auto: remove cl_err alert, add ssl_err

extend.c

@@ -223,20 +223,11 @@ int on_response(struct poolhd *pool, struct eval *val,
                 && is_http_redirect(req, qn, resp, sn)) {
             break;
         }
-        else if ((dp->detect & DETECT_TLS_INVSID)
-                && neq_tls_sid(req, qn, resp, sn)) {
+        else if ((dp->detect & DETECT_TLS_ERR)
+                && ((is_tls_chello(req, qn) && !is_tls_shello(resp, sn))
+                    || neq_tls_sid(req, qn, resp, sn))) {
             break;
         }
-        else if ((dp->detect & DETECT_TLS_ALERT)
-                && is_tls_alert(resp, sn)) {
-            break;
-        }
-        else if (dp->detect & DETECT_HTTP_CLERR) {
-            int code = get_http_code(resp, sn);
-            if (code > 400 && code < 451 && code != 429) {
-                break;
-            }
-        }
     }
     if (m < params.dp_count) {
         return reconnect(pool, val, m);

main.c

@@ -76,8 +76,8 @@ const char help_text[] = {
     #ifdef TCP_FASTOPEN_CONNECT
     "    -F, --tfo                 Enable TCP Fast Open\n"
     #endif
-    "    -A, --auto[=t,r,c,s,a,n]  Try desync params after this option\n"
-    "                              Detect: torst,redirect,cl_err,sid_inv,alert,none\n"
+    "    -A, --auto <t,r,s,n>      Try desync params after this option\n"
+    "                              Detect: torst,redirect,ssl_err,none\n"
     "    -u, --cache-ttl <sec>     Lifetime of cached desync params for IP\n"
     #ifdef TIMEOUT_SUPPORT
     "    -T, --timeout <sec>       Timeout waiting for response, after which trigger auto\n"
@@ -123,7 +123,7 @@ const struct option options[] = {
     #ifdef TCP_FASTOPEN_CONNECT
     {"tfo ",          0, 0, 'F'},
     #endif
-    {"auto",          2, 0, 'A'},
+    {"auto",          1, 0, 'A'},
     {"cache-ttl",     1, 0, 'u'},
     #ifdef TIMEOUT_SUPPORT
     {"timeout",       1, 0, 'T'},
@@ -542,10 +542,6 @@ int main(int argc, char **argv)
                 clear_params();
                 return -1;
             }
-            if (!optarg) {
-                dp->detect |= DETECT_TORST;
-                break;
-            }
             end = optarg;
             while (end && !invalid) {
                 switch (*end) {
@@ -555,14 +551,9 @@ int main(int argc, char **argv)
                     case 'r': 
                         dp->detect |= DETECT_HTTP_LOCAT;
                         break;
-                    case 'c': 
-                        dp->detect |= DETECT_HTTP_CLERR;
-                        break;
+                    case 'a':
                     case 's': 
-                        dp->detect |= DETECT_TLS_INVSID;
-                        break;
-                    case 'a': 
-                        dp->detect |= DETECT_TLS_ALERT;
+                        dp->detect |= DETECT_TLS_ERR;
                         break;
                     case 'n': 
                         break;

packets.c

@@ -351,10 +351,11 @@ bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn)
 }
 
 
-bool is_tls_alert(char *resp, size_t sn) {
-    return (sn >= 7
-        && resp[0] == 0x15 && resp[1] == 0x03
-        && !memcmp(resp + 3, "\x00\x02\x02", 3));
+bool is_tls_shello(char *buffer, size_t bsize)
+{
+    return (bsize > 5 &&
+        ANTOHS(buffer, 0) == 0x1603 &&
+        buffer[5] == 0x02);
 }
 
 /*

packets.h

@@ -39,7 +39,7 @@ bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn);
 
 bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn);
 
-bool is_tls_alert(char *resp, size_t sn);
+bool is_tls_shello(char *buffer, size_t bsize);
 
 int part_tls(char *buffer, size_t bsize, ssize_t n, long pos);
 

params.h

@@ -24,10 +24,8 @@
 #define OFFSET_HOST 2
 
 #define DETECT_HTTP_LOCAT 1
-#define DETECT_HTTP_CLERR 2
-#define DETECT_TLS_INVSID 4
-#define DETECT_TLS_ALERT 8
-#define DETECT_TORST 16
+#define DETECT_TLS_ERR 2
+#define DETECT_TORST 8
 
 enum demode {
     DESYNC_NONE,