mirror of
https://github.com/bol-van/zapret.git
synced 2025-01-22 16:10:36 +05:00
tpws: nosplice
This commit is contained in:
parent
747f9676a6
commit
a570845453
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -559,6 +559,7 @@ tpws is transparent proxy.
|
|||||||
--local-sndbuf=<bytes> ; SO_SNDBUF for local legs
|
--local-sndbuf=<bytes> ; SO_SNDBUF for local legs
|
||||||
--remote-rcvbuf=<bytes> ; SO_RCVBUF for remote legs
|
--remote-rcvbuf=<bytes> ; SO_RCVBUF for remote legs
|
||||||
--remote-sndbuf=<bytes> ; SO_SNDBUF for remote legs
|
--remote-sndbuf=<bytes> ; SO_SNDBUF for remote legs
|
||||||
|
--nosplice ; do not use splice to transfer data between sockets
|
||||||
--skip-nodelay ; do not set TCP_NODELAY for outgoing connections. incompatible with split.
|
--skip-nodelay ; do not set TCP_NODELAY for outgoing connections. incompatible with split.
|
||||||
--no-resolve ; disable socks5 remote dns
|
--no-resolve ; disable socks5 remote dns
|
||||||
--resolver-threads=<int> ; number of resolver worker threads
|
--resolver-threads=<int> ; number of resolver worker threads
|
||||||
@ -1169,6 +1170,8 @@ Cleanup : `wsl --unregister tpws`
|
|||||||
Tested in windows 10 build 19041 (20.04).
|
Tested in windows 10 build 19041 (20.04).
|
||||||
|
|
||||||
`--oob` , `--mss` and `--disorder` do not work.
|
`--oob` , `--mss` and `--disorder` do not work.
|
||||||
|
RST detection in autohostlist scheme may not work.
|
||||||
|
WSL may glitch with pipes. `--nosplice` may be required.
|
||||||
|
|
||||||
NOTICE. There is native windows solution GoodByeDPI. It works on packet level like nfqws.
|
NOTICE. There is native windows solution GoodByeDPI. It works on packet level like nfqws.
|
||||||
|
|
||||||
|
@ -658,6 +658,7 @@ tpws - это transparent proxy.
|
|||||||
--local-sndbuf=<bytes> ; SO_SNDBUF для соединений client-proxy
|
--local-sndbuf=<bytes> ; SO_SNDBUF для соединений client-proxy
|
||||||
--remote-rcvbuf=<bytes> ; SO_RCVBUF для соединений proxy-target
|
--remote-rcvbuf=<bytes> ; SO_RCVBUF для соединений proxy-target
|
||||||
--remote-sndbuf=<bytes> ; SO_SNDBUF для соединений proxy-target
|
--remote-sndbuf=<bytes> ; SO_SNDBUF для соединений proxy-target
|
||||||
|
--nosplice ; не использовать splice на linux системах
|
||||||
--skip-nodelay ; не устанавливать в исходящих соединения TCP_NODELAY. несовместимо со split.
|
--skip-nodelay ; не устанавливать в исходящих соединения TCP_NODELAY. несовместимо со split.
|
||||||
|
|
||||||
--split-http-req=method|host ; способ разделения http запросов на сегменты : около метода (GET,POST) или около заголовка Host
|
--split-http-req=method|host ; способ разделения http запросов на сегменты : около метода (GET,POST) или около заголовка Host
|
||||||
@ -1581,6 +1582,8 @@ tpws в режиме socks можно запускать и под более-м
|
|||||||
|
|
||||||
Не работают функции --oob и --mss из-за ограничений реализации WSL.
|
Не работают функции --oob и --mss из-за ограничений реализации WSL.
|
||||||
--disorder не работает из-за особенностей tcp/ip стека windows.
|
--disorder не работает из-за особенностей tcp/ip стека windows.
|
||||||
|
Может не срабатывать детект RST в autohostlist.
|
||||||
|
WSL может глючить с pipes, ломая тем самым splice и приводя к зацикливанию процесса. Может потребоваться --nosplice.
|
||||||
|
|
||||||
ЗАМЕЧАНИЕ. Под Windows существует нативное решение GoodByeDPI, выполняющее дурение на пакетном уровне (по типу nfqws).
|
ЗАМЕЧАНИЕ. Под Windows существует нативное решение GoodByeDPI, выполняющее дурение на пакетном уровне (по типу nfqws).
|
||||||
|
|
||||||
|
@ -81,6 +81,9 @@ struct params_s
|
|||||||
#if defined(BSD)
|
#if defined(BSD)
|
||||||
bool pf_enable;
|
bool pf_enable;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef __linux__
|
||||||
|
bool nosplice;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct params_s params;
|
extern struct params_s params;
|
||||||
|
@ -345,32 +345,33 @@ void tamper_in(t_ctrack *ctrack, uint8_t *segment,size_t segment_buffer_size,siz
|
|||||||
|
|
||||||
DBGPRINT("tamper_in hostname=%s", ctrack->hostname)
|
DBGPRINT("tamper_in hostname=%s", ctrack->hostname)
|
||||||
|
|
||||||
if (!*params.hostlist_auto_filename) return;
|
if (*params.hostlist_auto_filename)
|
||||||
|
|
||||||
HostFailPoolPurgeRateLimited(¶ms.hostlist_auto_fail_counters);
|
|
||||||
|
|
||||||
if (ctrack->l7proto==HTTP && ctrack->hostname)
|
|
||||||
{
|
{
|
||||||
if (IsHttpReply(segment,*size))
|
HostFailPoolPurgeRateLimited(¶ms.hostlist_auto_fail_counters);
|
||||||
|
|
||||||
|
if (ctrack->l7proto==HTTP && ctrack->hostname)
|
||||||
{
|
{
|
||||||
VPRINT("incoming HTTP reply detected for hostname %s", ctrack->hostname);
|
if (IsHttpReply(segment,*size))
|
||||||
bFail = HttpReplyLooksLikeDPIRedirect(segment, *size, ctrack->hostname);
|
|
||||||
if (bFail)
|
|
||||||
{
|
{
|
||||||
VPRINT("redirect to another domain detected. possibly DPI redirect.")
|
VPRINT("incoming HTTP reply detected for hostname %s", ctrack->hostname);
|
||||||
HOSTLIST_DEBUGLOG_APPEND("%s : redirect to another domain", ctrack->hostname);
|
bFail = HttpReplyLooksLikeDPIRedirect(segment, *size, ctrack->hostname);
|
||||||
|
if (bFail)
|
||||||
|
{
|
||||||
|
VPRINT("redirect to another domain detected. possibly DPI redirect.")
|
||||||
|
HOSTLIST_DEBUGLOG_APPEND("%s : redirect to another domain", ctrack->hostname);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
VPRINT("local or in-domain redirect detected. it's not a DPI redirect.")
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
VPRINT("local or in-domain redirect detected. it's not a DPI redirect.")
|
{
|
||||||
}
|
// received not http reply. do not monitor this connection anymore
|
||||||
else
|
VPRINT("incoming unknown HTTP data detected for hostname %s", ctrack->hostname);
|
||||||
{
|
}
|
||||||
// received not http reply. do not monitor this connection anymore
|
if (bFail)
|
||||||
VPRINT("incoming unknown HTTP data detected for hostname %s", ctrack->hostname);
|
auto_hostlist_failed(ctrack->hostname);
|
||||||
}
|
|
||||||
if (bFail)
|
|
||||||
auto_hostlist_failed(ctrack->hostname);
|
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ctrack->bTamperInCutoff = true;
|
ctrack->bTamperInCutoff = true;
|
||||||
}
|
}
|
||||||
|
11
tpws/tpws.c
11
tpws/tpws.c
@ -144,6 +144,9 @@ static void exithelp(void)
|
|||||||
" --local-sndbuf=<bytes>\n"
|
" --local-sndbuf=<bytes>\n"
|
||||||
" --remote-rcvbuf=<bytes>\n"
|
" --remote-rcvbuf=<bytes>\n"
|
||||||
" --remote-sndbuf=<bytes>\n"
|
" --remote-sndbuf=<bytes>\n"
|
||||||
|
#ifdef __linux__
|
||||||
|
" --nosplice\t\t\t\t; do not use splice to transfer data between sockets\n"
|
||||||
|
#endif
|
||||||
" --skip-nodelay\t\t\t\t; do not set TCP_NODELAY option for outgoing connections (incompatible with split options)\n"
|
" --skip-nodelay\t\t\t\t; do not set TCP_NODELAY option for outgoing connections (incompatible with split options)\n"
|
||||||
" --maxconn=<max_connections>\n"
|
" --maxconn=<max_connections>\n"
|
||||||
#ifdef SPLICE_PRESENT
|
#ifdef SPLICE_PRESENT
|
||||||
@ -333,6 +336,7 @@ void parse_params(int argc, char *argv[])
|
|||||||
#elif defined(__linux__)
|
#elif defined(__linux__)
|
||||||
{ "mss",required_argument,0,0 },// optidx=53
|
{ "mss",required_argument,0,0 },// optidx=53
|
||||||
{ "mss-pf",required_argument,0,0 },// optidx=54
|
{ "mss-pf",required_argument,0,0 },// optidx=54
|
||||||
|
{ "nosplice",no_argument,0,0 },// optidx=55
|
||||||
#endif
|
#endif
|
||||||
{ "hostlist-auto-retrans-threshold",optional_argument,0,0}, // ignored. for nfqws command line compatibility
|
{ "hostlist-auto-retrans-threshold",optional_argument,0,0}, // ignored. for nfqws command line compatibility
|
||||||
{ NULL,0,NULL,0 }
|
{ NULL,0,NULL,0 }
|
||||||
@ -773,6 +777,9 @@ void parse_params(int argc, char *argv[])
|
|||||||
exit_clean(1);
|
exit_clean(1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case 55: /* nosplice */
|
||||||
|
params.nosplice = true;
|
||||||
|
break;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -912,11 +919,11 @@ static bool set_ulimit(void)
|
|||||||
|
|
||||||
if (!params.maxfiles)
|
if (!params.maxfiles)
|
||||||
{
|
{
|
||||||
// 4 fds per tamper connection (2 pipe + 2 socket), 6 fds for tcp proxy connection (4 pipe + 2 socket)
|
// 4 fds per tamper connection (2 pipe + 2 socket), 6 fds for tcp proxy connection (4 pipe + 2 socket), 2 fds (2 socket) for nosplice
|
||||||
// additional 1/2 for unpaired remote legs sending buffers
|
// additional 1/2 for unpaired remote legs sending buffers
|
||||||
// 16 for listen_fd, epoll, hostlist, ...
|
// 16 for listen_fd, epoll, hostlist, ...
|
||||||
#ifdef SPLICE_PRESENT
|
#ifdef SPLICE_PRESENT
|
||||||
fdmax = (params.tamper && !params.tamper_start && !params.tamper_cutoff ? 4 : 6) * params.maxconn;
|
fdmax = (params.nosplice ? 2 : (params.tamper && !params.tamper_start && !params.tamper_cutoff ? 4 : 6)) * params.maxconn;
|
||||||
#else
|
#else
|
||||||
fdmax = 2 * params.maxconn;
|
fdmax = 2 * params.maxconn;
|
||||||
#endif
|
#endif
|
||||||
|
@ -440,7 +440,7 @@ static tproxy_conn_t *new_conn(int fd, bool remote)
|
|||||||
#ifdef SPLICE_PRESENT
|
#ifdef SPLICE_PRESENT
|
||||||
// if dont tamper - both legs are spliced, create 2 pipes
|
// if dont tamper - both legs are spliced, create 2 pipes
|
||||||
// otherwise create pipe only in local leg
|
// otherwise create pipe only in local leg
|
||||||
if ((!remote || !params.tamper || params.tamper_start || params.tamper_cutoff ) && pipe2(conn->splice_pipe, O_NONBLOCK) != 0)
|
if (!params.nosplice && ( !remote || !params.tamper || params.tamper_start || params.tamper_cutoff ) && pipe2(conn->splice_pipe, O_NONBLOCK) != 0)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "Could not create the splice pipe\n");
|
fprintf(stderr, "Could not create the splice pipe\n");
|
||||||
free_conn(conn);
|
free_conn(conn);
|
||||||
@ -662,7 +662,7 @@ static bool handle_unsent(tproxy_conn_t *conn)
|
|||||||
DBGPRINT("+handle_unsent, fd=%d has_unsent=%d has_unsent_partner=%d",conn->fd,conn_has_unsent(conn),conn_partner_alive(conn) ? conn_has_unsent(conn->partner) : false)
|
DBGPRINT("+handle_unsent, fd=%d has_unsent=%d has_unsent_partner=%d",conn->fd,conn_has_unsent(conn),conn_partner_alive(conn) ? conn_has_unsent(conn->partner) : false)
|
||||||
|
|
||||||
#ifdef SPLICE_PRESENT
|
#ifdef SPLICE_PRESENT
|
||||||
if (conn->wr_unsent)
|
if (!params.nosplice && conn->wr_unsent)
|
||||||
{
|
{
|
||||||
wr = splice(conn->splice_pipe[0], NULL, conn->fd, NULL, conn->wr_unsent, SPLICE_F_MOVE | SPLICE_F_NONBLOCK);
|
wr = splice(conn->splice_pipe[0], NULL, conn->fd, NULL, conn->wr_unsent, SPLICE_F_MOVE | SPLICE_F_NONBLOCK);
|
||||||
DBGPRINT("splice unsent=%zd wr=%zd err=%d",conn->wr_unsent,wr,errno)
|
DBGPRINT("splice unsent=%zd wr=%zd err=%d",conn->wr_unsent,wr,errno)
|
||||||
@ -1067,7 +1067,7 @@ static bool handle_epoll(tproxy_conn_t *conn, struct tailhead *conn_list, uint32
|
|||||||
{
|
{
|
||||||
DBGPRINT("%s leg fd=%d stream pos : %" PRIu64 "(n%" PRIu64 ")/%" PRIu64, conn->remote ? "remote" : "local", conn->fd, conn->trd,conn->tnrd+1,conn->twr)
|
DBGPRINT("%s leg fd=%d stream pos : %" PRIu64 "(n%" PRIu64 ")/%" PRIu64, conn->remote ? "remote" : "local", conn->fd, conn->trd,conn->tnrd+1,conn->twr)
|
||||||
#ifdef SPLICE_PRESENT
|
#ifdef SPLICE_PRESENT
|
||||||
if (!params.tamper || conn->remote && conn->partner->track.bTamperInCutoff || !conn->remote && !in_tamper_out_range(conn))
|
if (!params.nosplice && (!params.tamper || conn->remote && conn->partner->track.bTamperInCutoff || !conn->remote && !in_tamper_out_range(conn)))
|
||||||
{
|
{
|
||||||
// incoming data from remote leg we splice without touching
|
// incoming data from remote leg we splice without touching
|
||||||
// pipe is in the local leg, so its in conn->partner->splice_pipe
|
// pipe is in the local leg, so its in conn->partner->splice_pipe
|
||||||
|
Loading…
Reference in New Issue
Block a user