Do not add hostnames less than 4 characters long

Minor modifications
Implement blacklist.
2025-12-17 21:04:36 +03:00 · 2017-12-17 01:46:32 +03:00 · 2017-12-17 00:28:11 +03:00 · 2017-12-17 00:26:11 +03:00 · 2017-12-16 20:24:40 +03:00 · 2017-12-16 17:53:06 +03:00
10 changed files with 351 additions and 53 deletions
--- a/17
+++ b/17
@@ -1,14 +1,17 @@
-CPREFIX = x86_64-w64-mingw32
+ifndef MSYSTEM
+	CPREFIX = x86_64-w64-mingw32-
+endif
+
 WINDIVERTHEADERS = ../../include
 WINDIVERTLIBS = ../binary

 TARGET = goodbyedpi.exe
-LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
-CC = $(CPREFIX)-gcc
-CCWINDRES = $(CPREFIX)-windres
-CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
+LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32
+CC = $(CPREFIX)gcc
+CCWINDRES = $(CPREFIX)windres
+CFLAGS = -Wall -Wextra -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
         -O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-LDFLAGS = -pie
+LDFLAGS = -Wl,-O1,--sort-common,--as-needed

 .PHONY: default all clean

@@ -27,7 +30,7 @@ manifest:
 .PRECIOUS: $(TARGET) $(OBJECTS)

 $(TARGET): $(OBJECTS)
-	$(CC) $(OBJECTS) -Wall $(LIBS) -s -o $@
+	$(CC) $(OBJECTS) -Wall $(LDFLAGS) $(LIBS) -s -o $@

 clean:
 	-rm -f *.o
--- a/README.md
+++ b/README.md
@@ -21,9 +21,12 @@ Usage: goodbyedpi.exe [OPTION...]
 -e [value]  set HTTPS fragmentation to value
 -a          additional space between Method and Request-URI (enables -s, may break sites)
 -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)
- --port      additional TCP port to perform fragmentation on (and HTTP tricks with -w)
- --dns-addr  redirect UDP DNS requests to the supplied IP address (experimental)
- --dns-port  redirect UDP DNS requests to the supplied port (53 by default)
+ --port      [value]    additional TCP port to perform fragmentation on (and HTTP tricks with -w)
+ --dns-addr  [value]    redirect UDP DNS requests to the supplied IP address (experimental)
+ --dns-port  [value]    redirect UDP DNS requests to the supplied port (53 by default)
+ --dns-verb             print verbose DNS redirection messages
+ --blacklist [txtfile]  perform HTTP tricks only to host names and subdomains from
+                        supplied text file. This option can be supplied multiple times.

 -1          -p -r -s -f 2 -e 2 (most compatible mode, default)
 -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)
@@ -65,11 +68,11 @@ This project can be build using **GNU Make** and [**mingw**](https://mingw-w64.o

 To build x86 exe run:

-`make CPREFIX=i686-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`
+`make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`

 And for x86_64:

-`make CPREFIX=x86_64-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`
+`make CPREFIX=x86_64-w64-mingw32- WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`

 # How to install as Windows Service

--- a/blackwhitelist.c
+++ b/blackwhitelist.c
@@ -0,0 +1,110 @@
+/*
+ * Blacklist for GoodbyeDPI HTTP DPI circumvention tricks
+ *
+ * This is a simple domain hash table.
+ * Domain records are added from a text file, where every
+ * domain is separated with a new line.
+ */
+#include <windows.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "uthash.h"
+#include "getline.h"
+
+typedef struct blackwhitelist_record {
+    const char *host;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} blackwhitelist_record_t;
+
+static blackwhitelist_record_t *blackwhitelist = NULL;
+
+static int check_get_hostname(const char *host) {
+    blackwhitelist_record_t *tmp_record = NULL;
+    if (!blackwhitelist) return FALSE;
+
+    HASH_FIND_STR(blackwhitelist, host, tmp_record);
+    if (tmp_record) {
+        debug("check_get_hostname found host\n");
+        return TRUE;
+    }
+    debug("check_get_hostname host not found\n");
+    return FALSE;
+}
+
+static int add_hostname(const char *host) {
+    if (!host)
+        return FALSE;
+
+    int host_len = strlen(host);
+
+    blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
+    char *host_c = malloc(host_len + 1);
+
+    if (!check_get_hostname(host)) {
+        strncpy(host_c, host, host_len);
+        host_c[host_len] = '\0';
+        tmp_record->host = host_c;
+        HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host,
+                        strlen(tmp_record->host), tmp_record);
+        debug("Added host %s\n", host_c);
+        return TRUE;
+    }
+    debug("Not added host %s\n", host);
+    free(tmp_record);
+    free(host_c);
+    return FALSE;
+}
+
+int blackwhitelist_load_list(const char *filename) {
+    char *line = malloc(HOST_MAXLEN + 1);
+    size_t linelen = HOST_MAXLEN + 1;
+    int cnt = 0;
+    ssize_t read;
+
+    FILE *fp = fopen(filename, "r");
+    if (!fp) return FALSE;
+
+    while ((read = getline(&line, &linelen, fp)) != -1) {
+        /* works with both \n and \r\n */
+        line[strcspn(line, "\r\n")] = '\0';
+        if (strlen(line) > HOST_MAXLEN) {
+            printf("WARNING: host %s exceeds maximum host length and has not been added\n",
+                line);
+            continue;
+        }
+        if (strlen(line) < 4)
+            continue;
+        if (add_hostname(line))
+            cnt++;
+    }
+    free(line);
+    if (!blackwhitelist) return FALSE;
+    printf("Loaded %d hosts from file %s\n", cnt, filename);
+    fclose(fp);
+    return TRUE;
+}
+
+int blackwhitelist_check_hostname(const char *host_addr, int host_len) {
+    char current_host[HOST_MAXLEN + 1];
+    char *tokenized_host = NULL;
+
+    if (host_len > HOST_MAXLEN) return FALSE;
+    if (host_addr && host_len) {
+        memcpy(current_host, host_addr, host_len);
+        current_host[host_len] = '\0';
+    }
+
+    if (check_get_hostname(current_host))
+            return TRUE;
+
+    tokenized_host = strchr(current_host, '.');
+    while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
+        /* Search hostname only if there is next token */
+        if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
+            return TRUE;
+        tokenized_host = strchr(tokenized_host + 1, '.');
+    }
+
+    debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
+    return FALSE;
+}
--- a/blackwhitelist.h
+++ b/blackwhitelist.h
@@ -0,0 +1,2 @@
+int blackwhitelist_load_list(const char *filename);
+int blackwhitelist_check_hostname(const char *host_addr, int host_len);
--- a/dnsredir.c
+++ b/dnsredir.c
@@ -13,6 +13,7 @@
 #include <windows.h>
 #include <time.h>
 #include <stdio.h>
+#include "goodbyedpi.h"
 #include "dnsredir.h"
 #include "uthash.h"

@@ -21,14 +22,6 @@

 #define DNS_CLEANUP_INTERVAL_SEC 30

-#ifndef debug
-#define debug(...) do {} while (0)
-#endif
-
-#ifndef debug
-#define debug(...) printf(...)
-#endif
-
 /* HACK!
 * uthash uses strlen() for HASH_FIND_STR.
 * We have null bytes in our key, so we can't use strlen()
@@ -50,6 +43,22 @@ typedef struct udp_connrecord {
 static time_t last_cleanup = 0;
 static udp_connrecord_t *conntrack = NULL;

+void flush_dns_cache() {
+    BOOL WINAPI (*DnsFlushResolverCache)();
+
+    HMODULE dnsapi = LoadLibrary("dnsapi.dll");
+    if (dnsapi == NULL)
+    {
+        printf("Can't load dnsapi.dll to flush DNS cache!\n");
+        exit(EXIT_FAILURE);
+    }
+
+    DnsFlushResolverCache = (void*)GetProcAddress(dnsapi, "DnsFlushResolverCache");
+    if (DnsFlushResolverCache == NULL || !DnsFlushResolverCache())
+        printf("Can't flush DNS cache!");
+    FreeLibrary(dnsapi);
+}
+
 inline static void construct_key(const uint32_t srcip, const uint16_t srcport, char *key) {
    debug("Construct key enter\n");
    if (key) {
@@ -92,10 +101,10 @@ static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connr

 static int add_udp_conntrack(const uint32_t srcip, const uint16_t srcport,
                             const uint32_t dstip, const uint16_t dstport) {
-    udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
    if (!(srcip && srcport && dstip && dstport))
        return FALSE;

+    udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
    construct_key(srcip, srcport, tmp_connrecord->key);

    if (!check_get_udp_conntrack_key(tmp_connrecord->key, NULL)) {
@@ -107,6 +116,7 @@ static int add_udp_conntrack(const uint32_t srcip, const uint16_t srcport,
        return TRUE;
    }
    debug("Not added UDP conntrack\n");
+    free(tmp_connrecord);
    return FALSE;
 }

@@ -130,6 +140,20 @@ void dns_cleanup() {
    }
 }

+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing) {
+    if (packet_dataLen < 16) return FALSE;
+
+    if (outgoing && (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
+        (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
+        return TRUE;
+    }
+    else if (!outgoing &&
+        (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
+        return TRUE;
+    }
+    return FALSE;
+}
+
 int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
                        const uint32_t dstip, const uint16_t dstport,
                        const char *packet_data, const UINT packet_dataLen) {
@@ -139,8 +163,7 @@ int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,

    dns_cleanup();

-    if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
-        (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 1)) {
        /* Looks like DNS request */
        debug("trying to add srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
        return add_udp_conntrack(srcip, srcport, dstip, dstport);
@@ -150,7 +173,6 @@ int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
 }

 int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
-                        const uint32_t dstip, const uint16_t dstport,
                        const char *packet_data, const UINT packet_dataLen,
                        conntrack_info_t *conn_info) {

@@ -162,7 +184,7 @@ int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,

    dns_cleanup();

-    if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 0)) {
        /* Looks like DNS response */
        construct_key(srcip, srcport, key);
        if (check_get_udp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
--- a/dnsredir.h
+++ b/dnsredir.h
@@ -8,10 +8,12 @@ typedef struct conntrack_info {
 } conntrack_info_t;

 int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
-                        const uint32_t dstip, const uint16_t dstport,
                        const char *packet_data, const UINT packet_dataLen,
                        conntrack_info_t *conn_info);

 int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
                        const uint32_t dstip, const uint16_t dstport,
                        const char *packet_data, const UINT packet_dataLen);
+
+void flush_dns_cache();
+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing);
--- a/getline.c
+++ b/getline.c
@@ -0,0 +1,92 @@
+/*	$NetBSD: getdelim.c,v 1.2 2015/12/25 20:12:46 joerg Exp $	*/
+/*	NetBSD-src: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp 	*/
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "getline.h"
+
+#if !HAVE_GETDELIM
+
+ssize_t
+getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp)
+{
+	char *ptr, *eptr;
+
+
+	if (*buf == NULL || *bufsiz == 0) {
+		*bufsiz = BUFSIZ;
+		if ((*buf = malloc(*bufsiz)) == NULL)
+			return -1;
+	}
+
+	for (ptr = *buf, eptr = *buf + *bufsiz;;) {
+		int c = fgetc(fp);
+		if (c == -1) {
+			if (feof(fp)) {
+				ssize_t diff = (ssize_t)(ptr - *buf);
+				if (diff != 0) {
+					*ptr = '\0';
+					return diff;
+				}
+			}
+			return -1;
+		}
+		*ptr++ = c;
+		if (c == delimiter) {
+			*ptr = '\0';
+			return ptr - *buf;
+		}
+		if (ptr + 2 >= eptr) {
+			char *nbuf;
+			size_t nbufsiz = *bufsiz * 2;
+			ssize_t d = ptr - *buf;
+			if ((nbuf = realloc(*buf, nbufsiz)) == NULL)
+				return -1;
+			*buf = nbuf;
+			*bufsiz = nbufsiz;
+			eptr = nbuf + nbufsiz;
+			ptr = nbuf + d;
+		}
+	}
+}
+
+#endif
+
+#if !HAVE_GETLINE
+
+ssize_t
+getline(char **buf, size_t *bufsiz, FILE *fp)
+{
+	return getdelim(buf, bufsiz, '\n', fp);
+}
+
+#endif
--- a/getline.h
+++ b/getline.h
@@ -0,0 +1,7 @@
+#if !HAVE_GETDELIM
+ssize_t	getdelim(char **, size_t *, int, FILE *);
+#endif
+
+#if !HAVE_GETLINE
+ssize_t	getline(char **, size_t *, FILE *);
+#endif
--- a/goodbyedpi.c
+++ b/goodbyedpi.c
@@ -10,7 +10,9 @@
 #include <string.h>
 #include <getopt.h>
 #include "windivert.h"
+#include "goodbyedpi.h"
 #include "dnsredir.h"
+#include "blackwhitelist.h"

 #define die() do { printf("Something went wrong!\n" \
    "Make sure you're running this program with administrator privileges\n"); \
@@ -61,10 +63,13 @@ static struct option long_options[] = {
    {"port",      required_argument, 0,  'z' },
    {"dns-addr",  required_argument, 0,  'd' },
    {"dns-port",  required_argument, 0,  'g' },
+    {"dns-verb",  no_argument,       0,  'v' },
+    {"blacklist", required_argument, 0,  'b' },
    {0,           0,                 0,   0  }
 };

-static char *filter_string = "(ip and tcp and "
+static char *filter_string = NULL;
+static char *filter_string_template = "(ip and tcp and "
        "(inbound and (("
         "((ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) or "
         "((tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn)"
@@ -132,7 +137,7 @@ static void deinit_all() {
    }
 }

-static void sigint_handler(int sig) {
+static void sigint_handler(int sig __attribute__((unused))) {
    deinit_all();
    exit(EXIT_SUCCESS);
 }
@@ -203,7 +208,7 @@ static void change_window_size(const char *pkt, int size) {

 /* HTTP method end without trailing space */
 static PVOID find_http_method_end(const char *pkt, int offset) {
-    int i;
+    unsigned int i;
    for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
        if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
            return (char*)pkt + strlen(http_methods[i]) - 1;
@@ -240,7 +245,8 @@ int main(int argc, char *argv[]) {
        do_fragment_https = 0, do_host = 0,
        do_host_removespace = 0, do_additional_space = 0,
        do_http_allports = 0,
-        do_host_mixedcase = 0, do_dns_redirect = 0;
+        do_host_mixedcase = 0, do_dns_redirect = 0,
+        do_dns_verb = 0, do_blacklist = 0;
    int http_fragment_size = 2;
    int https_fragment_size = 2;
    uint32_t dns_addr = 0;
@@ -251,6 +257,11 @@ int main(int argc, char *argv[]) {
    char *hdr_name_addr = NULL, *hdr_value_addr = NULL;
    int hdr_value_len;

+    if (filter_string == NULL) {
+        filter_string = malloc(strlen(filter_string_template) + 1);
+        strcpy(filter_string, filter_string_template);
+    }
+
    printf("GoodbyeDPI: Passive DPI blocker and Active DPI circumvention utility\n");

    if (argc == 1) {
@@ -274,6 +285,7 @@ int main(int argc, char *argv[]) {
                do_passivedpi = do_host = do_host_removespace \
                = do_fragment_https = 1;
                https_fragment_size = 40;
+                break;
            case '4':
                do_passivedpi = do_host = do_host_removespace = 1;
                break;
@@ -319,10 +331,12 @@ int main(int argc, char *argv[]) {
                    printf("Port parameter error!\n");
                    exit(EXIT_FAILURE);
                }
+                if (i != 80 && i != 443)
                    add_filter_str(IPPROTO_TCP, i);
                i = 0;
                break;
            case 'd':
+                if (!do_dns_redirect) {
                    do_dns_redirect = 1;
                    dns_addr = inet_addr(optarg);
                    if (!dns_addr) {
@@ -330,16 +344,36 @@ int main(int argc, char *argv[]) {
                        exit(EXIT_FAILURE);
                    }
                    add_filter_str(IPPROTO_UDP, 53);
+                    flush_dns_cache();
+                }
                break;
            case 'g':
+                if (!do_dns_redirect) {
+                    printf("--dns-port should be used with --dns-addr!\n"
+                        "Make sure you use --dns-addr and pass it before "
+                        "--dns-port\n");
+                    exit(EXIT_FAILURE);
+                }
                dns_port = atoi(optarg);
-                if (dns_port <= 0 || dns_port > 65535) {
+                if (atoi(optarg) <= 0 || atoi(optarg) > 65535) {
                    printf("DNS port parameter error!\n");
                    exit(EXIT_FAILURE);
                }
+                if (dns_port != 53) {
                    add_filter_str(IPPROTO_UDP, dns_port);
+                }
                dns_port = ntohs(dns_port);
                break;
+            case 'v':
+                do_dns_verb = 1;
+                break;
+            case 'b':
+                do_blacklist = 1;
+                if (!blackwhitelist_load_list(optarg)) {
+                    printf("Can't load blacklist from file!\n");
+                    exit(EXIT_FAILURE);
+                }
+                break;
            default:
                printf("Usage: goodbyedpi.exe [OPTION...]\n"
                " -p          block passive DPI\n"
@@ -350,9 +384,12 @@ int main(int argc, char *argv[]) {
                " -f [value]  set HTTP fragmentation to value\n"
                " -e [value]  set HTTPS fragmentation to value\n"
                " -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)\n"
-                " --port      additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n"
-                " --dns-addr  redirect UDP DNS requests to the supplied IP address (experimental)\n"
-                " --dns-port  redirect UDP DNS requests to the supplied port (53 by default)\n"
+                " --port      [value]    additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n"
+                " --dns-addr  [value]    redirect UDP DNS requests to the supplied IP address (experimental)\n"
+                " --dns-port  [value]    redirect UDP DNS requests to the supplied port (53 by default)\n"
+                " --dns-verb             print verbose DNS redirection messages\n"
+                " --blacklist [txtfile]  perform HTTP tricks only to host names and subdomains from\n"
+                "                        supplied text file. This option can be supplied multiple times.\n"
                "\n"
                " -1          -p -r -s -f 2 -e 2 (most compatible mode, default)\n"
                " -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)\n"
@@ -441,11 +478,13 @@ int main(int argc, char *argv[]) {

                    /* Find Host header */
                    if (find_header_and_get_info(packet_data, packet_dataLen,
-                        http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len)) {
+                        http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
+                        hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
+                        (do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1)) {
                        host_addr = hdr_value_addr;
                        host_len = hdr_value_len;

-                        if (do_host_mixedcase && host_len > 0 && host_len <= 253) {
+                        if (do_host_mixedcase) {
                            mix_case(host_addr, host_len);
                            should_recalc_checksum = 1;
                        }
@@ -486,15 +525,15 @@ int main(int argc, char *argv[]) {
                                 *
                                 * Nothing is done if User-Agent header is missing.
                                 */
-                                if (host_len > 0 && host_len <= 253 &&
-                                    useragent_addr && useragent_len > 0) {
+                                if (useragent_addr && useragent_len > 0) {
                                    /* useragent_addr is in the beginning of User-Agent value */

                                    if (useragent_addr > host_addr) {
                                        /* Move one byte to the LEFT from "Host:"
                                        * to the end of User-Agent
                                        */
-                                        memmove(host_addr - 1, host_addr, useragent_len);
+                                        memmove(host_addr - 1, host_addr,
+                                                (PVOID)useragent_addr + useragent_len - (PVOID)host_addr);
                                        host_addr -= 1;
                                        /* Put space in the end of User-Agent header */
                                        *(char*)((PVOID)useragent_addr + useragent_len - 1) = ' ';
@@ -509,13 +548,13 @@ int main(int argc, char *argv[]) {
                                        */
                                        memmove((PVOID)useragent_addr + useragent_len + 1,
                                                (PVOID)useragent_addr + useragent_len,
-                                                useragent_len - 1);
+                                                (PVOID)host_addr - 1 - ((PVOID)useragent_addr + useragent_len));
                                        /* Put space in the end of User-Agent header */
                                        *(char*)((PVOID)useragent_addr + useragent_len) = ' ';
                                        should_recalc_checksum = 1;
                                        //printf("Replaced Host header!\n");
                                    }
-                                } /* if (host_len <= 253 && useragent_addr) */
+                                } /* if (host_len <= HOST_MAXLEN && useragent_addr) */
                            } /* if (find_header_and_get_info http_useragent) */
                        } /* else if (do_host_removespace) */
                    } /* if (find_header_and_get_info http_host) */
@@ -541,12 +580,11 @@ int main(int argc, char *argv[]) {
            }

            /* Else if we got UDP packet with data */
-            else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
+            else if (do_dns_redirect && WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
                NULL, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)) {

                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) {
                    if (dns_handle_incoming(ppIpHdr->DstAddr, ppUdpHdr->DstPort,
-                                        ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
                                        packet_data, packet_dataLen,
                                        &dns_conn_info))
                    {
@@ -558,7 +596,13 @@ int main(int argc, char *argv[]) {
                        should_recalc_checksum = 1;
                    }
                    else {
-                        printf("[DNS] Error handling incoming packet!\n");
+                        if (dns_is_dns_packet(packet_data, packet_dataLen, 0))
+                            should_reinject = 0;
+
+                        if (do_dns_verb && !should_reinject) {
+                            printf("[DNS] Error handling incoming packet: srcport = %hu, dstport = %hu\n",
+                               ntohs(ppUdpHdr->SrcPort), ntohs(ppUdpHdr->DstPort));
+                        }
                    }
                }

@@ -574,7 +618,13 @@ int main(int argc, char *argv[]) {
                        should_recalc_checksum = 1;
                    }
                    else {
-                        printf("[DNS] Error handling outgoing packet!\n");
+                        if (dns_is_dns_packet(packet_data, packet_dataLen, 1))
+                            should_reinject = 0;
+
+                        if (do_dns_verb && !should_reinject) {
+                            printf("[DNS] Error handling outgoing packet: srcport = %hu, dstport = %hu\n",
+                               ntohs(ppUdpHdr->SrcPort), ntohs(ppUdpHdr->DstPort));
+                        }
                    }
                }
            }
--- a/goodbyedpi.h
+++ b/goodbyedpi.h
@@ -0,0 +1,7 @@
+#define HOST_MAXLEN 253
+
+#ifndef DEBUG
+#define debug(...) do {} while (0)
+#else
+#define debug(...) printf(__VA_ARGS__)
+#endif
Author	SHA1	Message	Date
ValdikSS	6827b6ad51	Do not add hostnames less than 4 characters long	2017-12-17 01:46:32 +03:00
ValdikSS	60e87f769a	Minor modifications	2017-12-17 00:28:11 +03:00
ValdikSS	bfed8638e5	Implement blacklist. Only domains and subdomains from the blacklist file would be processed with HTTP modifications. Does not affect HTTPS data.	2017-12-17 00:26:11 +03:00
ValdikSS	72516c0b2b	Add information about --dns-verb option	2017-12-16 20:24:40 +03:00
ValdikSS	f11ca2400c	Fix memory leak in dnsredir	2017-12-16 17:53:06 +03:00
ValdikSS	dd4d6bc5c6	Do not print DNS warnings by default and drop duplicate requests. Windows is known to use all available interfaces for DNS requests, which is handled as a duplicate (retransmission) in dns redirector. It's safe to just drop these duplicates.	2017-12-16 14:30:42 +03:00
R4SAS	30bb1a665a	make it more usable with MSYS and linux MinGW both (#48 ) * make it more usable * update README	2017-12-13 18:13:54 +04:00
ValdikSS	5f231996d4	Fix incorrect host header memmove()s. Fixes #47	2017-12-13 01:42:29 +03:00
ValdikSS	81718f1a53	Small fix for dnsredir	2017-12-10 20:44:50 +03:00
ValdikSS	064cf575b6	Parse DNS packet only when DNS redirection is enabled	2017-12-09 02:36:45 +03:00
ValdikSS	a67f42eebc	Use defined HOST_MAXLEN	2017-12-07 22:38:41 +03:00
ValdikSS	363b2dca37	Flush DNS cache if --dns-addr is used	2017-12-07 22:38:21 +03:00
ValdikSS	1e8835cfe5	Small fixes	2017-12-07 13:03:01 +03:00