||||
entry->dp.fake_dht_size = 64;
|
|
||||||
entry->dp.fake_unknown_size = 256;
|
|
||||||
entry->dp.fake_syndata_size = 16;
|
|
||||||
entry->dp.fake_unknown_udp_size = 64;
|
|
||||||
entry->dp.wscale=-1; // default - dont change scale factor (client)
|
|
||||||
entry->dp.desync_ttl6 = 0xFF; // unused
|
|
||||||
entry->dp.desync_badseq_increment = BADSEQ_INCREMENT_DEFAULT;
|
|
||||||
entry->dp.desync_badseq_ack_increment = BADSEQ_ACK_INCREMENT_DEFAULT;
|
|
||||||
entry->dp.wssize_cutoff_mode = entry->dp.desync_start_mode = entry->dp.desync_cutoff_mode = 'n'; // packet number by default
|
|
||||||
entry->dp.udplen_increment = UDPLEN_INCREMENT_DEFAULT;
|
|
||||||
entry->dp.hostlist_auto_fail_threshold = HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT;
|
|
||||||
entry->dp.hostlist_auto_fail_time = HOSTLIST_AUTO_FAIL_TIME_DEFAULT;
|
|
||||||
entry->dp.hostlist_auto_retrans_threshold = HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT;
|
|
||||||
entry->dp.filter_ipv4 = entry->dp.filter_ipv6 = true;
|
|
||||||
|
|
||||||
// add to the tail
|
|
||||||
struct desync_profile_list *dpn,*dpl=LIST_FIRST(¶ms.desync_profiles);
|
|
||||||
if (dpl)
|
|
||||||
{
|
|
||||||
while ((dpn=LIST_NEXT(dpl,next))) dpl = dpn;
|
|
||||||
LIST_INSERT_AFTER(dpl, entry, next);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
LIST_INSERT_HEAD(¶ms.desync_profiles, entry, next);
|
|
||||||
|
|
||||||
return entry;
|
|
||||||
}
|
|
||||||
static void dp_entry_destroy(struct desync_profile_list *entry)
|
|
||||||
{
|
|
||||||
strlist_destroy(&entry->dp.hostlist_files);
|
|
||||||
strlist_destroy(&entry->dp.hostlist_exclude_files);
|
|
||||||
StrPoolDestroy(&entry->dp.hostlist_exclude);
|
|
||||||
StrPoolDestroy(&entry->dp.hostlist);
|
|
||||||
HostFailPoolDestroy(&entry->dp.hostlist_auto_fail_counters);
|
|
||||||
free(entry);
|
|
||||||
}
|
|
||||||
void dp_list_destroy(struct desync_profile_list_head *head)
|
|
||||||
{
|
|
||||||
struct desync_profile_list *entry;
|
|
||||||
while ((entry = LIST_FIRST(head)))
|
|
||||||
{
|
|
||||||
LIST_REMOVE(entry, next);
|
|
||||||
dp_entry_destroy(entry);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
bool dp_list_have_autohostlist(struct desync_profile_list_head *head)
|
|
||||||
{
|
|
||||||
struct desync_profile_list *dpl;
|
|
||||||
LIST_FOREACH(dpl, head, next)
|
|
||||||
if (*dpl->dp.hostlist_auto_filename)
|
|
||||||
return true;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
60
nfq/params.h
60
nfq/params.h
@ -4,7 +4,6 @@
|
|||||||
#include "conntrack.h"
|
#include "conntrack.h"
|
||||||
#include "desync.h"
|
#include "desync.h"
|
||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
#include "helpers.h"
|
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@ -13,7 +12,6 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <sys/queue.h>
|
|
||||||
|
|
||||||
#define TLS_PARTIALS_ENABLE true
|
#define TLS_PARTIALS_ENABLE true
|
||||||
|
|
||||||
@ -37,15 +35,22 @@
|
|||||||
|
|
||||||
enum log_target { LOG_TARGET_CONSOLE=0, LOG_TARGET_FILE, LOG_TARGET_SYSLOG };
|
enum log_target { LOG_TARGET_CONSOLE=0, LOG_TARGET_FILE, LOG_TARGET_SYSLOG };
|
||||||
|
|
||||||
struct desync_profile
|
struct params_s
|
||||||
{
|
{
|
||||||
int n; // number of the profile
|
enum log_target debug_target;
|
||||||
|
char debug_logfile[PATH_MAX];
|
||||||
|
bool debug;
|
||||||
|
|
||||||
uint16_t wsize,wssize;
|
uint16_t wsize,wssize;
|
||||||
uint8_t wscale,wsscale;
|
uint8_t wscale,wsscale;
|
||||||
char wssize_cutoff_mode; // n - packets, d - data packets, s - relative sequence
|
char wssize_cutoff_mode; // n - packets, d - data packets, s - relative sequence
|
||||||
unsigned int wssize_cutoff;
|
unsigned int wssize_cutoff;
|
||||||
|
#ifdef __linux__
|
||||||
|
int qnum;
|
||||||
|
#elif defined(BSD)
|
||||||
|
uint16_t port; // divert port
|
||||||
|
#endif
|
||||||
|
char bind_fix4,bind_fix6;
|
||||||
bool hostcase, hostnospace, domcase;
|
bool hostcase, hostnospace, domcase;
|
||||||
char hostspell[4];
|
char hostspell[4];
|
||||||
enum dpi_desync_mode desync_mode0,desync_mode,desync_mode2;
|
enum dpi_desync_mode desync_mode0,desync_mode,desync_mode2;
|
||||||
@ -58,47 +63,13 @@ struct desync_profile
|
|||||||
uint8_t desync_ttl, desync_ttl6;
|
uint8_t desync_ttl, desync_ttl6;
|
||||||
autottl desync_autottl, desync_autottl6;
|
autottl desync_autottl, desync_autottl6;
|
||||||
uint32_t desync_fooling_mode;
|
uint32_t desync_fooling_mode;
|
||||||
|
uint32_t desync_fwmark; // unused in BSD
|
||||||
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
||||||
uint8_t fake_http[1460],fake_tls[1460],fake_unknown[1460],fake_syndata[1460],seqovl_pattern[1460];
|
uint8_t fake_http[1460],fake_tls[1460],fake_unknown[1460],fake_syndata[1460],seqovl_pattern[1460];
|
||||||
uint8_t fake_unknown_udp[1472],udplen_pattern[1472],fake_quic[1472],fake_wg[1472],fake_dht[1472];
|
uint8_t fake_unknown_udp[1472],udplen_pattern[1472],fake_quic[1472],fake_wg[1472],fake_dht[1472];
|
||||||
size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_dht_size,fake_unknown_size,fake_syndata_size,fake_unknown_udp_size;
|
size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_dht_size,fake_unknown_size,fake_syndata_size,fake_unknown_udp_size;
|
||||||
int udplen_increment;
|
int udplen_increment;
|
||||||
|
|
||||||
bool filter_ipv4,filter_ipv6;
|
|
||||||
port_filter pf_tcp,pf_udp;
|
|
||||||
strpool *hostlist, *hostlist_exclude;
|
|
||||||
struct str_list_head hostlist_files, hostlist_exclude_files;
|
|
||||||
char hostlist_auto_filename[PATH_MAX];
|
|
||||||
int hostlist_auto_fail_threshold, hostlist_auto_fail_time, hostlist_auto_retrans_threshold;
|
|
||||||
time_t hostlist_auto_mod_time;
|
|
||||||
hostfail_pool *hostlist_auto_fail_counters;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct desync_profile_list {
|
|
||||||
struct desync_profile dp;
|
|
||||||
LIST_ENTRY(desync_profile_list) next;
|
|
||||||
};
|
|
||||||
LIST_HEAD(desync_profile_list_head, desync_profile_list);
|
|
||||||
struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head);
|
|
||||||
void dp_list_destroy(struct desync_profile_list_head *head);
|
|
||||||
bool dp_list_have_autohostlist(struct desync_profile_list_head *head);
|
|
||||||
|
|
||||||
struct params_s
|
|
||||||
{
|
|
||||||
enum log_target debug_target;
|
|
||||||
char debug_logfile[PATH_MAX];
|
|
||||||
bool debug;
|
|
||||||
|
|
||||||
#ifdef __linux__
|
|
||||||
int qnum;
|
|
||||||
#elif defined(BSD)
|
|
||||||
uint16_t port; // divert port
|
|
||||||
#endif
|
|
||||||
char bind_fix4,bind_fix6;
|
|
||||||
uint32_t desync_fwmark; // unused in BSD
|
|
||||||
|
|
||||||
struct desync_profile_list_head desync_profiles;
|
|
||||||
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
struct str_list_head ssid_filter,nlm_filter;
|
struct str_list_head ssid_filter,nlm_filter;
|
||||||
#else
|
#else
|
||||||
@ -107,8 +78,13 @@ struct params_s
|
|||||||
gid_t gid;
|
gid_t gid;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
char hostlist_auto_debuglog[PATH_MAX];
|
strpool *hostlist, *hostlist_exclude;
|
||||||
|
struct str_list_head hostlist_files, hostlist_exclude_files;
|
||||||
|
char hostlist_auto_filename[PATH_MAX], hostlist_auto_debuglog[PATH_MAX];
|
||||||
|
int hostlist_auto_fail_threshold, hostlist_auto_fail_time, hostlist_auto_retrans_threshold;
|
||||||
|
time_t hostlist_auto_mod_time;
|
||||||
|
hostfail_pool *hostlist_auto_fail_counters;
|
||||||
|
|
||||||
unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
|
unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
|
||||||
t_conntrack conntrack;
|
t_conntrack conntrack;
|
||||||
};
|
};
|
||||||
|
@ -26,6 +26,7 @@ struct str_list {
|
|||||||
};
|
};
|
||||||
LIST_HEAD(str_list_head, str_list);
|
LIST_HEAD(str_list_head, str_list);
|
||||||
|
|
||||||
|
|
||||||
typedef struct hostfail_pool {
|
typedef struct hostfail_pool {
|
||||||
char *str; /* key */
|
char *str; /* key */
|
||||||
int counter; /* value */
|
int counter; /* value */
|
||||||
|
Loading…
Reference in New Issue
Block a user