github-mirror/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2026-03-14 17:21:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: udp protocol desync

Browse Source
This commit is contained in:
bol-van
2022-01-01 20:22:04 +03:00
parent 566e3d1536
commit 65830eb665
21 changed files with 1048 additions and 736 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
nfq/conntrack.h
View File

@@ -12,6 +12,7 @@
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
//#define HASH_BLOOM 20
#define HASH_NONFATAL_OOM 1
@@ -19,26 +20,18 @@
#define HASH_FUNCTION HASH_BER
#include "uthash.h"
typedef union {
struct in_addr ip;
struct in6_addr ip6;
} t_addr;
typedef struct
{
struct in_addr adr;
uint16_t port;
} t_endpoint4;
typedef struct
{
struct in6_addr adr;
uint16_t port;
} t_endpoint6;
// e1 - initiator. the one who have sent SYN
// e2 - acceptor
typedef struct
{
t_endpoint4 e1,e2;
} t_conn4;
typedef struct
{
t_endpoint6 e1,e2;
} t_conn6;
t_addr src, dst;
uint16_t sport,dport;
uint8_t l3proto; // IPPROTO_IP, IPPROTO_IPV6
uint8_t l4proto; // IPPROTO_TCP, IPPROTO_UDP
} t_conn;
// SYN - SYN or SYN/ACK received
// ESTABLISHED - any except SYN or SYN/ACK received
@@ -46,53 +39,41 @@ typedef struct
typedef enum {SYN=0, ESTABLISHED, FIN} t_connstate;
typedef struct
{
t_connstate state;
// common state
time_t t_start, t_last;
uint32_t seq0, ack0; // starting seq and ack
uint32_t seq_last, ack_last; // last seen seq and ack
uint32_t pos_orig, pos_reply; // seq_last+payload, ack_last+payload
uint64_t pcounter_orig, pcounter_reply; // packet counter
uint64_t pdcounter_orig, pdcounter_reply; // data packet counter (with payload)
uint32_t pos_orig, pos_reply; // TCP: seq_last+payload, ack_last+payload UDP: sum of all seen payload lenghts including current
uint32_t seq_last, ack_last; // TCP: last seen seq and ack UDP: sum of all seen payload lenghts NOT including current
// tcp only state, not used in udp
t_connstate state;
uint32_t seq0, ack0; // starting seq and ack
uint16_t winsize_orig, winsize_reply; // last seen window size
uint8_t scale_orig, scale_reply; // last seen window scale factor. SCALE_NONE if none
bool b_cutoff; // mark for deletion
bool b_wssize_cutoff, b_desync_cutoff;
} t_ctrack;
// use separate pools for ipv4 and ipv6 to save RAM. otherwise could use union key
typedef struct
{
t_ctrack track;
UT_hash_handle hh; // makes this structure hashable
t_conn4 conn; // key
} t_conntrack4;
typedef struct
{
t_ctrack track;
UT_hash_handle hh; // makes this structure hashable
t_conn6 conn; // key
} t_conntrack6;
t_conn conn; // key
} t_conntrack_pool;
typedef struct
{
// inactivity time to purge an entry in each connection state
uint32_t timeout_syn,timeout_established,timeout_fin;
uint32_t timeout_syn,timeout_established,timeout_fin,timeout_udp;
time_t t_purge_interval, t_last_purge;
t_conntrack4 *pool4;
t_conntrack6 *pool6;
t_conntrack_pool *pool;
} t_conntrack;
void ConntrackPoolInit(t_conntrack *p, time_t purge_interval, uint32_t timeout_syn, uint32_t timeout_established, uint32_t timeout_fin);
void ConntrackPoolInit(t_conntrack *p, time_t purge_interval, uint32_t timeout_syn, uint32_t timeout_established, uint32_t timeout_fin, uint32_t timeout_udp);
void ConntrackPoolDestroy(t_conntrack *p);
bool ConntrackPoolFeed(t_conntrack *p, const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcphdr, size_t len_payload, t_ctrack **ctrack, bool *bReverse);
bool ConntrackPoolDrop(t_conntrack *p, const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcphdr);
void ConntrackExtractConn4(t_conn4 *c, bool bReverse, const struct ip *ip, const struct tcphdr *tcphdr);
void ConntrackExtractConn6(t_conn6 *c, bool bReverse, const struct ip6_hdr *ip, const struct tcphdr *tcphdr);
void ConntrackPoolDump4(t_conntrack4 *p);
void ConntrackPoolDump6(t_conntrack6 *p);
void ConntrackPoolDump(t_conntrack *p);
bool ConntrackPoolFeed(t_conntrack *p, const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcphdr, const struct udphdr *udphdr, size_t len_payload, t_ctrack **ctrack, bool *bReverse);
bool ConntrackPoolDrop(t_conntrack *p, const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcphdr, const struct udphdr *udphdr);
void CaonntrackExtractConn(t_conn *c, bool bReverse, const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcphdr, const struct udphdr *udphdr);
void ConntrackPoolDump(const t_conntrack *p);
void ConntrackPoolPurge(t_conntrack *p);