mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 20:20:53 +03:00
Compare commits
No commits in common. "cde3ca15c21e8c44c82d3759b3b44a2283d3ca9c" and "36cd8ca3b2b2c34fc420151bfdab712206816c90" have entirely different histories.
cde3ca15c2
...
36cd8ca3b2
@ -55,7 +55,7 @@ TPPORT_SOCKS=987
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
TPWS_SOCKS_OPT="
|
TPWS_SOCKS_OPT="
|
||||||
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
||||||
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
|
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
|
||||||
"
|
"
|
||||||
|
|
||||||
TPWS_ENABLE=0
|
TPWS_ENABLE=0
|
||||||
@ -65,7 +65,7 @@ TPWS_PORTS=80,443
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
TPWS_OPT="
|
TPWS_OPT="
|
||||||
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
--filter-tcp=80 --methodeol <HOSTLIST> --new
|
||||||
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
|
--filter-tcp=443 --split-pos=midsld --disorder <HOSTLIST>
|
||||||
"
|
"
|
||||||
|
|
||||||
NFQWS_ENABLE=0
|
NFQWS_ENABLE=0
|
||||||
@ -90,7 +90,7 @@ NFQWS_UDP_PKT_IN=0
|
|||||||
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
|
||||||
NFQWS_OPT="
|
NFQWS_OPT="
|
||||||
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
||||||
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badseq,md5sig <HOSTLIST> --new
|
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-fooling=md5sig <HOSTLIST> --new
|
||||||
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
|
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
|
||||||
"
|
"
|
||||||
|
|
||||||
|
@ -367,14 +367,14 @@ void fill_random_az09(uint8_t *p,size_t sz)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool set_env_exedir(const char *argv0)
|
bool cd_to_exe_dir(const char *argv0)
|
||||||
{
|
{
|
||||||
char *s,*d;
|
char *s,*d;
|
||||||
bool bOK=false;
|
bool bOK=false;
|
||||||
if ((s = strdup(argv0)))
|
if ((s = strdup(argv0)))
|
||||||
{
|
{
|
||||||
if ((d = dirname(s)))
|
if ((d = dirname(s)))
|
||||||
setenv("EXEDIR",s,1);
|
bOK = !chdir(d);
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
return bOK;
|
return bOK;
|
||||||
|
@ -75,7 +75,7 @@ void fill_random_bytes(uint8_t *p,size_t sz);
|
|||||||
void fill_random_az(uint8_t *p,size_t sz);
|
void fill_random_az(uint8_t *p,size_t sz);
|
||||||
void fill_random_az09(uint8_t *p,size_t sz);
|
void fill_random_az09(uint8_t *p,size_t sz);
|
||||||
|
|
||||||
bool set_env_exedir(const char *argv0);
|
bool cd_to_exe_dir(const char *argv0);
|
||||||
|
|
||||||
|
|
||||||
struct cidr4
|
struct cidr4
|
||||||
|
@ -1050,7 +1050,7 @@ static void exithelp(void)
|
|||||||
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
|
" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
|
||||||
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
|
" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2\n"
|
||||||
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
|
" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
|
||||||
" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI\n"
|
" --dpi-desync-skip-nosni=0|1\t\t\t; 1(default)=do not act on ClientHello without SNI (ESNI ?)\n"
|
||||||
" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
|
" --dpi-desync-split-pos=N|-N|marker+N|marker-N\t; comma separated list of split positions\n"
|
||||||
"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
|
"\t\t\t\t\t\t; markers: method,host,endhost,sld,endsld,midsld,sniext\n"
|
||||||
"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
|
"\t\t\t\t\t\t; full list is only used by multisplit and multidisorder\n"
|
||||||
@ -1122,8 +1122,6 @@ void config_from_file(const char *filename)
|
|||||||
|
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
set_env_exedir(argv[0]);
|
|
||||||
|
|
||||||
#ifdef __CYGWIN__
|
#ifdef __CYGWIN__
|
||||||
if (service_run(argc, argv))
|
if (service_run(argc, argv))
|
||||||
{
|
{
|
||||||
|
@ -10,7 +10,6 @@
|
|||||||
#include <ifaddrs.h>
|
#include <ifaddrs.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <libgen.h>
|
|
||||||
|
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
@ -350,20 +349,6 @@ bool pf_is_empty(const port_filter *pf)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool set_env_exedir(const char *argv0)
|
|
||||||
{
|
|
||||||
char *s,*d;
|
|
||||||
bool bOK=false;
|
|
||||||
if ((s = strdup(argv0)))
|
|
||||||
{
|
|
||||||
if ((d = dirname(s)))
|
|
||||||
setenv("EXEDIR",s,1);
|
|
||||||
free(s);
|
|
||||||
}
|
|
||||||
return bOK;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
|
static void mask_from_preflen6_make(uint8_t plen, struct in6_addr *a)
|
||||||
{
|
{
|
||||||
if (plen >= 128)
|
if (plen >= 128)
|
||||||
|
@ -73,8 +73,6 @@ bool pf_in_range(uint16_t port, const port_filter *pf);
|
|||||||
bool pf_parse(const char *s, port_filter *pf);
|
bool pf_parse(const char *s, port_filter *pf);
|
||||||
bool pf_is_empty(const port_filter *pf);
|
bool pf_is_empty(const port_filter *pf);
|
||||||
|
|
||||||
bool set_env_exedir(const char *argv0);
|
|
||||||
|
|
||||||
#ifndef IN_LOOPBACK
|
#ifndef IN_LOOPBACK
|
||||||
#define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
|
#define IN_LOOPBACK(a) ((((uint32_t) (a)) & 0xff000000) == 0x7f000000)
|
||||||
#endif
|
#endif
|
||||||
|
@ -8,13 +8,6 @@
|
|||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
|
||||||
#define PKTDATA_MAXDUMP 32
|
|
||||||
|
|
||||||
void packet_debug(const uint8_t *data, size_t sz)
|
|
||||||
{
|
|
||||||
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
|
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
|
||||||
{
|
{
|
||||||
bool bHostlistsEmpty;
|
bool bHostlistsEmpty;
|
||||||
@ -334,7 +327,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
if (l>=2)
|
if (l>=2)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
size_t dlen;
|
|
||||||
// length is checked in IsTLSClientHello and cannot exceed buffer size
|
// length is checked in IsTLSClientHello and cannot exceed buffer size
|
||||||
if ((tpos-5)>=l) tpos=5+1;
|
if ((tpos-5)>=l) tpos=5+1;
|
||||||
VPRINT("making 2 TLS records at pos %zu\n",tpos);
|
VPRINT("making 2 TLS records at pos %zu\n",tpos);
|
||||||
@ -345,11 +337,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
phton16(segment+tpos+3,l-(tpos-5));
|
phton16(segment+tpos+3,l-(tpos-5));
|
||||||
phton16(segment+3,tpos-5);
|
phton16(segment+3,tpos-5);
|
||||||
*size += 5;
|
*size += 5;
|
||||||
VPRINT("-2nd TLS record: ");
|
|
||||||
dlen = tpos<16 ? tpos : 16;
|
|
||||||
packet_debug(segment+tpos-dlen,dlen);
|
|
||||||
VPRINT("+2nd TLS record: ");
|
|
||||||
packet_debug(segment+tpos,*size-tpos);
|
|
||||||
// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
|
// fix split positions after tlsrec. increase split pos by tlsrec header size (5 bytes)
|
||||||
if (multisplit_pos)
|
if (multisplit_pos)
|
||||||
for(i=0;i<*multisplit_count;i++)
|
for(i=0;i<*multisplit_count;i++)
|
||||||
|
@ -28,5 +28,3 @@ void tamper_in(t_ctrack *ctrack, const struct sockaddr *client, uint8_t *segment
|
|||||||
void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
|
void rst_in(t_ctrack *ctrack, const struct sockaddr *client);
|
||||||
// local leg closed connection (timeout waiting response ?)
|
// local leg closed connection (timeout waiting response ?)
|
||||||
void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
|
void hup_out(t_ctrack *ctrack, const struct sockaddr *client);
|
||||||
|
|
||||||
void packet_debug(const uint8_t *data, size_t sz);
|
|
||||||
|
25
tpws/tpws.c
25
tpws/tpws.c
@ -499,16 +499,6 @@ void config_from_file(const char *filename)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef __linux__
|
|
||||||
static bool check_oob_disorder(const struct desync_profile *dp)
|
|
||||||
{
|
|
||||||
return !(
|
|
||||||
dp->oob && (dp->disorder || dp->disorder_http || dp->disorder_tls) ||
|
|
||||||
dp->oob_http && (dp->disorder || dp->disorder_http) ||
|
|
||||||
dp->oob_tls && (dp->disorder || dp->disorder_tls));
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void parse_params(int argc, char *argv[])
|
void parse_params(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
@ -850,13 +840,6 @@ void parse_params(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
dp->disorder = true;
|
dp->disorder = true;
|
||||||
#ifndef __linux__
|
|
||||||
if (!check_oob_disorder(dp))
|
|
||||||
{
|
|
||||||
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
break;
|
break;
|
||||||
case 28: /* oob */
|
case 28: /* oob */
|
||||||
if (optarg)
|
if (optarg)
|
||||||
@ -871,13 +854,6 @@ void parse_params(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
dp->oob = true;
|
dp->oob = true;
|
||||||
#ifndef __linux__
|
|
||||||
if (!check_oob_disorder(dp))
|
|
||||||
{
|
|
||||||
DLOG_ERR("--oob and --disorder work simultaneously only in linux. in this system it's guaranteed to fail.\n");
|
|
||||||
exit_clean(1);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
break;
|
break;
|
||||||
case 29: /* oob-data */
|
case 29: /* oob-data */
|
||||||
{
|
{
|
||||||
@ -1447,7 +1423,6 @@ int main(int argc, char *argv[])
|
|||||||
struct salisten_s list[MAX_BINDS];
|
struct salisten_s list[MAX_BINDS];
|
||||||
char ip_port[48];
|
char ip_port[48];
|
||||||
|
|
||||||
set_env_exedir(argv[0]);
|
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
mask_from_preflen6_prepare();
|
mask_from_preflen6_prepare();
|
||||||
|
|
||||||
|
@ -24,6 +24,8 @@
|
|||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
#include "hostlist.h"
|
#include "hostlist.h"
|
||||||
|
|
||||||
|
#define PKTDATA_MAXDUMP 32
|
||||||
|
|
||||||
// keep separate legs counter. counting every time thousands of legs can consume cpu
|
// keep separate legs counter. counting every time thousands of legs can consume cpu
|
||||||
static int legs_local, legs_remote;
|
static int legs_local, legs_remote;
|
||||||
/*
|
/*
|
||||||
@ -91,6 +93,11 @@ static bool socks_send_rep_errno(uint8_t ver, int fd, int errn)
|
|||||||
return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
|
return ver==5 ? socks5_send_rep_errno(fd,errn) : socks4_send_rep_errno(fd, errn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void packet_debug(const uint8_t *data, size_t sz)
|
||||||
|
{
|
||||||
|
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static bool cork(int fd, int enable)
|
static bool cork(int fd, int enable)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user