mirrors/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2024-12-22 06:15:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

New experimental feature: UDP DNS redirection

Browse Source
This commit is contained in:
ValdikSS 2017-12-06 03:06:40 +03:00
parent 61e39bc095
commit a182f52207
4 changed files with 1475 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
dnsredir.c Normal file
View File

@ -0,0 +1,178 @@
/*
* DNS UDP Connection Tracker for GoodbyeDPI
*
* This is a simple connection tracker for DNS UDP data.
* It's not a proper one. The caveats as follows:
* * Uses only source IP address and port as a hash key;
* * One-shot only. Removes conntrack record as soon as gets the reply;
* * Does not properly parse DNS request and response, only checks some bytes;
*
* But anyway, it works fine for DNS.
*/
#include <windows.h>
#include <time.h>
#include <stdio.h>
#include "dnsredir.h"
#include "uthash.h"
// IPv6 incompatible!
#define UDP_CONNRECORD_KEY_LEN 6
#define DNS_CLEANUP_INTERVAL_SEC 30
#ifndef debug
#define debug(...) do {} while (0)
#endif
#ifndef debug
#define debug(...) printf(...)
#endif
/* HACK!
* uthash uses strlen() for HASH_FIND_STR.
* We have null bytes in our key, so we can't use strlen()
* And since it's always UDP_CONNRECORD_KEY_LEN bytes long,
* we don't need to use any string function to determine length.
*/
#undef uthash_strlen
#define uthash_strlen(s) UDP_CONNRECORD_KEY_LEN
typedef struct udp_connrecord {
/* key (srcip[4] + srcport[2]) */
char key[UDP_CONNRECORD_KEY_LEN];
time_t time; /* time when this record was added */
uint32_t dstip;
uint16_t dstport;
UT_hash_handle hh; /* makes this structure hashable */
} udp_connrecord_t;
static time_t last_cleanup = 0;
static udp_connrecord_t *conntrack = NULL;
inline static void construct_key(const uint32_t srcip, const uint16_t srcport, char *key) {
debug("Construct key enter\n");
if (key) {
debug("Constructing key\n");
*(uint32_t*)(key) = srcip;
*(uint16_t*)(key + sizeof(srcip)) = srcport;
}
debug("Construct key end\n");
}
inline static void deconstruct_key(const char *key, udp_connrecord_t *connrecord,
conntrack_info_t *conn_info) {
debug("Deconstruct key enter\n");
if (key && conn_info) {
debug("Deconstructing key\n");
conn_info->srcip = *(uint32_t*)(key);
conn_info->srcport = *(uint16_t*)(key + sizeof(conn_info->srcip));
conn_info->dstip = connrecord->dstip;
conn_info->dstport = connrecord->dstport;
}
debug("Deconstruct key end\n");
}
static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connrecord) {
udp_connrecord_t *tmp_connrecord = NULL;
if (!conntrack) return FALSE;
HASH_FIND_STR(conntrack, key, tmp_connrecord);
if (tmp_connrecord) {
if (connrecord)
*connrecord = tmp_connrecord;
debug("check_get_udp_conntrack_key found key\n");
return TRUE;
}
debug("check_get_udp_conntrack_key key not found\n");
return FALSE;
}
static int add_udp_conntrack(const uint32_t srcip, const uint16_t srcport,
const uint32_t dstip, const uint16_t dstport) {
udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
if (!(srcip && srcport && dstip && dstport))
return FALSE;
construct_key(srcip, srcport, tmp_connrecord->key);
if (!check_get_udp_conntrack_key(tmp_connrecord->key, NULL)) {
tmp_connrecord->time = time(NULL);
tmp_connrecord->dstip = dstip;
tmp_connrecord->dstport = dstport;
HASH_ADD_STR(conntrack, key, tmp_connrecord);
debug("Added UDP conntrack\n");
return TRUE;
}
debug("Not added UDP conntrack\n");
return FALSE;
}
void dns_cleanup() {
udp_connrecord_t *tmp_connrecord, *tmp_connrecord2 = NULL;
if (last_cleanup == 0) {
last_cleanup = time(NULL);
return;
}
if (difftime(time(NULL), last_cleanup) >= DNS_CLEANUP_INTERVAL_SEC) {
last_cleanup = time(NULL);
HASH_ITER(hh, conntrack, tmp_connrecord, tmp_connrecord2) {
if (difftime(last_cleanup, tmp_connrecord->time) >= DNS_CLEANUP_INTERVAL_SEC) {
HASH_DEL(conntrack, tmp_connrecord);
free(tmp_connrecord);
}
}
}
}
int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
const uint32_t dstip, const uint16_t dstport,
const char *packet_data, const UINT packet_dataLen) {
if (packet_dataLen < 16)
return FALSE;
dns_cleanup();
if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
(ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
/* Looks like DNS request */
debug("trying to add srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
return add_udp_conntrack(srcip, srcport, dstip, dstport);
}
debug("____dns_handle_outgoing FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
return FALSE;
}
int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
const uint32_t dstip, const uint16_t dstport,
const char *packet_data, const UINT packet_dataLen,
conntrack_info_t *conn_info) {
char key[UDP_CONNRECORD_KEY_LEN];
udp_connrecord_t *tmp_connrecord = NULL;
if (packet_dataLen < 16 || !conn_info)
return FALSE;
dns_cleanup();
if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
/* Looks like DNS response */
construct_key(srcip, srcport, key);
if (check_get_udp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
/* Connection exists in conntrack, moving on */
deconstruct_key(key, tmp_connrecord, conn_info);
HASH_DEL(conntrack, tmp_connrecord);
free(tmp_connrecord);
return TRUE;
}
}
debug("____dns_handle_incoming FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
return FALSE;
}

17
dnsredir.h Normal file
View File

@ -0,0 +1,17 @@
#include <stdint.h>
typedef struct conntrack_info {
uint32_t srcip;
uint16_t srcport;
uint32_t dstip;
uint16_t dstport;
} conntrack_info_t;
int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
const uint32_t dstip, const uint16_t dstport,
const char *packet_data, const UINT packet_dataLen,
conntrack_info_t *conn_info);
int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
const uint32_t dstip, const uint16_t dstport,
const char *packet_data, const UINT packet_dataLen);

78
goodbyedpi.c
View File

@ -10,6 +10,7 @@
#include <string.h> #include <string.h>
#include <getopt.h> #include <getopt.h>
#include "windivert.h" #include "windivert.h"
#include "dnsredir.h"
#define die() do { printf("Something went wrong!\n" \ #define die() do { printf("Something went wrong!\n" \
"Make sure you're running this program with administrator privileges\n"); \ "Make sure you're running this program with administrator privileges\n"); \
@ -58,6 +59,8 @@ static const char *http_methods[] = {
static struct option long_options[] = { static struct option long_options[] = {
{"port", required_argument, 0, 'z' }, {"port", required_argument, 0, 'z' },
{"dns-addr", required_argument, 0, 'd' },
{"dns-port", required_argument, 0, 'g' },
{0, 0, 0, 0 } {0, 0, 0, 0 }
}; };
@ -230,14 +233,18 @@ int main(int argc, char *argv[]) {
UINT packet_dataLen; UINT packet_dataLen;
PWINDIVERT_IPHDR ppIpHdr; PWINDIVERT_IPHDR ppIpHdr;
PWINDIVERT_TCPHDR ppTcpHdr; PWINDIVERT_TCPHDR ppTcpHdr;
PWINDIVERT_UDPHDR ppUdpHdr;
conntrack_info_t dns_conn_info;
int do_passivedpi = 0, do_fragment_http = 0, int do_passivedpi = 0, do_fragment_http = 0,
do_fragment_https = 0, do_host = 0, do_fragment_https = 0, do_host = 0,
do_host_removespace = 0, do_additional_space = 0, do_host_removespace = 0, do_additional_space = 0,
do_http_allports = 0, do_http_allports = 0,
do_host_mixedcase = 0; do_host_mixedcase = 0, do_dns_redirect = 0;
int http_fragment_size = 2; int http_fragment_size = 2;
int https_fragment_size = 2; int https_fragment_size = 2;
uint32_t dns_addr = 0;
uint16_t dns_port = htons(53);
char *host_addr, *useragent_addr, *method_addr; char *host_addr, *useragent_addr, *method_addr;
int host_len, useragent_len; int host_len, useragent_len;
@ -315,6 +322,24 @@ int main(int argc, char *argv[]) {
add_filter_str(IPPROTO_TCP, i); add_filter_str(IPPROTO_TCP, i);
i = 0; i = 0;
break; break;
case 'd':
do_dns_redirect = 1;
dns_addr = inet_addr(optarg);
if (!dns_addr) {
printf("DNS address parameter error!\n");
exit(EXIT_FAILURE);
}
add_filter_str(IPPROTO_UDP, 53);
break;
case 'g':
dns_port = atoi(optarg);
if (dns_port <= 0 || dns_port > 65535) {
printf("DNS port parameter error!\n");
exit(EXIT_FAILURE);
}
add_filter_str(IPPROTO_UDP, dns_port);
dns_port = ntohs(dns_port);
break;
default: default:
printf("Usage: goodbyedpi.exe [OPTION...]\n" printf("Usage: goodbyedpi.exe [OPTION...]\n"
" -p block passive DPI\n" " -p block passive DPI\n"
@ -326,6 +351,8 @@ int main(int argc, char *argv[]) {
" -e [value] set HTTPS fragmentation to value\n" " -e [value] set HTTPS fragmentation to value\n"
" -w try to find and parse HTTP traffic on all processed ports (not only on port 80)\n" " -w try to find and parse HTTP traffic on all processed ports (not only on port 80)\n"
" --port additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n" " --port additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n"
" --dns-addr redirect UDP DNS requests to the supplied IP address (experimental)\n"
" --dns-port redirect UDP DNS requests to the supplied port (53 by default)\n"
"\n" "\n"
" -1 -p -r -s -f 2 -e 2 (most compatible mode, default)\n" " -1 -p -r -s -f 2 -e 2 (most compatible mode, default)\n"
" -2 -p -r -s -f 2 -e 40 (better speed yet still compatible)\n" " -2 -p -r -s -f 2 -e 40 (better speed yet still compatible)\n"
@ -337,11 +364,11 @@ int main(int argc, char *argv[]) {
printf("Block passive: %d, Fragment HTTP: %d, Fragment HTTPS: %d, " printf("Block passive: %d, Fragment HTTP: %d, Fragment HTTPS: %d, "
"hoSt: %d, Host no space: %d, Additional space: %d, Mix Host: %d, " "hoSt: %d, Host no space: %d, Additional space: %d, Mix Host: %d, "
"HTTP AllPorts: %d\n", "HTTP AllPorts: %d, DNS redirect: %d\n",
do_passivedpi, (do_fragment_http ? http_fragment_size : 0), do_passivedpi, (do_fragment_http ? http_fragment_size : 0),
(do_fragment_https ? https_fragment_size : 0), (do_fragment_https ? https_fragment_size : 0),
do_host, do_host_removespace, do_additional_space, do_host_mixedcase, do_host, do_host_removespace, do_additional_space, do_host_mixedcase,
do_http_allports do_http_allports, do_dns_redirect
); );
if (do_fragment_http && http_fragment_size > 2) { if (do_fragment_http && http_fragment_size > 2) {
@ -391,7 +418,7 @@ int main(int argc, char *argv[]) {
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) { NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
//printf("Got parsed packet, len=%d!\n", packet_dataLen); //printf("Got parsed packet, len=%d!\n", packet_dataLen);
/* Got a packet WITH DATA */ /* Got a TCP packet WITH DATA */
/* Handle INBOUND packet with data and find HTTP REDIRECT in there */ /* Handle INBOUND packet with data and find HTTP REDIRECT in there */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) { if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) {
@ -493,13 +520,13 @@ int main(int argc, char *argv[]) {
} /* else if (do_host_removespace) */ } /* else if (do_host_removespace) */
} /* if (find_header_and_get_info http_host) */ } /* if (find_header_and_get_info http_host) */
} /* Handle OUTBOUND packet with data */ } /* Handle OUTBOUND packet with data */
} /* Handle packet with data */ } /* Handle TCP packet with data */
/* Else if we got TCP packet without data */ /* Else if we got TCP packet without data */
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) { NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
/* If we got INBOUND SYN+ACK packet */ /* If we got INBOUND SYN+ACK packet */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && if (addr.Direction == WINDIVERT_DIRECTION_INBOUND &&
ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) { ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) {
//printf("Changing Window Size!\n"); //printf("Changing Window Size!\n");
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) { if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
@ -513,6 +540,45 @@ int main(int argc, char *argv[]) {
} }
} }
/* Else if we got UDP packet with data */
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)) {
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) {
if (dns_handle_incoming(ppIpHdr->DstAddr, ppUdpHdr->DstPort,
ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
packet_data, packet_dataLen,
&dns_conn_info))
{
/* Changing source IP and port to the values
* from DNS conntrack */
ppIpHdr->SrcAddr = dns_conn_info.dstip;
ppUdpHdr->DstPort = dns_conn_info.srcport;
ppUdpHdr->SrcPort = dns_conn_info.dstport;
should_recalc_checksum = 1;
}
else {
printf("[DNS] Error handling incoming packet!\n");
}
}
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND) {
if (dns_handle_outgoing(ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
ppIpHdr->DstAddr, ppUdpHdr->DstPort,
packet_data, packet_dataLen))
{
/* Changing destination IP and port to the values
* from configuration */
ppIpHdr->DstAddr = dns_addr;
ppUdpHdr->DstPort = dns_port;
should_recalc_checksum = 1;
}
else {
printf("[DNS] Error handling outgoing packet!\n");
}
}
}
if (should_reinject) { if (should_reinject) {
//printf("Re-injecting!\n"); //printf("Re-injecting!\n");
if (should_recalc_checksum) { if (should_recalc_checksum) {

1208
uthash.h Normal file
View File

File diff suppressed because it is too large Load Diff