From 515129ccccf53d05c4fe397b4e90f8e14b264d73 Mon Sep 17 00:00:00 2001 From: Lurker00 Date: Tue, 17 Sep 2024 22:29:47 +0300 Subject: [PATCH 01/10] Bug fix: uninitialized padding eliminated (#137) --- extend.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/extend.c b/extend.c index 5f6db8b..5b592ee 100644 --- a/extend.c +++ b/extend.c @@ -49,18 +49,24 @@ int mode_add_get(struct sockaddr_ina *dst, int m) { // m < 0: get, m > 0: set, m == 0: delete assert(m >= -1 && m < params.dp_count); - struct { + #pragma pack(push,4) + struct key_struct { uint16_t port; + uint16_t pad0; // fill with 0 before use! union { struct in_addr i4; struct in6_addr i6; }; - } key = { .port = dst->in.sin_port }; - + } key = { .port = dst->in.sin_port, .pad0 = 0 }; + #pragma pack(pop) + #if defined(__GNUC__) + _Static_assert(offsetof(struct key_struct, i4) == sizeof(key.port)+sizeof(key.pad0), "key_struct"); + #endif + time_t t = 0; struct elem *val = 0; - int len = sizeof(dst->in.sin_port); - + int len = offsetof(struct key_struct, i4); + if (dst->sa.sa_family == AF_INET) { len += sizeof(dst->in.sin_addr); key.i4 = dst->in.sin_addr; @@ -69,7 +75,7 @@ int mode_add_get(struct sockaddr_ina *dst, int m) len += sizeof(dst->in6.sin6_addr); key.i6 = dst->in6.sin6_addr; } - + if (m < 0) { val = mem_get(params.mempool, (char *)&key, len); if (!val) { @@ -83,7 +89,7 @@ int mode_add_get(struct sockaddr_ina *dst, int m) return val->m; } INIT_ADDR_STR((*dst)); - + if (m == 0) { LOG(LOG_S, "delete ip: %s\n", ADDR_STR); mem_delete(params.mempool, (char *)&key, len); @@ -101,7 +107,6 @@ int mode_add_get(struct sockaddr_ina *dst, int m) val->time = t; return 0; } - } From 5e5dec60f2cebe717bc136cf4e2a9054932a530e Mon Sep 17 00:00:00 2001 From: ruti <> Date: Sat, 14 Sep 2024 23:30:23 +0300 Subject: [PATCH 02/10] params.h: char -> bool --- params.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/params.h b/params.h index 02992f6..b4f4ba0 100644 --- a/params.h +++ b/params.h @@ -3,6 +3,7 @@ #include #include +#include #include "mpool.h" @@ -63,11 +64,11 @@ struct desync_params { int ttl; char *ip_options; ssize_t ip_options_len; - char md5sig; + bool md5sig; struct packet fake_data; int udp_fake_count; int fake_offset; - char drop_sack; + bool drop_sack; char oob_char[2]; int parts_n; @@ -90,23 +91,23 @@ struct params { int dp_count; struct desync_params *dp; long sfdelay; - char wait_send; + bool wait_send; int def_ttl; - char custom_ttl; + bool custom_ttl; - char tfo; + bool tfo; unsigned int timeout; int auto_level; long cache_ttl; - char ipv6; - char resolve; - char udp; + bool ipv6; + bool resolve; + bool udp; int max_open; int debug; size_t bfsize; struct sockaddr_in6 baddr; struct sockaddr_in6 laddr; - char transparent; + bool transparent; struct mphdr *mempool; char *protect_path; From a9ecc83932543c6a22984b168a77543490763e89 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Tue, 17 Sep 2024 22:51:39 +0300 Subject: [PATCH 03/10] Transparent IPV6 --- main.c | 2 +- proxy.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/main.c b/main.c index 94afb8c..b8d1e36 100644 --- a/main.c +++ b/main.c @@ -23,7 +23,7 @@ #define close(fd) closesocket(fd) #endif -#define VERSION "14" +#define VERSION "14.1" char ip_option[1] = "\0"; diff --git a/proxy.c b/proxy.c index b1c4698..eadfff6 100644 --- a/proxy.c +++ b/proxy.c @@ -35,6 +35,9 @@ #ifdef __linux__ /* For SO_ORIGINAL_DST only (which is 0x50) */ #include "linux/netfilter_ipv4.h" + #ifndef IP6T_SO_ORIGINAL_DST + #define IP6T_SO_ORIGINAL_DST SO_ORIGINAL_DST + #endif #endif #endif @@ -129,6 +132,7 @@ int resolve(char *host, int len, char rchar = host[len]; host[len] = '\0'; + LOG(LOG_S, "resolve: %s\n", host); if (getaddrinfo(host, 0, &hints, &res) || !res) { host[len] = rchar; @@ -543,10 +547,14 @@ static inline int transp_conn(struct poolhd *pool, struct eval *val) { struct sockaddr_ina remote, self; socklen_t rlen = sizeof(remote), slen = sizeof(self); - if (getsockopt(val->fd, - IPPROTO_IP, SO_ORIGINAL_DST, &remote, &rlen) != 0) { - uniperror("getsockopt SO_ORIGINAL_DST"); - return -1; + if (getsockopt(val->fd, IPPROTO_IP, + SO_ORIGINAL_DST, &remote, &rlen) != 0) + { + if (getsockopt(val->fd, IPPROTO_IPV6, + IP6T_SO_ORIGINAL_DST, &remote, &rlen) != 0) { + uniperror("getsockopt SO_ORIGINAL_DST"); + return -1; + } } if (getsockname(val->fd, &self.sa, &slen) < 0) { uniperror("getsockname"); From 889391b7b12128075f6ff2aeb182db57bea940f6 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Wed, 18 Sep 2024 15:29:53 +0300 Subject: [PATCH 04/10] memset struct padding --- extend.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/extend.c b/extend.c index 5b592ee..8ec5df9 100644 --- a/extend.c +++ b/extend.c @@ -49,24 +49,21 @@ int mode_add_get(struct sockaddr_ina *dst, int m) { // m < 0: get, m > 0: set, m == 0: delete assert(m >= -1 && m < params.dp_count); - #pragma pack(push,4) struct key_struct { uint16_t port; - uint16_t pad0; // fill with 0 before use! union { struct in_addr i4; struct in6_addr i6; }; - } key = { .port = dst->in.sin_port, .pad0 = 0 }; - #pragma pack(pop) - #if defined(__GNUC__) - _Static_assert(offsetof(struct key_struct, i4) == sizeof(key.port)+sizeof(key.pad0), "key_struct"); - #endif - + } key = { 0 }; + + int len = offsetof(struct key_struct, i4); + memset(&key, 0, len); + key.port = dst->in.sin_port; + time_t t = 0; struct elem *val = 0; - int len = offsetof(struct key_struct, i4); - + if (dst->sa.sa_family == AF_INET) { len += sizeof(dst->in.sin_addr); key.i4 = dst->in.sin_addr; From f11f5b0d676c3c7ab3e4710db60bae675a0a0a2b Mon Sep 17 00:00:00 2001 From: Kirill <20815458+dartvader316@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:03:00 +0000 Subject: [PATCH 05/10] Use serialization for key_struct (#138) * extend.c: use serialization for key_struct * serialize directly from address * fix serialize_addr return * return error, style --------- Co-authored-by: ruti <> --- extend.c | 61 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 24 deletions(-) diff --git a/extend.c b/extend.c index 8ec5df9..c696cbe 100644 --- a/extend.c +++ b/extend.c @@ -23,6 +23,9 @@ #include "desync.h" #include "packets.h" +#define KEY_SIZE sizeof(uint16_t) + \ + sizeof(sa_family_t) + sizeof(struct sockaddr_in6) + int set_timeout(int fd, unsigned int s) { @@ -45,36 +48,45 @@ int set_timeout(int fd, unsigned int s) } -int mode_add_get(struct sockaddr_ina *dst, int m) +static ssize_t serialize_addr(const struct sockaddr_ina *dst, + uint8_t *const out, const size_t out_len) +{ + #define serialize(raw, field, len, counter){ \ + const size_t size = sizeof(field); \ + if ((counter + size) <= len) { \ + memcpy(raw + counter, &(field), size); \ + counter += size; \ + } else return 0; \ + } + size_t c = 0; + serialize(out, dst->in.sin_port, out_len, c); + serialize(out, dst->sa.sa_family, out_len, c); + + if (dst->sa.sa_family == AF_INET) { + serialize(out, dst->in.sin_addr, out_len, c); + } else { + serialize(out, dst->in6.sin6_addr, out_len, c); + } + #undef serialize + + return c; +} + + +static int mode_add_get(struct sockaddr_ina *dst, int m) { // m < 0: get, m > 0: set, m == 0: delete assert(m >= -1 && m < params.dp_count); - struct key_struct { - uint16_t port; - union { - struct in_addr i4; - struct in6_addr i6; - }; - } key = { 0 }; - - int len = offsetof(struct key_struct, i4); - memset(&key, 0, len); - key.port = dst->in.sin_port; time_t t = 0; struct elem *val = 0; - if (dst->sa.sa_family == AF_INET) { - len += sizeof(dst->in.sin_addr); - key.i4 = dst->in.sin_addr; - } - else { - len += sizeof(dst->in6.sin6_addr); - key.i6 = dst->in6.sin6_addr; - } - + uint8_t key[KEY_SIZE] = { 0 }; + int len = serialize_addr(dst, key, sizeof(key)); + assert(len > 0); + if (m < 0) { - val = mem_get(params.mempool, (char *)&key, len); + val = mem_get(params.mempool, (char *)key, len); if (!val) { return -1; } @@ -89,13 +101,14 @@ int mode_add_get(struct sockaddr_ina *dst, int m) if (m == 0) { LOG(LOG_S, "delete ip: %s\n", ADDR_STR); - mem_delete(params.mempool, (char *)&key, len); + mem_delete(params.mempool, (char *)key, len); return 0; } else { LOG(LOG_S, "save ip: %s, m=%d\n", ADDR_STR, m); time(&t); - val = mem_add(params.mempool, (char *)&key, len); + + val = mem_add(params.mempool, (char *)key, len); if (!val) { uniperror("mem_add"); return -1; From 77ac202f5c67f25c8960d50c13dad6e5d2b4b6c5 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Mon, 23 Sep 2024 14:56:03 +0300 Subject: [PATCH 06/10] create empty group if a trigger is spec #144 --- main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/main.c b/main.c index b8d1e36..baf56df 100644 --- a/main.c +++ b/main.c @@ -479,6 +479,7 @@ int main(int argc, char **argv) long val = 0; char *end = 0; + bool all_limited = 1; struct desync_params *dp = add((void *)¶ms.dp, ¶ms.dp_count, sizeof(struct desync_params)); @@ -573,6 +574,9 @@ int main(int argc, char **argv) break; case 'A': + if (!(dp->hosts || dp->proto || dp->pf[0] || dp->detect)) { + all_limited = 0; + } dp = add((void *)¶ms.dp, ¶ms.dp_count, sizeof(struct desync_params)); if (!dp) { @@ -866,7 +870,7 @@ int main(int argc, char **argv) clear_params(); return -1; } - if (dp->hosts || dp->proto || dp->pf[0]) { + if (all_limited) { dp = add((void *)¶ms.dp, ¶ms.dp_count, sizeof(struct desync_params)); if (!dp) { From dca3b5693a8fbdaafec12267d587022fd1174562 Mon Sep 17 00:00:00 2001 From: Aleksey Smirnov Date: Tue, 24 Sep 2024 14:05:52 +0300 Subject: [PATCH 07/10] Separate options from service, add system service (#152) --- dist/linux/README.md | 22 ++++++++++++++++++---- dist/linux/byedpi.conf | 8 ++++++++ dist/linux/byedpi.service | 15 ++++++++++----- 3 files changed, 36 insertions(+), 9 deletions(-) create mode 100644 dist/linux/byedpi.conf diff --git a/dist/linux/README.md b/dist/linux/README.md index 96db4d8..f211b46 100644 --- a/dist/linux/README.md +++ b/dist/linux/README.md @@ -9,16 +9,30 @@ sudo make install ## Systemd Service (optional) -Copy and enable the service: +You can configure the program to run as systemd service, user- or system-wide (only one at a time). + +### As user service: ```sh cp byedpi.service ~/.config/systemd/user/ -systemctl --user daemon-reload -systemctl --user enable byedpi.service -systemctl --user start byedpi.service +cp byedpi.conf ~/.config/ +systemctl --user enable --now byedpi.service ``` You should see the service now marked as "active": ```sh systemctl --user status byedpi.service ``` + +### As system service: + +```sh +sudo cp byedpi.service /etc/systemd/system/ +sudo cp byedpi.conf /etc/ +sudo systemctl enable --now byedpi.service +``` + +You should see the service now marked as "active": +```sh +systemctl status byedpi.service +``` diff --git a/dist/linux/byedpi.conf b/dist/linux/byedpi.conf new file mode 100644 index 0000000..e52e18a --- /dev/null +++ b/dist/linux/byedpi.conf @@ -0,0 +1,8 @@ +# More options and their descriptions can be found here: +# https://github.com/hufrea/byedpi/blob/main/README.md +# +# By default, ciadpi listens on all interfaces, +# a specific one can be specified via "--ip 127.0.0.1". + +# Put your options here +BYEDPI_OPTIONS="--split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s" diff --git a/dist/linux/byedpi.service b/dist/linux/byedpi.service index af986ae..7abe067 100644 --- a/dist/linux/byedpi.service +++ b/dist/linux/byedpi.service @@ -1,14 +1,19 @@ [Unit] -Description=byedpi +Description=ByeDPI Documentation=https://github.com/hufrea/byedpi +Wants=network-online.target +After=network-online.target nss-lookup.target [Service] -ExecStart=ciadpi --split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s +NoNewPrivileges=yes +StandardOutput=null +StandardError=journal +EnvironmentFile=-/etc/byedpi.conf +EnvironmentFile=-%h/.config/byedpi.conf +ExecStart=ciadpi $BYEDPI_OPTIONS TimeoutStopSec=5s -LimitNOFILE=1048576 -LimitNPROC=512 PrivateTmp=true ProtectSystem=full [Install] -WantedBy=default.target \ No newline at end of file +WantedBy=default.target From e4064766101ea3b5fc6ddde4f335a3ec57ce8368 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Tue, 24 Sep 2024 04:59:19 +0300 Subject: [PATCH 08/10] rst if exist only one group --- extend.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/extend.c b/extend.c index c696cbe..9010234 100644 --- a/extend.c +++ b/extend.c @@ -223,21 +223,24 @@ int on_torst(struct poolhd *pool, struct eval *val) for (; m < params.dp_count; m++) { struct desync_params *dp = ¶ms.dp[m]; if (!dp->detect) { - return -1; + m = 0; + break; } if (dp->detect & DETECT_TORST) { break; } } - if (m >= params.dp_count) { + if (m == 0) { + } + else if (m >= params.dp_count) { if (m > 1) mode_add_get( (struct sockaddr_ina *)&val->in6, 0); } - else if (can_reconn) + else if (can_reconn) { return reconnect(pool, val, m); - else - mode_add_get( - (struct sockaddr_ina *)&val->in6, m); + } + else mode_add_get( + (struct sockaddr_ina *)&val->in6, m); } struct linger l = { .l_onoff = 1 }; if (setsockopt(val->pair->fd, SOL_SOCKET, From 7dde94e3d2c88a50b03afb2137e1b3200f6a4a9d Mon Sep 17 00:00:00 2001 From: ruti <> Date: Tue, 24 Sep 2024 17:49:51 +0300 Subject: [PATCH 09/10] compile without sa_family_t --- extend.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extend.c b/extend.c index 9010234..da8b135 100644 --- a/extend.c +++ b/extend.c @@ -24,7 +24,8 @@ #include "packets.h" #define KEY_SIZE sizeof(uint16_t) + \ - sizeof(sa_family_t) + sizeof(struct sockaddr_in6) + sizeof(((struct sockaddr){}).sa_family) + \ + sizeof(struct sockaddr_in6) int set_timeout(int fd, unsigned int s) From dcc492b8fd3dea82f8dce809758183cd280eb6e1 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Tue, 24 Sep 2024 21:04:30 +0300 Subject: [PATCH 10/10] sizeof(struct sockaddr_ina) as the max key size --- extend.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/extend.c b/extend.c index da8b135..d03c326 100644 --- a/extend.c +++ b/extend.c @@ -23,9 +23,7 @@ #include "desync.h" #include "packets.h" -#define KEY_SIZE sizeof(uint16_t) + \ - sizeof(((struct sockaddr){}).sa_family) + \ - sizeof(struct sockaddr_in6) +#define KEY_SIZE sizeof(struct sockaddr_ina) int set_timeout(int fd, unsigned int s)