mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-22 06:15:25 +00:00
tpws: fix socks-hostname hostlist checks
This commit is contained in:
parent
09378553b9
commit
46284938ce
@ -140,11 +140,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
|
|
||||||
if (bHaveHost)
|
if (bHaveHost)
|
||||||
VPRINT("request hostname: %s\n", Host);
|
VPRINT("request hostname: %s\n", Host);
|
||||||
if (ctrack->b_not_act)
|
|
||||||
{
|
|
||||||
VPRINT("Not acting on this request\n");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN;
|
bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN;
|
||||||
if (bDiscoveredL7)
|
if (bDiscoveredL7)
|
||||||
@ -169,17 +164,25 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
|
|||||||
struct desync_profile *dp_prev = ctrack->dp;
|
struct desync_profile *dp_prev = ctrack->dp;
|
||||||
apply_desync_profile(ctrack, dest);
|
apply_desync_profile(ctrack, dest);
|
||||||
if (ctrack->dp!=dp_prev)
|
if (ctrack->dp!=dp_prev)
|
||||||
|
{
|
||||||
VPRINT("desync profile changed by revealed l7 protocol or hostname !\n");
|
VPRINT("desync profile changed by revealed l7 protocol or hostname !\n");
|
||||||
|
ctrack->b_host_checked = ctrack->b_ah_check = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bDiscoveredHostname && ctrack->dp->hostlist_auto)
|
if (l7proto!=UNKNOWN && ctrack->dp->hostlist_auto)
|
||||||
|
{
|
||||||
|
if (bHaveHost && !ctrack->b_host_checked)
|
||||||
{
|
{
|
||||||
bool bHostExcluded;
|
bool bHostExcluded;
|
||||||
if (!HostlistCheck(ctrack->dp, Host, &bHostExcluded, false))
|
ctrack->b_host_matches = HostlistCheck(ctrack->dp, Host, &bHostExcluded, false);
|
||||||
{
|
ctrack->b_host_checked = true;
|
||||||
|
if (!ctrack->b_host_matches)
|
||||||
ctrack->b_ah_check = !bHostExcluded;
|
ctrack->b_ah_check = !bHostExcluded;
|
||||||
|
}
|
||||||
|
if (!ctrack->b_host_matches)
|
||||||
|
{
|
||||||
VPRINT("Not acting on this request\n");
|
VPRINT("Not acting on this request\n");
|
||||||
ctrack->b_not_act = true;
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,8 +14,7 @@ typedef struct
|
|||||||
// common state
|
// common state
|
||||||
t_l7proto l7proto;
|
t_l7proto l7proto;
|
||||||
bool bTamperInCutoff;
|
bool bTamperInCutoff;
|
||||||
bool b_ah_check;
|
bool b_host_checked,b_host_matches,b_ah_check;
|
||||||
bool b_not_act;
|
|
||||||
char *hostname;
|
char *hostname;
|
||||||
struct desync_profile *dp; // desync profile cache
|
struct desync_profile *dp; // desync profile cache
|
||||||
} t_ctrack;
|
} t_ctrack;
|
||||||
|
@ -479,6 +479,30 @@ static int connect_remote(const struct sockaddr *remote_addr, int mss)
|
|||||||
return remote_fd;
|
return remote_fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool connect_remote_conn(tproxy_conn_t *conn)
|
||||||
|
{
|
||||||
|
int mss=0;
|
||||||
|
|
||||||
|
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
||||||
|
|
||||||
|
if (conn->track.dp)
|
||||||
|
{
|
||||||
|
mss = conn->track.dp->mss;
|
||||||
|
if (conn->track.dp->hostlist_auto)
|
||||||
|
{
|
||||||
|
if (conn->track.hostname)
|
||||||
|
{
|
||||||
|
bool bHostExcluded;
|
||||||
|
conn->track.b_host_matches = HostlistCheck(conn->track.dp, conn->track.hostname, &bHostExcluded, false);
|
||||||
|
conn->track.b_host_checked = true;
|
||||||
|
if (!conn->track.b_host_matches) conn->track.b_ah_check = !bHostExcluded;
|
||||||
|
if (!conn->track.b_host_matches) mss = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return (conn->partner->fd = connect_remote((struct sockaddr *)&conn->dest, mss))>=0;
|
||||||
|
}
|
||||||
|
|
||||||
//Free resources occupied by this connection
|
//Free resources occupied by this connection
|
||||||
static void free_conn(tproxy_conn_t *conn)
|
static void free_conn(tproxy_conn_t *conn)
|
||||||
@ -636,9 +660,7 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
|
|||||||
conn->partner->client = conn->client;
|
conn->partner->client = conn->client;
|
||||||
conn->partner->dest = conn->dest;
|
conn->partner->dest = conn->dest;
|
||||||
|
|
||||||
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
if (!connect_remote_conn(conn))
|
||||||
|
|
||||||
if ((conn->partner->fd = connect_remote((struct sockaddr *)&orig_dst, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
|
|
||||||
{
|
{
|
||||||
DLOG_ERR("Failed to connect\n");
|
DLOG_ERR("Failed to connect\n");
|
||||||
free_conn(conn->partner);
|
free_conn(conn->partner);
|
||||||
@ -811,14 +833,7 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
|
|
||||||
|
|
||||||
if ((remote_fd = connect_remote((struct sockaddr *)&conn->dest, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
|
|
||||||
{
|
|
||||||
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
|
|
||||||
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (!(conn->partner = new_conn(remote_fd, true)))
|
if (!(conn->partner = new_conn(remote_fd, true)))
|
||||||
{
|
{
|
||||||
close(remote_fd);
|
close(remote_fd);
|
||||||
@ -830,6 +845,15 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
|
|||||||
conn->partner->efd = conn->efd;
|
conn->partner->efd = conn->efd;
|
||||||
conn->partner->client = conn->client;
|
conn->partner->client = conn->client;
|
||||||
conn->partner->dest = conn->dest;
|
conn->partner->dest = conn->dest;
|
||||||
|
|
||||||
|
if (!connect_remote_conn(conn))
|
||||||
|
{
|
||||||
|
free_conn(conn->partner); conn->partner = NULL;
|
||||||
|
DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
|
||||||
|
socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (!epoll_set(conn->partner, EPOLLOUT))
|
if (!epoll_set(conn->partner, EPOLLOUT))
|
||||||
{
|
{
|
||||||
DLOG_ERR("socks epoll_set error %d\n", errno);
|
DLOG_ERR("socks epoll_set error %d\n", errno);
|
||||||
|
Loading…
Reference in New Issue
Block a user