zapret/nfq/protocol.h

#pragma once

#include <stddef.h>
#include <stdint.h>
#include <stdbool.h>
#include "crypto/sha.h"
#include "crypto/aes-gcm.h"
#include "helpers.h"

bool IsHttp(const uint8_t *data, size_t len);
// header must be passed like this : "\nHost:"
bool HttpExtractHeader(const uint8_t *data, size_t len, const char *header, char *buf, size_t len_buf);
bool HttpExtractHost(const uint8_t *data, size_t len, char *host, size_t len_host);
bool IsHttpReply(const uint8_t *data, size_t len);
const char *HttpFind2ndLevelDomain(const char *host);
// must be pre-checked by IsHttpReply
int HttpReplyCode(const uint8_t *data, size_t len);
// must be pre-checked by IsHttpReply
bool HttpReplyLooksLikeDPIRedirect(const uint8_t *data, size_t len, const char *host);

uint16_t TLSRecordDataLen(const uint8_t *data);
size_t TLSRecordLen(const uint8_t *data);
bool IsTLSRecordFull(const uint8_t *data, size_t len);
bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK);
bool TLSFindExt(const uint8_t *data, size_t len, uint16_t type, const uint8_t **ext, size_t *len_ext, bool bPartialIsOK);
bool TLSFindExtInHandshake(const uint8_t *data, size_t len, uint16_t type, const uint8_t **ext, size_t *len_ext, bool bPartialIsOK);
bool TLSHelloExtractHost(const uint8_t *data, size_t len, char *host, size_t len_host, bool bPartialIsOK);
bool TLSHelloExtractHostFromHandshake(const uint8_t *data, size_t len, char *host, size_t len_host, bool bPartialIsOK);

bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len);
bool IsDhtD1(const uint8_t *data, size_t len);

#define QUIC_MAX_CID_LENGTH  20
typedef struct quic_cid {
	uint8_t      len;
	uint8_t      cid[QUIC_MAX_CID_LENGTH];
} quic_cid_t;

bool IsQUICInitial(const uint8_t *data, size_t len);
bool IsQUICCryptoHello(const uint8_t *data, size_t len, size_t *hello_offset, size_t *hello_len);
bool QUICIsLongHeader(const uint8_t *data, size_t len);
uint32_t QUICExtractVersion(const uint8_t *data, size_t len);
uint8_t QUICDraftVersion(uint32_t version);
bool QUICExtractDCID(const uint8_t *data, size_t len, quic_cid_t *cid);

bool QUICDecryptInitial(const uint8_t *data, size_t data_len, uint8_t *clean, size_t *clean_len);
bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,size_t *defrag_len);
bool QUICExtractHostFromInitial(const uint8_t *data, size_t data_len, char *host, size_t len_host, bool *bDecryptOK, bool *bIsCryptoHello);
history purge 2021-03-04 16:30:38 +05:00			`#pragma once`

			`#include <stddef.h>`
			`#include <stdint.h>`
			`#include <stdbool.h>`
nfqws: QUIC initial dissection support 2022-03-25 18:59:58 +05:00			`#include "crypto/sha.h"`
			`#include "crypto/aes-gcm.h"`
nfqws: tls client hello reassemble 2023-11-15 21:36:34 +05:00			`#include "helpers.h"`
history purge 2021-03-04 16:30:38 +05:00
			`bool IsHttp(const uint8_t *data, size_t len);`
autohostlist mode 2023-10-26 17:12:32 +05:00			`// header must be passed like this : "\nHost:"`
			`bool HttpExtractHeader(const uint8_t data, size_t len, const char header, char *buf, size_t len_buf);`
history purge 2021-03-04 16:30:38 +05:00			`bool HttpExtractHost(const uint8_t data, size_t len, char host, size_t len_host);`
autohostlist mode 2023-10-26 17:12:32 +05:00			`bool IsHttpReply(const uint8_t *data, size_t len);`
			`const char HttpFind2ndLevelDomain(const char host);`
			`// must be pre-checked by IsHttpReply`
			`int HttpReplyCode(const uint8_t *data, size_t len);`
			`// must be pre-checked by IsHttpReply`
			`bool HttpReplyLooksLikeDPIRedirect(const uint8_t data, size_t len, const char host);`
nfqws: QUIC initial dissection support 2022-03-25 18:59:58 +05:00
nfqws: tls client hello reassemble 2023-11-15 21:36:34 +05:00			`uint16_t TLSRecordDataLen(const uint8_t *data);`
			`size_t TLSRecordLen(const uint8_t *data);`
			`bool IsTLSRecordFull(const uint8_t *data, size_t len);`
			`bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK);`
			`bool TLSFindExt(const uint8_t data, size_t len, uint16_t type, const uint8_t ext, size_t len_ext, bool bPartialIsOK);`
			`bool TLSFindExtInHandshake(const uint8_t data, size_t len, uint16_t type, const uint8_t ext, size_t len_ext, bool bPartialIsOK);`
			`bool TLSHelloExtractHost(const uint8_t data, size_t len, char host, size_t len_host, bool bPartialIsOK);`
			`bool TLSHelloExtractHostFromHandshake(const uint8_t data, size_t len, char host, size_t len_host, bool bPartialIsOK);`
nfqws: QUIC initial dissection support 2022-03-25 18:59:58 +05:00
nfqws: wireguard protocol recognition 2023-08-12 11:56:19 +05:00			`bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len);`
nfqws: DHT and tamper 2023-09-07 21:03:37 +05:00			`bool IsDhtD1(const uint8_t *data, size_t len);`
nfqws: wireguard protocol recognition 2023-08-12 11:56:19 +05:00
nfqws: QUIC initial dissection support 2022-03-25 18:59:58 +05:00			`#define QUIC_MAX_CID_LENGTH 20`
			`typedef struct quic_cid {`
			`uint8_t len;`
			`uint8_t cid[QUIC_MAX_CID_LENGTH];`
			`} quic_cid_t;`

nfqws: quic protocol code optimizations 2022-03-26 12:08:10 +05:00			`bool IsQUICInitial(const uint8_t *data, size_t len);`
nfqws: QUIC initial dissection support 2022-03-25 18:59:58 +05:00			`bool IsQUICCryptoHello(const uint8_t data, size_t len, size_t hello_offset, size_t *hello_len);`
			`bool QUICIsLongHeader(const uint8_t *data, size_t len);`
			`uint32_t QUICExtractVersion(const uint8_t *data, size_t len);`
			`uint8_t QUICDraftVersion(uint32_t version);`
			`bool QUICExtractDCID(const uint8_t data, size_t len, quic_cid_t cid);`

			`bool QUICDecryptInitial(const uint8_t data, size_t data_len, uint8_t clean, size_t *clean_len);`
			`bool QUICDefragCrypto(const uint8_t clean,size_t clean_len, uint8_t defrag,size_t *defrag_len);`
nfqws: quic protocol code optimizations 2022-03-26 12:08:10 +05:00			`bool QUICExtractHostFromInitial(const uint8_t data, size_t data_len, char host, size_t len_host, bool bDecryptOK, bool bIsCryptoHello);`