mirror of
https://github.com/bol-van/zapret.git
synced 2026-03-15 01:31:55 +00:00
nfqws: tunable badseq/badack increment, changed defaults
This commit is contained in:
bol-van
@@ -54,7 +54,14 @@ uint8_t tcp_find_scale_factor(const struct tcphdr *tcp)
|
||||
}
|
||||
|
||||
// n prefix (nsport, nwsize) means network byte order
|
||||
static void fill_tcphdr(struct tcphdr *tcp, uint8_t fooling, uint8_t tcp_flags, uint32_t nseq, uint32_t nack_seq, uint16_t nsport, uint16_t ndport, uint16_t nwsize, uint8_t scale_factor, uint32_t *timestamps)
|
||||
static void fill_tcphdr(
|
||||
struct tcphdr *tcp, uint8_t fooling, uint8_t tcp_flags,
|
||||
uint32_t nseq, uint32_t nack_seq,
|
||||
uint16_t nsport, uint16_t ndport,
|
||||
uint16_t nwsize, uint8_t scale_factor,
|
||||
uint32_t *timestamps,
|
||||
uint32_t badseq_increment,
|
||||
uint32_t badseq_ack_increment)
|
||||
{
|
||||
char *tcpopt = (char*)(tcp+1);
|
||||
uint8_t t=0;
|
||||
@@ -64,13 +71,13 @@ static void fill_tcphdr(struct tcphdr *tcp, uint8_t fooling, uint8_t tcp_flags,
|
||||
tcp->th_dport = ndport;
|
||||
if (fooling & TCP_FOOL_BADSEQ)
|
||||
{
|
||||
tcp->th_seq = net32_add(nseq,0x80000000);
|
||||
tcp->th_ack = net32_add(nack_seq,0x80000000);
|
||||
tcp->th_seq = net32_add(nseq,badseq_increment);
|
||||
tcp->th_ack = net32_add(nack_seq,badseq_ack_increment);
|
||||
}
|
||||
else
|
||||
{
|
||||
tcp->th_seq = nseq;
|
||||
tcp->th_ack = nack_seq;
|
||||
tcp->th_seq = nseq;
|
||||
tcp->th_ack = nack_seq;
|
||||
}
|
||||
tcp->th_off = 5;
|
||||
*((uint8_t*)tcp+13)= tcp_flags;
|
||||
@@ -285,7 +292,7 @@ bool rawsend(const struct sockaddr* dst,uint32_t fwmark,const void *data,size_t
|
||||
v = ((struct ip6_hdr *)data)->ip6_ctlun.ip6_un1.ip6_un1_hlim;
|
||||
if (setsockopt(sock, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &v, sizeof(v)) == -1)
|
||||
perror("rawsend: setsockopt(IPV6_HOPLIMIT)");
|
||||
// the only way to control source address is bind. make it equal to ip6_hdr
|
||||
[5~ // the only way to control source address is bind. make it equal to ip6_hdr
|
||||
if (bind(sock, (struct sockaddr*)&sa_src, salen) < 0)
|
||||
perror("rawsend bind: ");
|
||||
//printf("BSD v6 RAWSEND "); print_sockaddr((struct sockaddr*)&sa_src); printf(" -> "); print_sockaddr((struct sockaddr*)&dst2); printf("\n");
|
||||
@@ -342,6 +349,8 @@ bool prepare_tcp_segment4(
|
||||
uint32_t *timestamps,
|
||||
uint8_t ttl,
|
||||
uint8_t fooling,
|
||||
uint32_t badseq_increment,
|
||||
uint32_t badseq_ack_increment,
|
||||
const void *data, uint16_t len,
|
||||
uint8_t *buf, size_t *buflen)
|
||||
{
|
||||
@@ -366,7 +375,7 @@ bool prepare_tcp_segment4(
|
||||
ip->ip_src = src->sin_addr;
|
||||
ip->ip_dst = dst->sin_addr;
|
||||
|
||||
fill_tcphdr(tcp,fooling,tcp_flags,nseq,nack_seq,src->sin_port,dst->sin_port,nwsize,scale_factor,timestamps);
|
||||
fill_tcphdr(tcp,fooling,tcp_flags,nseq,nack_seq,src->sin_port,dst->sin_port,nwsize,scale_factor,timestamps,badseq_increment,badseq_ack_increment);
|
||||
|
||||
memcpy((char*)tcp+sizeof(struct tcphdr)+tcpoptlen,data,len);
|
||||
tcp4_fix_checksum(tcp,sizeof(struct tcphdr)+tcpoptlen+len,&ip->ip_src,&ip->ip_dst);
|
||||
@@ -386,6 +395,8 @@ bool prepare_tcp_segment6(
|
||||
uint32_t *timestamps,
|
||||
uint8_t ttl,
|
||||
uint8_t fooling,
|
||||
uint32_t badseq_increment,
|
||||
uint32_t badseq_ack_increment,
|
||||
const void *data, uint16_t len,
|
||||
uint8_t *buf, size_t *buflen)
|
||||
{
|
||||
@@ -408,7 +419,7 @@ bool prepare_tcp_segment6(
|
||||
ip6->ip6_src = src->sin6_addr;
|
||||
ip6->ip6_dst = dst->sin6_addr;
|
||||
|
||||
fill_tcphdr(tcp,fooling,tcp_flags,nseq,nack_seq,src->sin6_port,dst->sin6_port,nwsize,scale_factor,timestamps);
|
||||
fill_tcphdr(tcp,fooling,tcp_flags,nseq,nack_seq,src->sin6_port,dst->sin6_port,nwsize,scale_factor,timestamps,badseq_increment,badseq_ack_increment);
|
||||
|
||||
memcpy((char*)tcp+sizeof(struct tcphdr)+tcpoptlen,data,len);
|
||||
tcp6_fix_checksum(tcp,sizeof(struct tcphdr)+tcpoptlen+len,&ip6->ip6_src,&ip6->ip6_dst);
|
||||
@@ -427,13 +438,15 @@ bool prepare_tcp_segment(
|
||||
uint32_t *timestamps,
|
||||
uint8_t ttl,
|
||||
uint8_t fooling,
|
||||
uint32_t badseq_increment,
|
||||
uint32_t badseq_ack_increment,
|
||||
const void *data, uint16_t len,
|
||||
uint8_t *buf, size_t *buflen)
|
||||
{
|
||||
return (src->sa_family==AF_INET && dst->sa_family==AF_INET) ?
|
||||
prepare_tcp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,tcp_flags,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,fooling,data,len,buf,buflen) :
|
||||
prepare_tcp_segment4((struct sockaddr_in *)src,(struct sockaddr_in *)dst,tcp_flags,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,fooling,badseq_increment,badseq_ack_increment,data,len,buf,buflen) :
|
||||
(src->sa_family==AF_INET6 && dst->sa_family==AF_INET6) ?
|
||||
prepare_tcp_segment6((struct sockaddr_in6 *)src,(struct sockaddr_in6 *)dst,tcp_flags,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,fooling,data,len,buf,buflen) :
|
||||
prepare_tcp_segment6((struct sockaddr_in6 *)src,(struct sockaddr_in6 *)dst,tcp_flags,nseq,nack_seq,nwsize,scale_factor,timestamps,ttl,fooling,badseq_increment,badseq_ack_increment,data,len,buf,buflen) :
|
||||
false;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user