Enhance middle sni split

Instead of real middle sni we use targetted middle sni for explicit (not all) sni domain list
2024-12-22 06:15:31 +00:00 · 2024-09-28 11:31:46 +03:00 · 2024-09-28 11:31:46 +03:00 · 3ee979f7d1
commit 3ee979f7d1
parent 82c49119d3
3 changed files with 8 additions and 4 deletions
--- a/mangle.c
+++ b/mangle.c
@ -190,7 +190,7 @@ int process_tcp_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {

 		switch (config.fragmentation_strategy) {
 			case FRAG_STRAT_TCP: {
-				ipd_offset = vrd.sni_offset;
+				ipd_offset = vrd.sni_target_offset;
 				mid_offset = ipd_offset + vrd.sni_len / 2;

 				uint32_t poses[2];
@ -221,7 +221,7 @@ int process_tcp_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
 			break;
 			case FRAG_STRAT_IP: 
 			if (ipxv == IP4VERSION) {
-				ipd_offset = ((char *)data - (char *)tcph) + vrd.sni_offset;
+				ipd_offset = ((char *)data - (char *)tcph) + vrd.sni_target_offset;
 				mid_offset = ipd_offset + vrd.sni_len / 2;
 				mid_offset += 8 - mid_offset % 8;

@ -618,7 +618,8 @@ int post_fake_sni(const void *iph, unsigned int iph_len,
 				fake_seq_type.type = FAKE_PAYLOAD_DEFAULT;
 		}

-		for (int i = 0; i < sequence_len; i++) {
+		// one goes for default fake
+		for (int i = 1; i < sequence_len; i++) {
 			NETBUF_ALLOC(fake_sni, MAX_PACKET_SIZE);
 			if (!NETBUF_CHECK(fake_sni)) {
 				lgerror("Allocation error", -ENOMEM);
--- a/tls.c
+++ b/tls.c
@ -122,6 +122,7 @@ struct tls_verdict analyze_tls_data(
 			char *sni_name = (char *)sni_ext_ptr;

 			vrd.sni_offset = (uint8_t *)sni_name - data;
+			vrd.sni_target_offset = vrd.sni_offset;
 			vrd.sni_len = sni_len;

 			if (config.all_domains) {
@ -129,7 +130,6 @@ struct tls_verdict analyze_tls_data(
 				goto check_domain;
 			}

-
 			unsigned int j = 0;
 			for (unsigned int i = 0; i <= config.domains_strlen; i++) {
 				if (	i > j &&
@ -148,6 +148,7 @@ struct tls_verdict analyze_tls_data(
 						domain_startp, 
 						domain_len)) {
 							vrd.target_sni = 1;
+							vrd.sni_target_offset = (const uint8_t *)sni_startp - data;
 							goto check_domain;
 					}

@ -247,6 +248,7 @@ brute:
 					vrd.target_sni = 1;
 					vrd.sni_len = domain_len;
 					vrd.sni_offset = (k - domain_len - 1);
+					vrd.sni_target_offset = vrd.sni_offset
 					NETBUF_FREE(buf);
 					NETBUF_FREE(nzbuf);
 					goto out;
--- a/tls.h
+++ b/tls.h
@ -10,6 +10,7 @@
 struct tls_verdict {
 	int target_sni; /* google video hello packet */
 	int sni_offset; /* offset from start of tcp _payload_ */
+	int sni_target_offset; /* offset of target domain instead of entire sni */
 	int sni_len;
 };