From 6df3b53d7ae7b62c721865c81456dcbd6f757df1 Mon Sep 17 00:00:00 2001
From: Vadim Vetrov <vetrovvd@gmail.com>
Date: Sun, 11 Aug 2024 11:40:13 +0300
Subject: [PATCH] Comments for managing functions

---
 mangle.c |  6 +++---
 mangle.h | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/mangle.c b/mangle.c
index c3e973b..6650d9b 100644
--- a/mangle.c
+++ b/mangle.c
@@ -183,7 +183,7 @@ int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
 		goto accept;
 	}
 
-	struct verdict vrd = analyze_tls_data(data, dlen);
+	struct tls_verdict vrd = analyze_tls_data(data, dlen);
 
 	if (vrd.target_sni) {
 		if (config.verbose)
@@ -588,11 +588,11 @@ typedef __u16 uint16_t;
  * data Payload data of TCP.
  * dlen Length of `data`.
  */
-struct verdict analyze_tls_data(
+struct tls_verdict analyze_tls_data(
 	const uint8_t *data, 
 	uint32_t dlen) 
 {
-	struct verdict vrd = {0};
+	struct tls_verdict vrd = {0};
 
 	size_t i = 0;
 	const uint8_t *data_end = data + dlen;
diff --git a/mangle.h b/mangle.h
index dd0b882..d1ffe47 100644
--- a/mangle.h
+++ b/mangle.h
@@ -31,28 +31,50 @@ typedef __u32 uint32_t;
 #include <netinet/tcp.h>
 #endif
 
-struct verdict {
+/**
+ * Result of analyze_tls_data function
+ */
+struct tls_verdict {
 	int target_sni; /* google video hello packet */
 	int sni_offset; /* offset from start of tcp _payload_ */
 	int sni_len;
 };
 
-struct verdict analyze_tls_data(const uint8_t *data, uint32_t dlen);
+/**
+ * Processes the packet and finds TLS Client Hello information inside it.
+ * data pointer points to start of TLS Message (TCP Payload)
+ */
+struct tls_verdict analyze_tls_data(const uint8_t *data, uint32_t dlen);
 
+/**
+ * Splits the packet to two IP fragments on position payload_offset.
+ * payload_offset indicates the position relatively to start of IP payload
+ * (start of transport header)
+ */
 int ip4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *frag1, uint32_t *f1len, 
 			uint8_t *frag2, uint32_t *f2len);
 
+/**
+ * Splits the packet to two TCP segments on position payload_offset
+ * payload_offset indicates the position relatively to start of TCP payload.
+ */
 int tcp4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *seg1, uint32_t *s1len, 
 			uint8_t *seg2, uint32_t *s2len);
 
+/**
+ * Splits the raw packet payload to ip header and ip payload.
+ */
 int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen);
 
+/**
+ * Splits the raw packet payload to ip header, tcp header and tcp payload.
+ */
 int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
@@ -61,9 +83,16 @@ int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
 void ip4_set_checksum(struct iphdr *iph);
 
+/**
+ * Generates fake client hello message
+ */
 int gen_fake_sni(const struct iphdr *iph, const struct tcphdr *tcph, 
 		 uint8_t *buf, uint32_t *buflen);
 
+/**
+ * Invalidates the raw packet. The function aims to invalid the packet
+ * in such way as it will be accepted by DPI, but dropped by target server
+ */
 int fail4_packet(uint8_t *payload, uint32_t plen);
 
 #define PKT_ACCEPT	0