mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-29 21:40:52 +03:00
Compare commits
5 Commits
36cd8ca3b2
...
cde3ca15c2
Author | SHA1 | Date | |
---|---|---|---|
|
cde3ca15c2 | ||
|
fa6f6822a1 | ||
|
ce33a27c57 | ||
|
4d47749e7c | ||
|
42090daf24 |
@ -55,7 +55,7 @@ TPPORT_SOCKS=987
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
TPWS_SOCKS_OPT="
|
TPWS_SOCKS_OPT="
|
||||||
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
||||||
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
|
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
|
||||||
"
|
"
|
||||||
|
|
||||||
TPWS_ENABLE=0
|
TPWS_ENABLE=0
|
||||||
@ -65,7 +65,7 @@ TPWS_PORTS=80,443
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
TPWS_OPT="
|
TPWS_OPT="
|
||||||
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
||||||
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
|
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
|
||||||
"
|
"
|
||||||
|
|
||||||
NFQWS_ENABLE=0
|
NFQWS_ENABLE=0
|
||||||
@ -90,7 +90,7 @@ NFQWS_UDP_PKT_IN=0
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
NFQWS_OPT="
|
NFQWS_OPT="
|
||||||
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
||||||
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badseq,md5sig <HOSTLIST> --new
|
||||||
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
|
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
|
||||||
"
|
"
|
||||||
|
|
||||||
|
@ -367,14 +367,14 @@ void fill_random_az09(uint8_t *p,size_t sz)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool cd_to_exe_dir(const char *argv0)
|
bool set_env_exedir(const char *argv0)
|
||||||
{
|
{
|
||||||
char *s,*d;
|
char *s,*d;
|
||||||
bool bOK=false;
|
bool bOK=false;
|
||||||
if ((s = strdup(argv0)))
|
if ((s = strdup(argv0)))
|
||||||
{
|
{
|
||||||
if ((d = dirname(s)))
|
if ((d = dirname(s)))
|
||||||
bOK = !chdir(d);
|
setenv("EXEDIR",s,1);
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
return bOK;
|
return bOK;
|
||||||
|
@ -75,7 +75,7 @@ void fill_random_bytes(uint8_t *p,size_t sz);
|
|||||||
void fill_random_az(uint8_t *p,size_t sz);
|
void fill_random_az(uint8_t *p,size_t sz);
|
||||||
void fill_random_az09(uint8_t *p,size_t sz);
|
void fill_random_az09(uint8_t *p,size_t sz);
|
||||||
|
|
||||||
bool cd_to_exe_dir(const char *argv0);
|
bool set_env_exedir(const char *argv0);
|
||||||
|
|
||||||
|
|
||||||
struct cidr4
|
struct cidr4
|
||||||
|
@ -1050,7 +1050,7 @@ static void exithelp(void)
|
|||||||
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
|
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
|
||||||
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
|
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
|
||||||
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
|
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
|
||||||
" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI (ESNI ?)\n"
|
" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI\n"
|
||||||
" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
|
" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
|
||||||
"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
|
"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
|
||||||
"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
|
"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
|
||||||
@ -1122,6 +1122,8 @@ void config_from_file(const char *filename)
|
|||||||
|
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
set_env_exedir(argv[0]);
|
||||||
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
if (service_run(argc, argv))
|
if (service_run(argc, argv))
|
||||||
{
|
{
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
#include <ifaddrs.h>
|
#include <ifaddrs.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <libgen.h>
|
||||||
|
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
@ -349,6 +350,20 @@ bool pf_is_empty(const port_filter *pf)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool set_env_exedir(const char *argv0)
|
||||||
|
{
|
||||||
|
char *s,*d;
|
||||||
|
bool bOK=false;
|
||||||
|
if ((s = strdup(argv0)))
|
||||||
|
{
|
||||||
|
if ((d = dirname(s)))
|
||||||
|
setenv("EXEDIR",s,1);
|
||||||
|
free(s);
|
||||||
|
}
|
||||||
|
return bOK;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
|
static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
|
||||||
{
|
{
|
||||||
if (plen >= 128)
|
if (plen >= 128)
|
||||||
|
@ -73,6 +73,8 @@ bool pf_in_range(uint16_t port, const port_filter *pf);
|
|||||||
bool pf_parse(const char *s, port_filter *pf);
|
bool pf_parse(const char *s, port_filter *pf);
|
||||||
bool pf_is_empty(const port_filter *pf);
|
bool pf_is_empty(const port_filter *pf);
|
||||||
|
|
||||||
|
bool set_env_exedir(const char *argv0);
|
||||||
|
|
||||||
#ifndef IN_LOOPBACK
|
#ifndef IN_LOOPBACK
|
||||||
#define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
|
#define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
|
||||||
#endif
|
#endif
|
||||||
|
@ -8,6 +8,13 @@
|
|||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
|
#define PKTDATA_MAXDUMP 32
|
||||||
|
|
||||||
|
void packet_debug(const uint8_t *data, size_t sz)
|
||||||
|
{
|
||||||
|
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
|
||||||
|
}
|
||||||
|
|
||||||
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
|
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
|
||||||
{
|
{
|
||||||
bool bHostlistsEmpty;
|
bool bHostlistsEmpty;
|
||||||
@ -327,6 +334,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
if (l>=2)
|
if (l>=2)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
size_t dlen;
|
||||||
// length is checked in IsTLSClientHello and cannot exceed buffer size
|
// length is checked in IsTLSClientHello and cannot exceed buffer size
|
||||||
if ((tpos-5)>=l) tpos=5+1;
|
if ((tpos-5)>=l) tpos=5+1;
|
||||||
VPRINT("making 2 TLS records at pos %zu\n",tpos);
|
VPRINT("making 2 TLS records at pos %zu\n",tpos);
|
||||||
@ -337,6 +345,11 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
phton16(segment+tpos+3,l-(tpos-5));
|
phton16(segment+tpos+3,l-(tpos-5));
|
||||||
phton16(segment+3,tpos-5);
|
phton16(segment+3,tpos-5);
|
||||||
*size += 5;
|
*size += 5;
|
||||||
|
VPRINT("-2nd TLS record: ");
|
||||||
|
dlen = tpos<16 ? tpos : 16;
|
||||||
|
packet_debug(segment+tpos-dlen,dlen);
|
||||||
|
VPRINT("+2nd TLS record: ");
|
||||||
|
packet_debug(segment+tpos,*size-tpos);
|
||||||
// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
|
// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
|
||||||
if (multisplit_pos)
|
if (multisplit_pos)
|
||||||
for(i=0;i<*multisplit_count;i++)
|
for(i=0;i<*multisplit_count;i++)
|
||||||
|
@ -28,3 +28,5 @@ void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment
|
|||||||
void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
|
void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
|
||||||
// local leg closed connection (timeout waiting response ?)
|
// local leg closed connection (timeout waiting response ?)
|
||||||
void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
|
void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
|
||||||
|
|
||||||
|
void packet_debug(const uint8_t *data, size_t sz);
|
||||||
|
25
tpws/tpws.c
25
tpws/tpws.c
@ -499,6 +499,16 @@ void config_from_file(const char *filename)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef __linux__
|
||||||
|
static bool check_oob_disorder(const struct desync_profile *dp)
|
||||||
|
{
|
||||||
|
return !(
|
||||||
|
dp->oob && (dp->disorder || dp->disorder_http || dp->disorder_tls) ||
|
||||||
|
dp->oob_http && (dp->disorder || dp->disorder_http) ||
|
||||||
|
dp->oob_tls && (dp->disorder || dp->disorder_tls));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void parse_params(int argc, char *argv[])
|
void parse_params(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
@ -840,6 +850,13 @@ void parse_params(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
dp->disorder = true;
|
dp->disorder = true;
|
||||||
|
#ifndef __linux__
|
||||||
|
if (!check_oob_disorder(dp))
|
||||||
|
{
|
||||||
|
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case 28: /* oob */
|
case 28: /* oob */
|
||||||
if (optarg)
|
if (optarg)
|
||||||
@ -854,6 +871,13 @@ void parse_params(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
dp->oob = true;
|
dp->oob = true;
|
||||||
|
#ifndef __linux__
|
||||||
|
if (!check_oob_disorder(dp))
|
||||||
|
{
|
||||||
|
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case 29: /* oob-data */
|
case 29: /* oob-data */
|
||||||
{
|
{
|
||||||
@ -1423,6 +1447,7 @@ int main(int argc, char *argv[])
|
|||||||
struct salisten_s list[MAX_BINDS];
|
struct salisten_s list[MAX_BINDS];
|
||||||
char ip_port[48];
|
char ip_port[48];
|
||||||
|
|
||||||
|
set_env_exedir(argv[0]);
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
mask_from_preflen6_prepare();
|
mask_from_preflen6_prepare();
|
||||||
|
|
||||||
|
@ -24,8 +24,6 @@
|
|||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
#include "hostlist.h"
|
#include "hostlist.h"
|
||||||
|
|
||||||
#define PKTDATA_MAXDUMP 32
|
|
||||||
|
|
||||||
// keep separate legs counter. counting every time thousands of legs can consume cpu
|
// keep separate legs counter. counting every time thousands of legs can consume cpu
|
||||||
static int legs_local, legs_remote;
|
static int legs_local, legs_remote;
|
||||||
/*
|
/*
|
||||||
@ -93,11 +91,6 @@ static bool socks_send_rep_errno(uint8_t ver, int fd, int errn)
|
|||||||
return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
|
return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void packet_debug(const uint8_t *data, size_t sz)
|
|
||||||
{
|
|
||||||
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static bool cork(int fd, int enable)
|
static bool cork(int fd, int enable)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user