mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-30 05:50:53 +03:00
Compare commits
2 Commits
da15c82273
...
9574539292
Author | SHA1 | Date | |
---|---|---|---|
|
9574539292 | ||
|
6fca1223b3 |
28
nfq/desync.c
28
nfq/desync.c
@ -483,7 +483,9 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
|
|
||||||
struct sockaddr_storage src, dst;
|
struct sockaddr_storage src, dst;
|
||||||
uint8_t pkt1[DPI_DESYNC_MAX_FAKE_LEN+100], pkt2[DPI_DESYNC_MAX_FAKE_LEN+100];
|
uint8_t pkt1[DPI_DESYNC_MAX_FAKE_LEN+100], pkt2[DPI_DESYNC_MAX_FAKE_LEN+100];
|
||||||
size_t pkt1_len, pkt2_len;
|
size_t pkt1_len = sizeof(pkt1), pkt2_len;
|
||||||
|
memset (pkt1, 0, pkt1_len);
|
||||||
|
|
||||||
uint8_t ttl_orig,ttl_fake = 0, flags_orig = 0,scale_factor = 0;
|
uint8_t ttl_orig,ttl_fake = 0, flags_orig = 0,scale_factor = 0;
|
||||||
uint32_t *timestamps = NULL;
|
uint32_t *timestamps = NULL;
|
||||||
|
|
||||||
@ -617,7 +619,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
switch (params.desync_mode0)
|
switch (params.desync_mode0)
|
||||||
{
|
{
|
||||||
case DESYNC_SYNACK:
|
case DESYNC_SYNACK:
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, TH_SYN|TH_ACK, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, TH_SYN|TH_ACK, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
||||||
ttl_fake,params.desync_fooling_mode,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
ttl_fake,params.desync_fooling_mode,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
||||||
NULL, 0, pkt1, &pkt1_len))
|
NULL, 0, pkt1, &pkt1_len))
|
||||||
@ -640,7 +641,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
DLOG("received SYN with data payload. syndata desync is not applied.\n");
|
DLOG("received SYN with data payload. syndata desync is not applied.\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
||||||
ttl_orig,0,0,0, params.fake_syndata,params.fake_syndata_size, pkt1,&pkt1_len))
|
ttl_orig,0,0,0, params.fake_syndata,params.fake_syndata_size, pkt1,&pkt1_len))
|
||||||
{
|
{
|
||||||
@ -897,7 +897,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
uint32_t fooling_orig = FOOL_NONE;
|
uint32_t fooling_orig = FOOL_NONE;
|
||||||
bool b;
|
bool b;
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
b = false;
|
b = false;
|
||||||
switch(desync_mode)
|
switch(desync_mode)
|
||||||
{
|
{
|
||||||
@ -976,7 +975,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
desync_mode = params.desync_mode2;
|
desync_mode = params.desync_mode2;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
switch(desync_mode)
|
switch(desync_mode)
|
||||||
{
|
{
|
||||||
case DESYNC_DISORDER:
|
case DESYNC_DISORDER:
|
||||||
@ -1036,7 +1034,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
return verdict;
|
return verdict;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
||||||
ttl_orig,fooling_orig,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
ttl_orig,fooling_orig,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
||||||
data_payload, split_pos, pkt1, &pkt1_len))
|
data_payload, split_pos, pkt1, &pkt1_len))
|
||||||
@ -1113,7 +1110,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
}
|
}
|
||||||
if (split_pos<len_payload)
|
if (split_pos<len_payload)
|
||||||
{
|
{
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, net32_add(tcphdr->th_seq,split_pos), tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, net32_add(tcphdr->th_seq,split_pos), tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
|
||||||
ttl_orig,fooling_orig,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
ttl_orig,fooling_orig,params.desync_badseq_increment,params.desync_badseq_ack_increment,
|
||||||
data_payload+split_pos, len_payload-split_pos, pkt1, &pkt1_len))
|
data_payload+split_pos, len_payload-split_pos, pkt1, &pkt1_len))
|
||||||
@ -1138,7 +1134,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
size_t ipfrag_pos = (params.desync_ipfrag_pos_tcp && params.desync_ipfrag_pos_tcp<transport_len) ? params.desync_ipfrag_pos_tcp : 24;
|
size_t ipfrag_pos = (params.desync_ipfrag_pos_tcp && params.desync_ipfrag_pos_tcp<transport_len) ? params.desync_ipfrag_pos_tcp : 24;
|
||||||
uint32_t ident = ip ? ip->ip_id ? ip->ip_id : htons(1+random()%0xFFFF) : htonl(1+random()%0xFFFFFFFF);
|
uint32_t ident = ip ? ip->ip_id ? ip->ip_id : htons(1+random()%0xFFFF) : htonl(1+random()%0xFFFFFFFF);
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
pkt2_len = sizeof(pkt2);
|
pkt2_len = sizeof(pkt2);
|
||||||
|
|
||||||
if (ip6hdr && (fooling_orig==FOOL_HOPBYHOP || fooling_orig==FOOL_DESTOPT))
|
if (ip6hdr && (fooling_orig==FOOL_HOPBYHOP || fooling_orig==FOOL_DESTOPT))
|
||||||
@ -1206,7 +1201,9 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
|
|
||||||
struct sockaddr_storage src, dst;
|
struct sockaddr_storage src, dst;
|
||||||
uint8_t pkt1[DPI_DESYNC_MAX_FAKE_LEN+100], pkt2[DPI_DESYNC_MAX_FAKE_LEN+100];
|
uint8_t pkt1[DPI_DESYNC_MAX_FAKE_LEN+100], pkt2[DPI_DESYNC_MAX_FAKE_LEN+100];
|
||||||
size_t pkt1_len, pkt2_len;
|
size_t pkt1_len = sizeof(pkt1), pkt2_len;
|
||||||
|
memset (pkt1, 0, pkt1_len);
|
||||||
|
|
||||||
uint8_t ttl_orig,ttl_fake;
|
uint8_t ttl_orig,ttl_fake;
|
||||||
|
|
||||||
if (replay)
|
if (replay)
|
||||||
@ -1239,9 +1236,14 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
if (!replay && !process_desync_interval(ctrack)) return verdict;
|
if (!replay && !process_desync_interval(ctrack)) return verdict;
|
||||||
|
|
||||||
uint32_t desync_fwmark = fwmark | params.desync_fwmark;
|
uint32_t desync_fwmark = fwmark | params.desync_fwmark;
|
||||||
|
|
||||||
|
if (ip6hdr) {
|
||||||
ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
|
ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
|
||||||
if (ip6hdr) ttl_fake = params.desync_ttl6 ? params.desync_ttl6 : ttl_orig;
|
ttl_fake = params.desync_ttl6 ? params.desync_ttl6 : ttl_orig;
|
||||||
else ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
|
} else {
|
||||||
|
ttl_orig = ip ? ip->ip_ttl : 0;
|
||||||
|
ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
|
||||||
|
}
|
||||||
extract_endpoints(ip, ip6hdr, NULL, udphdr, &src, &dst);
|
extract_endpoints(ip, ip6hdr, NULL, udphdr, &src, &dst);
|
||||||
|
|
||||||
if (len_payload)
|
if (len_payload)
|
||||||
@ -1433,7 +1435,6 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
b = false;
|
b = false;
|
||||||
switch(desync_mode)
|
switch(desync_mode)
|
||||||
{
|
{
|
||||||
@ -1493,7 +1494,6 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
switch(desync_mode)
|
switch(desync_mode)
|
||||||
{
|
{
|
||||||
case DESYNC_UDPLEN:
|
case DESYNC_UDPLEN:
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, params.udplen_pattern, sizeof(params.udplen_pattern), params.udplen_increment, data_payload, len_payload, pkt1, &pkt1_len))
|
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, params.udplen_pattern, sizeof(params.udplen_pattern), params.udplen_increment, data_payload, len_payload, pkt1, &pkt1_len))
|
||||||
{
|
{
|
||||||
DLOG("could not construct packet with modified length. too large ?\n");
|
DLOG("could not construct packet with modified length. too large ?\n");
|
||||||
@ -1518,7 +1518,6 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
}
|
}
|
||||||
memcpy(pkt2+pkt2_len,data_payload+1,szcopy);
|
memcpy(pkt2+pkt2_len,data_payload+1,szcopy);
|
||||||
pkt2_len+=szcopy;
|
pkt2_len+=szcopy;
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, NULL, 0 , 0, pkt2, pkt2_len, pkt1, &pkt1_len))
|
if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, ttl_orig,fooling_orig, NULL, 0 , 0, pkt2, pkt2_len, pkt1, &pkt1_len))
|
||||||
{
|
{
|
||||||
DLOG("could not construct packet with modified length. too large ?\n");
|
DLOG("could not construct packet with modified length. too large ?\n");
|
||||||
@ -1545,7 +1544,6 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
// freebsd do not set ip.id
|
// freebsd do not set ip.id
|
||||||
uint32_t ident = ip ? ip->ip_id ? ip->ip_id : htons(1+random()%0xFFFF) : htonl(1+random()%0xFFFFFFFF);
|
uint32_t ident = ip ? ip->ip_id ? ip->ip_id : htons(1+random()%0xFFFF) : htonl(1+random()%0xFFFFFFFF);
|
||||||
|
|
||||||
pkt1_len = sizeof(pkt1);
|
|
||||||
pkt2_len = sizeof(pkt2);
|
pkt2_len = sizeof(pkt2);
|
||||||
|
|
||||||
if (ip6hdr && (fooling_orig==FOOL_HOPBYHOP || fooling_orig==FOOL_DESTOPT))
|
if (ip6hdr && (fooling_orig==FOOL_HOPBYHOP || fooling_orig==FOOL_DESTOPT))
|
||||||
|
@ -277,7 +277,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
|
|||||||
// u16 data+0 - name list length
|
// u16 data+0 - name list length
|
||||||
// u8 data+2 - server name type. 0=host_name
|
// u8 data+2 - server name type. 0=host_name
|
||||||
// u16 data+3 - server name length
|
// u16 data+3 - server name length
|
||||||
if (elen < 5 || ext[2] != 0) return false;
|
if (elen < 5 || (ext && ext[2] != 0)) return false;
|
||||||
size_t slen = pntoh16(ext + 3);
|
size_t slen = pntoh16(ext + 3);
|
||||||
ext += 5; elen -= 5;
|
ext += 5; elen -= 5;
|
||||||
if (slen < elen) return false;
|
if (slen < elen) return false;
|
||||||
|
@ -267,7 +267,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
|
|||||||
// u16 data+0 - name list length
|
// u16 data+0 - name list length
|
||||||
// u8 data+2 - server name type. 0=host_name
|
// u8 data+2 - server name type. 0=host_name
|
||||||
// u16 data+3 - server name length
|
// u16 data+3 - server name length
|
||||||
if (elen < 5 || ext[2] != 0) return false;
|
if (elen < 5 || (ext && ext[2] != 0)) return false;
|
||||||
size_t slen = pntoh16(ext + 3);
|
size_t slen = pntoh16(ext + 3);
|
||||||
ext += 5; elen -= 5;
|
ext += 5; elen -= 5;
|
||||||
if (slen < elen) return false;
|
if (slen < elen) return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user