Comments for managing functions

mangle.c

@@ -183,7 +183,7 @@ int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
 		goto accept;
 	}
 
-	struct verdict vrd = analyze_tls_data(data, dlen);
+	struct tls_verdict vrd = analyze_tls_data(data, dlen);
 
 	if (vrd.target_sni) {
 		if (config.verbose)
@@ -588,11 +588,11 @@ typedef __u16 uint16_t;
  * data Payload data of TCP.
  * dlen Length of `data`.
  */
-struct verdict analyze_tls_data(
+struct tls_verdict analyze_tls_data(
 	const uint8_t *data, 
 	uint32_t dlen) 
 {
-	struct verdict vrd = {0};
+	struct tls_verdict vrd = {0};
 
 	size_t i = 0;
 	const uint8_t *data_end = data + dlen;

mangle.h

@@ -31,28 +31,50 @@ typedef __u32 uint32_t;
 #include <netinet/tcp.h>
 #endif
 
-struct verdict {
+/**
+ * Result of analyze_tls_data function
+ */
+struct tls_verdict {
 	int target_sni; /* google video hello packet */
 	int sni_offset; /* offset from start of tcp _payload_ */
 	int sni_len;
 };
 
-struct verdict analyze_tls_data(const uint8_t *data, uint32_t dlen);
+/**
+ * Processes the packet and finds TLS Client Hello information inside it.
+ * data pointer points to start of TLS Message (TCP Payload)
+ */
+struct tls_verdict analyze_tls_data(const uint8_t *data, uint32_t dlen);
 
+/**
+ * Splits the packet to two IP fragments on position payload_offset.
+ * payload_offset indicates the position relatively to start of IP payload
+ * (start of transport header)
+ */
 int ip4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *frag1, uint32_t *f1len, 
 			uint8_t *frag2, uint32_t *f2len);
 
+/**
+ * Splits the packet to two TCP segments on position payload_offset
+ * payload_offset indicates the position relatively to start of TCP payload.
+ */
 int tcp4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *seg1, uint32_t *s1len, 
 			uint8_t *seg2, uint32_t *s2len);
 
+/**
+ * Splits the raw packet payload to ip header and ip payload.
+ */
 int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen);
 
+/**
+ * Splits the raw packet payload to ip header, tcp header and tcp payload.
+ */
 int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
@@ -61,9 +83,16 @@ int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
 void ip4_set_checksum(struct iphdr *iph);
 
+/**
+ * Generates fake client hello message
+ */
 int gen_fake_sni(const struct iphdr *iph, const struct tcphdr *tcph, 
 		 uint8_t *buf, uint32_t *buflen);
 
+/**
+ * Invalidates the raw packet. The function aims to invalid the packet
+ * in such way as it will be accepted by DPI, but dropped by target server
+ */
 int fail4_packet(uint8_t *payload, uint32_t plen);
 
 #define PKT_ACCEPT	0