diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws index 4313431..8664978 100755 Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c index db1fa74..ff6b298 100644 --- a/nfq/darkmagic.c +++ b/nfq/darkmagic.c @@ -903,14 +903,8 @@ static int *rawsend_family_sock(sa_family_t family) } #ifdef BSD -int rawsend_socket_divert(sa_family_t family) +int socket_divert(sa_family_t family) { - // HACK HACK HACK HACK HACK HACK HACK HACK - // FreeBSD doesnt allow IP_HDRINCL for IPV6 - // OpenBSD doesnt allow rawsending tcp frames - // we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING - // from my point of view disabling direct ability to send ip frames is not security. its SHIT - int fd; #ifdef __FreeBSD__ @@ -921,6 +915,17 @@ int rawsend_socket_divert(sa_family_t family) #endif // freebsd13- or openbsd way fd = socket(family, SOCK_RAW, IPPROTO_DIVERT); + return fd; +} +static int rawsend_socket_divert(sa_family_t family) +{ + // HACK HACK HACK HACK HACK HACK HACK HACK + // FreeBSD doesnt allow IP_HDRINCL for IPV6 + // OpenBSD doesnt allow rawsending tcp frames + // we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING + // from my point of view disabling direct ability to send ip frames is not security. its SHIT + + int fd = socket_divert(family); if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF)) { close(fd); diff --git a/nfq/darkmagic.h b/nfq/darkmagic.h index 5b1ce3a..3defd24 100644 --- a/nfq/darkmagic.h +++ b/nfq/darkmagic.h @@ -139,7 +139,7 @@ bool rawsend_preinit(bool bind_fix4, bool bind_fix6); // cleans up socket autocreated by rawsend void rawsend_cleanup(void); -int rawsend_socket_divert(sa_family_t family); +int socket_divert(sa_family_t family); const char *proto_name(uint8_t proto); uint16_t family_from_proto(uint8_t l3proto); diff --git a/nfq/nfqws.c b/nfq/nfqws.c index f1210ef..bd3772d 100644 --- a/nfq/nfqws.c +++ b/nfq/nfqws.c @@ -353,7 +353,7 @@ static int dvt_main(void) bp4.sin_addr.s_addr = INADDR_ANY; printf("creating divert4 socket\n"); - fd[0] = rawsend_socket_divert(AF_INET); + fd[0] = socket_divert(AF_INET); if (fd[0] == -1) { perror("socket (DIVERT4)"); goto exiterr; @@ -378,7 +378,7 @@ static int dvt_main(void) bp6.sin6_port = htons(params.port); printf("creating divert6 socket\n"); - fd[1] = rawsend_socket_divert(AF_INET6); + fd[1] = socket_divert(AF_INET6); if (fd[1] == -1) { perror("socket (DIVERT6)"); goto exiterr;