From 38f4fe169e8cd5efb14f74e646aeea8429a9de90 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Sat, 9 Nov 2024 16:20:13 +0300 Subject: [PATCH 1/3] More details in logs --- desync.c | 8 ++++++++ extend.c | 4 ++-- proxy.c | 17 ++++++++--------- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/desync.c b/desync.c index c63c749..4bb3819 100644 --- a/desync.c +++ b/desync.c @@ -446,6 +446,14 @@ ssize_t desync(int sfd, char *buffer, size_t bfsize, len, host, host - buffer); host_pos = host - buffer; } + else { + size_t s = n > 16 ? 16 : n - (n % 4); + char hex[s * 2 + 1], *b = buffer; + for (size_t i = 0; i < s; i += 4) + snprintf(hex + i * 2, sizeof(hex) - i * 2, + "%02x%02x%02x%02x", b[i],b[i+1],b[i+2],b[i+3]); + LOG(LOG_S, "bytes: %s (%zd)\n", s ? hex : "", n); + } } // modify packet if (type == IS_HTTP && dp.mod_http) { diff --git a/extend.c b/extend.c index 37f8f70..c588103 100644 --- a/extend.c +++ b/extend.c @@ -454,7 +454,7 @@ ssize_t tcp_send_hook(struct eval *remote, skip = 1; } else { - LOG((m ? LOG_S : LOG_L), "desync TCP, m=%d, r=%d\n", m, r); + LOG(LOG_S, "desync TCP: group=%d, round=%d, fd=%d\n", m, r, remote->fd); ssize_t offset = remote->pair->round_sent; if (!offset && remote->round_count) offset = -1; @@ -541,7 +541,7 @@ ssize_t udp_hook(struct eval *val, if (!check_round(params.dp[m].rounds, r)) { return send(val->fd, buffer, n, 0); } - LOG(LOG_S, "desync UDP, m=%d, r=%d\n", m, r); + LOG(LOG_S, "desync UDP: group=%d, round=%d, fd=%d\n", m, r, val->fd); return desync_udp(val->fd, buffer, bfsize, n, &dst->sa, m); } diff --git a/proxy.c b/proxy.c index c918541..286e314 100644 --- a/proxy.c +++ b/proxy.c @@ -407,6 +407,11 @@ int create_conn(struct poolhd *pool, close(sfd); return -1; } + if (params.debug) { + INIT_ADDR_STR((*dst)); + LOG(LOG_S, "new conn: fd=%d, pair=%d, addr=%s:%d\n", + sfd, val->fd, ADDR_STR, ntohs(dst->in.sin_port)); + } int status = connect(sfd, &addr.sa, SA_SIZE(&addr)); if (status == 0 && params.tfo) { LOG(LOG_S, "TFO supported!\n"); @@ -435,12 +440,6 @@ int create_conn(struct poolhd *pool, #endif pair->flag = FLAG_CONN; //val->type = EV_IGNORE; - - if (params.debug) { - INIT_ADDR_STR((*dst)); - LOG(LOG_S, "new conn: fd=%d, addr=%s:%d\n", - val->pair->fd, ADDR_STR, ntohs(dst->in.sin_port)); - } return 0; } @@ -496,8 +495,8 @@ int udp_associate(struct poolhd *pool, } if (params.debug) { INIT_ADDR_STR((*dst)); - LOG(LOG_S, "udp associate: fds=%d,%d addr=%s:%d\n", - ufd, cfd, ADDR_STR, ntohs(dst->in.sin_port)); + LOG(LOG_S, "udp associate: fds=%d,%d,%d addr=%s:%d\n", + ufd, cfd, val->fd, ADDR_STR, ntohs(dst->in.sin_port)); } val->type = EV_IGNORE; val->pair = client; @@ -673,7 +672,7 @@ int on_tunnel(struct poolhd *pool, struct eval *val, return -1; } if (sn < n) { - LOG(LOG_S, "send: %zd != %zd (fd: %d)\n", sn, n, pair->fd); + LOG(LOG_S, "send: %zd != %zd (fd=%d)\n", sn, n, pair->fd); assert(!(val->buff.size || val->buff.offset)); val->buff.size = n - sn; From 276073ddea9f1b51faa47274301140864f682885 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Sat, 9 Nov 2024 18:07:27 +0300 Subject: [PATCH 2/3] More pedantic code --- desync.c | 24 ++++++++++++------------ desync.h | 4 ++-- extend.c | 25 +++++++++++++------------ extend.h | 6 +++--- main.c | 2 +- packets.c | 41 +++++++++++++++++++++-------------------- packets.h | 16 +++++++--------- proxy.c | 46 +++++++++++++++++++++++----------------------- proxy.h | 13 ++++--------- 9 files changed, 86 insertions(+), 91 deletions(-) diff --git a/desync.c b/desync.c index 4bb3819..4fe70f7 100644 --- a/desync.c +++ b/desync.c @@ -47,7 +47,7 @@ int setttl(int fd, int ttl) } #ifdef __linux__ -int drop_sack(int fd) +static int drop_sack(int fd) { struct sock_filter code[] = { { 0x30, 0, 0, 0x0000000c }, @@ -85,7 +85,7 @@ static inline void delay(long ms) #endif #ifdef __linux__ -void wait_send(int sfd) +static void wait_send(int sfd) { for (int i = 0; params.wait_send && i < 500; i++) { struct tcp_info tcpi = {}; @@ -122,7 +122,7 @@ void wait_send(int sfd) #endif #ifdef __linux__ -ssize_t send_fake(int sfd, char *buffer, +static ssize_t send_fake(int sfd, const char *buffer, int cnt, long pos, struct desync_params *opt) { struct sockaddr_in6 addr = {}; @@ -234,7 +234,7 @@ ssize_t send_fake(int sfd, char *buffer, #ifdef _WIN32 OVERLAPPED ov = {}; -ssize_t send_fake(int sfd, char *buffer, +static ssize_t send_fake(int sfd, const char *buffer, int cnt, long pos, struct desync_params *opt) { struct packet pkt; @@ -334,8 +334,8 @@ ssize_t send_fake(int sfd, char *buffer, } #endif -ssize_t send_oob(int sfd, char *buffer, - ssize_t n, long pos, char *c) +static ssize_t send_oob(int sfd, char *buffer, + ssize_t n, long pos, const char *c) { char rchar = buffer[pos]; buffer[pos] = c[1] ? c[0] : 'a'; @@ -357,8 +357,8 @@ ssize_t send_oob(int sfd, char *buffer, } -ssize_t send_disorder(int sfd, - char *buffer, long pos) +static ssize_t send_disorder(int sfd, + const char *buffer, long pos) { int bttl = 1; @@ -378,8 +378,8 @@ ssize_t send_disorder(int sfd, } -ssize_t send_late_oob(int sfd, char *buffer, - ssize_t n, long pos, char *c) +static ssize_t send_late_oob(int sfd, char *buffer, + ssize_t n, long pos, const char *c) { int bttl = 1; @@ -427,7 +427,7 @@ static long gen_offset(long pos, int flag, ssize_t desync(int sfd, char *buffer, size_t bfsize, - ssize_t n, ssize_t offset, struct sockaddr *dst, int dp_c) + ssize_t n, ssize_t offset, const struct sockaddr *dst, int dp_c) { struct desync_params dp = params.dp[dp_c]; @@ -599,7 +599,7 @@ int post_desync(int sfd, int dp_c) ssize_t desync_udp(int sfd, char *buffer, size_t bfsize, - ssize_t n, struct sockaddr *dst, int dp_c) + ssize_t n, const struct sockaddr *dst, int dp_c) { struct desync_params *dp = ¶ms.dp[dp_c]; diff --git a/desync.h b/desync.h index 2686d96..e33c48e 100644 --- a/desync.h +++ b/desync.h @@ -10,9 +10,9 @@ #include #endif -ssize_t desync(int sfd, char *buffer, size_t bfsize, ssize_t n, ssize_t offset, struct sockaddr *dst, int dp_c); +ssize_t desync(int sfd, char *buffer, size_t bfsize, ssize_t n, ssize_t offset, const struct sockaddr *dst, int dp_c); -ssize_t desync_udp(int sfd, char *buffer, size_t bfsize, ssize_t n, struct sockaddr *dst, int dp_c); +ssize_t desync_udp(int sfd, char *buffer, size_t bfsize, ssize_t n, const struct sockaddr *dst, int dp_c); int setttl(int fd, int ttl); diff --git a/extend.c b/extend.c index c588103..b23da79 100644 --- a/extend.c +++ b/extend.c @@ -72,7 +72,7 @@ static ssize_t serialize_addr(const struct sockaddr_ina *dst, } -static int cache_get(struct sockaddr_ina *dst) +static int cache_get(const struct sockaddr_ina *dst) { uint8_t key[KEY_SIZE] = { 0 }; int len = serialize_addr(dst, key, sizeof(key)); @@ -90,7 +90,7 @@ static int cache_get(struct sockaddr_ina *dst) } -static int cache_add(struct sockaddr_ina *dst, int m) +static int cache_add(const struct sockaddr_ina *dst, int m) { assert(m >= 0 && m < params.dp_count); @@ -117,7 +117,7 @@ static int cache_add(struct sockaddr_ina *dst, int m) } -static inline bool check_port(uint16_t *p, struct sockaddr_in6 *dst) +static inline bool check_port(const uint16_t *p, const struct sockaddr_in6 *dst) { return (dst->sin6_port >= p[0] && dst->sin6_port <= p[1]); @@ -125,7 +125,7 @@ static inline bool check_port(uint16_t *p, struct sockaddr_in6 *dst) int connect_hook(struct poolhd *pool, struct eval *val, - struct sockaddr_ina *dst, int next) + const struct sockaddr_ina *dst, int next) { int m = cache_get(dst); val->cache = (m == 0); @@ -135,7 +135,7 @@ int connect_hook(struct poolhd *pool, struct eval *val, } -int socket_mod(int fd, struct sockaddr *dst) +int socket_mod(int fd) { if (params.custom_ttl) { if (setttl(fd, params.def_ttl) < 0) { @@ -171,7 +171,8 @@ static int reconnect(struct poolhd *pool, struct eval *val, int m) } -static bool check_host(struct mphdr *hosts, char *buffer, ssize_t n) +static bool check_host( + struct mphdr *hosts, const char *buffer, ssize_t n) { char *host = 0; int len; @@ -195,7 +196,7 @@ static bool check_host(struct mphdr *hosts, char *buffer, ssize_t n) } -static bool check_proto_tcp(int proto, char *buffer, ssize_t n) +static bool check_proto_tcp(int proto, const char *buffer, ssize_t n) { if (proto & IS_TCP) { return 1; @@ -212,7 +213,7 @@ static bool check_proto_tcp(int proto, char *buffer, ssize_t n) } -static bool check_round(int *nr, int r) +static bool check_round(const int *nr, int r) { return (!nr[1] && r <= 1) || (r >= nr[0] && r <= nr[1]); } @@ -279,7 +280,7 @@ static int on_fin(struct poolhd *pool, struct eval *val) static int on_response(struct poolhd *pool, struct eval *val, - char *resp, ssize_t sn) + const char *resp, ssize_t sn) { int m = val->pair->attempt + 1; @@ -318,7 +319,7 @@ static inline void free_first_req(struct eval *client) } -static int setup_conn(struct eval *client, char *buffer, ssize_t n) +static int setup_conn(struct eval *client, const char *buffer, ssize_t n) { int m = client->attempt; @@ -361,7 +362,7 @@ static int cancel_setup(struct eval *remote) } -int send_saved_req(struct poolhd *pool, +static int send_saved_req(struct poolhd *pool, struct eval *client, char *buffer, ssize_t bfsize) { ssize_t offset = client->buff.offset; @@ -547,7 +548,7 @@ ssize_t udp_hook(struct eval *val, #ifdef __linux__ -int protect(int conn_fd, const char *path) +static int protect(int conn_fd, const char *path) { struct sockaddr_un sa; sa.sun_family = AF_UNIX; diff --git a/extend.h b/extend.h index affce4f..edae150 100644 --- a/extend.h +++ b/extend.h @@ -5,10 +5,10 @@ #include "proxy.h" -int socket_mod(int fd, struct sockaddr *dst); +int socket_mod(int fd); int connect_hook(struct poolhd *pool, struct eval *val, - struct sockaddr_ina *dst, int next); + const struct sockaddr_ina *dst, int next); ssize_t tcp_send_hook(struct eval *val, char *buffer, size_t bfsize, ssize_t n); @@ -23,7 +23,7 @@ int on_first_tunnel(struct poolhd *pool, struct eval *val, char *buffer, ssize_t bfsize, int etype); #ifdef __linux__ -int protect(int conn_fd, const char *path); +static int protect(int conn_fd, const char *path); #else #define protect(fd, path) 0 #endif diff --git a/main.c b/main.c index 810e1f3..c0cefdc 100644 --- a/main.c +++ b/main.c @@ -59,7 +59,7 @@ struct params params = { }; -const char help_text[] = { +const static char help_text[] = { " -i, --ip, Listening IP, default 0.0.0.0\n" " -p, --port Listening port, default 1080\n" #ifdef __linux__ diff --git a/packets.c b/packets.c index 3e04482..60ec768 100644 --- a/packets.c +++ b/packets.c @@ -60,9 +60,9 @@ char http_data[43] = { char udp_data[64] = { 0 }; -char *strncasestr(char *a, size_t as, char *b, size_t bs) +static const char *strncasestr(const char *a, size_t as, const char *b, size_t bs) { - for (char *p = a; ; p++) { + for (const char *p = a; ; p++) { p = memchr(p, *b, as - (p - a)); if (!p) { return 0; @@ -78,8 +78,8 @@ char *strncasestr(char *a, size_t as, char *b, size_t bs) } -size_t find_tls_ext_offset(uint16_t type, - char *data, size_t size, size_t skip) +static size_t find_tls_ext_offset(uint16_t type, + const char *data, size_t size, size_t skip) { if (size <= (skip + 2)) { return 0; @@ -102,7 +102,7 @@ size_t find_tls_ext_offset(uint16_t type, } -size_t chello_ext_offset(uint16_t type, char *data, size_t size) +static size_t chello_ext_offset(uint16_t type, const char *data, size_t size) { if (size < 44) { return 0; @@ -155,7 +155,7 @@ int change_tls_sni(const char *host, char *buffer, size_t bsize) } -bool is_tls_chello(char *buffer, size_t bsize) +bool is_tls_chello(const char *buffer, size_t bsize) { return (bsize > 5 && ANTOHS(buffer, 0) == 0x1603 && @@ -163,7 +163,7 @@ bool is_tls_chello(char *buffer, size_t bsize) } -int parse_tls(char *buffer, size_t bsize, char **hs) +int parse_tls(const char *buffer, size_t bsize, char **hs) { if (!is_tls_chello(buffer, bsize)) { return 0; @@ -178,12 +178,12 @@ int parse_tls(char *buffer, size_t bsize, char **hs) if ((sni_offs + 9 + len) > bsize) { return 0; } - *hs = &buffer[sni_offs + 9]; + *hs = (char *)&buffer[sni_offs + 9]; return len; } -bool is_http(char *buffer, size_t bsize) +bool is_http(const char *buffer, size_t bsize) { if (bsize < 16 || *buffer > 'T' || *buffer < 'C') { return 0; @@ -201,10 +201,10 @@ bool is_http(char *buffer, size_t bsize) } -int parse_http(char *buffer, size_t bsize, char **hs, uint16_t *port) +int parse_http(const char *buffer, size_t bsize, char **hs, uint16_t *port) { - char *host = buffer, *h_end; - char *buff_end = buffer + bsize; + const char *host = buffer, *h_end; + const char *buff_end = buffer + bsize; if (!is_http(buffer, bsize)) { return 0; @@ -218,7 +218,7 @@ int parse_http(char *buffer, size_t bsize, char **hs, uint16_t *port) while ((buff_end - host) > 0 && isblank((unsigned char) *host)) { host++; } - char *l_end = memchr(host, '\n', buff_end - host); + const char *l_end = memchr(host, '\n', buff_end - host); if (!l_end) { return 0; } @@ -227,7 +227,7 @@ int parse_http(char *buffer, size_t bsize, char **hs, uint16_t *port) if (!(isdigit((unsigned char) *(l_end - 1)))) h_end = 0; else { - char *h = host; + const char *h = host; h_end = 0; do { h = memchr(h, ':', l_end - h); @@ -249,12 +249,12 @@ int parse_http(char *buffer, size_t bsize, char **hs, uint16_t *port) return 0; *port = i; } - *hs = host; + *hs = (char *)host; return h_end - host; } -int get_http_code(char *b, size_t n) +static int get_http_code(const char *b, size_t n) { if (n < 13) return 0; if (strncmp(b, "HTTP/1.", 7)) { @@ -272,7 +272,8 @@ int get_http_code(char *b, size_t n) } -bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn) +bool is_http_redirect( + const char *req, size_t qn, const char *resp, size_t sn) { char *host = 0; int len = parse_http(req, qn, &host, 0); @@ -284,7 +285,7 @@ bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn) if (code > 308 || code < 300) { return 0; } - char *location = strncasestr(resp, sn, "\nLocation:", 10); + const char *location = strncasestr(resp, sn, "\nLocation:", 10); if (!location) { return 0; } @@ -329,7 +330,7 @@ bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn) } -bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn) +bool neq_tls_sid(const char *req, size_t qn, const char *resp, size_t sn) { if (qn < 75 || sn < 75) { return 0; @@ -351,7 +352,7 @@ bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn) } -bool is_tls_shello(char *buffer, size_t bsize) +bool is_tls_shello(const char *buffer, size_t bsize) { return (bsize > 5 && ANTOHS(buffer, 0) == 0x1603 && diff --git a/packets.h b/packets.h index 0fb7d85..e2ddb42 100644 --- a/packets.h +++ b/packets.h @@ -23,23 +23,21 @@ extern char udp_data[64]; int change_tls_sni(const char *host, char *buffer, size_t bsize); -bool is_tls_chello(char *buffer, size_t bsize); +bool is_tls_chello(const char *buffer, size_t bsize); -int parse_tls(char *buffer, size_t bsize, char **hs); +int parse_tls(const char *buffer, size_t bsize, char **hs); -bool is_http(char *buffer, size_t bsize); +bool is_http(const char *buffer, size_t bsize); -int parse_http(char *buffer, size_t bsize, char **hs, uint16_t *port); +int parse_http(const char *buffer, size_t bsize, char **hs, uint16_t *port); int mod_http(char *buffer, size_t bsize, int m); -int get_http_code(char *b, size_t n); +bool is_http_redirect(const char *req, size_t qn, const char *resp, size_t sn); -bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn); +bool neq_tls_sid(const char *req, size_t qn, const char *resp, size_t sn); -bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn); - -bool is_tls_shello(char *buffer, size_t bsize); +bool is_tls_shello(const char *buffer, size_t bsize); int part_tls(char *buffer, size_t bsize, ssize_t n, long pos); diff --git a/proxy.c b/proxy.c index 286e314..4f68eef 100644 --- a/proxy.c +++ b/proxy.c @@ -75,7 +75,7 @@ void map_fix(struct sockaddr_ina *addr, char f6) static inline char addr_equ( - struct sockaddr_ina *a, struct sockaddr_ina *b) + const struct sockaddr_ina *a, const struct sockaddr_ina *b) { if (a->sa.sa_family == AF_INET) { return @@ -121,7 +121,7 @@ static inline int nb_socket(int domain, int type) } -int resolve(char *host, int len, +static int resolve(char *host, int len, struct sockaddr_ina *addr, int type) { struct addrinfo hints = {0}, *res = 0; @@ -149,7 +149,7 @@ int resolve(char *host, int len, } -int auth_socks5(int fd, char *buffer, ssize_t n) +static int auth_socks5(int fd, const char *buffer, ssize_t n) { if (n <= 2 || (uint8_t)buffer[1] != (n - 2)) { return -1; @@ -160,8 +160,8 @@ int auth_socks5(int fd, char *buffer, ssize_t n) c = S_AUTH_NONE; break; } - buffer[1] = c; - if (send(fd, buffer, 2, 0) < 0) { + uint8_t a[2] = { S_VER5, c }; + if (send(fd, a, sizeof(a), 0) < 0) { uniperror("send"); return -1; } @@ -169,7 +169,7 @@ int auth_socks5(int fd, char *buffer, ssize_t n) } -int resp_s5_error(int fd, int e) +static int resp_s5_error(int fd, int e) { struct s5_rep s5r = { .ver = 0x05, .code = (uint8_t )e, @@ -179,7 +179,7 @@ int resp_s5_error(int fd, int e) } -int resp_error(int fd, int e, int flag) +static int resp_error(int fd, int e, int flag) { if (flag == FLAG_S4) { struct s4_req s4r = { @@ -220,8 +220,8 @@ int resp_error(int fd, int e, int flag) } -int s4_get_addr(char *buff, size_t n, - struct sockaddr_ina *dst) +static int s4_get_addr(const char *buff, + size_t n, struct sockaddr_ina *dst) { if (n < sizeof(struct s4_req) + 1) { return -1; @@ -257,8 +257,8 @@ int s4_get_addr(char *buff, size_t n, } -int s5_get_addr(char *buffer, size_t n, - struct sockaddr_ina *addr, int type) +static int s5_get_addr(const char *buffer, + size_t n, struct sockaddr_ina *addr, int type) { if (n < S_SIZE_MIN) { LOG(LOG_E, "ss: request too small\n"); @@ -303,8 +303,8 @@ int s5_get_addr(char *buffer, size_t n, } -int s5_set_addr(char *buffer, size_t n, - struct sockaddr_ina *addr, char end) +static int s5_set_addr(char *buffer, size_t n, + const struct sockaddr_ina *addr, char end) { struct s5_req *r = (struct s5_req *)buffer; if (n < S_SIZE_I4) { @@ -350,7 +350,7 @@ static int remote_sock(struct sockaddr_ina *dst, int type) uniperror("socket"); return -1; } - if (socket_mod(sfd, &dst->sa) < 0) { + if (socket_mod(sfd) < 0) { close(sfd); return -1; } @@ -374,7 +374,7 @@ static int remote_sock(struct sockaddr_ina *dst, int type) int create_conn(struct poolhd *pool, - struct eval *val, struct sockaddr_ina *dst, int next) + struct eval *val, const struct sockaddr_ina *dst, int next) { struct sockaddr_ina addr = *dst; @@ -444,8 +444,8 @@ int create_conn(struct poolhd *pool, } -int udp_associate(struct poolhd *pool, - struct eval *val, struct sockaddr_ina *dst) +static int udp_associate(struct poolhd *pool, + struct eval *val, const struct sockaddr_ina *dst) { struct sockaddr_ina addr = *dst; @@ -563,7 +563,7 @@ static inline int transp_conn(struct poolhd *pool, struct eval *val) } #endif -static inline int on_accept(struct poolhd *pool, struct eval *val) +static int on_accept(struct poolhd *pool, const struct eval *val) { struct sockaddr_ina client; struct eval *rval; @@ -619,7 +619,7 @@ static inline int on_accept(struct poolhd *pool, struct eval *val) } -int on_tunnel(struct poolhd *pool, struct eval *val, +static int on_tunnel(struct poolhd *pool, struct eval *val, char *buffer, size_t bfsize, int etype) { ssize_t n = 0; @@ -694,7 +694,7 @@ int on_tunnel(struct poolhd *pool, struct eval *val, } -int on_udp_tunnel(struct eval *val, char *buffer, size_t bfsize) +static int on_udp_tunnel(struct eval *val, char *buffer, size_t bfsize) { char *data = buffer; size_t data_len = bfsize; @@ -887,7 +887,7 @@ static inline int on_connect(struct poolhd *pool, struct eval *val, int e) } -void close_conn(struct poolhd *pool, struct eval *val) +static void close_conn(struct poolhd *pool, struct eval *val) { struct eval *cval = val; do { @@ -986,7 +986,7 @@ int event_loop(int srvfd) } -int listen_socket(struct sockaddr_ina *srv) +int listen_socket(const struct sockaddr_ina *srv) { int srvfd = nb_socket(srv->sa.sa_family, SOCK_STREAM); if (srvfd < 0) { @@ -1014,7 +1014,7 @@ int listen_socket(struct sockaddr_ina *srv) } -int run(struct sockaddr_ina *srv) +int run(const struct sockaddr_ina *srv) { #ifdef SIGPIPE if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) diff --git a/proxy.h b/proxy.h index 29eaee2..fb28035 100644 --- a/proxy.h +++ b/proxy.h @@ -106,18 +106,13 @@ enum s4_rep { void map_fix(struct sockaddr_ina *addr, char f6); -int resp_error(int fd, int e, int flag); - int create_conn(struct poolhd *pool, - struct eval *val, struct sockaddr_ina *dst, int next); - -int on_tunnel(struct poolhd *pool, struct eval *val, - char *buffer, size_t bfsize, int out); - -int listen_socket(struct sockaddr_ina *srv); + struct eval *val, const struct sockaddr_ina *dst, int next); + +int listen_socket(const struct sockaddr_ina *srv); int event_loop(int srvfd); -int run(struct sockaddr_ina *srv); +int run(const struct sockaddr_ina *srv); #endif From 890a66ee2f263913ef260716e2ff79faf528030f Mon Sep 17 00:00:00 2001 From: ruti <> Date: Sun, 10 Nov 2024 02:39:21 +0300 Subject: [PATCH 3/3] Add IPv4 to proto list --- README.md | 4 ++-- extend.c | 45 +++++++++++++++++++++++++++++---------------- main.c | 5 ++++- packets.h | 5 +++-- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index c4ca601..19c3bba 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,8 @@ ciadpi --fake -1 --ttl 8 Таймаут ожидания первого ответа от сервера в секундах В Linux переводится в миллисекунды, поэтому можно указать дробное число --K, --proto - Белый список протоколов: tls,http,udp +-K, --proto + Белый список протоколов: tls,http,udp,ipv4 -H, --hosts Ограничить область действия параметров списком доменов diff --git a/extend.c b/extend.c index b23da79..99f5978 100644 --- a/extend.c +++ b/extend.c @@ -117,13 +117,6 @@ static int cache_add(const struct sockaddr_ina *dst, int m) } -static inline bool check_port(const uint16_t *p, const struct sockaddr_in6 *dst) -{ - return (dst->sin6_port >= p[0] - && dst->sin6_port <= p[1]); -} - - int connect_hook(struct poolhd *pool, struct eval *val, const struct sockaddr_ina *dst, int next) { @@ -195,10 +188,10 @@ static bool check_host( return 0; } - + static bool check_proto_tcp(int proto, const char *buffer, ssize_t n) { - if (proto & IS_TCP) { + if (!(proto & ~IS_IPV4)) { return 1; } else if ((proto & IS_HTTP) && @@ -213,6 +206,27 @@ static bool check_proto_tcp(int proto, const char *buffer, ssize_t n) } +static bool check_l34(int proto, const uint16_t *pf, int st, const struct sockaddr_in6 *dst) +{ + if ((proto & IS_UDP) && (st != SOCK_DGRAM)) { + return 0; + } + if (proto & IS_IPV4) { + static const char *pat = "\0\0\0\0\0\0\0\0\0\0\xff\xff"; + + if (dst->sin6_family != AF_INET + && memcmp(&dst->sin6_addr, pat, 12)) { + return 0; + } + } + if (pf[0] && + (dst->sin6_port < pf[0] || dst->sin6_port > pf[1])) { + return 0; + } + return 1; +} + + static bool check_round(const int *nr, int r) { return (!nr[1] && r <= 1) || (r >= nr[0] && r <= nr[1]); @@ -325,10 +339,10 @@ static int setup_conn(struct eval *client, const char *buffer, ssize_t n) if (!m) for (; m < params.dp_count; m++) { struct desync_params *dp = ¶ms.dp[m]; - if (!dp->detect && - (!dp->pf[0] || check_port(dp->pf, &client->pair->in6)) && - (!dp->proto || check_proto_tcp(dp->proto, buffer, n)) && - (!dp->hosts || check_host(dp->hosts, buffer, n))) { + if (!dp->detect + && (check_l34(dp->proto, dp->pf, SOCK_STREAM, &client->pair->in6) + && check_proto_tcp(dp->proto, buffer, n)) + && (!dp->hosts || check_host(dp->hosts, buffer, n))) { break; } } @@ -528,9 +542,8 @@ ssize_t udp_hook(struct eval *val, if (!m) { for (; m < params.dp_count; m++) { struct desync_params *dp = ¶ms.dp[m]; - if (!dp->detect && - (!dp->proto || (dp->proto & IS_UDP)) && - (!dp->pf[0] || check_port(dp->pf, &dst->in6))) { + if (!dp->detect + && check_l34(dp->proto, dp->pf, SOCK_DGRAM, &dst->in6)) { break; } } diff --git a/main.c b/main.c index c0cefdc..71ccbba 100644 --- a/main.c +++ b/main.c @@ -83,7 +83,7 @@ const static char help_text[] = { #ifdef TIMEOUT_SUPPORT " -T, --timeout Timeout waiting for response, after which trigger auto\n" #endif - " -K, --proto Protocol whitelist: tls,http,udp\n" + " -K, --proto Protocol whitelist: tls,http,udp,ipv4\n" " -H, --hosts Hosts whitelist, filename or :string\n" " -V, --pf Ports range whitelist\n" " -R, --round Number of request to which desync will be applied\n" @@ -687,6 +687,9 @@ int main(int argc, char **argv) case 'u': dp->proto |= IS_UDP; break; + case 'i': + dp->proto |= IS_IPV4; + break; default: invalid = 1; continue; diff --git a/packets.h b/packets.h index e2ddb42..48ab133 100644 --- a/packets.h +++ b/packets.h @@ -10,8 +10,9 @@ #define IS_UDP 2 #define IS_HTTP 4 #define IS_HTTPS 8 -//#define IS_QUIC 16 -//#define IS_DNS 32 +#define IS_IPV4 16 +//#define IS_QUIC 64 +//#define IS_DNS 128 #define MH_HMIX 1 #define MH_SPACE 2