mirror of
https://github.com/hufrea/byedpi.git
synced 2024-12-22 06:15:14 +00:00
Port filter
This commit is contained in:
parent
83128935b8
commit
380f91058c
19
extend.c
19
extend.c
@ -90,6 +90,13 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
|
||||
}
|
||||
|
||||
|
||||
inline bool check_port(uint16_t *p, struct sockaddr_in6 *dst)
|
||||
{
|
||||
return (dst->sin6_port >= p[0]
|
||||
&& dst->sin6_port <= p[1]);
|
||||
}
|
||||
|
||||
|
||||
int connect_hook(struct poolhd *pool, struct eval *val,
|
||||
struct sockaddr_ina *dst, int next)
|
||||
{
|
||||
@ -355,8 +362,9 @@ int on_desync(struct poolhd *pool, struct eval *val,
|
||||
if (!m) for (; m < params.dp_count; m++) {
|
||||
struct desync_params *dp = ¶ms.dp[m];
|
||||
if (!dp->detect &&
|
||||
(!dp->hosts || check_host(dp->hosts, val)) &&
|
||||
(!dp->proto || check_proto_tcp(dp->proto, val))) {
|
||||
(!dp->pf[0] || check_port(dp->pf, &val->pair->in6)) &&
|
||||
(!dp->proto || check_proto_tcp(dp->proto, val)) &&
|
||||
(!dp->hosts || check_host(dp->hosts, val))) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -379,16 +387,15 @@ ssize_t udp_hook(struct eval *val,
|
||||
if (!m) for (; m < params.dp_count; m++) {
|
||||
struct desync_params *dp = ¶ms.dp[m];
|
||||
if (!dp->detect &&
|
||||
(!dp->proto || (dp->proto & IS_UDP))) {
|
||||
(!dp->proto || (dp->proto & IS_UDP)) &&
|
||||
(!dp->pf[0] || check_port(dp->pf, &dst->in6))) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (m >= params.dp_count) {
|
||||
return -1;
|
||||
}
|
||||
val->attempt = m;
|
||||
|
||||
return desync_udp(val->fd, buffer, bfsize, n, &dst->sa, 0);
|
||||
return desync_udp(val->fd, buffer, bfsize, n, &dst->sa, m);
|
||||
}
|
||||
|
||||
|
||||
|
24
main.c
24
main.c
@ -84,7 +84,8 @@ const char help_text[] = {
|
||||
" -T, --timeout <sec> Timeout waiting for response, after which trigger auto\n"
|
||||
#endif
|
||||
" -K, --proto <t,h,u> Protocol whitelist: tls,http,udp\n"
|
||||
" -H, --hosts <file|:str> Hosts whitelist\n"
|
||||
" -H, --hosts <file|:str> Hosts whitelist, filename or :string\n"
|
||||
" -V, --pf <port[-portr]> Port or port range whitelist\n"
|
||||
" -s, --split <n[+s]> Split packet at n\n"
|
||||
" +s - add SNI offset\n"
|
||||
" +h - add HTTP Host offset\n"
|
||||
@ -130,6 +131,7 @@ const struct option options[] = {
|
||||
#endif
|
||||
{"proto", 1, 0, 'K'},
|
||||
{"hosts", 1, 0, 'H'},
|
||||
{"pf", 1, 0, 'V'},
|
||||
{"split", 1, 0, 's'},
|
||||
{"disorder", 1, 0, 'd'},
|
||||
{"oob", 1, 0, 'o'},
|
||||
@ -737,6 +739,24 @@ int main(int argc, char **argv)
|
||||
dp->udp_fake_count = val;
|
||||
break;
|
||||
|
||||
case 'V':
|
||||
val = strtol(optarg, &end, 0);
|
||||
if (val <= 0 || val > USHRT_MAX)
|
||||
invalid = 1;
|
||||
else {
|
||||
dp->pf[0] = htons(val);
|
||||
if (*end == '-') {
|
||||
val = strtol(end + 1, &end, 0);
|
||||
if (val <= 0 || val > USHRT_MAX)
|
||||
invalid = 1;
|
||||
}
|
||||
if (*end)
|
||||
invalid = 1;
|
||||
else
|
||||
dp->pf[1] = htons(val);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'g':
|
||||
val = strtol(optarg, &end, 0);
|
||||
if (val <= 0 || val > 255 || *end)
|
||||
@ -780,7 +800,7 @@ int main(int argc, char **argv)
|
||||
clear_params();
|
||||
return -1;
|
||||
}
|
||||
if (dp->hosts || dp->proto) {
|
||||
if (dp->hosts || dp->proto || dp->pf[0]) {
|
||||
dp = add((void *)¶ms.dp,
|
||||
¶ms.dp_count, sizeof(struct desync_params));
|
||||
if (!dp) {
|
||||
|
1
params.h
1
params.h
@ -68,6 +68,7 @@ struct desync_params {
|
||||
int proto;
|
||||
int detect;
|
||||
struct mphdr *hosts;
|
||||
uint16_t pf[2];
|
||||
|
||||
char *file_ptr;
|
||||
ssize_t file_size;
|
||||
|
2
proxy.c
2
proxy.c
@ -695,7 +695,7 @@ int on_udp_tunnel(struct eval *val, char *buffer, size_t bfsize)
|
||||
}
|
||||
val->pair->in6 = addr.in6;
|
||||
}
|
||||
ns = udp_hook(val, data + offs, bfsize - offs, n - offs,
|
||||
ns = udp_hook(val->pair, data + offs, bfsize - offs, n - offs,
|
||||
(struct sockaddr_ina *)&val->pair->in6);
|
||||
}
|
||||
else {
|
||||
|
Loading…
Reference in New Issue
Block a user