mirror of
https://github.com/bol-van/zapret.git
synced 2025-01-07 17:00:34 +05:00
nfqws,tpws: multiple hostlist support, exclude hostlist support
This commit is contained in:
parent
6fc58fac87
commit
403dc1a204
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -323,7 +323,7 @@ packet_process_result dpi_desync_tcp_packet(uint32_t fwmark, const char *ifout,
|
|||||||
if (bHaveHost)
|
if (bHaveHost)
|
||||||
{
|
{
|
||||||
DLOG("hostname: %s\n",host)
|
DLOG("hostname: %s\n",host)
|
||||||
if (params.hostlist && !SearchHostList(params.hostlist,host,params.debug))
|
if ((params.hostlist || params.hostlist_exclude) && !HostlistCheck(params.hostlist, params.hostlist_exclude, host))
|
||||||
{
|
{
|
||||||
DLOG("not applying tampering to this request\n")
|
DLOG("not applying tampering to this request\n")
|
||||||
return res;
|
return res;
|
||||||
@ -738,7 +738,7 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
|
|||||||
if (bHaveHost)
|
if (bHaveHost)
|
||||||
{
|
{
|
||||||
DLOG("hostname: %s\n",host)
|
DLOG("hostname: %s\n",host)
|
||||||
if (params.hostlist && !SearchHostList(params.hostlist,host,params.debug))
|
if ((params.hostlist || params.hostlist_exclude) && !HostlistCheck(params.hostlist, params.hostlist_exclude, host))
|
||||||
{
|
{
|
||||||
DLOG("not applying tampering to this request\n")
|
DLOG("not applying tampering to this request\n")
|
||||||
return res;
|
return res;
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "hostlist.h"
|
#include "hostlist.h"
|
||||||
#include "gzip.h"
|
#include "gzip.h"
|
||||||
|
#include "params.h"
|
||||||
|
|
||||||
|
|
||||||
static bool addpool(strpool **hostlist, char **s, const char *end)
|
static bool addpool(strpool **hostlist, char **s, const char *end)
|
||||||
@ -22,7 +23,7 @@ static bool addpool(strpool **hostlist, char **s, const char *end)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool LoadHostList(strpool **hostlist, char *filename)
|
bool AppendHostList(strpool **hostlist, char *filename)
|
||||||
{
|
{
|
||||||
char *p, *e, s[256], *zbuf;
|
char *p, *e, s[256], *zbuf;
|
||||||
size_t zsize;
|
size_t zsize;
|
||||||
@ -30,11 +31,7 @@ bool LoadHostList(strpool **hostlist, char *filename)
|
|||||||
FILE *F;
|
FILE *F;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (*hostlist)
|
printf("Loading hostlist %s\n",filename);
|
||||||
{
|
|
||||||
StrPoolDestroy(hostlist);
|
|
||||||
*hostlist = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(F = fopen(filename, "rb")))
|
if (!(F = fopen(filename, "rb")))
|
||||||
{
|
{
|
||||||
@ -92,8 +89,25 @@ bool LoadHostList(strpool **hostlist, char *filename)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list)
|
||||||
|
{
|
||||||
|
struct str_list *file;
|
||||||
|
|
||||||
bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
if (*hostlist)
|
||||||
|
{
|
||||||
|
StrPoolDestroy(hostlist);
|
||||||
|
*hostlist = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(file, file_list, next)
|
||||||
|
{
|
||||||
|
if (!AppendHostList(hostlist, file->str)) return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool SearchHostList(strpool *hostlist, const char *host)
|
||||||
{
|
{
|
||||||
if (hostlist)
|
if (hostlist)
|
||||||
{
|
{
|
||||||
@ -102,7 +116,7 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
|||||||
while (p)
|
while (p)
|
||||||
{
|
{
|
||||||
bInHostList = StrPoolCheckStr(hostlist, p);
|
bInHostList = StrPoolCheckStr(hostlist, p);
|
||||||
if (debug) printf("Hostlist check for %s : %s\n", p, bInHostList ? "positive" : "negative");
|
if (params.debug) printf("Hostlist check for %s : %s\n", p, bInHostList ? "positive" : "negative");
|
||||||
if (bInHostList) return true;
|
if (bInHostList) return true;
|
||||||
p = strchr(p, '.');
|
p = strchr(p, '.');
|
||||||
if (p) p++;
|
if (p) p++;
|
||||||
@ -110,3 +124,19 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// return : true = apply fooling, false = do not apply
|
||||||
|
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host)
|
||||||
|
{
|
||||||
|
if (hostlist_exclude)
|
||||||
|
{
|
||||||
|
if (params.debug) printf("Checking exclude hostlist\n");
|
||||||
|
if (SearchHostList(hostlist_exclude, host)) return false;
|
||||||
|
}
|
||||||
|
if (hostlist)
|
||||||
|
{
|
||||||
|
if (params.debug) printf("Checking include hostlist\n");
|
||||||
|
return SearchHostList(hostlist, host);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
@ -3,5 +3,8 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include "strpool.h"
|
#include "strpool.h"
|
||||||
|
|
||||||
bool LoadHostList(strpool **hostlist, char *filename);
|
bool AppendHostList(strpool **hostlist, char *filename);
|
||||||
bool SearchHostList(strpool *hostlist, const char *host,bool debug);
|
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list);
|
||||||
|
bool SearchHostList(strpool *hostlist, const char *host);
|
||||||
|
// return : true = apply fooling, false = do not apply
|
||||||
|
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host);
|
||||||
|
58
nfq/nfqws.c
58
nfq/nfqws.c
@ -48,7 +48,7 @@ static bool bHup = false;
|
|||||||
static void onhup(int sig)
|
static void onhup(int sig)
|
||||||
{
|
{
|
||||||
printf("HUP received !\n");
|
printf("HUP received !\n");
|
||||||
if (params.hostlist)
|
if (params.hostlist || params.hostlist_exclude)
|
||||||
printf("Will reload hostlist on next request\n");
|
printf("Will reload hostlist on next request\n");
|
||||||
bHup = true;
|
bHup = true;
|
||||||
}
|
}
|
||||||
@ -57,14 +57,12 @@ static void dohup()
|
|||||||
{
|
{
|
||||||
if (bHup)
|
if (bHup)
|
||||||
{
|
{
|
||||||
if (params.hostlist)
|
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files) ||
|
||||||
{
|
!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||||
if (!LoadHostList(¶ms.hostlist, params.hostfile))
|
|
||||||
{
|
{
|
||||||
// what will we do without hostlist ?? sure, gonna die
|
// what will we do without hostlist ?? sure, gonna die
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
bHup = false;
|
bHup = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -549,7 +547,8 @@ static void exithelp()
|
|||||||
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
|
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
|
||||||
" --dpi-desync-udplen-increment=<int>\t; increase udp packet length by N bytes (default %u)\n"
|
" --dpi-desync-udplen-increment=<int>\t; increase udp packet length by N bytes (default %u)\n"
|
||||||
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
|
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
|
||||||
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply)\n",
|
" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
|
" --hostlist-exclude=<filename>\t\t; do not apply dpi desync to the listed hosts (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n",
|
||||||
CTRACK_T_SYN, CTRACK_T_EST, CTRACK_T_FIN, CTRACK_T_UDP,
|
CTRACK_T_SYN, CTRACK_T_EST, CTRACK_T_FIN, CTRACK_T_UDP,
|
||||||
#if defined(__linux__) || defined(SO_USER_COOKIE)
|
#if defined(__linux__) || defined(SO_USER_COOKIE)
|
||||||
DPI_DESYNC_FWMARK_DEFAULT,DPI_DESYNC_FWMARK_DEFAULT,
|
DPI_DESYNC_FWMARK_DEFAULT,DPI_DESYNC_FWMARK_DEFAULT,
|
||||||
@ -565,12 +564,20 @@ static void exithelp()
|
|||||||
|
|
||||||
static void cleanup_params()
|
static void cleanup_params()
|
||||||
{
|
{
|
||||||
|
ConntrackPoolDestroy(¶ms.conntrack);
|
||||||
|
|
||||||
|
strlist_destroy(¶ms.hostlist_files);
|
||||||
|
strlist_destroy(¶ms.hostlist_exclude_files);
|
||||||
|
if (params.hostlist_exclude)
|
||||||
|
{
|
||||||
|
StrPoolDestroy(¶ms.hostlist_exclude);
|
||||||
|
params.hostlist_exclude = NULL;
|
||||||
|
}
|
||||||
if (params.hostlist)
|
if (params.hostlist)
|
||||||
{
|
{
|
||||||
StrPoolDestroy(¶ms.hostlist);
|
StrPoolDestroy(¶ms.hostlist);
|
||||||
params.hostlist = NULL;
|
params.hostlist = NULL;
|
||||||
}
|
}
|
||||||
ConntrackPoolDestroy(¶ms.conntrack);
|
|
||||||
}
|
}
|
||||||
static void exithelp_clean()
|
static void exithelp_clean()
|
||||||
{
|
{
|
||||||
@ -649,6 +656,9 @@ int main(int argc, char **argv)
|
|||||||
params.wssize_cutoff_mode = params.desync_cutoff_mode = 'n'; // packet number by default
|
params.wssize_cutoff_mode = params.desync_cutoff_mode = 'n'; // packet number by default
|
||||||
params.udplen_increment = UDPLEN_INCREMENT_DEFAULT;
|
params.udplen_increment = UDPLEN_INCREMENT_DEFAULT;
|
||||||
|
|
||||||
|
LIST_INIT(¶ms.hostlist_files);
|
||||||
|
LIST_INIT(¶ms.hostlist_exclude_files);
|
||||||
|
|
||||||
if (can_drop_root()) // are we root ?
|
if (can_drop_root()) // are we root ?
|
||||||
{
|
{
|
||||||
params.uid = params.gid = 0x7FFFFFFF; // default uid:gid
|
params.uid = params.gid = 0x7FFFFFFF; // default uid:gid
|
||||||
@ -704,9 +714,10 @@ int main(int argc, char **argv)
|
|||||||
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=33
|
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=33
|
||||||
{"dpi-desync-cutoff",required_argument,0,0},// optidx=34
|
{"dpi-desync-cutoff",required_argument,0,0},// optidx=34
|
||||||
{"hostlist",required_argument,0,0}, // optidx=35
|
{"hostlist",required_argument,0,0}, // optidx=35
|
||||||
|
{"hostlist-exclude",required_argument,0,0}, // optidx=36
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
{"bind-fix4",no_argument,0,0}, // optidx=36
|
{"bind-fix4",no_argument,0,0}, // optidx=37
|
||||||
{"bind-fix6",no_argument,0,0}, // optidx=37
|
{"bind-fix6",no_argument,0,0}, // optidx=38
|
||||||
#endif
|
#endif
|
||||||
{NULL,0,NULL,0}
|
{NULL,0,NULL,0}
|
||||||
};
|
};
|
||||||
@ -1003,16 +1014,24 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 35: /* hostlist */
|
case 35: /* hostlist */
|
||||||
if (!LoadHostList(¶ms.hostlist, optarg))
|
if (!strlist_add(¶ms.hostlist_files, optarg))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "strlist_add failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
strncpy(params.hostfile,optarg,sizeof(params.hostfile));
|
}
|
||||||
params.hostfile[sizeof(params.hostfile)-1]='\0';
|
break;
|
||||||
|
case 36: /* hostlist-exclude */
|
||||||
|
if (!strlist_add(¶ms.hostlist_exclude_files, optarg))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "strlist_add failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
case 36: /* bind-fix4 */
|
case 37: /* bind-fix4 */
|
||||||
params.bind_fix4 = true;
|
params.bind_fix4 = true;
|
||||||
break;
|
break;
|
||||||
case 37: /* bind-fix6 */
|
case 38: /* bind-fix6 */
|
||||||
params.bind_fix6 = true;
|
params.bind_fix6 = true;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
@ -1028,6 +1047,17 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Include hostlist load failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
if (!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Exclude hostlist load failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
|
||||||
if (daemon) daemonize();
|
if (daemon) daemonize();
|
||||||
|
|
||||||
if (*pidfile && !writepid(pidfile))
|
if (*pidfile && !writepid(pidfile))
|
||||||
|
@ -50,8 +50,6 @@ struct params_s
|
|||||||
uint8_t desync_fooling_mode;
|
uint8_t desync_fooling_mode;
|
||||||
uint32_t desync_fwmark; // unused in BSD
|
uint32_t desync_fwmark; // unused in BSD
|
||||||
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
|
||||||
char hostfile[256];
|
|
||||||
strpool *hostlist;
|
|
||||||
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
|
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
|
||||||
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
|
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
|
||||||
uint16_t udplen_increment;
|
uint16_t udplen_increment;
|
||||||
@ -59,6 +57,9 @@ struct params_s
|
|||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|
||||||
|
strpool *hostlist, *hostlist_exclude;
|
||||||
|
struct str_list_head hostlist_files, hostlist_exclude_files;
|
||||||
|
|
||||||
unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
|
unsigned int ctrack_t_syn, ctrack_t_est, ctrack_t_fin, ctrack_t_udp;
|
||||||
t_conntrack conntrack;
|
t_conntrack conntrack;
|
||||||
};
|
};
|
||||||
|
@ -74,3 +74,34 @@ void StrPoolDestroy(strpool **p)
|
|||||||
}
|
}
|
||||||
*p = NULL;
|
*p = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
bool strlist_add(struct str_list_head *head, const char *filename)
|
||||||
|
{
|
||||||
|
struct str_list *entry = malloc(sizeof(struct str_list));
|
||||||
|
if (!entry) return false;
|
||||||
|
entry->str = strdup(filename);
|
||||||
|
if (!entry->str)
|
||||||
|
{
|
||||||
|
free(entry);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
LIST_INSERT_HEAD(head, entry, next);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
static void strlist_entry_destroy(struct str_list *entry)
|
||||||
|
{
|
||||||
|
if (entry->str) free(entry->str);
|
||||||
|
free(entry);
|
||||||
|
}
|
||||||
|
void strlist_destroy(struct str_list_head *head)
|
||||||
|
{
|
||||||
|
struct str_list *entry;
|
||||||
|
while (entry = LIST_FIRST(head))
|
||||||
|
{
|
||||||
|
LIST_REMOVE(entry, next);
|
||||||
|
strlist_entry_destroy(entry);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -2,10 +2,10 @@
|
|||||||
|
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
#include <sys/queue.h>
|
||||||
|
|
||||||
//#define HASH_BLOOM 20
|
//#define HASH_BLOOM 20
|
||||||
#define HASH_NONFATAL_OOM 1
|
#define HASH_NONFATAL_OOM 1
|
||||||
#undef HASH_FUNCTION
|
|
||||||
#define HASH_FUNCTION HASH_BER
|
#define HASH_FUNCTION HASH_BER
|
||||||
#include "uthash.h"
|
#include "uthash.h"
|
||||||
|
|
||||||
@ -18,3 +18,12 @@ void StrPoolDestroy(strpool **p);
|
|||||||
bool StrPoolAddStr(strpool **pp,const char *s);
|
bool StrPoolAddStr(strpool **pp,const char *s);
|
||||||
bool StrPoolAddStrLen(strpool **pp,const char *s,size_t slen);
|
bool StrPoolAddStrLen(strpool **pp,const char *s,size_t slen);
|
||||||
bool StrPoolCheckStr(strpool *p,const char *s);
|
bool StrPoolCheckStr(strpool *p,const char *s);
|
||||||
|
|
||||||
|
struct str_list {
|
||||||
|
char *str;
|
||||||
|
LIST_ENTRY(str_list) next;
|
||||||
|
};
|
||||||
|
LIST_HEAD(str_list_head, str_list);
|
||||||
|
|
||||||
|
bool strlist_add(struct str_list_head *head, const char *filename);
|
||||||
|
void strlist_destroy(struct str_list_head *head);
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
#include "gzip.h"
|
#include "gzip.h"
|
||||||
#include "params.h"
|
#include "params.h"
|
||||||
|
|
||||||
|
|
||||||
static bool addpool(strpool **hostlist, char **s, const char *end)
|
static bool addpool(strpool **hostlist, char **s, const char *end)
|
||||||
{
|
{
|
||||||
char *p;
|
char *p;
|
||||||
@ -22,7 +23,7 @@ static bool addpool(strpool **hostlist, char **s, const char *end)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool LoadHostList(strpool **hostlist, char *filename)
|
bool AppendHostList(strpool **hostlist, char *filename)
|
||||||
{
|
{
|
||||||
char *p, *e, s[256], *zbuf;
|
char *p, *e, s[256], *zbuf;
|
||||||
size_t zsize;
|
size_t zsize;
|
||||||
@ -30,11 +31,7 @@ bool LoadHostList(strpool **hostlist, char *filename)
|
|||||||
FILE *F;
|
FILE *F;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (*hostlist)
|
printf("Loading hostlist %s\n",filename);
|
||||||
{
|
|
||||||
StrPoolDestroy(hostlist);
|
|
||||||
*hostlist = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(F = fopen(filename, "rb")))
|
if (!(F = fopen(filename, "rb")))
|
||||||
{
|
{
|
||||||
@ -92,8 +89,25 @@ bool LoadHostList(strpool **hostlist, char *filename)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list)
|
||||||
|
{
|
||||||
|
struct str_list *file;
|
||||||
|
|
||||||
bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
if (*hostlist)
|
||||||
|
{
|
||||||
|
StrPoolDestroy(hostlist);
|
||||||
|
*hostlist = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(file, file_list, next)
|
||||||
|
{
|
||||||
|
if (!AppendHostList(hostlist, file->str)) return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool SearchHostList(strpool *hostlist, const char *host)
|
||||||
{
|
{
|
||||||
if (hostlist)
|
if (hostlist)
|
||||||
{
|
{
|
||||||
@ -102,7 +116,7 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
|||||||
while (p)
|
while (p)
|
||||||
{
|
{
|
||||||
bInHostList = StrPoolCheckStr(hostlist, p);
|
bInHostList = StrPoolCheckStr(hostlist, p);
|
||||||
if (debug) VPRINT("Hostlist check for %s : %s", p, bInHostList ? "positive" : "negative")
|
if (params.debug) printf("Hostlist check for %s : %s\n", p, bInHostList ? "positive" : "negative");
|
||||||
if (bInHostList) return true;
|
if (bInHostList) return true;
|
||||||
p = strchr(p, '.');
|
p = strchr(p, '.');
|
||||||
if (p) p++;
|
if (p) p++;
|
||||||
@ -110,3 +124,19 @@ bool SearchHostList(strpool *hostlist, const char *host, bool debug)
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// return : true = apply fooling, false = do not apply
|
||||||
|
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host)
|
||||||
|
{
|
||||||
|
if (hostlist_exclude)
|
||||||
|
{
|
||||||
|
if (params.debug) printf("Checking exclude hostlist\n");
|
||||||
|
if (SearchHostList(hostlist_exclude, host)) return false;
|
||||||
|
}
|
||||||
|
if (hostlist)
|
||||||
|
{
|
||||||
|
if (params.debug) printf("Checking include hostlist\n");
|
||||||
|
return SearchHostList(hostlist, host);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
@ -3,5 +3,8 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include "strpool.h"
|
#include "strpool.h"
|
||||||
|
|
||||||
bool LoadHostList(strpool **hostlist, char *filename);
|
bool AppendHostList(strpool **hostlist, char *filename);
|
||||||
bool SearchHostList(strpool *hostlist, const char *host, bool debug);
|
bool LoadHostLists(strpool **hostlist, struct str_list_head *file_list);
|
||||||
|
bool SearchHostList(strpool *hostlist, const char *host);
|
||||||
|
// return : true = apply fooling, false = do not apply
|
||||||
|
bool HostlistCheck(strpool *hostlist, strpool *hostlist_exclude, const char *host);
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
#include <sys/queue.h>
|
||||||
#include "strpool.h"
|
#include "strpool.h"
|
||||||
|
|
||||||
enum splithttpreq { split_none = 0, split_method, split_host };
|
enum splithttpreq { split_none = 0, split_method, split_host };
|
||||||
@ -42,9 +43,11 @@ struct params_s
|
|||||||
enum splithttpreq split_http_req;
|
enum splithttpreq split_http_req;
|
||||||
bool split_any_protocol;
|
bool split_any_protocol;
|
||||||
int split_pos;
|
int split_pos;
|
||||||
char hostfile[256];
|
|
||||||
char pidfile[256];
|
char pidfile[256];
|
||||||
strpool *hostlist;
|
|
||||||
|
strpool *hostlist, *hostlist_exclude;
|
||||||
|
struct str_list_head hostlist_files, hostlist_exclude_files;
|
||||||
|
|
||||||
int debug;
|
int debug;
|
||||||
|
|
||||||
|
@ -74,3 +74,34 @@ void StrPoolDestroy(strpool **p)
|
|||||||
}
|
}
|
||||||
*p = NULL;
|
*p = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
bool strlist_add(struct str_list_head *head, const char *filename)
|
||||||
|
{
|
||||||
|
struct str_list *entry = malloc(sizeof(struct str_list));
|
||||||
|
if (!entry) return false;
|
||||||
|
entry->str = strdup(filename);
|
||||||
|
if (!entry->str)
|
||||||
|
{
|
||||||
|
free(entry);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
LIST_INSERT_HEAD(head, entry, next);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
static void strlist_entry_destroy(struct str_list *entry)
|
||||||
|
{
|
||||||
|
if (entry->str) free(entry->str);
|
||||||
|
free(entry);
|
||||||
|
}
|
||||||
|
void strlist_destroy(struct str_list_head *head)
|
||||||
|
{
|
||||||
|
struct str_list *entry;
|
||||||
|
while (entry = LIST_FIRST(head))
|
||||||
|
{
|
||||||
|
LIST_REMOVE(entry, next);
|
||||||
|
strlist_entry_destroy(entry);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
#include <sys/queue.h>
|
||||||
|
|
||||||
//#define HASH_BLOOM 20
|
//#define HASH_BLOOM 20
|
||||||
#define HASH_NONFATAL_OOM 1
|
#define HASH_NONFATAL_OOM 1
|
||||||
@ -17,3 +18,12 @@ void StrPoolDestroy(strpool **p);
|
|||||||
bool StrPoolAddStr(strpool **pp,const char *s);
|
bool StrPoolAddStr(strpool **pp,const char *s);
|
||||||
bool StrPoolAddStrLen(strpool **pp,const char *s,size_t slen);
|
bool StrPoolAddStrLen(strpool **pp,const char *s,size_t slen);
|
||||||
bool StrPoolCheckStr(strpool *p,const char *s);
|
bool StrPoolCheckStr(strpool *p,const char *s);
|
||||||
|
|
||||||
|
struct str_list {
|
||||||
|
char *str;
|
||||||
|
LIST_ENTRY(str_list) next;
|
||||||
|
};
|
||||||
|
LIST_HEAD(str_list_head, str_list);
|
||||||
|
|
||||||
|
bool strlist_add(struct str_list_head *head, const char *filename);
|
||||||
|
void strlist_destroy(struct str_list_head *head);
|
||||||
|
@ -48,7 +48,7 @@ void modify_tcp_segment(char *segment,size_t segment_buffer_size,size_t *size,si
|
|||||||
{
|
{
|
||||||
VPRINT("Data block looks like http request start : %s", *method)
|
VPRINT("Data block looks like http request start : %s", *method)
|
||||||
// cpu saving : we search host only if and when required. we do not research host every time we need its position
|
// cpu saving : we search host only if and when required. we do not research host every time we need its position
|
||||||
if (params.hostlist && find_host(&pHost,segment,*size))
|
if ((params.hostlist || params.hostlist_exclude) && find_host(&pHost,segment,*size))
|
||||||
{
|
{
|
||||||
p = pHost + 5;
|
p = pHost + 5;
|
||||||
while (p < (segment + *size) && (*p == ' ' || *p == '\t')) p++;
|
while (p < (segment + *size) && (*p == ' ' || *p == '\t')) p++;
|
||||||
@ -58,7 +58,7 @@ void modify_tcp_segment(char *segment,size_t segment_buffer_size,size_t *size,si
|
|||||||
Host[pp - p] = '\0';
|
Host[pp - p] = '\0';
|
||||||
VPRINT("Requested Host is : %s", Host)
|
VPRINT("Requested Host is : %s", Host)
|
||||||
for(p = Host; *p; p++) *p=tolower(*p);
|
for(p = Host; *p; p++) *p=tolower(*p);
|
||||||
bBypass = !SearchHostList(params.hostlist,Host,!!params.debug);
|
bBypass = !HostlistCheck(params.hostlist, params.hostlist_exclude, Host);
|
||||||
}
|
}
|
||||||
if (!bBypass)
|
if (!bBypass)
|
||||||
{
|
{
|
||||||
@ -218,10 +218,10 @@ void modify_tcp_segment(char *segment,size_t segment_buffer_size,size_t *size,si
|
|||||||
|
|
||||||
VPRINT("packet contains TLS ClientHello")
|
VPRINT("packet contains TLS ClientHello")
|
||||||
// we need host only if hostlist is present
|
// we need host only if hostlist is present
|
||||||
if (params.hostlist && TLSHelloExtractHost((uint8_t*)segment,*size,host,sizeof(host)))
|
if ((params.hostlist || params.hostlist_exclude) && TLSHelloExtractHost((uint8_t*)segment,*size,host,sizeof(host)))
|
||||||
{
|
{
|
||||||
VPRINT("hostname: %s",host)
|
VPRINT("hostname: %s",host)
|
||||||
if (!SearchHostList(params.hostlist,host,!!params.debug))
|
if (!HostlistCheck(params.hostlist, params.hostlist_exclude, host))
|
||||||
{
|
{
|
||||||
VPRINT("Not acting on this request")
|
VPRINT("Not acting on this request")
|
||||||
return;
|
return;
|
||||||
|
92
tpws/tpws.c
92
tpws/tpws.c
@ -43,8 +43,8 @@ bool bHup = false;
|
|||||||
static void onhup(int sig)
|
static void onhup(int sig)
|
||||||
{
|
{
|
||||||
printf("HUP received !\n");
|
printf("HUP received !\n");
|
||||||
if (params.hostlist)
|
if (params.hostlist || params.hostlist_exclude)
|
||||||
printf("Will reload hostlist on next request\n");
|
printf("Will reload hostlists on next request\n");
|
||||||
bHup = true;
|
bHup = true;
|
||||||
}
|
}
|
||||||
// should be called in normal execution
|
// should be called in normal execution
|
||||||
@ -52,14 +52,12 @@ void dohup()
|
|||||||
{
|
{
|
||||||
if (bHup)
|
if (bHup)
|
||||||
{
|
{
|
||||||
if (params.hostlist)
|
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files) ||
|
||||||
{
|
!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||||
if (!LoadHostList(¶ms.hostlist, params.hostfile))
|
|
||||||
{
|
{
|
||||||
// what will we do without hostlist ?? sure, gonna die
|
// what will we do without hostlist ?? sure, gonna die
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
bHup = false;
|
bHup = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -144,8 +142,9 @@ static void exithelp()
|
|||||||
#endif
|
#endif
|
||||||
" --debug=0|1|2\t\t\t; 0(default)=silent 1=verbose 2=debug\n"
|
" --debug=0|1|2\t\t\t; 0(default)=silent 1=verbose 2=debug\n"
|
||||||
"\nTAMPERING:\n"
|
"\nTAMPERING:\n"
|
||||||
" --hostlist=<filename>\t\t; only act on host in the list (one host per line, subdomains auto apply)\n"
|
" --hostlist=<filename>\t\t; only act on hosts in the list (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
" --split-http-req=method|host\n"
|
" --hostlist-exclude=<filename>\t; do not act on hosts in the list (one host per line, subdomains auto apply, gzip supported, multiple hostlists allowed)\n"
|
||||||
|
" --split-http-req=method|host\t; split at specified logical part of plain http request\n"
|
||||||
" --split-pos=<numeric_offset>\t; split at specified pos. split-http-req takes precedence for http.\n"
|
" --split-pos=<numeric_offset>\t; split at specified pos. split-http-req takes precedence for http.\n"
|
||||||
" --split-any-protocol\t\t; split not only http and https\n"
|
" --split-any-protocol\t\t; split not only http and https\n"
|
||||||
" --hostcase\t\t\t; change Host: => host:\n"
|
" --hostcase\t\t\t; change Host: => host:\n"
|
||||||
@ -163,6 +162,13 @@ static void exithelp()
|
|||||||
}
|
}
|
||||||
static void cleanup_params()
|
static void cleanup_params()
|
||||||
{
|
{
|
||||||
|
strlist_destroy(¶ms.hostlist_files);
|
||||||
|
strlist_destroy(¶ms.hostlist_exclude_files);
|
||||||
|
if (params.hostlist_exclude)
|
||||||
|
{
|
||||||
|
StrPoolDestroy(¶ms.hostlist_exclude);
|
||||||
|
params.hostlist_exclude = NULL;
|
||||||
|
}
|
||||||
if (params.hostlist)
|
if (params.hostlist)
|
||||||
{
|
{
|
||||||
StrPoolDestroy(¶ms.hostlist);
|
StrPoolDestroy(¶ms.hostlist);
|
||||||
@ -208,6 +214,9 @@ void parse_params(int argc, char *argv[])
|
|||||||
params.maxconn = DEFAULT_MAX_CONN;
|
params.maxconn = DEFAULT_MAX_CONN;
|
||||||
params.max_orphan_time = DEFAULT_MAX_ORPHAN_TIME;
|
params.max_orphan_time = DEFAULT_MAX_ORPHAN_TIME;
|
||||||
params.binds_last = -1;
|
params.binds_last = -1;
|
||||||
|
LIST_INIT(¶ms.hostlist_files);
|
||||||
|
LIST_INIT(¶ms.hostlist_exclude_files);
|
||||||
|
|
||||||
#if defined(__OpenBSD__) || defined(__APPLE__)
|
#if defined(__OpenBSD__) || defined(__APPLE__)
|
||||||
params.pf_enable = true; // OpenBSD and MacOS have no other choice
|
params.pf_enable = true; // OpenBSD and MacOS have no other choice
|
||||||
#endif
|
#endif
|
||||||
@ -249,17 +258,18 @@ void parse_params(int argc, char *argv[])
|
|||||||
{ "hosttab",no_argument,0,0 },// optidx=28
|
{ "hosttab",no_argument,0,0 },// optidx=28
|
||||||
{ "unixeol",no_argument,0,0 },// optidx=29
|
{ "unixeol",no_argument,0,0 },// optidx=29
|
||||||
{ "hostlist",required_argument,0,0 },// optidx=30
|
{ "hostlist",required_argument,0,0 },// optidx=30
|
||||||
{ "pidfile",required_argument,0,0 },// optidx=31
|
{ "hostlist-exclude",required_argument,0,0 },// optidx=31
|
||||||
{ "debug",optional_argument,0,0 },// optidx=32
|
{ "pidfile",required_argument,0,0 },// optidx=32
|
||||||
{ "local-rcvbuf",required_argument,0,0 },// optidx=33
|
{ "debug",optional_argument,0,0 },// optidx=33
|
||||||
{ "local-sndbuf",required_argument,0,0 },// optidx=34
|
{ "local-rcvbuf",required_argument,0,0 },// optidx=34
|
||||||
{ "remote-rcvbuf",required_argument,0,0 },// optidx=35
|
{ "local-sndbuf",required_argument,0,0 },// optidx=35
|
||||||
{ "remote-sndbuf",required_argument,0,0 },// optidx=36
|
{ "remote-rcvbuf",required_argument,0,0 },// optidx=36
|
||||||
{ "socks",no_argument,0,0 },// optidx=37
|
{ "remote-sndbuf",required_argument,0,0 },// optidx=37
|
||||||
{ "no-resolve",no_argument,0,0 },// optidx=38
|
{ "socks",no_argument,0,0 },// optidx=38
|
||||||
{ "skip-nodelay",no_argument,0,0 },// optidx=39
|
{ "no-resolve",no_argument,0,0 },// optidx=39
|
||||||
|
{ "skip-nodelay",no_argument,0,0 },// optidx=40
|
||||||
#if defined(BSD) && !defined(__OpenBSD__) && !defined(__APPLE__)
|
#if defined(BSD) && !defined(__OpenBSD__) && !defined(__APPLE__)
|
||||||
{ "enable-pf",no_argument,0,0 },// optidx=40
|
{ "enable-pf",no_argument,0,0 },// optidx=41
|
||||||
#endif
|
#endif
|
||||||
{ NULL,0,NULL,0 }
|
{ NULL,0,NULL,0 }
|
||||||
};
|
};
|
||||||
@ -460,42 +470,51 @@ void parse_params(int argc, char *argv[])
|
|||||||
params.tamper = true;
|
params.tamper = true;
|
||||||
break;
|
break;
|
||||||
case 30: /* hostlist */
|
case 30: /* hostlist */
|
||||||
if (!LoadHostList(¶ms.hostlist, optarg))
|
if (!strlist_add(¶ms.hostlist_files, optarg))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "strlist_add failed\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
strncpy(params.hostfile,optarg,sizeof(params.hostfile));
|
}
|
||||||
params.hostfile[sizeof(params.hostfile)-1]='\0';
|
|
||||||
params.tamper = true;
|
params.tamper = true;
|
||||||
break;
|
break;
|
||||||
case 31: /* pidfile */
|
case 31: /* hostlist-exclude */
|
||||||
|
if (!strlist_add(¶ms.hostlist_exclude_files, optarg))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "strlist_add failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
params.tamper = true;
|
||||||
|
break;
|
||||||
|
case 32: /* pidfile */
|
||||||
strncpy(params.pidfile,optarg,sizeof(params.pidfile));
|
strncpy(params.pidfile,optarg,sizeof(params.pidfile));
|
||||||
params.pidfile[sizeof(params.pidfile)-1]='\0';
|
params.pidfile[sizeof(params.pidfile)-1]='\0';
|
||||||
break;
|
break;
|
||||||
case 32:
|
case 33:
|
||||||
params.debug = optarg ? atoi(optarg) : 1;
|
params.debug = optarg ? atoi(optarg) : 1;
|
||||||
break;
|
break;
|
||||||
case 33: /* local-rcvbuf */
|
case 34: /* local-rcvbuf */
|
||||||
params.local_rcvbuf = atoi(optarg)/2;
|
params.local_rcvbuf = atoi(optarg)/2;
|
||||||
break;
|
break;
|
||||||
case 34: /* local-sndbuf */
|
case 35: /* local-sndbuf */
|
||||||
params.local_sndbuf = atoi(optarg)/2;
|
params.local_sndbuf = atoi(optarg)/2;
|
||||||
break;
|
break;
|
||||||
case 35: /* remote-rcvbuf */
|
case 36: /* remote-rcvbuf */
|
||||||
params.remote_rcvbuf = atoi(optarg)/2;
|
params.remote_rcvbuf = atoi(optarg)/2;
|
||||||
break;
|
break;
|
||||||
case 36: /* remote-sndbuf */
|
case 37: /* remote-sndbuf */
|
||||||
params.remote_sndbuf = atoi(optarg)/2;
|
params.remote_sndbuf = atoi(optarg)/2;
|
||||||
break;
|
break;
|
||||||
case 37: /* socks */
|
case 38: /* socks */
|
||||||
params.proxy_type = CONN_TYPE_SOCKS;
|
params.proxy_type = CONN_TYPE_SOCKS;
|
||||||
break;
|
break;
|
||||||
case 38: /* no-resolve */
|
case 39: /* no-resolve */
|
||||||
params.no_resolve = true;
|
params.no_resolve = true;
|
||||||
break;
|
break;
|
||||||
case 39: /* skip-nodelay */
|
case 40: /* skip-nodelay */
|
||||||
params.skip_nodelay = true;
|
params.skip_nodelay = true;
|
||||||
break;
|
break;
|
||||||
#if defined(BSD) && !defined(__OpenBSD__) && !defined(__APPLE__)
|
#if defined(BSD) && !defined(__OpenBSD__) && !defined(__APPLE__)
|
||||||
case 40: /* enable-pf */
|
case 41: /* enable-pf */
|
||||||
params.pf_enable = true;
|
params.pf_enable = true;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
@ -515,6 +534,17 @@ void parse_params(int argc, char *argv[])
|
|||||||
fprintf(stderr, "Cannot split with --skip-nodelay\n");
|
fprintf(stderr, "Cannot split with --skip-nodelay\n");
|
||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!LoadHostLists(¶ms.hostlist, ¶ms.hostlist_files))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Include hostlist load failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
|
if (!LoadHostLists(¶ms.hostlist_exclude, ¶ms.hostlist_exclude_files))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Exclude hostlist load failed\n");
|
||||||
|
exit_clean(1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user