tpws: debug log data before and after 2nd TLS record

config.default

@@ -55,7 +55,7 @@ TPPORT_SOCKS=987
 # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
 TPWS_SOCKS_OPT="
 --filter-tcp=80 --methodeol <HOSTLIST> --new
---filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
+--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
 "
 
 TPWS_ENABLE=0
@@ -65,7 +65,7 @@ TPWS_PORTS=80,443
 # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
 TPWS_OPT="
 --filter-tcp=80 --methodeol <HOSTLIST> --new
---filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
+--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
 "
 
 NFQWS_ENABLE=0
@@ -90,7 +90,7 @@ NFQWS_UDP_PKT_IN=0
 # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
 NFQWS_OPT="
 --filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
---filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-fooling=md5sig <HOSTLIST> --new
+--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badseq,md5sig <HOSTLIST> --new
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
 "
 

nfq/helpers.c

@@ -367,14 +367,14 @@ void fill_random_az09(uint8_t *p,size_t sz)
 	}
 }
 
-bool cd_to_exe_dir(const char *argv0)
+bool set_env_exedir(const char *argv0)
 {
 	char *s,*d;
 	bool bOK=false;
 	if ((s = strdup(argv0)))
 	{
 		if ((d = dirname(s)))
-			bOK = !chdir(d);
+			setenv("EXEDIR",s,1);
 		free(s);
 	}
 	return bOK;

nfq/helpers.h

@@ -75,7 +75,7 @@ void fill_random_bytes(uint8_t *p,size_t sz);
 void fill_random_az(uint8_t *p,size_t sz);
 void fill_random_az09(uint8_t *p,size_t sz);
 
-bool cd_to_exe_dir(const char *argv0);
+bool set_env_exedir(const char *argv0);
 
 
 struct cidr4

nfq/nfqws.c

@@ -1050,7 +1050,7 @@ static void exithelp(void)
 		" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
 		" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
 		" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
-		" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI (ESNI ?)\n"
+		" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI\n"
 		" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
 		"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
 		"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
@@ -1122,6 +1122,8 @@ void config_from_file(const char *filename)
 
 int main(int argc, char **argv)
 {
+	set_env_exedir(argv[0]);
+
 #ifdef __CYGWIN__
 	if (service_run(argc, argv))
 	{

tpws/helpers.c

@@ -10,6 +10,7 @@
 #include <ifaddrs.h>
 #include <time.h>
 #include <sys/stat.h>
+#include <libgen.h>
 
 #include "helpers.h"
 
@@ -349,6 +350,20 @@ bool pf_is_empty(const port_filter *pf)
 }
 
 
+bool set_env_exedir(const char *argv0)
+{
+	char *s,*d;
+	bool bOK=false;
+	if ((s = strdup(argv0)))
+	{
+		if ((d = dirname(s)))
+			setenv("EXEDIR",s,1);
+		free(s);
+	}
+	return bOK;
+}
+
+
 static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
 {
 	if (plen >= 128)

tpws/helpers.h

@@ -73,6 +73,8 @@ bool pf_in_range(uint16_t port, const port_filter *pf);
 bool pf_parse(const char *s, port_filter *pf);
 bool pf_is_empty(const port_filter *pf);
 
+bool set_env_exedir(const char *argv0);
+
 #ifndef IN_LOOPBACK
 #define IN_LOOPBACK(a)          ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
 #endif

tpws/tamper.c

@@ -8,6 +8,13 @@
 #include "protocol.h"
 #include "helpers.h"
 
+#define PKTDATA_MAXDUMP 32
+
+void packet_debug(const uint8_t *data, size_t sz)
+{
+	hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
+}
+
 static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
 {
 	bool bHostlistsEmpty;
@@ -327,6 +334,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
 					if (l>=2)
 					{
 						int i;
+						size_t dlen;
 						// length is checked in IsTLSClientHello and cannot exceed buffer size
 						if ((tpos-5)>=l) tpos=5+1;
 						VPRINT("making 2 TLS records at pos %zu\n",tpos);
@@ -337,6 +345,11 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
 						phton16(segment+tpos+3,l-(tpos-5));
 						phton16(segment+3,tpos-5);
 						*size += 5;
+						VPRINT("-2nd TLS record: ");
+						dlen = tpos<16 ? tpos : 16;
+						packet_debug(segment+tpos-dlen,dlen);
+						VPRINT("+2nd TLS record: ");
+						packet_debug(segment+tpos,*size-tpos);
 						// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
 						if (multisplit_pos)
 							for(i=0;i<*multisplit_count;i++)

tpws/tamper.h

@@ -28,3 +28,5 @@ void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment
 void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
 // local leg closed connection (timeout waiting response ?)
 void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
+
+void packet_debug(const uint8_t *data, size_t sz);

tpws/tpws.c

@@ -499,6 +499,16 @@ void config_from_file(const char *filename)
 }
 #endif
 
+#ifndef __linux__
+static bool check_oob_disorder(const struct desync_profile *dp)
+{
+	return !(
+		dp->oob && (dp->disorder || dp->disorder_http || dp->disorder_tls) ||
+		dp->oob_http && (dp->disorder || dp->disorder_http) ||
+		dp->oob_tls && (dp->disorder || dp->disorder_tls));
+}
+#endif
+
 void parse_params(int argc, char *argv[])
 {
 	int option_index = 0;
@@ -840,6 +850,13 @@ void parse_params(int argc, char *argv[])
 			}
 			else
 				dp->disorder = true;
+#ifndef __linux__
+			if (!check_oob_disorder(dp))
+			{
+				DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
+				exit_clean(1);
+			}
+#endif
 			break;
 		case 28: /* oob */
 			if (optarg)
@@ -854,6 +871,13 @@ void parse_params(int argc, char *argv[])
 			}
 			else
 				dp->oob = true;
+#ifndef __linux__
+			if (!check_oob_disorder(dp))
+			{
+				DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
+				exit_clean(1);
+			}
+#endif
 			break;
 		case 29: /* oob-data */
 			{
@@ -1423,6 +1447,7 @@ int main(int argc, char *argv[])
 	struct salisten_s list[MAX_BINDS];
 	char ip_port[48];
 
+	set_env_exedir(argv[0]);
 	srand(time(NULL));
 	mask_from_preflen6_prepare();
 

tpws/tpws_conn.c

@@ -24,8 +24,6 @@
 #include "helpers.h"
 #include "hostlist.h"
 
-#define PKTDATA_MAXDUMP 32
-
 // keep separate legs counter. counting every time thousands of legs can consume cpu
 static int legs_local, legs_remote;
 /*
@@ -93,11 +91,6 @@ static bool socks_send_rep_errno(uint8_t ver, int fd, int errn)
 	return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
 }
 
-static void packet_debug(const uint8_t *data, size_t sz)
-{
-	hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
-}
-
 
 static bool cork(int fd, int enable)
 {