nfqws: hop-by-hop ipv6 fooling and desync

nfq/desync.c

@@ -67,7 +67,11 @@ bool desync_valid_zero_stage(enum dpi_desync_mode mode)
 }
 bool desync_valid_first_stage(enum dpi_desync_mode mode)
 {
-	return mode==DESYNC_FAKE || mode==DESYNC_RST || mode==DESYNC_RSTACK;
+	return mode==DESYNC_FAKE || mode==DESYNC_RST || mode==DESYNC_RSTACK || mode==DESYNC_HOPBYHOP;
+}
+bool desync_only_first_stage(enum dpi_desync_mode mode)
+{
+	return mode==DESYNC_HOPBYHOP;
 }
 bool desync_valid_second_stage(enum dpi_desync_mode mode)
 {
@@ -95,6 +99,8 @@ enum dpi_desync_mode desync_mode_from_string(const char *s)
 		return DESYNC_SPLIT2;
 	else if (!strcmp(s,"ipfrag2"))
 		return DESYNC_IPFRAG2;
+	else if (!strcmp(s,"hopbyhop"))
+		return DESYNC_HOPBYHOP;
 	return DESYNC_INVALID;
 }
 
@@ -378,6 +384,21 @@ packet_process_result dpi_desync_tcp_packet(uint8_t *data_pkt, size_t len_pkt, s
 				DLOG("sending fake RST/RSTACK\n");
 				b = true;
 				break;
+			case DESYNC_HOPBYHOP:
+				if (ip6hdr)
+				{
+					if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, tcphdr->th_seq, tcphdr->th_ack, tcphdr->th_win, scale_factor, timestamps,
+						ttl_orig,FOOL_HOPBYHOP,0,0,
+						data_payload, len_payload, pkt1, &pkt1_len))
+					{
+						return res;
+					}
+					DLOG("resending original packet with hop-by-hop options\n");
+					if (!rawsend((struct sockaddr *)&dst, params.desync_fwmark, pkt1, pkt1_len))
+						return res;
+				}
+				// this mode is final, no other options available
+				return drop;
 		}
 
 		if (b)
@@ -640,6 +661,21 @@ packet_process_result dpi_desync_udp_packet(uint8_t *data_pkt, size_t len_pkt, s
 				hexdump_limited_dlog(fake,fake_size,PKTDATA_MAXDUMP); DLOG("\n")
 				b = true;
 				break;
+			case DESYNC_HOPBYHOP:
+				if (ip6hdr)
+				{
+					if (!prepare_udp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst,
+						ttl_orig,FOOL_HOPBYHOP,
+						data_payload, len_payload, pkt1, &pkt1_len))
+					{
+						return res;
+					}
+					DLOG("resending original packet with hop-by-hop options\n");
+					if (!rawsend((struct sockaddr *)&dst, params.desync_fwmark, pkt1, pkt1_len))
+						return res;
+				}
+				// this mode is final, no other options available
+				return drop;
 		}
 
 		if (b)