From 27a6d256f09672240fa5c0a84446fa282d5eef14 Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Mon, 21 Mar 2022 15:17:27 +0300 Subject: [PATCH] Handle HTTP GET and POST in packets larger than --max-payload If --max-payload 1200 is used and there's HTTP request with lots of cookies which exceed 1200 bytes in size, this packet would have been skipped as 'too large', and the circumvention won't be applied. Fix this by checking for "GET " or "POST" in the beginning of the packet regardless of its size. --- src/goodbyedpi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 720fb58..f204fd0 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -216,7 +216,8 @@ static void add_ip_id_str(int id) { static void add_maxpayloadsize_str(unsigned short maxpayload) { char *newstr; - const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu : true)"; + /* 0x47455420 is "GET ", 0x504F5354 is "POST", big endian. */ + const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu or tcp.Payload32[0] == 0x47455420 or tcp.Payload32[0] == 0x504F5354 : true)"; char *addfilter = malloc(strlen(maxpayloadsize_str) + 16); sprintf(addfilter, maxpayloadsize_str, maxpayload);