mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-24 07:06:36 +00:00
freebsd dvtws respect freebsd14+ PF_DIVERT
This commit is contained in:
parent
e21335255e
commit
eaaa1a326c
Binary file not shown.
@ -903,7 +903,7 @@ static int *rawsend_family_sock(sa_family_t family)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef BSD
|
#ifdef BSD
|
||||||
static int rawsend_socket_divert(sa_family_t family)
|
int rawsend_socket_divert(sa_family_t family)
|
||||||
{
|
{
|
||||||
// HACK HACK HACK HACK HACK HACK HACK HACK
|
// HACK HACK HACK HACK HACK HACK HACK HACK
|
||||||
// FreeBSD doesnt allow IP_HDRINCL for IPV6
|
// FreeBSD doesnt allow IP_HDRINCL for IPV6
|
||||||
@ -911,7 +911,14 @@ static int rawsend_socket_divert(sa_family_t family)
|
|||||||
// we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING
|
// we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING
|
||||||
// from my point of view disabling direct ability to send ip frames is not security. its SHIT
|
// from my point of view disabling direct ability to send ip frames is not security. its SHIT
|
||||||
|
|
||||||
int fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
|
int fd,err;
|
||||||
|
|
||||||
|
// freebsd14+ way
|
||||||
|
fd = socket(PF_DIVERT, SOCK_RAW, 0);
|
||||||
|
err=errno;
|
||||||
|
if (fd==-1 && (err==EPROTONOSUPPORT || err==EAFNOSUPPORT || err==EPFNOSUPPORT))
|
||||||
|
// legacy way
|
||||||
|
fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
|
||||||
if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF))
|
if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF))
|
||||||
{
|
{
|
||||||
close(fd);
|
close(fd);
|
||||||
|
@ -11,6 +11,17 @@
|
|||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
|
|
||||||
|
#ifndef IPPROTO_DIVERT
|
||||||
|
#define IPPROTO_DIVERT 258
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef AF_DIVERT
|
||||||
|
#define AF_DIVERT 44 /* divert(4) */
|
||||||
|
#endif
|
||||||
|
#ifndef PF_DIVERT
|
||||||
|
#define PF_DIVERT AF_DIVERT
|
||||||
|
#endif
|
||||||
|
|
||||||
// returns netorder value
|
// returns netorder value
|
||||||
uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment);
|
uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment);
|
||||||
uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment);
|
uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment);
|
||||||
@ -128,6 +139,8 @@ bool rawsend_preinit(bool bind_fix4, bool bind_fix6);
|
|||||||
// cleans up socket autocreated by rawsend
|
// cleans up socket autocreated by rawsend
|
||||||
void rawsend_cleanup(void);
|
void rawsend_cleanup(void);
|
||||||
|
|
||||||
|
int rawsend_socket_divert(sa_family_t family);
|
||||||
|
|
||||||
const char *proto_name(uint8_t proto);
|
const char *proto_name(uint8_t proto);
|
||||||
uint16_t family_from_proto(uint8_t l3proto);
|
uint16_t family_from_proto(uint8_t l3proto);
|
||||||
void print_ip(const struct ip *ip);
|
void print_ip(const struct ip *ip);
|
||||||
|
@ -35,10 +35,6 @@
|
|||||||
#define NF_ACCEPT 1
|
#define NF_ACCEPT 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef IPPROTO_DIVERT
|
|
||||||
#define IPPROTO_DIVERT 258
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define CTRACK_T_SYN 60
|
#define CTRACK_T_SYN 60
|
||||||
#define CTRACK_T_FIN 60
|
#define CTRACK_T_FIN 60
|
||||||
#define CTRACK_T_EST 300
|
#define CTRACK_T_EST 300
|
||||||
@ -357,7 +353,7 @@ static int dvt_main(void)
|
|||||||
bp4.sin_addr.s_addr = INADDR_ANY;
|
bp4.sin_addr.s_addr = INADDR_ANY;
|
||||||
|
|
||||||
printf("creating divert4 socket\n");
|
printf("creating divert4 socket\n");
|
||||||
fd[0] = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
|
fd[0] = rawsend_socket_divert(AF_INET);
|
||||||
if (fd[0] == -1) {
|
if (fd[0] == -1) {
|
||||||
perror("socket (DIVERT4)");
|
perror("socket (DIVERT4)");
|
||||||
goto exiterr;
|
goto exiterr;
|
||||||
@ -382,7 +378,7 @@ static int dvt_main(void)
|
|||||||
bp6.sin6_port = htons(params.port);
|
bp6.sin6_port = htons(params.port);
|
||||||
|
|
||||||
printf("creating divert6 socket\n");
|
printf("creating divert6 socket\n");
|
||||||
fd[1] = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT);
|
fd[1] = rawsend_socket_divert(AF_INET6);
|
||||||
if (fd[1] == -1) {
|
if (fd[1] == -1) {
|
||||||
perror("socket (DIVERT6)");
|
perror("socket (DIVERT6)");
|
||||||
goto exiterr;
|
goto exiterr;
|
||||||
|
Loading…
Reference in New Issue
Block a user