Compare commits

...

5 Commits

Author SHA1 Message Date
bol-van
cde3ca15c2 tpws: debug log data before and after 2nd TLS record 2024-11-14 14:03:37 +03:00
bol-van
fa6f6822a1 nfqws: remove old ESNI notice in help 2024-11-14 12:21:45 +03:00
bol-van
ce33a27c57 nfqws,tpws: set EXEDIR env var to use in @config 2024-11-14 10:57:34 +03:00
bol-van
4d47749e7c tpws: disable simultaneous use of oob and disorder in BSD systems 2024-11-14 10:21:08 +03:00
bol-van
42090daf24 update config.default 2024-11-14 09:18:21 +03:00
10 changed files with 66 additions and 14 deletions

View File

@ -55,7 +55,7 @@ TPPORT_SOCKS=987
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT=" TPWS_SOCKS_OPT="
--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST> --filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
" "
TPWS_ENABLE=0 TPWS_ENABLE=0
@ -65,7 +65,7 @@ TPWS_PORTS=80,443
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT=" TPWS_OPT="
--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST> --filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
" "
NFQWS_ENABLE=0 NFQWS_ENABLE=0
@ -90,7 +90,7 @@ NFQWS_UDP_PKT_IN=0
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS_OPT=" NFQWS_OPT="
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new --filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-fooling=md5sig <HOSTLIST> --new --filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badseq,md5sig <HOSTLIST> --new
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO> --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
" "

View File

@ -367,14 +367,14 @@ void fill_random_az09(uint8_t *p,size_t sz)
} }
} }
bool cd_to_exe_dir(const char *argv0) bool set_env_exedir(const char *argv0)
{ {
char *s,*d; char *s,*d;
bool bOK=false; bool bOK=false;
if ((s = strdup(argv0))) if ((s = strdup(argv0)))
{ {
if ((d = dirname(s))) if ((d = dirname(s)))
bOK = !chdir(d); setenv("EXEDIR",s,1);
free(s); free(s);
} }
return bOK; return bOK;

View File

@ -75,7 +75,7 @@ void fill_random_bytes(uint8_t *p,size_t sz);
void fill_random_az(uint8_t *p,size_t sz); void fill_random_az(uint8_t *p,size_t sz);
void fill_random_az09(uint8_t *p,size_t sz); void fill_random_az09(uint8_t *p,size_t sz);
bool cd_to_exe_dir(const char *argv0); bool set_env_exedir(const char *argv0);
struct cidr4 struct cidr4

View File

@ -1050,7 +1050,7 @@ static void exithelp(void)
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n" " --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n" " --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n" " --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI (ESNI ?)\n" " --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI\n"
" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n" " --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n" "\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n" "\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
@ -1122,6 +1122,8 @@ void config_from_file(const char *filename)
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
set_env_exedir(argv[0]);
#ifdef __CYGWIN__ #ifdef __CYGWIN__
if (service_run(argc, argv)) if (service_run(argc, argv))
{ {

View File

@ -10,6 +10,7 @@
#include <ifaddrs.h> #include <ifaddrs.h>
#include <time.h> #include <time.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <libgen.h>
#include "helpers.h" #include "helpers.h"
@ -349,6 +350,20 @@ bool pf_is_empty(const port_filter *pf)
} }
bool set_env_exedir(const char *argv0)
{
char *s,*d;
bool bOK=false;
if ((s = strdup(argv0)))
{
if ((d = dirname(s)))
setenv("EXEDIR",s,1);
free(s);
}
return bOK;
}
static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a) static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
{ {
if (plen >= 128) if (plen >= 128)

View File

@ -73,6 +73,8 @@ bool pf_in_range(uint16_t port, const port_filter *pf);
bool pf_parse(const char *s, port_filter *pf); bool pf_parse(const char *s, port_filter *pf);
bool pf_is_empty(const port_filter *pf); bool pf_is_empty(const port_filter *pf);
bool set_env_exedir(const char *argv0);
#ifndef IN_LOOPBACK #ifndef IN_LOOPBACK
#define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000) #define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
#endif #endif

View File

@ -8,6 +8,13 @@
#include "protocol.h" #include "protocol.h"
#include "helpers.h" #include "helpers.h"
#define PKTDATA_MAXDUMP 32
void packet_debug(const uint8_t *data, size_t sz)
{
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
}
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
{ {
bool bHostlistsEmpty; bool bHostlistsEmpty;
@ -327,6 +334,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
if (l>=2) if (l>=2)
{ {
int i; int i;
size_t dlen;
// length is checked in IsTLSClientHello and cannot exceed buffer size // length is checked in IsTLSClientHello and cannot exceed buffer size
if ((tpos-5)>=l) tpos=5+1; if ((tpos-5)>=l) tpos=5+1;
VPRINT("making 2 TLS records at pos %zu\n",tpos); VPRINT("making 2 TLS records at pos %zu\n",tpos);
@ -337,6 +345,11 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
phton16(segment+tpos+3,l-(tpos-5)); phton16(segment+tpos+3,l-(tpos-5));
phton16(segment+3,tpos-5); phton16(segment+3,tpos-5);
*size += 5; *size += 5;
VPRINT("-2nd TLS record: ");
dlen = tpos<16 ? tpos : 16;
packet_debug(segment+tpos-dlen,dlen);
VPRINT("+2nd TLS record: ");
packet_debug(segment+tpos,*size-tpos);
// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes) // fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
if (multisplit_pos) if (multisplit_pos)
for(i=0;i<*multisplit_count;i++) for(i=0;i<*multisplit_count;i++)

View File

@ -28,3 +28,5 @@ void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment
void rst_in(t_ctrack *ctrack, const struct sockaddr *client); void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
// local leg closed connection (timeout waiting response ?) // local leg closed connection (timeout waiting response ?)
void hup_out(t_ctrack *ctrack, const struct sockaddr *client); void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
void packet_debug(const uint8_t *data, size_t sz);

View File

@ -499,6 +499,16 @@ void config_from_file(const char *filename)
} }
#endif #endif
#ifndef __linux__
static bool check_oob_disorder(const struct desync_profile *dp)
{
return !(
dp->oob && (dp->disorder || dp->disorder_http || dp->disorder_tls) ||
dp->oob_http && (dp->disorder || dp->disorder_http) ||
dp->oob_tls && (dp->disorder || dp->disorder_tls));
}
#endif
void parse_params(int argc, char *argv[]) void parse_params(int argc, char *argv[])
{ {
int option_index = 0; int option_index = 0;
@ -840,6 +850,13 @@ void parse_params(int argc, char *argv[])
} }
else else
dp->disorder = true; dp->disorder = true;
#ifndef __linux__
if (!check_oob_disorder(dp))
{
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
exit_clean(1);
}
#endif
break; break;
case 28: /* oob */ case 28: /* oob */
if (optarg) if (optarg)
@ -854,6 +871,13 @@ void parse_params(int argc, char *argv[])
} }
else else
dp->oob = true; dp->oob = true;
#ifndef __linux__
if (!check_oob_disorder(dp))
{
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
exit_clean(1);
}
#endif
break; break;
case 29: /* oob-data */ case 29: /* oob-data */
{ {
@ -1423,6 +1447,7 @@ int main(int argc, char *argv[])
struct salisten_s list[MAX_BINDS]; struct salisten_s list[MAX_BINDS];
char ip_port[48]; char ip_port[48];
set_env_exedir(argv[0]);
srand(time(NULL)); srand(time(NULL));
mask_from_preflen6_prepare(); mask_from_preflen6_prepare();

View File

@ -24,8 +24,6 @@
#include "helpers.h" #include "helpers.h"
#include "hostlist.h" #include "hostlist.h"
#define PKTDATA_MAXDUMP 32
// keep separate legs counter. counting every time thousands of legs can consume cpu // keep separate legs counter. counting every time thousands of legs can consume cpu
static int legs_local, legs_remote; static int legs_local, legs_remote;
/* /*
@ -93,11 +91,6 @@ static bool socks_send_rep_errno(uint8_t ver, int fd, int errn)
return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn); return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
} }
static void packet_debug(const uint8_t *data, size_t sz)
{
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
}
static bool cork(int fd, int enable) static bool cork(int fd, int enable)
{ {