drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-20 22:12:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: drygdryg:b996abd5ce22942b09be6b6445c4c9f3dd49d6b3
Branches Tags
drygdryg:master
drygdryg:v70.6
drygdryg:v70.5
drygdryg:v70.4
drygdryg:v70.3
drygdryg:v70
drygdryg:v69.9
drygdryg:v69.8
drygdryg:v69.7
drygdryg:v69.6
drygdryg:v69.5
drygdryg:v69.4
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64
..
compare: drygdryg:41dbba1c4c7328fcb7b3fcf8c6c7f900dd2cde62
Branches Tags
drygdryg:master
drygdryg:v70.6
drygdryg:v70.5
drygdryg:v70.4
drygdryg:v70.3
drygdryg:v70
drygdryg:v69.9
drygdryg:v69.8
drygdryg:v69.7
drygdryg:v69.6
drygdryg:v69.5
drygdryg:v69.4
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64

No commits in common. "b996abd5ce22942b09be6b6445c4c9f3dd49d6b3" and "41dbba1c4c7328fcb7b3fcf8c6c7f900dd2cde62" have entirely different histories.
b996abd5ce ... 41dbba1c4c

2 changed files with 16 additions and 49 deletions
Show Stats Expand all files Collapse all files

33
nfq/desync.c
View File

@ -83,19 +83,16 @@ const uint8_t fake_tls_clienthello_default[680] = {
#define TCP_MAX_REASM 16384 #define TCP_MAX_REASM 16384
#define UDP_MAX_REASM 16384 #define UDP_MAX_REASM 16384
static void TLSDebugHandshake(const uint8_t *tls,size_t sz) void TLSDebug(const uint8_t *tls,size_t sz)
{ {
if (!params.debug) return; if (sz<11) return;
if (sz<6) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2;
DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext; const uint8_t *ext;
size_t len,len2; size_t len,len2;
if (TLSFindExt(tls,sz,43,&ext,&len,false))
uint16_t v_handshake=pntoh16(tls+4), v, v2;
DLOG("TLS handshake version : %s\n",TLSVersionStr(v_handshake));
if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false))
{ {
if (len) if (len)
{ {
@ -113,7 +110,7 @@ static void TLSDebugHandshake(const uint8_t *tls,size_t sz)
else else
DLOG("TLS supported versions ext : not present\n"); DLOG("TLS supported versions ext : not present\n");
if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) if (TLSFindExt(tls,sz,16,&ext,&len,false))
{ {
if (len>=2) if (len>=2)
{ {
@ -142,21 +139,9 @@ static void TLSDebugHandshake(const uint8_t *tls,size_t sz)
else else
DLOG("TLS ALPN ext : not present\n"); DLOG("TLS ALPN ext : not present\n");
DLOG("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); DLOG("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present");
} }
static void TLSDebug(const uint8_t *tls,size_t sz)
{
if (!params.debug) return;
if (sz<11) return;
DLOG("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1)));
size_t reclen=TLSRecordLen(tls);
if (reclen<sz) sz=reclen; // correct len if it has more data than the first tls record has
TLSDebugHandshake(tls+5,sz-5);
}
bool desync_valid_zero_stage(enum dpi_desync_mode mode) bool desync_valid_zero_stage(enum dpi_desync_mode mode)
{ {
@ -1041,7 +1026,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
DLOG(bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n"); DLOG(bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n");
l7proto = TLS; l7proto = TLS;
if (bReqFull) TLSDebug(rdata_payload,rlen_payload); if (bReqFull && params.debug) TLSDebug(rdata_payload,rlen_payload);
bHaveHost=TLSHelloExtractHost(rdata_payload,rlen_payload,host,sizeof(host),TLS_PARTIALS_ENABLE); bHaveHost=TLSHelloExtractHost(rdata_payload,rlen_payload,host,sizeof(host),TLS_PARTIALS_ENABLE);
@ -2066,8 +2051,6 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
DLOG(bIsHello ? bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n" : "packet does not contain TLS ClientHello\n"); DLOG(bIsHello ? bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n" : "packet does not contain TLS ClientHello\n");
if (bReqFull) TLSDebugHandshake(defrag+hello_offset,hello_len);
if (ctrack) if (ctrack)
{ {
if (bIsHello && !bReqFull && ReasmIsEmpty(&ctrack->reasm_orig)) if (bIsHello && !bReqFull && ReasmIsEmpty(&ctrack->reasm_orig))

32
tpws/tamper.c
View File

@ -15,19 +15,16 @@ void packet_debug(const uint8_t *data, size_t sz)
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n"); hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
} }
static void TLSDebugHandshake(const uint8_t *tls,size_t sz) void TLSDebug(const uint8_t *tls,size_t sz)
{ {
if (!params.debug) return; if (sz<11) return;
if (sz<6) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2;
VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext; const uint8_t *ext;
size_t len,len2; size_t len,len2;
if (TLSFindExt(tls,sz,43,&ext,&len,false))
uint16_t v_handshake=pntoh16(tls+4), v, v2;
VPRINT("TLS handshake version : %s\n",TLSVersionStr(v_handshake));
if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false))
{ {
if (len) if (len)
{ {
@ -45,7 +42,7 @@ static void TLSDebugHandshake(const uint8_t *tls,size_t sz)
else else
VPRINT("TLS supported versions ext : not present\n"); VPRINT("TLS supported versions ext : not present\n");
if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) if (TLSFindExt(tls,sz,16,&ext,&len,false))
{ {
if (len>=2) if (len>=2)
{ {
@ -74,20 +71,7 @@ static void TLSDebugHandshake(const uint8_t *tls,size_t sz)
else else
VPRINT("TLS ALPN ext : not present\n"); VPRINT("TLS ALPN ext : not present\n");
VPRINT("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); VPRINT("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present");
}
static void TLSDebug(const uint8_t *tls,size_t sz)
{
if (!params.debug) return;
if (sz<11) return;
VPRINT("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1)));
size_t reclen=TLSRecordLen(tls);
if (reclen<sz) sz=reclen; // correct len if it has more data than the first tls record has
TLSDebugHandshake(tls+5,sz-5);
} }
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
@ -205,7 +189,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
{ {
VPRINT("Data block contains TLS ClientHello\n"); VPRINT("Data block contains TLS ClientHello\n");
l7proto=TLS; l7proto=TLS;
TLSDebug(segment,*size); if (params.debug) TLSDebug(segment,*size);
bHaveHost=TLSHelloExtractHost((uint8_t*)segment,*size,Host,sizeof(Host),false); bHaveHost=TLSHelloExtractHost((uint8_t*)segment,*size,Host,sizeof(Host),false);
} }
else else