From ff17dc424b4d2e8720ef4c8b486331715916d844 Mon Sep 17 00:00:00 2001 From: ruti <> Date: Tue, 13 Aug 2024 17:00:03 +0300 Subject: [PATCH] auto: remove cl_err alert, add ssl_err --- extend.c | 15 +++------------ main.c | 19 +++++-------------- packets.c | 9 +++++---- packets.h | 2 +- params.h | 6 ++---- 5 files changed, 16 insertions(+), 35 deletions(-) diff --git a/extend.c b/extend.c index a37acc6..5b71e27 100644 --- a/extend.c +++ b/extend.c @@ -223,20 +223,11 @@ int on_response(struct poolhd *pool, struct eval *val, && is_http_redirect(req, qn, resp, sn)) { break; } - else if ((dp->detect & DETECT_TLS_INVSID) - && neq_tls_sid(req, qn, resp, sn)) { + else if ((dp->detect & DETECT_TLS_ERR) + && ((is_tls_chello(req, qn) && !is_tls_shello(resp, sn)) + || neq_tls_sid(req, qn, resp, sn))) { break; } - else if ((dp->detect & DETECT_TLS_ALERT) - && is_tls_alert(resp, sn)) { - break; - } - else if (dp->detect & DETECT_HTTP_CLERR) { - int code = get_http_code(resp, sn); - if (code > 400 && code < 451 && code != 429) { - break; - } - } } if (m < params.dp_count) { return reconnect(pool, val, m); diff --git a/main.c b/main.c index 4d96644..6f54f26 100644 --- a/main.c +++ b/main.c @@ -76,8 +76,8 @@ const char help_text[] = { #ifdef TCP_FASTOPEN_CONNECT " -F, --tfo Enable TCP Fast Open\n" #endif - " -A, --auto[=t,r,c,s,a,n] Try desync params after this option\n" - " Detect: torst,redirect,cl_err,sid_inv,alert,none\n" + " -A, --auto Try desync params after this option\n" + " Detect: torst,redirect,ssl_err,none\n" " -u, --cache-ttl Lifetime of cached desync params for IP\n" #ifdef TIMEOUT_SUPPORT " -T, --timeout Timeout waiting for response, after which trigger auto\n" @@ -123,7 +123,7 @@ const struct option options[] = { #ifdef TCP_FASTOPEN_CONNECT {"tfo ", 0, 0, 'F'}, #endif - {"auto", 2, 0, 'A'}, + {"auto", 1, 0, 'A'}, {"cache-ttl", 1, 0, 'u'}, #ifdef TIMEOUT_SUPPORT {"timeout", 1, 0, 'T'}, @@ -542,10 +542,6 @@ int main(int argc, char **argv) clear_params(); return -1; } - if (!optarg) { - dp->detect |= DETECT_TORST; - break; - } end = optarg; while (end && !invalid) { switch (*end) { @@ -555,14 +551,9 @@ int main(int argc, char **argv) case 'r': dp->detect |= DETECT_HTTP_LOCAT; break; - case 'c': - dp->detect |= DETECT_HTTP_CLERR; - break; + case 'a': case 's': - dp->detect |= DETECT_TLS_INVSID; - break; - case 'a': - dp->detect |= DETECT_TLS_ALERT; + dp->detect |= DETECT_TLS_ERR; break; case 'n': break; diff --git a/packets.c b/packets.c index b15ff68..989164f 100644 --- a/packets.c +++ b/packets.c @@ -351,10 +351,11 @@ bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn) } -bool is_tls_alert(char *resp, size_t sn) { - return (sn >= 7 - && resp[0] == 0x15 && resp[1] == 0x03 - && !memcmp(resp + 3, "\x00\x02\x02", 3)); +bool is_tls_shello(char *buffer, size_t bsize) +{ + return (bsize > 5 && + ANTOHS(buffer, 0) == 0x1603 && + buffer[5] == 0x02); } /* diff --git a/packets.h b/packets.h index 2c04449..0fb7d85 100644 --- a/packets.h +++ b/packets.h @@ -39,7 +39,7 @@ bool is_http_redirect(char *req, size_t qn, char *resp, size_t sn); bool neq_tls_sid(char *req, size_t qn, char *resp, size_t sn); -bool is_tls_alert(char *resp, size_t sn); +bool is_tls_shello(char *buffer, size_t bsize); int part_tls(char *buffer, size_t bsize, ssize_t n, long pos); diff --git a/params.h b/params.h index d329108..70f01f9 100644 --- a/params.h +++ b/params.h @@ -24,10 +24,8 @@ #define OFFSET_HOST 2 #define DETECT_HTTP_LOCAT 1 -#define DETECT_HTTP_CLERR 2 -#define DETECT_TLS_INVSID 4 -#define DETECT_TLS_ALERT 8 -#define DETECT_TORST 16 +#define DETECT_TLS_ERR 2 +#define DETECT_TORST 8 enum demode { DESYNC_NONE,