add anit-pattern cli arg

2025-01-09 10:11:26 +00:00 · 2024-08-25 00:55:11 +03:00 · 2024-08-25 00:55:11 +03:00 · 05157f338b
commit 05157f338b
parent 03d63162be
4 changed files with 67 additions and 47 deletions
--- a/dns/dns.go
+++ b/dns/dns.go
@ -53,7 +53,7 @@ func (d *Dns) ResolveHost(ctx context.Context, host string, enableDoh bool, useS
 	ctx, cancel := context.WithTimeout(ctx, 3*time.Second)
 	defer cancel()

-	logger.Debug().Msgf("resolving %s using %s", host, clt)
+	logger.Info().Msgf("resolving %s using %s", host, clt)

 	t := time.Now()

--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@ -23,6 +23,7 @@ type Proxy struct {
 	windowSize       int
 	enableDoh        bool
 	allowedPattern   []*regexp.Regexp
+	unallowedPattern []*regexp.Regexp
 }

 func New(config *util.Config) *Proxy {
@ -33,6 +34,7 @@ func New(config *util.Config) *Proxy {
 		windowSize:       config.WindowSize,
 		enableDoh:        config.EnableDoh,
 		allowedPattern:   config.AllowedPatterns,
+		unallowedPattern: config.UnallowedPatterns,
 		resolver:         dns.NewDns(config),
 	}
 }
@ -109,17 +111,27 @@ func (pxy *Proxy) Start(ctx context.Context) {
 }

 func (pxy *Proxy) patternMatches(bytes []byte) bool {
-	if pxy.allowedPattern == nil {
+	if pxy.allowedPattern == nil && pxy.unallowedPattern == nil {
 		return true
 	}

+	if pxy.unallowedPattern == nil {
 		for _, pattern := range pxy.allowedPattern {
 			if pattern.Match(bytes) {
 				return true
 			}
 		}
-
 		return false
+
+	}
+
+	for _, pattern := range pxy.unallowedPattern {
+		if pattern.Match(bytes) {
+			return false
+		}
+	}
+
+	return true
 }

 func isLoopedRequest(ctx context.Context, ip net.IP) bool {
--- a/util/args.go
+++ b/util/args.go
@ -16,6 +16,7 @@ type Args struct {
 	SystemProxy      bool
 	Timeout          int
 	AllowedPattern   StringArray
+	UnallowedPattern StringArray
 	WindowSize       int
 	Version          bool
 }
@ -54,6 +55,11 @@ fragmentation for the first data packet and the rest
 		"pattern",
 		"bypass DPI only on packets matching this regex pattern; can be given multiple times",
 	)
+	flag.Var(
+		&args.UnallowedPattern,
+		"anti-pattern",
+		"bypass DPI on all packets except matching this regex pattern; can be given multiple times",
+	)

 	flag.Parse()

--- a/util/config.go
+++ b/util/config.go
@ -20,6 +20,7 @@ type Config struct {
 	Timeout           int
 	WindowSize        int
 	AllowedPatterns   []*regexp.Regexp
+	UnallowedPatterns []*regexp.Regexp
 }

 var config *Config
@ -41,18 +42,19 @@ func (c *Config) Load(args *Args) {
 	c.NoBanner = args.NoBanner
 	c.SystemProxy = args.SystemProxy
 	c.Timeout = args.Timeout
-	c.AllowedPatterns = parseAllowedPattern(args.AllowedPattern)
+	c.AllowedPatterns = parsePattern(args.AllowedPattern)
+	c.UnallowedPatterns = parsePattern(args.UnallowedPattern)
 	c.WindowSize = args.WindowSize
 }

-func parseAllowedPattern(patterns StringArray) []*regexp.Regexp {
-	var allowedPatterns []*regexp.Regexp
+func parsePattern(patterns StringArray) []*regexp.Regexp {
+	var result []*regexp.Regexp

 	for _, pattern := range patterns {
-		allowedPatterns = append(allowedPatterns, regexp.MustCompile(pattern))
+		result = append(result, regexp.MustCompile(pattern))
 	}

-	return allowedPatterns
+	return result
 }

 func PrintColoredBanner() {