drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-02-20 20:12:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: drygdryg:2eb6080cd06503dbd0af22e703988d5ca0379dc4
Branches Tags
drygdryg:master
drygdryg:v70
drygdryg:v69.9
drygdryg:v69.8
drygdryg:v69.7
drygdryg:v69.6
drygdryg:v69.5
drygdryg:v69.4
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64
...
compare: drygdryg:97a36f3c182c9dabdf7a501cea579b110b71710e
Branches Tags
drygdryg:master
drygdryg:v70
drygdryg:v69.9
drygdryg:v69.8
drygdryg:v69.7
drygdryg:v69.6
drygdryg:v69.5
drygdryg:v69.4
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64

6 Commits
2eb6080cd0 ... 97a36f3c18

Author SHA1 Message Date
bol-van
97a36f3c18 readme: add get_refilter*.sh info 2024-10-15 15:18:58 +03:00
bol-van
0b2796c6da ipset: refilter scripts 2024-10-15 14:55:16 +03:00
bol-van
4628e65917 tpws: move l7proto defs to one place 2024-10-15 13:29:16 +03:00
bol-van
389b8337dc tpws: move l7proto defs to one place 2024-10-15 13:28:38 +03:00
bol-van
59c143ece5 tpws: autohostlist debug log write client and proto info 2024-10-15 11:23:37 +03:00
bol-van
f0957efc57 tpws: fix MSS apply in transparent mode 2024-10-15 10:35:27 +03:00
9 changed files with 164 additions and 62 deletions
Show Stats Expand all files Collapse all files

15
docs/readme.txt
View File

@ -981,10 +981,13 @@ Cкрипты с названием get_antifilter_* оперируют спис
9) ipset/get_antifilter_allyouneed.sh. получает лист https://antifilter.download/list/allyouneed.lst. 9) ipset/get_antifilter_allyouneed.sh. получает лист https://antifilter.download/list/allyouneed.lst.
Суммарный список префиксов, созданный из ipsum.lst и subnet.lst. Суммарный список префиксов, созданный из ipsum.lst и subnet.lst.
Все варианты рассмотренных скриптов автоматически создают и заполняют ipset. 10) ipset/get_refilter_ipsum.sh.
Варианты 2-9 дополнительно вызывают вариант 1. Список берется отсюда : https://github.com/1andrevich/Re-filter-lists
10) ipset/get_config.sh. этот скрипт вызывает то, что прописано в переменной GETLIST из файла config Все варианты рассмотренных скриптов автоматически создают и заполняют ipset.
Варианты 2-10 дополнительно вызывают вариант 1.
11) ipset/get_config.sh. этот скрипт вызывает то, что прописано в переменной GETLIST из файла config
Если переменная не определена, то ресолвятся лишь листы для ipset nozapret/nozapret6. Если переменная не определена, то ресолвятся лишь листы для ipset nozapret/nozapret6.
Листы РКН все время изменяются. Возникают новые тенденции. Требования к RAM могут меняться. Листы РКН все время изменяются. Возникают новые тенденции. Требования к RAM могут меняться.
@ -1111,7 +1114,11 @@ ipset/zapret-hosts-users-exclude.txt.gz или ipset/zapret-hosts-users-exclude.
Поддомены учитываются автоматически. Например, строчка "ru" вносит в список "*.ru". Строчка "*.ru" в списке не сработает. Поддомены учитываются автоматически. Например, строчка "ru" вносит в список "*.ru". Строчка "*.ru" в списке не сработает.
Список доменов РКН может быть получен скриптами ipset/get_reestr_hostlist.sh или ipset/get_antizapret_domains.sh Список доменов РКН может быть получен скриптами
ipset/get_reestr_hostlist.sh
ipset/get_antizapret_domains.sh
ipset/get_reestr_resolvable_domains.sh
ipset/get_refilter_domains.sh
- кладется в ipset/zapret-hosts.txt.gz. - кладется в ipset/zapret-hosts.txt.gz.
Чтобы обновить списки, перезапускать nfqws или tpws не нужно. Обновляете файлы, затем даете сигнал HUP. Чтобы обновить списки, перезапускать nfqws или tpws не нужно. Обновляете файлы, затем даете сигнал HUP.

6
install_easy.sh
View File

@ -219,10 +219,10 @@ select_getlist()
echo echo
if ask_yes_no $D "do you want to auto download ip/host list"; then if ask_yes_no $D "do you want to auto download ip/host list"; then
if [ "$MODE_FILTER" = "hostlist" ] ; then if [ "$MODE_FILTER" = "hostlist" ] ; then
GETLISTS="get_antizapret_domains.sh get_reestr_resolvable_domains.sh get_reestr_hostlist.sh" GETLISTS="get_refilter_domains.sh get_antizapret_domains.sh get_reestr_resolvable_domains.sh get_reestr_hostlist.sh"
GETLIST_DEF="get_antizapret_domains.sh" GETLIST_DEF="get_antizapret_domains.sh"
else else
GETLISTS="get_user.sh get_antifilter_ip.sh get_antifilter_ipsmart.sh get_antifilter_ipsum.sh get_antifilter_ipresolve.sh get_antifilter_allyouneed.sh get_reestr_resolve.sh get_reestr_preresolved.sh get_reestr_preresolved_smart.sh" GETLISTS="get_user.sh get_refilter_ipsum.sh get_antifilter_ip.sh get_antifilter_ipsmart.sh get_antifilter_ipsum.sh get_antifilter_ipresolve.sh get_antifilter_allyouneed.sh get_reestr_resolve.sh get_reestr_preresolved.sh get_reestr_preresolved_smart.sh"
GETLIST_DEF="get_antifilter_allyouneed.sh" GETLIST_DEF="get_antifilter_allyouneed.sh"
fi fi
ask_list GETLIST "$GETLISTS" "$GETLIST_DEF" && write_config_var GETLIST ask_list GETLIST "$GETLISTS" "$GETLIST_DEF" && write_config_var GETLIST
@ -462,6 +462,8 @@ files/huawei/E8372/zapret \
files/huawei/E8372/run-zapret-ip \ files/huawei/E8372/run-zapret-ip \
ipset/get_exclude.sh \ ipset/get_exclude.sh \
ipset/clear_lists.sh \ ipset/clear_lists.sh \
ipset/get_refilter_domains.sh \
ipset/get_refilter_ipsum.sh \
ipset/get_antifilter_ipresolve.sh \ ipset/get_antifilter_ipresolve.sh \
ipset/get_reestr_resolvable_domains.sh \ ipset/get_reestr_resolvable_domains.sh \
ipset/get_config.sh \ ipset/get_config.sh \

42
ipset/get_refilter_domains.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/sh
IPSET_DIR="$(dirname "$0")"
IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
. "$IPSET_DIR/def.sh"
TMPLIST="$TMPDIR/list.txt"
URL="https://github.com/1andrevich/Re-filter-lists/releases/latest/download/domains_all.lst"
dl()
{
# $1 - url
# $2 - file
# $3 - minsize
# $4 - maxsize
curl -L -H "Accept-Encoding: gzip" -k --fail --max-time 60 --connect-timeout 10 --retry 4 --max-filesize $4 -o "$TMPLIST" "$1" ||
{
echo list download failed : $1
exit 2
}
dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
if test $dlsize -lt $3; then
echo list is too small : $dlsize bytes. can be bad.
exit 2
fi
zzcat "$TMPLIST" | tr -d '\015' | zz "$2"
rm -f "$TMPLIST"
}
# useful in case ipban set is used in custom scripts
FAIL=
getipban || FAIL=1
"$IPSET_DIR/create_ipset.sh"
[ -n "$FAIL" ] && exit
dl "$URL" "$ZHOSTLIST" 32768 4194304
hup_zapret_daemons
exit 0

39
ipset/get_refilter_ipsum.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/sh
IPSET_DIR="$(dirname "$0")"
IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
. "$IPSET_DIR/def.sh"
TMPLIST="$TMPDIR/list.txt"
URL="https://github.com/1andrevich/Re-filter-lists/releases/latest/download/ipsum.lst"
dl()
{
# $1 - url
# $2 - file
# $3 - minsize
# $4 - maxsize
curl -L -H "Accept-Encoding: gzip" -k --fail --max-time 60 --connect-timeout 10 --retry 4 --max-filesize $4 -o "$TMPLIST" "$1" ||
{
echo list download failed : $1
exit 2
}
dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
if test $dlsize -lt $3; then
echo list is too small : $dlsize bytes. can be bad.
exit 2
fi
# remove DOS EOL \r
zzcat "$TMPLIST" | tr -d '\015' | zz "$2"
rm -f "$TMPLIST"
}
getuser && {
[ "$DISABLE_IPV4" != "1" ] && {
dl "$URL" "$ZIPLIST" 32768 4194304
}
}
"$IPSET_DIR/create_ipset.sh"

4
tpws/params.h
View File

@ -14,10 +14,6 @@
#define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT 3 #define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT 3
#define HOSTLIST_AUTO_FAIL_TIME_DEFAULT 60 #define HOSTLIST_AUTO_FAIL_TIME_DEFAULT 60
#define L7_PROTO_HTTP 1
#define L7_PROTO_TLS 2
#define L7_PROTO_UNKNOWN 0x80000000
enum bindll { unwanted=0, no, prefer, force }; enum bindll { unwanted=0, no, prefer, force };
#define MAX_BINDS 32 #define MAX_BINDS 32

54
tpws/tamper.c
View File

@ -38,7 +38,7 @@ static bool dp_impossible(struct desync_profile *dp, const char *hostname, t_l7p
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
{ {
// impossible case, hard filter // impossible case, hard filter
// impossible check avoid relatively slow ipset search // impossible check avoids relatively slow ipset search
if (!dp_impossible(dp,hostname,l7proto) && dp_match_l3l4(dp,dest)) if (!dp_impossible(dp,hostname,l7proto) && dp_match_l3l4(dp,dest))
{ {
// soft filter // soft filter
@ -375,7 +375,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
if (ctrack->dp->oob) *split_flags |= SPLIT_FLAG_OOB; if (ctrack->dp->oob) *split_flags |= SPLIT_FLAG_OOB;
} }
static void auto_hostlist_reset_fail_counter(struct desync_profile *dp, const char *hostname) static void auto_hostlist_reset_fail_counter(struct desync_profile *dp, const char *hostname, const char *client_ip_port, t_l7proto l7proto)
{ {
if (hostname) if (hostname)
{ {
@ -386,12 +386,12 @@ static void auto_hostlist_reset_fail_counter(struct desync_profile *dp, const ch
{ {
HostFailPoolDel(&dp->hostlist_auto_fail_counters, fail_counter); HostFailPoolDel(&dp->hostlist_auto_fail_counters, fail_counter);
VPRINT("auto hostlist (profile %d) : %s : fail counter reset. website is working.\n", dp->n, hostname); VPRINT("auto hostlist (profile %d) : %s : fail counter reset. website is working.\n", dp->n, hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : fail counter reset. website is working.", hostname, dp->n); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : fail counter reset. website is working.", hostname, dp->n, client_ip_port, l7proto_str(l7proto));
} }
} }
} }
static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname) static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname, const char *client_ip_port, t_l7proto l7proto)
{ {
hostfail_pool *fail_counter; hostfail_pool *fail_counter;
@ -407,7 +407,7 @@ static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname
} }
fail_counter->counter++; fail_counter->counter++;
VPRINT("auto hostlist (profile %d) : %s : fail counter %d/%d\n", dp->n , hostname, fail_counter->counter, dp->hostlist_auto_fail_threshold); VPRINT("auto hostlist (profile %d) : %s : fail counter %d/%d\n", dp->n , hostname, fail_counter->counter, dp->hostlist_auto_fail_threshold);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : fail counter %d/%d", hostname, dp->n, fail_counter->counter, dp->hostlist_auto_fail_threshold); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : fail counter %d/%d", hostname, dp->n, client_ip_port, l7proto_str(l7proto), fail_counter->counter, dp->hostlist_auto_fail_threshold);
if (fail_counter->counter >= dp->hostlist_auto_fail_threshold) if (fail_counter->counter >= dp->hostlist_auto_fail_threshold)
{ {
VPRINT("auto hostlist (profile %d) : fail threshold reached. adding %s to auto hostlist\n", dp->n , hostname); VPRINT("auto hostlist (profile %d) : fail threshold reached. adding %s to auto hostlist\n", dp->n , hostname);
@ -418,7 +418,7 @@ static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname
if (!HostlistCheck(dp, hostname, &bExcluded) && !bExcluded) if (!HostlistCheck(dp, hostname, &bExcluded) && !bExcluded)
{ {
VPRINT("auto hostlist (profile %d) : adding %s to %s\n", dp->n, hostname, dp->hostlist_auto_filename); VPRINT("auto hostlist (profile %d) : adding %s to %s\n", dp->n, hostname, dp->hostlist_auto_filename);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : adding to %s", hostname, dp->n, dp->hostlist_auto_filename); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : adding to %s", hostname, dp->n, client_ip_port, l7proto_str(l7proto), dp->hostlist_auto_filename);
if (!StrPoolAddStr(&dp->hostlist, hostname)) if (!StrPoolAddStr(&dp->hostlist, hostname))
{ {
DLOG_ERR("StrPoolAddStr out of memory\n"); DLOG_ERR("StrPoolAddStr out of memory\n");
@ -434,16 +434,22 @@ static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname
else else
{ {
VPRINT("auto hostlist (profile %d) : NOT adding %s\n", dp->n, hostname); VPRINT("auto hostlist (profile %d) : NOT adding %s\n", dp->n, hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : NOT adding, duplicate detected", hostname, dp->n); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : NOT adding, duplicate detected", hostname, dp->n, client_ip_port, l7proto_str(l7proto));
} }
} }
} }
void tamper_in(t_ctrack *ctrack, uint8_t *segment,size_t segment_buffer_size,size_t *size) void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment,size_t segment_buffer_size,size_t *size)
{ {
DBGPRINT("tamper_in hostname=%s\n", ctrack->hostname);
bool bFail=false; bool bFail=false;
DBGPRINT("tamper_in hostname=%s\n", ctrack->hostname); char client_ip_port[48];
if (*params.hostlist_auto_debuglog)
ntop46_port((struct sockaddr*)client,client_ip_port,sizeof(client_ip_port));
else
*client_ip_port=0;
if (ctrack->dp && ctrack->b_ah_check) if (ctrack->dp && ctrack->b_ah_check)
{ {
@ -458,7 +464,7 @@ void tamper_in(t_ctrack *ctrack, uint8_t *segment,size_t segment_buffer_size,siz
if (bFail) if (bFail)
{ {
VPRINT("redirect to another domain detected. possibly DPI redirect.\n"); VPRINT("redirect to another domain detected. possibly DPI redirect.\n");
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : redirect to another domain", ctrack->hostname, ctrack->dp->n); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : redirect to another domain", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(ctrack->l7proto));
} }
else else
VPRINT("local or in-domain redirect detected. it's not a DPI redirect.\n"); VPRINT("local or in-domain redirect detected. it's not a DPI redirect.\n");
@ -468,17 +474,23 @@ void tamper_in(t_ctrack *ctrack, uint8_t *segment,size_t segment_buffer_size,siz
// received not http reply. do not monitor this connection anymore // received not http reply. do not monitor this connection anymore
VPRINT("incoming unknown HTTP data detected for hostname %s\n", ctrack->hostname); VPRINT("incoming unknown HTTP data detected for hostname %s\n", ctrack->hostname);
} }
if (bFail) auto_hostlist_failed(ctrack->dp, ctrack->hostname); if (bFail) auto_hostlist_failed(ctrack->dp, ctrack->hostname, client_ip_port, ctrack->l7proto);
} }
if (!bFail) auto_hostlist_reset_fail_counter(ctrack->dp, ctrack->hostname); if (!bFail) auto_hostlist_reset_fail_counter(ctrack->dp, ctrack->hostname, client_ip_port, ctrack->l7proto);
} }
ctrack->bTamperInCutoff = true; ctrack->bTamperInCutoff = true;
} }
void rst_in(t_ctrack *ctrack) void rst_in(t_ctrack *ctrack, const struct sockaddr *client)
{ {
DBGPRINT("rst_in hostname=%s\n", ctrack->hostname); DBGPRINT("rst_in hostname=%s\n", ctrack->hostname);
char client_ip_port[48];
if (*params.hostlist_auto_debuglog)
ntop46_port((struct sockaddr*)client,client_ip_port,sizeof(client_ip_port));
else
*client_ip_port=0;
if (ctrack->dp && ctrack->b_ah_check) if (ctrack->dp && ctrack->b_ah_check)
{ {
HostFailPoolPurgeRateLimited(&ctrack->dp->hostlist_auto_fail_counters); HostFailPoolPurgeRateLimited(&ctrack->dp->hostlist_auto_fail_counters);
@ -486,15 +498,21 @@ void rst_in(t_ctrack *ctrack)
if (!ctrack->bTamperInCutoff && ctrack->hostname) if (!ctrack->bTamperInCutoff && ctrack->hostname)
{ {
VPRINT("incoming RST detected for hostname %s\n", ctrack->hostname); VPRINT("incoming RST detected for hostname %s\n", ctrack->hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : incoming RST", ctrack->hostname, ctrack->dp->n); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : incoming RST", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(ctrack->l7proto));
auto_hostlist_failed(ctrack->dp, ctrack->hostname); auto_hostlist_failed(ctrack->dp, ctrack->hostname, client_ip_port, ctrack->l7proto);
} }
} }
} }
void hup_out(t_ctrack *ctrack) void hup_out(t_ctrack *ctrack, const struct sockaddr *client)
{ {
DBGPRINT("hup_out hostname=%s\n", ctrack->hostname); DBGPRINT("hup_out hostname=%s\n", ctrack->hostname);
char client_ip_port[48];
if (*params.hostlist_auto_debuglog)
ntop46_port((struct sockaddr*)client,client_ip_port,sizeof(client_ip_port));
else
*client_ip_port=0;
if (ctrack->dp && ctrack->b_ah_check) if (ctrack->dp && ctrack->b_ah_check)
{ {
HostFailPoolPurgeRateLimited(&ctrack->dp->hostlist_auto_fail_counters); HostFailPoolPurgeRateLimited(&ctrack->dp->hostlist_auto_fail_counters);
@ -503,8 +521,8 @@ void hup_out(t_ctrack *ctrack)
{ {
// local leg dropped connection after first request. probably due to timeout. // local leg dropped connection after first request. probably due to timeout.
VPRINT("local leg closed connection after first request (timeout ?). hostname: %s\n", ctrack->hostname); VPRINT("local leg closed connection after first request (timeout ?). hostname: %s\n", ctrack->hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client closed connection without server reply", ctrack->hostname, ctrack->dp->n); HOSTLIST_DEBUGLOG_APPEND("%s : profile %d : client %s : proto %s : client closed connection without server reply", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(ctrack->l7proto));
auto_hostlist_failed(ctrack->dp, ctrack->hostname); auto_hostlist_failed(ctrack->dp, ctrack->hostname, client_ip_port, ctrack->l7proto);
} }
} }
} }

11
tpws/tamper.h
View File

@ -10,12 +10,15 @@
#define SPLIT_FLAG_OOB 0x02 #define SPLIT_FLAG_OOB 0x02
typedef enum {UNKNOWN=0, HTTP, TLS} t_l7proto; typedef enum {UNKNOWN=0, HTTP, TLS} t_l7proto;
#define L7_PROTO_HTTP 1
#define L7_PROTO_TLS 2
#define L7_PROTO_UNKNOWN 0x80000000
const char *l7proto_str(t_l7proto l7); const char *l7proto_str(t_l7proto l7);
typedef struct typedef struct
{ {
// common state // common state
t_l7proto l7proto; t_l7proto l7proto;
bool bFirstReplyChecked;
bool bTamperInCutoff; bool bTamperInCutoff;
bool b_ah_check; bool b_ah_check;
bool b_not_act; bool b_not_act;
@ -26,8 +29,8 @@ typedef struct
void apply_desync_profile(t_ctrack *ctrack, const struct sockaddr *dest); void apply_desync_profile(t_ctrack *ctrack, const struct sockaddr *dest);
void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,size_t segment_buffer_size,size_t *size, size_t *split_pos, uint8_t *split_flags); void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,size_t segment_buffer_size,size_t *size, size_t *split_pos, uint8_t *split_flags);
void tamper_in(t_ctrack *ctrack, uint8_t *segment,size_t segment_buffer_size,size_t *size); void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment,size_t segment_buffer_size,size_t *size);
// connection reset by remote leg // connection reset by remote leg
void rst_in(t_ctrack *ctrack); void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
// local leg closed connection (timeout waiting response ?) // local leg closed connection (timeout waiting response ?)
void hup_out(t_ctrack *ctrack); void hup_out(t_ctrack *ctrack, const struct sockaddr *client);

53
tpws/tpws_conn.c
View File

@ -569,7 +569,6 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
{ {
struct sockaddr_storage orig_dst; struct sockaddr_storage orig_dst;
tproxy_conn_t *conn; tproxy_conn_t *conn;
int remote_fd=0;
if (proxy_type==CONN_TYPE_TRANSPARENT) if (proxy_type==CONN_TYPE_TRANSPARENT)
{ {
@ -597,19 +596,8 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
return 0; return 0;
} }
if (proxy_type==CONN_TYPE_TRANSPARENT)
{
if ((remote_fd = connect_remote((struct sockaddr *)&orig_dst, 0)) < 0)
{
DLOG_ERR("Failed to connect\n");
close(local_fd);
return NULL;
}
}
if(!(conn = new_conn(local_fd, false))) if(!(conn = new_conn(local_fd, false)))
{ {
if (remote_fd) close(remote_fd);
close(local_fd); close(local_fd);
return NULL; return NULL;
} }
@ -617,18 +605,33 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
conn->state = CONN_AVAILABLE; // accepted connection is immediately available conn->state = CONN_AVAILABLE; // accepted connection is immediately available
conn->efd = efd; conn->efd = efd;
socklen_t salen=sizeof(conn->client);
getpeername(conn->fd,(struct sockaddr *)&conn->client,&salen);
if (proxy_type==CONN_TYPE_TRANSPARENT) if (proxy_type==CONN_TYPE_TRANSPARENT)
{ {
sa46copy(&conn->dest, (struct sockaddr *)&orig_dst); sa46copy(&conn->dest, (struct sockaddr *)&orig_dst);
if(!(conn->partner = new_conn(remote_fd, true))) if(!(conn->partner = new_conn(0, true)))
{ {
free_conn(conn); free_conn(conn);
close(remote_fd);
return NULL; return NULL;
} }
conn->partner->partner = conn; conn->partner->partner = conn;
conn->partner->efd = efd; conn->partner->efd = efd;
conn->partner->client = conn->client;
conn->partner->dest = conn->dest;
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
if ((conn->partner->fd = connect_remote((struct sockaddr *)&orig_dst, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
{
DLOG_ERR("Failed to connect\n");
free_conn(conn->partner);
free_conn(conn);
return NULL;
}
//remote_fd is connecting. Non-blocking connects are signaled as done by //remote_fd is connecting. Non-blocking connects are signaled as done by
//socket being marked as ready for writing //socket being marked as ready for writing
@ -663,9 +666,6 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
legs_remote++; legs_remote++;
} }
if (proxy_type==CONN_TYPE_TRANSPARENT)
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
return conn; return conn;
} }
@ -815,6 +815,8 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
} }
conn->partner->partner = conn; conn->partner->partner = conn;
conn->partner->efd = conn->efd; conn->partner->efd = conn->efd;
conn->partner->client = conn->client;
conn->partner->dest = conn->dest;
if (!epoll_set(conn->partner, EPOLLOUT)) if (!epoll_set(conn->partner, EPOLLOUT))
{ {
DLOG_ERR("socks epoll_set error %d\n", errno); DLOG_ERR("socks epoll_set error %d\n", errno);
@ -1074,7 +1076,7 @@ static void tamper(tproxy_conn_t *conn, uint8_t *segment, size_t segment_buffer_
if (conn->remote) if (conn->remote)
{ {
if (conn_partner_alive(conn) && !conn->partner->track.bTamperInCutoff) if (conn_partner_alive(conn) && !conn->partner->track.bTamperInCutoff)
tamper_in(&conn->partner->track,segment,segment_buffer_size,segment_size); tamper_in(&conn->partner->track,(struct sockaddr*)&conn->partner->client,segment,segment_buffer_size,segment_size);
} }
else else
{ {
@ -1524,18 +1526,11 @@ int event_loop(const int *listen_fd, size_t listen_fd_ct)
else else
{ {
print_legs(); print_legs();
if (params.debug>=1) if (params.debug>=1)
{ {
struct sockaddr_storage sa;
socklen_t salen=sizeof(sa);
char ip_port[48]; char ip_port[48];
ntop46_port((struct sockaddr*)&conn->client,ip_port,sizeof(ip_port));
if (getpeername(conn->fd,(struct sockaddr *)&sa,&salen))
*ip_port=0;
else
ntop46_port((struct sockaddr*)&sa,ip_port,sizeof(ip_port));
VPRINT("Socket fd=%d (local) connected from %s\n", conn->fd, ip_port); VPRINT("Socket fd=%d (local) connected from %s\n", conn->fd, ip_port);
} }
set_user_timeout(conn->fd, params.tcp_user_timeout_local); set_user_timeout(conn->fd, params.tcp_user_timeout_local);
@ -1563,7 +1558,7 @@ int event_loop(const int *listen_fd, size_t listen_fd_ct)
read_all_and_buffer(conn,3); read_all_and_buffer(conn,3);
if (errn==ECONNRESET && conn_partner_alive(conn)) if (errn==ECONNRESET && conn_partner_alive(conn))
{ {
if (conn->remote && params.tamper) rst_in(&conn->partner->track); if (conn->remote && params.tamper) rst_in(&conn->partner->track,(struct sockaddr*)&conn->partner->client);
struct linger lin; struct linger lin;
lin.l_onoff=1; lin.l_onoff=1;
@ -1588,7 +1583,7 @@ int event_loop(const int *listen_fd, size_t listen_fd_ct)
{ {
DBGPRINT("EPOLLRDHUP\n"); DBGPRINT("EPOLLRDHUP\n");
read_all_and_buffer(conn,2); read_all_and_buffer(conn,2);
if (!conn->remote && params.tamper) hup_out(&conn->track); if (!conn->remote && params.tamper) hup_out(&conn->track,(struct sockaddr*)&conn->client);
conn->state = CONN_RDHUP; // only writes. do not receive RDHUP anymore conn->state = CONN_RDHUP; // only writes. do not receive RDHUP anymore
if (conn_has_unsent(conn)) if (conn_has_unsent(conn))

2
tpws/tpws_conn.h
View File

@ -54,7 +54,7 @@ struct tproxy_conn
int splice_pipe[2]; int splice_pipe[2];
conn_state_t state; conn_state_t state;
conn_type_t conn_type; conn_type_t conn_type;
sockaddr_in46 src, dest; sockaddr_in46 client, dest; // ip:port of client, ip:port of target
struct tproxy_conn *partner; // other leg struct tproxy_conn *partner; // other leg
time_t orphan_since; time_t orphan_since;