From 96fb5f951632e1bcf0718fdb28084d1091048aea Mon Sep 17 00:00:00 2001
From: ValdikSS <iam@valdikss.org.ru>
Date: Tue, 15 Aug 2017 08:25:55 +0300
Subject: [PATCH] Block passive DPI packets only with "Connection: close".
 Fixes #17.

Some servers set "don't fragment" flag and never increase TCP ID
field. If they send HTTP redirection to another website, it would
be blocked by the program.
This is a hack to block redirects only with "Connection: close"
header as presumably legal redirects are most likely would
use keep-alive.
---
 goodbyedpi.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/goodbyedpi.c b/goodbyedpi.c
index f66a3b2..9d8510d 100644
--- a/goodbyedpi.c
+++ b/goodbyedpi.c
@@ -29,6 +29,7 @@ static const char *http_host_find = "\r\nHost: ";
 static const char *http_host_replace = "\r\nhoSt: ";
 static const char *http_useragent_find = "\r\nUser-Agent: ";
 static const char *location_http = "\r\nLocation: http://";
+static const char *connection_close = "\r\nConnection: close";
 static const char *http_methods[] = {
     "GET ",
     "HEAD ",
@@ -91,8 +92,9 @@ static int is_passivedpi_redirect(const char *pktdata, int pktlen) {
     if (memcmp(pktdata, http11_redirect_302, strlen(http11_redirect_302)) == 0 ||
         memcmp(pktdata, http10_redirect_302, strlen(http10_redirect_302)) == 0)
     {
-        /* Then check if this is a redirect to new http site */
-        if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http))) {
+        /* Then check if this is a redirect to new http site with Connection: close */
+        if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http)) &&
+            dumb_memmem(pktdata, pktlen, connection_close, strlen(connection_close))) {
             return 1;
         }
     }