drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 12:10:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: drygdryg:f973a6f3a6a775f502b43b618428702b536aa6ae
Branches Tags
drygdryg:master
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64
...
compare: drygdryg:5a82874624aa2aa4b5fd2037f74f967cfc127ef3
Branches Tags
drygdryg:master
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64

3 Commits
f973a6f3a6 ... 5a82874624

Author SHA1 Message Date
bol-van
5a82874624 nfqws: new name of split/disorder - fakedsplit/fakeddisorder 2024-11-12 13:02:18 +03:00
bol-van
200cd9caf2 mdig: enlarge dns reply buffer 2024-11-12 10:29:29 +03:00
bol-van
f8b3dca6f5 nfqws: optimize code 2024-11-12 10:23:42 +03:00
7 changed files with 62 additions and 63 deletions
Show Stats Expand all files Collapse all files

2
mdig/mdig.c
View File

@ -424,7 +424,7 @@ bool dns_parse_print(const uint8_t *a, size_t len)
} }
int dns_parse_query() int dns_parse_query()
{ {
uint8_t a[1500]; uint8_t a[8192];
size_t l; size_t l;
#ifdef _WIN32 #ifdef _WIN32
_setmode(_fileno(stdin), _O_BINARY); _setmode(_fileno(stdin), _O_BINARY);

87
nfq/desync.c
View File

@ -97,11 +97,11 @@ bool desync_only_first_stage(enum dpi_desync_mode mode)
} }
bool desync_valid_second_stage(enum dpi_desync_mode mode) bool desync_valid_second_stage(enum dpi_desync_mode mode)
{ {
return mode==DESYNC_NONE || mode==DESYNC_DISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_SPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_MULTISPLIT || mode==DESYNC_MULTIDISORDER || mode==DESYNC_IPFRAG2 || mode==DESYNC_UDPLEN || mode==DESYNC_TAMPER; return mode==DESYNC_NONE || mode==DESYNC_FAKEDDISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_FAKEDSPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_MULTISPLIT || mode==DESYNC_MULTIDISORDER || mode==DESYNC_IPFRAG2 || mode==DESYNC_UDPLEN || mode==DESYNC_TAMPER;
} }
bool desync_valid_second_stage_tcp(enum dpi_desync_mode mode) bool desync_valid_second_stage_tcp(enum dpi_desync_mode mode)
{ {
return mode==DESYNC_NONE || mode==DESYNC_DISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_SPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_MULTISPLIT || mode==DESYNC_MULTIDISORDER || mode==DESYNC_IPFRAG2; return mode==DESYNC_NONE || mode==DESYNC_FAKEDDISORDER || mode==DESYNC_DISORDER2 || mode==DESYNC_FAKEDSPLIT || mode==DESYNC_SPLIT2 || mode==DESYNC_MULTISPLIT || mode==DESYNC_MULTIDISORDER || mode==DESYNC_IPFRAG2;
} }
bool desync_valid_second_stage_udp(enum dpi_desync_mode mode) bool desync_valid_second_stage_udp(enum dpi_desync_mode mode)
{ {
@ -123,12 +123,12 @@ enum dpi_desync_mode desync_mode_from_string(const char *s)
return DESYNC_SYNACK; return DESYNC_SYNACK;
else if (!strcmp(s,"syndata")) else if (!strcmp(s,"syndata"))
return DESYNC_SYNDATA; return DESYNC_SYNDATA;
else if (!strcmp(s,"disorder")) else if (!strcmp(s,"fakeddisorder") || !strcmp(s,"disorder"))
return DESYNC_DISORDER; return DESYNC_FAKEDDISORDER;
else if (!strcmp(s,"disorder2")) else if (!strcmp(s,"disorder2"))
return DESYNC_DISORDER2; return DESYNC_DISORDER2;
else if (!strcmp(s,"split")) else if (!strcmp(s,"fakedsplit") || !strcmp(s,"split"))
return DESYNC_SPLIT; return DESYNC_FAKEDSPLIT;
else if (!strcmp(s,"split2")) else if (!strcmp(s,"split2"))
return DESYNC_SPLIT2; return DESYNC_SPLIT2;
else if (!strcmp(s,"multisplit")) else if (!strcmp(s,"multisplit"))
@ -1118,7 +1118,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
DLOG("dpi desync src=%s dst=%s\n",s1,s2); DLOG("dpi desync src=%s dst=%s\n",s1,s2);
} }
const struct split_pos *spos; const struct proto_pos *spos;
switch(l7proto) switch(l7proto)
{ {
case HTTP: case HTTP:
@ -1152,13 +1152,40 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
else else
DLOG("all multisplit pos are outside of this packet\n"); DLOG("all multisplit pos are outside of this packet\n");
} }
if (multisplit_count)
{
int j;
for (i=j=0;i<multisplit_count;i++)
{
multisplit_pos[j]=pos_normalize(multisplit_pos[i],reasm_offset,dis->len_payload);
if (multisplit_pos[j]) j++;
}
multisplit_count=j;
if (params.debug)
{
if (multisplit_count)
{
DLOG("normalized multisplit pos: ");
for (i=0;i<multisplit_count;i++) DLOG("%zu ",multisplit_pos[i]);
DLOG("\n");
}
else
DLOG("all multisplit pos are outside of this packet\n");
}
}
} }
else if (dp->desync_mode==DESYNC_SPLIT || dp->desync_mode==DESYNC_SPLIT2 || dp->desync_mode==DESYNC_DISORDER || dp->desync_mode==DESYNC_DISORDER2 || else if (dp->desync_mode==DESYNC_FAKEDSPLIT || dp->desync_mode==DESYNC_SPLIT2 || dp->desync_mode==DESYNC_FAKEDDISORDER || dp->desync_mode==DESYNC_DISORDER2 ||
dp->desync_mode2==DESYNC_SPLIT || dp->desync_mode2==DESYNC_SPLIT2 || dp->desync_mode2==DESYNC_DISORDER || dp->desync_mode2==DESYNC_DISORDER2) dp->desync_mode2==DESYNC_FAKEDSPLIT || dp->desync_mode2==DESYNC_SPLIT2 || dp->desync_mode2==DESYNC_FAKEDDISORDER || dp->desync_mode2==DESYNC_DISORDER2)
{ {
multisplit_count=0; multisplit_count=0;
split_pos = ResolvePos(rdata_payload, rlen_payload, l7proto, spos); split_pos = ResolvePos(rdata_payload, rlen_payload, l7proto, spos);
DLOG("regular split pos: %zu\n",split_pos); DLOG("regular split pos: %zu\n",split_pos);
if (!split_pos || split_pos>rlen_payload) split_pos=1;
split_pos=pos_normalize(split_pos,reasm_offset,dis->len_payload);
if (split_pos)
DLOG("normalized regular split pos : %zu\n",split_pos);
else
DLOG("regular split pos is outside of this packet\n");
} }
else else
{ {
@ -1170,34 +1197,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
reasm_orig_cancel(ctrack); reasm_orig_cancel(ctrack);
rdata_payload=NULL; rdata_payload=NULL;
if (!split_pos || split_pos>rlen_payload) split_pos=1;
split_pos=pos_normalize(split_pos,reasm_offset,dis->len_payload);
if (split_pos)
DLOG("normalized regular split pos : %zu\n",split_pos);
else
DLOG("regular split pos is outside of this packet\n");
if (multisplit_count)
{
int j;
for (i=j=0;i<multisplit_count;i++)
{
multisplit_pos[j]=pos_normalize(multisplit_pos[i],reasm_offset,dis->len_payload);
if (multisplit_pos[j]) j++;
}
multisplit_count=j;
if (params.debug)
{
if (multisplit_count)
{
DLOG("normalized multisplit pos: ");
for (i=0;i<multisplit_count;i++) DLOG("%zu ",multisplit_pos[i]);
DLOG("\n");
}
else
DLOG("all multisplit pos are outside of this packet\n");
}
}
uint32_t fooling_orig = FOOL_NONE; uint32_t fooling_orig = FOOL_NONE;
bool bFake = false; bool bFake = false;
pkt1_len = sizeof(pkt1); pkt1_len = sizeof(pkt1);
@ -1241,7 +1240,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
case DESYNC_IPFRAG1: case DESYNC_IPFRAG1:
fooling_orig = (dp->desync_mode==DESYNC_HOPBYHOP) ? FOOL_HOPBYHOP : (dp->desync_mode==DESYNC_DESTOPT) ? FOOL_DESTOPT : FOOL_IPFRAG1; fooling_orig = (dp->desync_mode==DESYNC_HOPBYHOP) ? FOOL_HOPBYHOP : (dp->desync_mode==DESYNC_DESTOPT) ? FOOL_DESTOPT : FOOL_IPFRAG1;
if (dis->ip6 && (dp->desync_mode2==DESYNC_NONE || !desync_valid_second_stage_tcp(dp->desync_mode2) || if (dis->ip6 && (dp->desync_mode2==DESYNC_NONE || !desync_valid_second_stage_tcp(dp->desync_mode2) ||
(!split_pos && (dp->desync_mode2==DESYNC_SPLIT || dp->desync_mode2==DESYNC_SPLIT2 || dp->desync_mode2==DESYNC_DISORDER || dp->desync_mode2==DESYNC_DISORDER2)) || (!split_pos && (dp->desync_mode2==DESYNC_FAKEDSPLIT || dp->desync_mode2==DESYNC_SPLIT2 || dp->desync_mode2==DESYNC_FAKEDDISORDER || dp->desync_mode2==DESYNC_DISORDER2)) ||
(!multisplit_count && (dp->desync_mode2==DESYNC_MULTISPLIT || dp->desync_mode2==DESYNC_MULTIDISORDER)))) (!multisplit_count && (dp->desync_mode2==DESYNC_MULTISPLIT || dp->desync_mode2==DESYNC_MULTIDISORDER))))
{ {
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps,
@ -1321,7 +1320,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
return VERDICT_DROP; return VERDICT_DROP;
} }
break; break;
case DESYNC_DISORDER: case DESYNC_FAKEDDISORDER:
case DESYNC_DISORDER2: case DESYNC_DISORDER2:
if (split_pos) if (split_pos)
{ {
@ -1367,7 +1366,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
} }
if (desync_mode==DESYNC_DISORDER) if (desync_mode==DESYNC_FAKEDDISORDER)
{ {
seg_len = sizeof(fakeseg); seg_len = sizeof(fakeseg);
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps,
@ -1392,7 +1391,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len)) if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
return verdict; return verdict;
if (desync_mode==DESYNC_DISORDER) if (desync_mode==DESYNC_FAKEDDISORDER)
{ {
DLOG("sending fake(2) 1st out-of-order tcp segment 0-%zu len=%zu : ",split_pos-1, split_pos); DLOG("sending fake(2) 1st out-of-order tcp segment 0-%zu len=%zu : ",split_pos-1, split_pos);
hexdump_limited_dlog(zeropkt,split_pos,PKTDATA_MAXDUMP); DLOG("\n"); hexdump_limited_dlog(zeropkt,split_pos,PKTDATA_MAXDUMP); DLOG("\n");
@ -1403,14 +1402,14 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
return VERDICT_DROP; return VERDICT_DROP;
} }
break; break;
case DESYNC_SPLIT: case DESYNC_FAKEDSPLIT:
case DESYNC_SPLIT2: case DESYNC_SPLIT2:
if (split_pos) if (split_pos)
{ {
uint8_t fakeseg[DPI_DESYNC_MAX_FAKE_LEN+100],ovlseg[DPI_DESYNC_MAX_FAKE_LEN+100], *seg; uint8_t fakeseg[DPI_DESYNC_MAX_FAKE_LEN+100],ovlseg[DPI_DESYNC_MAX_FAKE_LEN+100], *seg;
size_t fakeseg_len,seg_len; size_t fakeseg_len,seg_len;
if (desync_mode==DESYNC_SPLIT) if (desync_mode==DESYNC_FAKEDSPLIT)
{ {
fakeseg_len = sizeof(fakeseg); fakeseg_len = sizeof(fakeseg);
if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps, if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps,
@ -1453,7 +1452,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len)) if (!rawsend((struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
return verdict; return verdict;
if (desync_mode==DESYNC_SPLIT) if (desync_mode==DESYNC_FAKEDSPLIT)
{ {
DLOG("sending fake(2) 1st tcp segment 0-%zu len=%zu : ",split_pos-1, split_pos); DLOG("sending fake(2) 1st tcp segment 0-%zu len=%zu : ",split_pos-1, split_pos);
hexdump_limited_dlog(zeropkt,split_pos,PKTDATA_MAXDUMP); DLOG("\n"); hexdump_limited_dlog(zeropkt,split_pos,PKTDATA_MAXDUMP); DLOG("\n");

6
nfq/desync.h
View File

@ -28,10 +28,10 @@ enum dpi_desync_mode {
DESYNC_RSTACK, DESYNC_RSTACK,
DESYNC_SYNACK, DESYNC_SYNACK,
DESYNC_SYNDATA, DESYNC_SYNDATA,
DESYNC_DISORDER,
DESYNC_DISORDER2,
DESYNC_SPLIT,
DESYNC_SPLIT2, DESYNC_SPLIT2,
DESYNC_DISORDER2,
DESYNC_FAKEDSPLIT,
DESYNC_FAKEDDISORDER,
DESYNC_MULTISPLIT, DESYNC_MULTISPLIT,
DESYNC_MULTIDISORDER, DESYNC_MULTIDISORDER,
DESYNC_IPFRAG2, DESYNC_IPFRAG2,

14
nfq/nfqws.c
View File

@ -726,7 +726,7 @@ static bool wf_make_l3(char *opt, bool *ipv4, bool *ipv6)
return true; return true;
} }
static bool parse_httpreqpos(const char *s, struct split_pos *sp) static bool parse_httpreqpos(const char *s, struct proto_pos *sp)
{ {
if (!strcmp(s, "method")) if (!strcmp(s, "method"))
{ {
@ -742,7 +742,7 @@ static bool parse_httpreqpos(const char *s, struct split_pos *sp)
return false; return false;
return true; return true;
} }
static bool parse_tlspos(const char *s, struct split_pos *sp) static bool parse_tlspos(const char *s, struct proto_pos *sp)
{ {
if (!strcmp(s, "sni")) if (!strcmp(s, "sni"))
{ {
@ -794,7 +794,7 @@ static bool parse_posmarker(const char *opt, uint8_t *posmarker)
return false; return false;
return true; return true;
} }
static bool parse_split_pos(char *opt, struct split_pos *split) static bool parse_split_pos(char *opt, struct proto_pos *split)
{ {
if (parse_int16(opt,&split->pos)) if (parse_int16(opt,&split->pos))
{ {
@ -818,7 +818,7 @@ static bool parse_split_pos(char *opt, struct split_pos *split)
} }
return true; return true;
} }
static bool parse_split_pos_list(char *opt, struct split_pos *splits, int splits_size, int *split_count) static bool parse_split_pos_list(char *opt, struct proto_pos *splits, int splits_size, int *split_count)
{ {
char c,*e,*p; char c,*e,*p;
@ -850,7 +850,7 @@ static void split_compat(struct desync_profile *dp)
break; break;
} }
} }
if (SPLIT_POS_EMPTY(&dp->split_http)) if (PROTO_POS_EMPTY(&dp->split_http))
{ {
dp->split_http=dp->split_unknown; dp->split_http=dp->split_unknown;
for (i=0;i<dp->split_count;i++) for (i=0;i<dp->split_count;i++)
@ -860,7 +860,7 @@ static void split_compat(struct desync_profile *dp)
break; break;
} }
} }
if (SPLIT_POS_EMPTY(&dp->split_tls)) if (PROTO_POS_EMPTY(&dp->split_tls))
{ {
dp->split_tls=dp->split_unknown; dp->split_tls=dp->split_unknown;
for (i=0;i<dp->split_count;i++) for (i=0;i<dp->split_count;i++)
@ -1066,7 +1066,7 @@ static void exithelp(void)
" --domcase\t\t\t\t\t; mix domain case : Host: TeSt.cOm\n" " --domcase\t\t\t\t\t; mix domain case : Host: TeSt.cOm\n"
" --dpi-desync=[<mode0>,]<mode>[,<mode2>]\t; try to desync dpi state. modes :\n" " --dpi-desync=[<mode0>,]<mode>[,<mode2>]\t; try to desync dpi state. modes :\n"
"\t\t\t\t\t\t; synack syndata fake fakeknown rst rstack hopbyhop destopt ipfrag1\n" "\t\t\t\t\t\t; synack syndata fake fakeknown rst rstack hopbyhop destopt ipfrag1\n"
"\t\t\t\t\t\t; disorder disorder2 split split2 multisplit multidisorder ipfrag2 udplen tamper\n" "\t\t\t\t\t\t; disorder2 split2 multisplit multidisorder fakedsplit fakeddisorder ipfrag2 udplen tamper\n"
#ifdef __linux__ #ifdef __linux__
" --dpi-desync-fwmark=<int|0xHEX>\t\t; override fwmark for desync packet. default = 0x%08X (%u)\n" " --dpi-desync-fwmark=<int|0xHEX>\t\t; override fwmark for desync packet. default = 0x%08X (%u)\n"
#elif defined(SO_USER_COOKIE) #elif defined(SO_USER_COOKIE)

4
nfq/params.h
View File

@ -58,10 +58,10 @@ struct desync_profile
unsigned int desync_repeats,desync_seqovl,desync_ipfrag_pos_tcp,desync_ipfrag_pos_udp; unsigned int desync_repeats,desync_seqovl,desync_ipfrag_pos_tcp,desync_ipfrag_pos_udp;
// multisplit // multisplit
struct split_pos splits[MAX_SPLITS]; struct proto_pos splits[MAX_SPLITS];
int split_count; int split_count;
// single split pos cache // single split pos cache
struct split_pos split_http,split_tls,split_unknown; struct proto_pos split_http,split_tls,split_unknown;
char desync_start_mode, desync_cutoff_mode; // n - packets, d - data packets, s - relative sequence char desync_start_mode, desync_cutoff_mode; // n - packets, d - data packets, s - relative sequence
unsigned int desync_start, desync_cutoff; unsigned int desync_start, desync_cutoff;

4
nfq/protocol.c
View File

@ -125,7 +125,7 @@ static size_t HostPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_
} }
return CheckPos(sz,offset); return CheckPos(sz,offset);
} }
size_t ResolvePos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct split_pos *sp) size_t ResolvePos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct proto_pos *sp)
{ {
switch(l7proto) switch(l7proto)
{ {
@ -137,7 +137,7 @@ size_t ResolvePos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struc
return AnyProtoPos(sp->marker, sp->pos, data, sz); return AnyProtoPos(sp->marker, sp->pos, data, sz);
} }
} }
void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct split_pos *splits, int split_count, size_t *pos, int *pos_count) void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct proto_pos *splits, int split_count, size_t *pos, int *pos_count)
{ {
int i,j; int i,j;
for(i=j=0;i<split_count;i++) for(i=j=0;i<split_count;i++)

8
nfq/protocol.h
View File

@ -26,19 +26,19 @@ bool l7_proto_match(t_l7proto l7proto, uint32_t filter_l7);
#define PM_HOST_ENDSLD 5 #define PM_HOST_ENDSLD 5
#define PM_HTTP_METHOD 6 #define PM_HTTP_METHOD 6
#define PM_SNI_EXT 7 #define PM_SNI_EXT 7
struct split_pos struct proto_pos
{ {
int16_t pos; int16_t pos;
uint8_t marker; uint8_t marker;
}; };
#define SPLIT_POS_EMPTY(sp) ((sp)->marker==PM_ABS && (sp)->pos==0) #define PROTO_POS_EMPTY(sp) ((sp)->marker==PM_ABS && (sp)->pos==0)
bool IsHostMarker(uint8_t posmarker); bool IsHostMarker(uint8_t posmarker);
const char *posmarker_name(uint8_t posmarker); const char *posmarker_name(uint8_t posmarker);
size_t AnyProtoPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz); size_t AnyProtoPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz);
size_t HttpPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz); size_t HttpPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz);
size_t TLSPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz); size_t TLSPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz);
size_t ResolvePos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct split_pos *sp); size_t ResolvePos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct proto_pos *sp);
void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct split_pos *splits, int split_count, size_t *pos, int *pos_count); void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7proto l7proto, const struct proto_pos *splits, int split_count, size_t *pos, int *pos_count);
extern const char *http_methods[9]; extern const char *http_methods[9];
const char *HttpMethod(const uint8_t *data, size_t len); const char *HttpMethod(const uint8_t *data, size_t len);