diff --git a/args.c b/args.c index 61cc43f..b4c0bfd 100644 --- a/args.c +++ b/args.c @@ -88,7 +88,6 @@ static long parse_numeric_option(const char* value) { } static int parse_udp_dport_range(char *str, struct udp_dport_range **udpr, int *udpr_len) { - int ret = 0; int seclen = 1; const char *p = str; while (*p != '\0') { @@ -762,10 +761,12 @@ int yparse_args(int argc, char *argv[]) { errno = 0; return 0; +#ifndef KERNEL_SPACE stop_exec: free_config(rep_config); errno = 0; return 1; +#endif invalid_opt: printf("Invalid option %s\n", long_opt[optIdx].name); @@ -995,10 +996,13 @@ size_t print_config(char *buffer, size_t buffer_size) { } void print_welcome(void) { - char welcome_message[4000]; - + char *welcome_message = malloc(4000); + if (welcome_message == NULL) + return; + size_t sz = print_config(welcome_message, 4000); printf("Running with flags: %.*s\n", (int)sz, welcome_message); + free(welcome_message); return; /** if (config.syslog) { diff --git a/kargs.c b/kargs.c index d9fca1f..72cc300 100644 --- a/kargs.c +++ b/kargs.c @@ -6,6 +6,7 @@ #include "logging.h" #define MAX_ARGC 1024 +static char *argv[MAX_ARGC]; static int params_set(const char *cval, const struct kernel_param *kp) { int ret = 0; @@ -25,7 +26,6 @@ static int params_set(const char *cval, const struct kernel_param *kp) { val[len] = '\0'; int argc = 0; - char *argv[MAX_ARGC]; argv[argc++] = val; for (int i = 0; i < len; i++) { @@ -40,7 +40,7 @@ static int params_set(const char *cval, const struct kernel_param *kp) { } for (int i = 0; i < argc; i++) { - lginfo("%s %d\n", argv[i], strlen(argv[i])); + lginfo("%s %lu\n", argv[i], strlen(argv[i])); } ret = yparse_args(argc, argv); diff --git a/mangle.c b/mangle.c index a06a6c6..d474f88 100644 --- a/mangle.c +++ b/mangle.c @@ -341,7 +341,6 @@ int process_udp_packet(const struct section_config_t *section, const uint8_t *pk const struct udphdr *udph; const uint8_t *data; uint32_t dlen; - int ipver = netproto_version(pkt, pktlen); int ret = udp_payload_split((uint8_t *)pkt, pktlen, (void **)&iph, &iph_len, @@ -414,7 +413,6 @@ erret_lc: continue_flow: return PKT_CONTINUE; -accept_quic: accept: return PKT_ACCEPT; drop: @@ -452,6 +450,7 @@ int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet return -ENOMEM; } +/* NETBUF_ALLOC(fake_pad, MAX_PACKET_SIZE); if (!NETBUF_CHECK(fake_pad)) { lgerror(-ENOMEM, "Allocation error"); @@ -459,10 +458,11 @@ int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet NETBUF_FREE(frag2); return -ENOMEM; } +*/ uint32_t f1len = MAX_PACKET_SIZE; uint32_t f2len = MAX_PACKET_SIZE; - uint32_t fake_pad_len = MAX_PACKET_SIZE; + // uint32_t fake_pad_len = MAX_PACKET_SIZE; int ret; @@ -538,12 +538,12 @@ send_frag2: out_lc: NETBUF_FREE(frag1); NETBUF_FREE(frag2); - NETBUF_FREE(fake_pad); + // NETBUF_FREE(fake_pad); goto out; erret_lc: NETBUF_FREE(frag1); NETBUF_FREE(frag2); - NETBUF_FREE(fake_pad); + // NETBUF_FREE(fake_pad); return ret; } diff --git a/quic.c b/quic.c index b10bebd..46e7f91 100644 --- a/quic.c +++ b/quic.c @@ -191,8 +191,6 @@ int gen_fake_udp(struct udp_fake_type type, const struct udphdr *udph, uint8_t *buf, uint32_t *buflen) { uint32_t data_len = type.fake_len; - int ret; - if (!ipxh || !udph || !buf || !buflen) return -EINVAL; @@ -256,9 +254,6 @@ int detect_udp_filtered(const struct section_config_t *section, const uint8_t *data; uint32_t dlen; int ret; - int ipver; - - ipver = netproto_version(payload, plen); ret = udp_payload_split((uint8_t *)payload, plen, (void **)&iph, &iph_len, @@ -291,10 +286,10 @@ int detect_udp_filtered(const struct section_config_t *section, } lgtrace_addp("QUIC detected"); - uint8_t qtype = qch->type; goto approve; + // uint8_t qtype = qch->type; // if (qch->version == QUIC_V1) // qtype = quic_convtype_v1(qtype); // else if (qch->version == QUIC_V2) diff --git a/tls.c b/tls.c index 16b43a9..a32bb86 100644 --- a/tls.c +++ b/tls.c @@ -134,13 +134,12 @@ struct tls_verdict analyze_tls_data( uint32_t dlen) { struct tls_verdict vrd = {0}; - int ret; size_t i = 0; const uint8_t *data_end = data + dlen; if (section->sni_detection == SNI_DETECTION_BRUTE) { - ret = bruteforce_analyze_sni_str(section, data, dlen, &vrd); + bruteforce_analyze_sni_str(section, data, dlen, &vrd); goto out; } @@ -237,7 +236,7 @@ struct tls_verdict analyze_tls_data( vrd.sni_len = sni_len; vrd.sni_target_len = vrd.sni_len; - ret = analyze_sni_str(section, sni_name, sni_len, data, &vrd); + analyze_sni_str(section, sni_name, sni_len, data, &vrd); goto out; nextExtension: @@ -256,7 +255,6 @@ int gen_fake_sni(struct fake_type type, const struct tcphdr *tcph, uint32_t tcph_len, uint8_t *buf, uint32_t *buflen) { uint32_t data_len = type.fake_len; - int ret; if (type.type == FAKE_PAYLOAD_RANDOM && data_len == 0) { data_len = (uint32_t)randint() % 1200; @@ -303,7 +301,8 @@ int gen_fake_sni(struct fake_type type, get_random_bytes(bfdptr, data_len); #else /* KERNEL_SPACE */ #if _NO_GETRANDOM - ret = open("/dev/urandom", O_RDONLY); + { + int ret = open("/dev/urandom", O_RDONLY); if (ret < 0) { lgerror(ret, "Unable to open /dev/urandom"); return ret; @@ -311,7 +310,7 @@ int gen_fake_sni(struct fake_type type, read(ret, bfdptr, data_len); close(ret); - + } #else /* _NO_GETRANDOM */ getrandom(bfdptr, data_len, 0); #endif /* _NO_GETRANDOM */