nfqws: --dpi-desync-fake-tcp-mod=seq

nfq/desync.c

@@ -1900,7 +1900,9 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 					uint8_t *fake_data;
 					uint8_t fake_data_buf[FAKE_MAX_TCP];
 					int n=0;
+					uint32_t sequence, sequence0;
 
+					sequence = sequence0 = ntohl(dis->tcp->th_seq);
 					ip_id = IP4_IP_ID_FIX(dis->ip);
 
 					LIST_FOREACH(fake_item, fake, next)
@@ -1919,7 +1921,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 								fake_data = fake_item->data;
 						}
 						pkt1_len = sizeof(pkt1);
-						if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, dis->tcp->th_seq, dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps,
+						if (!prepare_tcp_segment((struct sockaddr *)&src, (struct sockaddr *)&dst, flags_orig, false, 0, htonl(sequence), dis->tcp->th_ack, dis->tcp->th_win, scale_factor, timestamps,
 							DF,ttl_fake,IP4_TOS(dis->ip),ip_id,IP6_FLOW(dis->ip6),
 							dp->desync_fooling_mode,dp->desync_ts_increment,dp->desync_badseq_increment,dp->desync_badseq_ack_increment,
 							fake_data, fake_item->size, pkt1, &pkt1_len))
@@ -1927,7 +1929,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 							reasm_orig_cancel(ctrack);
 							goto send_orig;
 						}
-						DLOG("sending fake[%d] : ", n);
+
+						DLOG("sending fake[%d] seq=+%u : ", n, sequence-sequence0);
 						hexdump_limited_dlog(fake_data,fake_item->size,PKTDATA_MAXDUMP); DLOG("\n");
 						if (!rawsend_rep(dp->desync_repeats,(struct sockaddr *)&dst, desync_fwmark, ifout , pkt1, pkt1_len))
 						{
@@ -1935,6 +1938,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 							goto send_orig;
 						}
 						ip_id=IP4_IP_ID_NEXT(ip_id);
+						if (dp->tcp_mod.seq) sequence += fake_item->size;
 					}
 				}
 				bFake = true;