Merge branch 'hufrea:main' into andrewclarkii

This commit is contained in:
Andrew Vedischev 2024-09-29 19:45:53 +03:00 committed by GitHub
commit f0847280e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 109 additions and 52 deletions

22
dist/linux/README.md vendored
View File

@ -9,16 +9,30 @@ sudo make install
## Systemd Service (optional)
Copy and enable the service:
You can configure the program to run as systemd service, user- or system-wide (only one at a time).
### As user service:
```sh
cp byedpi.service ~/.config/systemd/user/
systemctl --user daemon-reload
systemctl --user enable byedpi.service
systemctl --user start byedpi.service
cp byedpi.conf ~/.config/
systemctl --user enable --now byedpi.service
```
You should see the service now marked as "active":
```sh
systemctl --user status byedpi.service
```
### As system service:
```sh
sudo cp byedpi.service /etc/systemd/system/
sudo cp byedpi.conf /etc/
sudo systemctl enable --now byedpi.service
```
You should see the service now marked as "active":
```sh
systemctl status byedpi.service
```

8
dist/linux/byedpi.conf vendored Normal file
View File

@ -0,0 +1,8 @@
# More options and their descriptions can be found here:
# https://github.com/hufrea/byedpi/blob/main/README.md
#
# By default, ciadpi listens on all interfaces,
# a specific one can be specified via "--ip 127.0.0.1".
# Put your options here
BYEDPI_OPTIONS="--split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s"

View File

@ -1,12 +1,17 @@
[Unit]
Description=byedpi
Description=ByeDPI
Documentation=https://github.com/hufrea/byedpi
Wants=network-online.target
After=network-online.target nss-lookup.target
[Service]
ExecStart=ciadpi --split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s
NoNewPrivileges=yes
StandardOutput=null
StandardError=journal
EnvironmentFile=-/etc/byedpi.conf
EnvironmentFile=-%h/.config/byedpi.conf
ExecStart=ciadpi $BYEDPI_OPTIONS
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full

View File

@ -23,6 +23,8 @@
#include "desync.h"
#include "packets.h"
#define KEY_SIZE sizeof(struct sockaddr_ina)
int set_timeout(int fd, unsigned int s)
{
@ -45,33 +47,45 @@ int set_timeout(int fd, unsigned int s)
}
int mode_add_get(struct sockaddr_ina *dst, int m)
static ssize_t serialize_addr(const struct sockaddr_ina *dst,
uint8_t *const out, const size_t out_len)
{
#define serialize(raw, field, len, counter){ \
const size_t size = sizeof(field); \
if ((counter + size) <= len) { \
memcpy(raw + counter, &(field), size); \
counter += size; \
} else return 0; \
}
size_t c = 0;
serialize(out, dst->in.sin_port, out_len, c);
serialize(out, dst->sa.sa_family, out_len, c);
if (dst->sa.sa_family == AF_INET) {
serialize(out, dst->in.sin_addr, out_len, c);
} else {
serialize(out, dst->in6.sin6_addr, out_len, c);
}
#undef serialize
return c;
}
static int mode_add_get(struct sockaddr_ina *dst, int m)
{
// m < 0: get, m > 0: set, m == 0: delete
assert(m >= -1 && m < params.dp_count);
struct {
uint16_t port;
union {
struct in_addr i4;
struct in6_addr i6;
};
} key = { .port = dst->in.sin_port };
time_t t = 0;
struct elem *val = 0;
int len = sizeof(dst->in.sin_port);
if (dst->sa.sa_family == AF_INET) {
len += sizeof(dst->in.sin_addr);
key.i4 = dst->in.sin_addr;
}
else {
len += sizeof(dst->in6.sin6_addr);
key.i6 = dst->in6.sin6_addr;
}
uint8_t key[KEY_SIZE] = { 0 };
int len = serialize_addr(dst, key, sizeof(key));
assert(len > 0);
if (m < 0) {
val = mem_get(params.mempool, (char *)&key, len);
val = mem_get(params.mempool, (char *)key, len);
if (!val) {
return -1;
}
@ -86,13 +100,14 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
if (m == 0) {
LOG(LOG_S, "delete ip: %s\n", ADDR_STR);
mem_delete(params.mempool, (char *)&key, len);
mem_delete(params.mempool, (char *)key, len);
return 0;
}
else {
LOG(LOG_S, "save ip: %s, m=%d\n", ADDR_STR, m);
time(&t);
val = mem_add(params.mempool, (char *)&key, len);
val = mem_add(params.mempool, (char *)key, len);
if (!val) {
uniperror("mem_add");
return -1;
@ -101,7 +116,6 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
val->time = t;
return 0;
}
}
@ -208,21 +222,24 @@ int on_torst(struct poolhd *pool, struct eval *val)
for (; m < params.dp_count; m++) {
struct desync_params *dp = &params.dp[m];
if (!dp->detect) {
return -1;
m = 0;
break;
}
if (dp->detect & DETECT_TORST) {
break;
}
}
if (m >= params.dp_count) {
if (m == 0) {
}
else if (m >= params.dp_count) {
if (m > 1) mode_add_get(
(struct sockaddr_ina *)&val->in6, 0);
}
else if (can_reconn)
else if (can_reconn) {
return reconnect(pool, val, m);
else
mode_add_get(
(struct sockaddr_ina *)&val->in6, m);
}
else mode_add_get(
(struct sockaddr_ina *)&val->in6, m);
}
struct linger l = { .l_onoff = 1 };
if (setsockopt(val->pair->fd, SOL_SOCKET,

8
main.c
View File

@ -23,7 +23,7 @@
#define close(fd) closesocket(fd)
#endif
#define VERSION "14"
#define VERSION "14.1"
char ip_option[1] = "\0";
@ -479,6 +479,7 @@ int main(int argc, char **argv)
long val = 0;
char *end = 0;
bool all_limited = 1;
struct desync_params *dp = add((void *)&params.dp,
&params.dp_count, sizeof(struct desync_params));
@ -573,6 +574,9 @@ int main(int argc, char **argv)
break;
case 'A':
if (!(dp->hosts || dp->proto || dp->pf[0] || dp->detect)) {
all_limited = 0;
}
dp = add((void *)&params.dp, &params.dp_count,
sizeof(struct desync_params));
if (!dp) {
@ -866,7 +870,7 @@ int main(int argc, char **argv)
clear_params();
return -1;
}
if (dp->hosts || dp->proto || dp->pf[0]) {
if (all_limited) {
dp = add((void *)&params.dp,
&params.dp_count, sizeof(struct desync_params));
if (!dp) {

View File

@ -3,6 +3,7 @@
#include <stdint.h>
#include <stdio.h>
#include <stdbool.h>
#include "mpool.h"
@ -63,11 +64,11 @@ struct desync_params {
int ttl;
char *ip_options;
ssize_t ip_options_len;
char md5sig;
bool md5sig;
struct packet fake_data;
int udp_fake_count;
int fake_offset;
char drop_sack;
bool drop_sack;
char oob_char[2];
int parts_n;
@ -90,23 +91,23 @@ struct params {
int dp_count;
struct desync_params *dp;
long sfdelay;
char wait_send;
bool wait_send;
int def_ttl;
char custom_ttl;
bool custom_ttl;
char tfo;
bool tfo;
unsigned int timeout;
int auto_level;
long cache_ttl;
char ipv6;
char resolve;
char udp;
bool ipv6;
bool resolve;
bool udp;
int max_open;
int debug;
size_t bfsize;
struct sockaddr_in6 baddr;
struct sockaddr_in6 laddr;
char transparent;
bool transparent;
struct mphdr *mempool;
char *protect_path;

16
proxy.c
View File

@ -35,6 +35,9 @@
#ifdef __linux__
/* For SO_ORIGINAL_DST only (which is 0x50) */
#include "linux/netfilter_ipv4.h"
#ifndef IP6T_SO_ORIGINAL_DST
#define IP6T_SO_ORIGINAL_DST SO_ORIGINAL_DST
#endif
#endif
#endif
@ -129,6 +132,7 @@ int resolve(char *host, int len,
char rchar = host[len];
host[len] = '\0';
LOG(LOG_S, "resolve: %s\n", host);
if (getaddrinfo(host, 0, &hints, &res) || !res) {
host[len] = rchar;
@ -543,10 +547,14 @@ static inline int transp_conn(struct poolhd *pool, struct eval *val)
{
struct sockaddr_ina remote, self;
socklen_t rlen = sizeof(remote), slen = sizeof(self);
if (getsockopt(val->fd,
IPPROTO_IP, SO_ORIGINAL_DST, &remote, &rlen) != 0) {
uniperror("getsockopt SO_ORIGINAL_DST");
return -1;
if (getsockopt(val->fd, IPPROTO_IP,
SO_ORIGINAL_DST, &remote, &rlen) != 0)
{
if (getsockopt(val->fd, IPPROTO_IPV6,
IP6T_SO_ORIGINAL_DST, &remote, &rlen) != 0) {
uniperror("getsockopt SO_ORIGINAL_DST");
return -1;
}
}
if (getsockname(val->fd, &self.sa, &slen) < 0) {
uniperror("getsockname");