ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-09-22 09:42:51 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

nfqws: wireguard protocol recognition

Browse Source
This commit is contained in:
bol-van 2023-08-12 09:56:19 +03:00
parent b80c501eb9
commit bc6b683009
14 changed files with 38 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/aarch64/nfqws
View File

Binary file not shown.

BIN
binaries/arm/nfqws
View File

Binary file not shown.

BIN
binaries/freebsd-x64/dvtws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/nfqws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/nfqws
View File

Binary file not shown.

BIN
binaries/mips64r2-msb/nfqws
View File

Binary file not shown.

BIN
binaries/ppc/nfqws
View File

Binary file not shown.

BIN
binaries/x86/nfqws
View File

Binary file not shown.

BIN
binaries/x86_64/nfqws
View File

Binary file not shown.

7
nfq/desync.c
View File

@ -727,6 +727,13 @@ packet_process_result dpi_desync_udp_packet(uint32_t fwmark, const char *ifout,
}
bKnownProtocol = true;
}
else if (IsWireguardHandshakeInitiation(data_payload,len_payload))
{
DLOG("packet contains wireguard handshake initiation\n")
fake = params.fake_wg;
fake_size = params.fake_wg_size;
bKnownProtocol = true;
}
else
{
if (!params.desync_any_proto) return res;

35
nfq/nfqws.c
View File

@ -546,6 +546,7 @@ static void exithelp()
" --dpi-desync-fake-tls=<filename>\t; file containing fake TLS ClientHello (for https)\n"
" --dpi-desync-fake-unknown=<filename>\t; file containing unknown protocol fake payload\n"
" --dpi-desync-fake-quic=<filename>\t; file containing fake QUIC Initial\n"
" --dpi-desync-fake-wireguard=<filename>\t; file containing fake wireguard handshake initiation\n"
" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
" --dpi-desync-udplen-increment=<int>\t; increase or decrease udp packet length by N bytes (default %u). negative values decrease length.\n"
" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
@ -645,6 +646,7 @@ int main(int argc, char **argv)
memcpy(params.fake_http,fake_http_request_default,params.fake_http_size);
params.fake_quic_size = 620; // must be 601+ for TSPU hack
params.fake_quic[0] = 0x40; // russian TSPU QUIC short header fake
params.fake_wg_size = 64;
params.fake_unknown_size = 256;
params.fake_unknown_udp_size = 64;
params.wscale=-1; // default - dont change scale factor (client)
@ -712,14 +714,15 @@ int main(int argc, char **argv)
{"dpi-desync-fake-tls",required_argument,0,0},// optidx=29
{"dpi-desync-fake-unknown",required_argument,0,0},// optidx=30
{"dpi-desync-fake-quic",required_argument,0,0},// optidx=31
{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=32
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=33
{"dpi-desync-cutoff",required_argument,0,0},// optidx=34
{"hostlist",required_argument,0,0}, // optidx=35
{"hostlist-exclude",required_argument,0,0}, // optidx=36
{"dpi-desync-fake-wireguard",required_argument,0,0},// optidx=32
{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=33
{"dpi-desync-udplen-increment",required_argument,0,0},// optidx=34
{"dpi-desync-cutoff",required_argument,0,0},// optidx=35
{"hostlist",required_argument,0,0}, // optidx=36
{"hostlist-exclude",required_argument,0,0}, // optidx=37
#ifdef __linux__
{"bind-fix4",no_argument,0,0}, // optidx=37
{"bind-fix6",no_argument,0,0}, // optidx=38
{"bind-fix4",no_argument,0,0}, // optidx=38
{"bind-fix6",no_argument,0,0}, // optidx=39
#endif
{NULL,0,NULL,0}
};
@ -1001,32 +1004,36 @@ int main(int argc, char **argv)
params.fake_quic_size = sizeof(params.fake_quic);
load_file_or_exit(optarg,params.fake_quic,&params.fake_quic_size);
break;
case 32: /* dpi-desync-fake-unknown-udp */
case 32: /* dpi-desync-fake-wireguard */
params.fake_wg_size = sizeof(params.fake_wg);
load_file_or_exit(optarg,params.fake_wg,&params.fake_wg_size);
break;
case 33: /* dpi-desync-fake-unknown-udp */
params.fake_unknown_udp_size = sizeof(params.fake_unknown_udp);
load_file_or_exit(optarg,params.fake_unknown_udp,&params.fake_unknown_udp_size);
break;
case 33: /* dpi-desync-udplen-increment */
case 34: /* dpi-desync-udplen-increment */
if (sscanf(optarg,"%d",&params.udplen_increment)<1 || params.udplen_increment>0x7FFF || params.udplen_increment<-0x8000)
{
fprintf(stderr, "dpi-desync-udplen-increment must be integer within -32768..32767 range\n");
exit_clean(1);
}
break;
case 34: /* desync-cutoff */
case 35: /* desync-cutoff */
if (!parse_cutoff(optarg, &params.desync_cutoff, &params.desync_cutoff_mode))
{
fprintf(stderr, "invalid desync-cutoff value\n");
exit_clean(1);
}
break;
case 35: /* hostlist */
case 36: /* hostlist */
if (!strlist_add(&params.hostlist_files, optarg))
{
fprintf(stderr, "strlist_add failed\n");
exit_clean(1);
}
break;
case 36: /* hostlist-exclude */
case 37: /* hostlist-exclude */
if (!strlist_add(&params.hostlist_exclude_files, optarg))
{
fprintf(stderr, "strlist_add failed\n");
@ -1034,10 +1041,10 @@ int main(int argc, char **argv)
}
break;
#ifdef __linux__
case 37: /* bind-fix4 */
case 38: /* bind-fix4 */
params.bind_fix4 = true;
break;
case 38: /* bind-fix6 */
case 39: /* bind-fix6 */
params.bind_fix6 = true;
break;
#endif

4
nfq/params.h
View File

@ -50,8 +50,8 @@ struct params_s
uint8_t desync_fooling_mode;
uint32_t desync_fwmark; // unused in BSD
uint32_t desync_badseq_increment, desync_badseq_ack_increment;
uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
uint8_t fake_http[1432],fake_tls[1432],fake_quic[1472],fake_wg[1472],fake_unknown[1432],fake_unknown_udp[1472];
size_t fake_http_size,fake_tls_size,fake_quic_size,fake_wg_size,fake_unknown_size,fake_unknown_udp_size;
int udplen_increment;
bool droproot;
uid_t uid;

6
nfq/protocol.c
View File

@ -188,6 +188,12 @@ bool TLSHelloExtractHostFromHandshake(const uint8_t *data, size_t len, char *hos
}
bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len)
{
return len==148 && data[0]==1 && data[1]==0 && data[2]==0 && data[3]==0;
}
/* Returns the QUIC draft version or 0 if not applicable. */
uint8_t QUICDraftVersion(uint32_t version)
{

2
nfq/protocol.h
View File

@ -15,6 +15,8 @@ bool TLSFindExtInHandshake(const uint8_t *data, size_t len, uint16_t type, const
bool TLSHelloExtractHost(const uint8_t *data, size_t len, char *host, size_t len_host);
bool TLSHelloExtractHostFromHandshake(const uint8_t *data, size_t len, char *host, size_t len_host);
bool IsWireguardHandshakeInitiation(const uint8_t *data, size_t len);
#define QUIC_MAX_CID_LENGTH 20
typedef struct quic_cid {
uint8_t len;