From 380f91058c274fd51a5849dbe5ce5a1964d5bc0b Mon Sep 17 00:00:00 2001 From: ruti <> Date: Mon, 29 Jul 2024 16:08:35 +0300 Subject: [PATCH] Port filter --- extend.c | 21 ++++++++++++++------- main.c | 24 ++++++++++++++++++++++-- params.h | 1 + proxy.c | 2 +- 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/extend.c b/extend.c index 8b71b0d..92abe93 100644 --- a/extend.c +++ b/extend.c @@ -90,6 +90,13 @@ int mode_add_get(struct sockaddr_ina *dst, int m) } +inline bool check_port(uint16_t *p, struct sockaddr_in6 *dst) +{ + return (dst->sin6_port >= p[0] + && dst->sin6_port <= p[1]); +} + + int connect_hook(struct poolhd *pool, struct eval *val, struct sockaddr_ina *dst, int next) { @@ -355,8 +362,9 @@ int on_desync(struct poolhd *pool, struct eval *val, if (!m) for (; m < params.dp_count; m++) { struct desync_params *dp = ¶ms.dp[m]; if (!dp->detect && - (!dp->hosts || check_host(dp->hosts, val)) && - (!dp->proto || check_proto_tcp(dp->proto, val))) { + (!dp->pf[0] || check_port(dp->pf, &val->pair->in6)) && + (!dp->proto || check_proto_tcp(dp->proto, val)) && + (!dp->hosts || check_host(dp->hosts, val))) { break; } } @@ -379,16 +387,15 @@ ssize_t udp_hook(struct eval *val, if (!m) for (; m < params.dp_count; m++) { struct desync_params *dp = ¶ms.dp[m]; if (!dp->detect && - (!dp->proto || (dp->proto & IS_UDP))) { + (!dp->proto || (dp->proto & IS_UDP)) && + (!dp->pf[0] || check_port(dp->pf, &dst->in6))) { break; } } if (m >= params.dp_count) { return -1; - } - val->attempt = m; - - return desync_udp(val->fd, buffer, bfsize, n, &dst->sa, 0); + } + return desync_udp(val->fd, buffer, bfsize, n, &dst->sa, m); } diff --git a/main.c b/main.c index 487297d..a8e38af 100644 --- a/main.c +++ b/main.c @@ -84,7 +84,8 @@ const char help_text[] = { " -T, --timeout Timeout waiting for response, after which trigger auto\n" #endif " -K, --proto Protocol whitelist: tls,http,udp\n" - " -H, --hosts Hosts whitelist\n" + " -H, --hosts Hosts whitelist, filename or :string\n" + " -V, --pf Port or port range whitelist\n" " -s, --split Split packet at n\n" " +s - add SNI offset\n" " +h - add HTTP Host offset\n" @@ -130,6 +131,7 @@ const struct option options[] = { #endif {"proto", 1, 0, 'K'}, {"hosts", 1, 0, 'H'}, + {"pf", 1, 0, 'V'}, {"split", 1, 0, 's'}, {"disorder", 1, 0, 'd'}, {"oob", 1, 0, 'o'}, @@ -737,6 +739,24 @@ int main(int argc, char **argv) dp->udp_fake_count = val; break; + case 'V': + val = strtol(optarg, &end, 0); + if (val <= 0 || val > USHRT_MAX) + invalid = 1; + else { + dp->pf[0] = htons(val); + if (*end == '-') { + val = strtol(end + 1, &end, 0); + if (val <= 0 || val > USHRT_MAX) + invalid = 1; + } + if (*end) + invalid = 1; + else + dp->pf[1] = htons(val); + } + break; + case 'g': val = strtol(optarg, &end, 0); if (val <= 0 || val > 255 || *end) @@ -780,7 +800,7 @@ int main(int argc, char **argv) clear_params(); return -1; } - if (dp->hosts || dp->proto) { + if (dp->hosts || dp->proto || dp->pf[0]) { dp = add((void *)¶ms.dp, ¶ms.dp_count, sizeof(struct desync_params)); if (!dp) { diff --git a/params.h b/params.h index ffe3c65..673a112 100644 --- a/params.h +++ b/params.h @@ -68,6 +68,7 @@ struct desync_params { int proto; int detect; struct mphdr *hosts; + uint16_t pf[2]; char *file_ptr; ssize_t file_size; diff --git a/proxy.c b/proxy.c index 092d8e0..f4bdc3e 100644 --- a/proxy.c +++ b/proxy.c @@ -695,7 +695,7 @@ int on_udp_tunnel(struct eval *val, char *buffer, size_t bfsize) } val->pair->in6 = addr.in6; } - ns = udp_hook(val, data + offs, bfsize - offs, n - offs, + ns = udp_hook(val->pair, data + offs, bfsize - offs, n - offs, (struct sockaddr_ina *)&val->pair->in6); } else {