Block passive DPI packets only with "Connection: close". Fixes #17.

Some servers set "don't fragment" flag and never increase TCP ID
field. If they send HTTP redirection to another website, it would
be blocked by the program.
This is a hack to block redirects only with "Connection: close"
header as presumably legal redirects are most likely would
use keep-alive.
This commit is contained in:
ValdikSS 2017-08-15 08:25:55 +03:00
parent c1ca4f9804
commit 96fb5f9516

View File

@ -29,6 +29,7 @@ static const char *http_host_find = "\r\nHost: ";
static const char *http_host_replace = "\r\nhoSt: "; static const char *http_host_replace = "\r\nhoSt: ";
static const char *http_useragent_find = "\r\nUser-Agent: "; static const char *http_useragent_find = "\r\nUser-Agent: ";
static const char *location_http = "\r\nLocation: http://"; static const char *location_http = "\r\nLocation: http://";
static const char *connection_close = "\r\nConnection: close";
static const char *http_methods[] = { static const char *http_methods[] = {
"GET ", "GET ",
"HEAD ", "HEAD ",
@ -91,8 +92,9 @@ static int is_passivedpi_redirect(const char *pktdata, int pktlen) {
if (memcmp(pktdata, http11_redirect_302, strlen(http11_redirect_302)) == 0 || if (memcmp(pktdata, http11_redirect_302, strlen(http11_redirect_302)) == 0 ||
memcmp(pktdata, http10_redirect_302, strlen(http10_redirect_302)) == 0) memcmp(pktdata, http10_redirect_302, strlen(http10_redirect_302)) == 0)
{ {
/* Then check if this is a redirect to new http site */ /* Then check if this is a redirect to new http site with Connection: close */
if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http))) { if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http)) &&
dumb_memmem(pktdata, pktlen, connection_close, strlen(connection_close))) {
return 1; return 1;
} }
} }