Add ByeByeDPI. Closes #823

The main readme shows only the most recently committed features. But it will be more useful for the user to know the functionality of the version he has.

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,81 @@
+name: The program crashes, hangs, certain function does not work / Программа падает, зависает, отдельная функция не работает
+description: File a bug report / Сообщить об ошибке в программе
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ### Carefully read all the text IN FULL. Take this seriously.
+        ### Use this form only for software bug reports! The website does not open? That's likely NOT a bug, do NOT report it here! You have a question regarding the program? That's not a bug either!
+        #### If in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
+        ### Внимательно прочитайте ВЕСЬ текст ниже. Отнеситесь к этому со всей ответственностью.
+        ### Используйте эту форму только для сообщений об ошибках в программе! Неоткрывающиеся сайты таковыми не являются, вопросы по программе к ошибкам не относятся.
+        #### Если у вас есть сомнения, [воспользуйтесь форумом NTC.party](https://ntc.party/c/community-software/goodbyedpi).
+
+        GoodbyeDPI does not guarantee to work with your ISP for every blocked website or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it here.
+
+        Please only report software bugs, such as:
+          * program crash
+          * incorrect network packet handling
+          * antivirus incompatibility
+          * DNS redirection problems
+          * memory leaks
+          * other software issues
+
+        Please make sure to check other opened and closed issues, it could be your bug has been reported already.
+        For questions, or if in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
+
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда!
+        GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу с каждым заблокированным сайтом. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
+
+        Пожалуйста, сообщайте только об ошибках в программе, таких как:
+          * падение программы
+          * некорректная обработка сетевых пакетов
+          * несовместимость с антивирусами
+          * проблемы с перенаправлением DNS
+          * утечки памяти
+          * другие ошибки в программе
+
+        Также посмотрите другие открытые и закрытые баги. Возможно, ошибка уже обсуждалась или исправлена.
+        Для вопросов, а также в случае сомнений в определении бага, обращайтесь [на форум NTC.party](https://ntc.party/c/community-software/goodbyedpi).
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: CAPTCHA
+      description: Confirm that you have read the text above / Подтвердите, что вы прочитали текст выше
+      options:
+        - label: I understand I could be banned from the repository if I misusing issue section not for posting bugs, but for question or 'broken website' report. / Я понимаю, что меня могут заблокировать в репозитории, если я буду использовать раздел issue не для сообщений об ошибках, а для вопросов или сообщении о «неработающем веб-сайте».
+          required: true
+    validations:
+      required: true
+  - type: input
+    id: os
+    attributes:
+      label: Operating system / операционная система
+      description: Enter your Windows version. For Windows 10 and 11 include build/update number.
+      placeholder: ex. Windows 10 20H2
+    validations:
+      required: true
+  - type: dropdown
+    id: is-svc
+    attributes:
+      label: Running as service / Запуск программы как сервис
+      description: Do you use GoodbyeDPI as a Windows Service?
+      options:
+        - I run it as a regular program / Запускаю программу обычным образом
+        - I installed it as a service / Установил как сервис Windows
+    validations:
+      required: true
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe the bug / Опишите ошибку программы
+      description: A clear and concise description of what the bug is / Подробно опишите, в чём заключается ошибка
+      placeholder: Attach the screenshots for clarity / При необходимости приложите скриншоты
+    validations:
+      required: true
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional information / Дополнительная информация
+      description: If you have a hints on why this bug happens, you can express it here / Если у вас есть предположения об источнике бага, вы можете изложить их здесь

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,13 @@
+blank_issues_enabled: false
+contact_links:
+  - name: The program worked yesterday but not today / Программа работала вчера, но перестала работать сегодня
+    url: https://ntc.party/c/community-software/goodbyedpi/8
+    about: Visit support community forum, people will certainly help you! / Посетите форум поддержки, где сообщество вам поможет!
+
+  - name: Сertain website is still unreachable / Отдельный веб-сайт всё ещё недоступен
+    url: https://ntc.party/c/community-software/goodbyedpi/8
+    about: That could be solved with community support! / Проблема будет решена силами сообщества!
+
+  - name: Questions about the program / Вопросы по програме
+    url: https://ntc.party/c/community-software/goodbyedpi/8
+    about: Please ask and answer questions on forum / Пожалуйста, задавайте вопросы только на форуме

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,22 @@
+name:  Feature request / Предложить новую функциональность
+description:  Suggest an idea or function for this project / Предложить новую идею или функциональность в программе
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        If you think of a great function or circumvention method which is missing from the program, go ahead and suggest it here. But first make sure to search exiting tickets.
+        Если вы придумали новую функцию или метод обхода, которого еще нет в программе, напишите о нем подробнее здесь. Но сначала убедитесь с помощью поиска, что такого запроса еще не было.
+  - type: checkboxes
+    id: ensure
+    attributes:
+      label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
+      options:
+        - label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
+          required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe your feature / Опишите ваше предложение
+    validations:
+      required: true

.github/workflows/build.yml

@@ -0,0 +1,81 @@
+name: Build GoodbyeDPI
+
+on:
+  push:
+    paths:
+      - 'src/**'
+  pull_request:
+    paths:
+      - 'src/**'
+  workflow_dispatch:
+
+env:
+  WINDIVERT_URL: https://reqrypt.org/download/WinDivert-2.2.0-D.zip
+  WINDIVERT_NAME: WinDivert-2.2.0-D.zip
+  WINDIVERT_BASENAME: WinDivert-2.2.0-D
+  WINDIVERT_SHA256: 1d461cfdfa7ba88ebcfbb3603b71b703e9f72aba8aeff99a75ce293e6f89d2ba
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Declare short commit variable
+        id: vars
+        run: |
+          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Install MinGW-w64
+        run: >
+          sudo rm /var/lib/man-db/auto-update &&
+          sudo DEBIAN_FRONTEND=noninteractive XZ_DEFAULTS="-T0" XZ_OPT="-T0" eatmydata
+          apt install -y --no-install-recommends gcc-mingw-w64
+
+      - name: Download WinDivert from cache
+        id: windivert-cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env. WINDIVERT_NAME }}
+          key: ${{ env. WINDIVERT_SHA256 }}
+
+      - name: Download WinDivert from the website
+        if: steps.windivert-cache.outputs.cache-hit != 'true'
+        run: >
+          wget ${{ env. WINDIVERT_URL }} &&
+          (echo ${{ env. WINDIVERT_SHA256 }} ${{ env. WINDIVERT_NAME }} | sha256sum -c)
+
+      - name: Unpack WinDivert
+        run: unzip ${{ env. WINDIVERT_NAME }}
+
+      - name: Compile x86_64
+        run: >
+          cd src && make clean &&
+          make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x64 -j4
+
+      - name: Prepare x86_64 directory
+        run: |
+          mkdir goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
+          cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
+
+      - name: Upload output file x86_64
+        uses: actions/upload-artifact@v4
+        with:
+          name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
+          path: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
+
+      - name: Compile i686
+        run: >
+          cd src && make clean &&
+          make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x86 -j4
+
+      - name: Prepare x86 directory
+        run: |
+          mkdir goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
+          cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
+
+      - name: Upload output file x86
+        uses: actions/upload-artifact@v4
+        with:
+          name: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
+          path: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}

.gitignore

@@ -0,0 +1,2 @@
+*.o
+*.exe

README.md

@@ -1,52 +1,115 @@
-GoodbyeDPI — Passive Deep Packet Inspection blocker and Active DPI circumvention utility
+GoodbyeDPI — Deep Packet Inspection circumvention utility
 =========================
 
 This software designed to bypass Deep Packet Inspection systems found in many Internet Service Providers which block access to certain websites.
 
 It handles DPI connected using optical splitter or port mirroring (**Passive DPI**) which do not block any data but just replying faster than requested destination, and **Active DPI** connected in sequence.
 
-**Windows 7, 8, 8.1 and 10** with administrator privileges required.
+**Windows 7, 8, 8.1, 10 or 11** with administrator privileges required.
+
+# Quick start
+
+* **For Russia**: Download [latest version from Releases page](https://github.com/ValdikSS/GoodbyeDPI/releases), unpack the file and run **1_russia_blacklist_dnsredir.cmd** script.
+* For other countries: Download [latest version from Releases page](https://github.com/ValdikSS/GoodbyeDPI/releases), unpack the file and run **2_any_country_dnsredir.cmd**.
+
+These scripts launch GoodbyeDPI in recommended mode with DNS resolver redirection to Yandex DNS on non-standard port (to prevent DNS poisoning).  
+If it works — congratulations! You can use it as-is or configure further.
 
 # How to use
 
 Download [latest version from Releases page](https://github.com/ValdikSS/GoodbyeDPI/releases) and run.
 
+## Supported arguments
+To get relevant information about your version of the program, use the -h (--help) argument at startup.
 ```
 Usage: goodbyedpi.exe [OPTION...]
  -p          block passive DPI
+ -q          block QUIC/HTTP3
  -r          replace Host with hoSt
  -s          remove space between host header and its value
  -m          mix Host header case (test.com -> tEsT.cOm)
- -f [value]  set HTTP fragmentation to value
- -k [value]  enable HTTP persistent (keep-alive) fragmentation and set it to value
+ -f <value>  set HTTP fragmentation to value
+ -k <value>  enable HTTP persistent (keep-alive) fragmentation and set it to value
  -n          do not wait for first segment ACK when -k is enabled
- -e [value]  set HTTPS fragmentation to value
+ -e <value>  set HTTPS fragmentation to value
  -a          additional space between Method and Request-URI (enables -s, may break sites)
  -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)
- --port        [value]    additional TCP port to perform fragmentation on (and HTTP tricks with -w)
- --ip-id       [value]    handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).
+ --port        <value>    additional TCP port to perform fragmentation on (and HTTP tricks with -w)
+ --ip-id       <value>    handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).
                           This option can be supplied multiple times.
- --dns-addr    [value]    redirect UDP DNS requests to the supplied IP address (experimental)
- --dns-port    [value]    redirect UDP DNS requests to the supplied port (53 by default)
- --dnsv6-addr  [value]    redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
- --dnsv6-port  [value]    redirect UDPv6 DNS requests to the supplied port (53 by default)
+ --dns-addr    <value>    redirect UDP DNS requests to the supplied IP address (experimental)
+ --dns-port    <value>    redirect UDP DNS requests to the supplied port (53 by default)
+ --dnsv6-addr  <value>    redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
+ --dnsv6-port  <value>    redirect UDPv6 DNS requests to the supplied port (53 by default)
  --dns-verb               print verbose DNS redirection messages
- --blacklist   [txtfile]  perform HTTP tricks only to host names and subdomains from
-                          supplied text file. This option can be supplied multiple times.
+ --blacklist   <txtfile>  perform circumvention tricks only to host names and subdomains from
+                          supplied text file (HTTP Host/TLS SNI).
+                          This option can be supplied multiple times.
+ --allow-no-sni           perform circumvention if TLS SNI can't be detected with --blacklist enabled.
+ --frag-by-sni            if SNI is detected in TLS packet, fragment the packet right before SNI value.
+ --set-ttl     <value>    activate Fake Request Mode and send it with supplied TTL value.
+                          DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).
+ --auto-ttl    [a1-a2-m]  activate Fake Request Mode, automatically detect TTL and decrease
+                          it based on a distance. If the distance is shorter than a2, TTL is decreased
+                          by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.
+                          If the resulting TTL is more than m(ax), set it to m.
+                          Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3.
+                          DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).
+ --min-ttl     <value>    minimum TTL distance (128/64 - TTL) for which to send Fake Request
+                          in --set-ttl and --auto-ttl modes.
+ --wrong-chksum           activate Fake Request Mode and send it with incorrect TCP checksum.
+                          May not work in a VM or with some routers, but is safer than set-ttl.
+ --wrong-seq              activate Fake Request Mode and send it with TCP SEQ/ACK in the past.
+ --native-frag            fragment (split) the packets by sending them in smaller packets, without
+                          shrinking the Window Size. Works faster (does not slow down the connection)
+                          and better.
+ --reverse-frag           fragment (split) the packets just as --native-frag, but send them in the
+                          reversed order. Works with the websites which could not handle segmented
+                          HTTPS TLS ClientHello (because they receive the TCP flow "combined").
+ --fake-from-hex <value>  Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).
+                          This option can be supplied multiple times, in this case each fake packet
+                          would be sent on every request in the command line argument order.
+ --fake-with-sni <value>  Generate fake packets for Fake Request Mode with given SNI domain name.
+                          The packets mimic Mozilla Firefox 130 TLS ClientHello packet
+                          (with random generated fake SessionID, key shares and ECH grease).
+                          Can be supplied multiple times for multiple fake packets.
+ --fake-gen <value>       Generate random-filled fake packets for Fake Request Mode, value of them
+                          (up to 30).
+ --fake-resend <value>    Send each fake packet value number of times.
+                          Default: 1 (send each packet once).
+ --max-payload [value]    packets with TCP payload data more than [value] won't be processed.
+                          Use this option to reduce CPU usage by skipping huge amount of data
+                          (like file transfers) in already established sessions.
+                          May skip some huge HTTP requests from being processed.
+                          Default (if set): --max-payload 1200.
 
- -1          -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)
+
+LEGACY modesets:
+ -1          -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)
  -2          -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)
  -3          -p -r -s -e 40 (better speed for HTTP and HTTPS)
  -4          -p -r -s (best speed)
+
+Modern modesets (more stable, more compatible, faster):
+ -5          -f 2 -e 2 --auto-ttl --reverse-frag --max-payload
+ -6          -f 2 -e 2 --wrong-seq --reverse-frag --max-payload
+ -7          -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload
+ -8          -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload
+ -9          -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)
+
+ Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.
 ```
+## How to check
+To check if your ISP's DPI could be circumvented, first make sure that your provider does not poison DNS answers by enabling "Secure DNS (DNS over HTTPS)" option in your browser.
 
-To check if your ISP's DPI could be circumvented, run `3_all_dnsredir_hardcore.cmd` first. This is the most hardcore mode which will show if this program is suitable for your ISP and DPI vendor at all. If you can open blocked websites with this mode, it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI.
+* **Chrome**: Settings → [Privacy and security](chrome://settings/security) → Use secure DNS → With: NextDNS
+* **Firefox**: [Settings](about:preferences) → Network Settings → Enable DNS over HTTPS → Use provider: NextDNS
 
-Try `goodbyedpi -1` to see if it works too.
+Then run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.
 
-Then try `goodbyedpi.exe -2`. It should be faster for HTTPS sites. Mode `-3` speed ups HTTP websites.
+If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
 
-Use `goodbyedpi.exe -4` if it works for your ISP's DPI. This is the fastest mode but not compatible with every DPI.
+Check the .cmd scripts and modify it according to your preference and network conditions.
 
 # How does it work
 
@@ -56,7 +119,7 @@ Most Passive DPI send HTTP 302 Redirect if you try to access blocked website ove
 
 ### Active DPI
 
-Active DPI is more tricky to fool. Currently the software uses 6 methods to circumvent Active DPI:
+Active DPI is more tricky to fool. Currently the software uses 7 methods to circumvent Active DPI:
 
 * TCP-level fragmentation for first data packet
 * TCP-level fragmentation for persistent (keep-alive) HTTP sessions
@@ -64,6 +127,7 @@ Active DPI is more tricky to fool. Currently the software uses 6 methods to circ
 * Removing space between header name and value in `Host` header
 * Adding additional space between HTTP Method (GET, POST etc) and URI
 * Mixing case of Host header value
+* Sending fake HTTP/HTTPS packets with low Time-To-Live value, incorrect checksum or incorrect TCP Sequence/Acknowledgement numbers to fool DPI and prevent delivering them to the destination
 
 These methods should not break any website as they're fully compatible with TCP and HTTP standards, yet it's sufficient to prevent DPI data classification and to circumvent censorship. Additional space may break some websites, although it's acceptable by HTTP/1.1 specification (see 19.3 Tolerant Applications).
 
@@ -83,12 +147,32 @@ And for x86_64:
 
 # How to install as Windows Service
 
-Use `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.  
+Check examples in `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.
+
 Modify them according to your own needs.
 
+# Known issues
+
+* Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install KB3033929 [x86](https://www.microsoft.com/en-us/download/details.aspx?id=46078)/[x64](https://www.microsoft.com/en-us/download/details.aspx?id=46148), or better, update the whole system using Windows Update.
+* Intel/Qualcomm Killer network cards: `Advanced Stream Detect` in Killer Control Center is incompatible with GoodbyeDPI, [disable it](https://github.com/ValdikSS/GoodbyeDPI/issues/541#issuecomment-2296038239).
+* QUIK trading software [may interfere with GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI/issues/677#issuecomment-2390595606). First start QUIK, then GoodbyeDPI.
+* ~~Some SSL/TLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https://github.com/ValdikSS/GoodbyeDPI/issues/4), [#64](https://github.com/ValdikSS/GoodbyeDPI/issues/64).~~ Fragmentation issues are fixed in v0.1.7.
+* ~~ESET Antivirus is incompatible with WinDivert driver [#91](https://github.com/ValdikSS/GoodbyeDPI/issues/91). This is most probably antivirus bug, not WinDivert.~~
+
+
 # Similar projects
 
-[zapret](https://github.com/bol-van/zapret) by @bol-van (for Linux).
+- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for MacOS, Linux and Windows)
+- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)
+- **[DPI Tunnel CLI](https://github.com/nomoresat/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
+- **[DPI Tunnel for Android](https://github.com/nomoresat/DPITunnel-android)** by @zhenyolka (for Android)
+- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux)
+- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android)
+- **[SpoofDPI](https://github.com/xvzc/SpoofDPI)** by @xvzc (for macOS and Linux)
+- **[SpoofDPI-Platform](https://github.com/r3pr3ss10n/SpoofDPI-Platform)** by @r3pr3ss10n (for Android, macOS, Windows)
+- **[GhosTCP](https://github.com/macronut/ghostcp)** by @macronut (for Windows)
+- **[ByeDPI](https://github.com/hufrea/byedpi)** for Linux/Windows + **[ByeDPIAndroid](https://github.com/dovecoteescapee/ByeDPIAndroid/)** / **[ByeByeDPI](https://github.com/romanvht/ByeByeDPI/)** for Android (no root)
+- **[youtubeUnblock](https://github.com/Waujito/youtubeUnblock/)** by @Waujito (for OpenWRT/Entware routers and Linux)
 
 # Kudos
 

src/Makefile

@@ -9,26 +9,36 @@ MINGWLIB = /usr/x86_64-w64-mingw32/lib/
 TARGET = goodbyedpi.exe
 # Linking SSP does not work for some reason, the executable doesn't start.
 #LIBS = -L$(WINDIVERTLIBS) -Wl,-Bstatic -lssp -Wl,-Bdynamic -lWinDivert -lws2_32
-LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32
+LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32 -l:libssp.a
 CC = $(CPREFIX)gcc
+
 CCWINDRES = $(CPREFIX)windres
+ifeq (, $(shell which $(CPREFIX)windres))
+	CCWINDRES = windres
+endif
+
 CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
-         -O2 -D_FORTIFY_SOURCE=2 \
-         -Wall -Wextra -Wpedantic -Wformat=2 -Wshadow -Wstrict-aliasing=1 -Werror=format-security \
+         -O2 -D_FORTIFY_SOURCE=2 -fstack-protector \
+         -Wall -Wextra -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 \
+         -Wformat-security -Wno-format-nonliteral -Wshadow -Wstrict-aliasing=1 \
+         -Wnull-dereference -Warray-bounds=2 -Wimplicit-fallthrough=3 \
+         -Wstringop-overflow=4 \
+         -Wformat-signedness -Wstrict-overflow=2 -Wcast-align=strict \
          -Wfloat-equal -Wcast-align -Wsign-conversion \
          #-fstack-protector-strong
-LDFLAGS = -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
--Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base
+LDFLAGS = -fstack-protector -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
+-Wl,--disable-auto-image-base
 
 ifdef BIT64
 	LDFLAGS += -Wl,--high-entropy-va -Wl,--pic-executable,-e,mainCRTStartup
 else
-	LDFLAGS += -Wl,--pic-executable,-e,_mainCRTStartup
+	CFLAGS += -m32
+	LDFLAGS += -Wl,--pic-executable,-e,_mainCRTStartup -m32
 endif
 
 .PHONY: default all clean
 
-default: manifest $(TARGET)
+default: $(TARGET)
 all: default
 
 OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c utils/*.c)) goodbyedpi-rc.o
@@ -37,7 +47,7 @@ HEADERS = $(wildcard *.h utils/*.h)
 %.o: %.c $(HEADERS)
 	$(CC) $(CFLAGS) -c $< -o $@
 
-manifest:
+goodbyedpi-rc.o:
 	$(CCWINDRES) goodbyedpi-rc.rc goodbyedpi-rc.o
 
 .PRECIOUS: $(TARGET) $(OBJECTS)

src/blackwhitelist.c

@@ -35,14 +35,11 @@ static int add_hostname(const char *host) {
     if (!host)
         return FALSE;
 
-    int host_len = strlen(host);
-
     blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
-    char *host_c = malloc(host_len + 1);
+    char *host_c = NULL;
 
     if (!check_get_hostname(host)) {
-        strncpy(host_c, host, host_len);
-        host_c[host_len] = '\0';
+        host_c = strdup(host);
         tmp_record->host = host_c;
         HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host,
                         strlen(tmp_record->host), tmp_record);
@@ -51,6 +48,7 @@ static int add_hostname(const char *host) {
     }
     debug("Not added host %s\n", host);
     free(tmp_record);
+    if (host_c)
         free(host_c);
     return FALSE;
 }
@@ -72,8 +70,10 @@ int blackwhitelist_load_list(const char *filename) {
                 line);
             continue;
         }
-        if (strlen(line) < 4)
+        if (strlen(line) < 2) {
+            printf("WARNING: host %s is less than 2 characters, skipping\n", line);
             continue;
+        }
         if (add_hostname(line))
             cnt++;
     }
@@ -84,7 +84,7 @@ int blackwhitelist_load_list(const char *filename) {
     return TRUE;
 }
 
-int blackwhitelist_check_hostname(const char *host_addr, int host_len) {
+int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
     char current_host[HOST_MAXLEN + 1];
     char *tokenized_host = NULL;
 
@@ -99,8 +99,7 @@ int blackwhitelist_check_hostname(const char *host_addr, int host_len) {
 
     tokenized_host = strchr(current_host, '.');
     while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
-        /* Search hostname only if there is next token */
-        if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
+        if (check_get_hostname(tokenized_host + 1))
             return TRUE;
         tokenized_host = strchr(tokenized_host + 1, '.');
     }

src/blackwhitelist.h

@@ -1,2 +1,2 @@
 int blackwhitelist_load_list(const char *filename);
-int blackwhitelist_check_hostname(const char *host_addr, int host_len);
+int blackwhitelist_check_hostname(const char *host_addr, size_t host_len);

src/dnsredir.c

@@ -44,7 +44,7 @@ static time_t last_cleanup = 0;
 static udp_connrecord_t *conntrack = NULL;
 
 void flush_dns_cache() {
-    BOOL WINAPI (*DnsFlushResolverCache)();
+    INT_PTR WINAPI (*DnsFlushResolverCache)();
 
     HMODULE dnsapi = LoadLibrary("dnsapi.dll");
     if (dnsapi == NULL)
@@ -53,7 +53,7 @@ void flush_dns_cache() {
         exit(EXIT_FAILURE);
     }
 
-    DnsFlushResolverCache = (void*)GetProcAddress(dnsapi, "DnsFlushResolverCache");
+    DnsFlushResolverCache = GetProcAddress(dnsapi, "DnsFlushResolverCache");
     if (DnsFlushResolverCache == NULL || !DnsFlushResolverCache())
         printf("Can't flush DNS cache!");
     FreeLibrary(dnsapi);
@@ -89,7 +89,7 @@ inline static void fill_data_from_key(uint8_t *is_ipv6, uint32_t srcip[4], uint1
 }
 
 inline static void construct_key(const uint32_t srcip[4], const uint16_t srcport,
-                                 char *key, int is_ipv6)
+                                 char *key, const uint8_t is_ipv6)
 {
     debug("Construct key enter\n");
     if (key) {
@@ -135,7 +135,7 @@ static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connr
 
 static int add_udp_conntrack(const uint32_t srcip[4], const uint16_t srcport,
                              const uint32_t dstip[4], const uint16_t dstport,
-                             const int is_ipv6
+                             const uint8_t is_ipv6
                             )
 {
     if (!(srcip && srcport && dstip && dstport))

src/dnsredir.h

@@ -1,3 +1,5 @@
+#ifndef _DNSREDIR_H
+#define _DNSREDIR_H
 #include <stdint.h>
 
 typedef struct conntrack_info {
@@ -34,3 +36,4 @@ int dns_handle_outgoing(const uint32_t srcip[4], const uint16_t srcport,
 
 void flush_dns_cache();
 int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing);
+#endif

src/fakepackets.c

@@ -0,0 +1,441 @@
+#include <stdio.h>
+#define _CRT_RAND_S
+#include <stdlib.h>
+#include <stdbool.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <in6addr.h>
+#include <ws2tcpip.h>
+#include "windivert.h"
+#include "goodbyedpi.h"
+
+struct fake_t {
+    const unsigned char* data;
+    size_t size;
+};
+
+static struct fake_t *fakes[30] = {0};
+int fakes_count = 0;
+int fakes_resend = 1;
+
+static const unsigned char fake_http_request[] = "GET / HTTP/1.1\r\nHost: www.w3.org\r\n"
+                                                 "User-Agent: curl/7.65.3\r\nAccept: */*\r\n"
+                                                 "Accept-Encoding: deflate, gzip, br\r\n\r\n";
+static const unsigned char fake_https_request[] = {
+    0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x9a, 0x8f, 0xa7, 0x6a, 0x5d,
+    0x57, 0xf3, 0x62, 0x19, 0xbe, 0x46, 0x82, 0x45, 0xe2, 0x59, 0x5c, 0xb4, 0x48, 0x31, 0x12, 0x15,
+    0x14, 0x79, 0x2c, 0xaa, 0xcd, 0xea, 0xda, 0xf0, 0xe1, 0xfd, 0xbb, 0x20, 0xf4, 0x83, 0x2a, 0x94,
+    0xf1, 0x48, 0x3b, 0x9d, 0xb6, 0x74, 0xba, 0x3c, 0x81, 0x63, 0xbc, 0x18, 0xcc, 0x14, 0x45, 0x57,
+    0x6c, 0x80, 0xf9, 0x25, 0xcf, 0x9c, 0x86, 0x60, 0x50, 0x31, 0x2e, 0xe9, 0x00, 0x22, 0x13, 0x01,
+    0x13, 0x03, 0x13, 0x02, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x2c, 0xc0, 0x30,
+    0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f, 0x00, 0x35,
+    0x01, 0x00, 0x01, 0x91, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x0d, 0x00, 0x00, 0x0a, 0x77, 0x77, 0x77,
+    0x2e, 0x77, 0x33, 0x2e, 0x6f, 0x72, 0x67, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00,
+    0x00, 0x0a, 0x00, 0x0e, 0x00, 0x0c, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, 0x00,
+    0x01, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e,
+    0x00, 0x0c, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x00, 0x05,
+    0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x1d, 0x00,
+    0x20, 0xb0, 0xe4, 0xda, 0x34, 0xb4, 0x29, 0x8d, 0xd3, 0x5c, 0x70, 0xd3, 0xbe, 0xe8, 0xa7, 0x2a,
+    0x6b, 0xe4, 0x11, 0x19, 0x8b, 0x18, 0x9d, 0x83, 0x9a, 0x49, 0x7c, 0x83, 0x7f, 0xa9, 0x03, 0x8c,
+    0x3c, 0x00, 0x17, 0x00, 0x41, 0x04, 0x4c, 0x04, 0xa4, 0x71, 0x4c, 0x49, 0x75, 0x55, 0xd1, 0x18,
+    0x1e, 0x22, 0x62, 0x19, 0x53, 0x00, 0xde, 0x74, 0x2f, 0xb3, 0xde, 0x13, 0x54, 0xe6, 0x78, 0x07,
+    0x94, 0x55, 0x0e, 0xb2, 0x6c, 0xb0, 0x03, 0xee, 0x79, 0xa9, 0x96, 0x1e, 0x0e, 0x98, 0x17, 0x78,
+    0x24, 0x44, 0x0c, 0x88, 0x80, 0x06, 0x8b, 0xd4, 0x80, 0xbf, 0x67, 0x7c, 0x37, 0x6a, 0x5b, 0x46,
+    0x4c, 0xa7, 0x98, 0x6f, 0xb9, 0x22, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
+    0x02, 0x03, 0x01, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08,
+    0x04, 0x08, 0x05, 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x03, 0x02, 0x01, 0x00,
+    0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x1c, 0x00, 0x02, 0x40, 0x01, 0x00, 0x15, 0x00, 0x96, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+// Captured from Firefox 130.0.1
+static const unsigned char fake_clienthello_part0[] = { // 116 bytes
+    // TLS 1.2 ClientHello header (DD for length placeholder)
+    0x16, 0x03, 0x01, 0xDD, 0xDD, 0x01, 0x00, 0xDD, 0xDD, 0x03, 0x03,
+    // Random bytes (AA for placeholder)
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    // Random Session ID
+    0x20,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    // Cipher Suites
+    0x00, 0x22, 0x13, 0x01, 0x13, 0x03, 0x13, 0x02, 0xC0, 0x2B, 0xC0, 0x2F, 0xCC, 0xA9, 0xCC, 0xA8,
+    0xC0, 0x2C, 0xC0, 0x30, 0xC0, 0x0A, 0xC0, 0x09, 0xC0, 0x13, 0xC0, 0x14, 0x00, 0x9C, 0x00, 0x9D,
+    0x00, 0x2F, 0x00, 0x35,
+    // Compression Methods
+    0x01, 0x00,
+    // Extensions Length
+    0xDD, 0xDD,
+};
+// SNI: 00 00 L1 L1 L2 L2 00 L3 L3 (sni)
+// L1 = L+5, L2 = L+3, L3 = L // 9 + L bytes
+static const unsigned char fake_clienthello_part1[] = { // 523 bytes
+    // extended_master_secret
+    0x00, 0x17, 0x00, 0x00,
+    // renegotiation_info
+    0xFF, 0x01, 0x00, 0x01, 0x00,
+     // supported_groups
+    0x00, 0x0A, 0x00, 0x0E,
+    0x00, 0x0C, 0x00, 0x1D, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, 0x00, 0x01, 0x01,
+    // ex_point_formats
+    0x00, 0x0B, 0x00, 0x02, 0x01, 0x00,
+    // session_ticket
+    0x00, 0x23, 0x00, 0x00,
+     // ALPN
+    0x00, 0x10, 0x00, 0x0E,
+    0x00, 0x0C, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2F, 0x31, 0x2E, 0x31,
+    // status_request
+    0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00,
+    // delegated_credentials
+    0x00, 0x22, 0x00, 0x0A, 0x00, 0x08, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03,
+    // key_share
+    0x00, 0x33, 0x00, 0x6B, 0x00, 0x69, 0x00, 0x1D, 0x00, 0x20,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0x00, 0x17, 0x00, 0x41, 0x04,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    // supported_versions
+    0x00, 0x2B, 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03,
+    // signature_algorithms
+    0x00, 0x0D, 0x00, 0x18, 0x00, 0x16, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08, 0x04, 0x08, 0x05,
+    0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x03, 0x02, 0x01,
+    // psk_key_exchange_modes
+    0x00, 0x2D, 0x00, 0x02, 0x01, 0x01,
+    // record_size_limit
+    0x00, 0x1C, 0x00, 0x02, 0x40, 0x01,
+    // encrypted_client_hello
+    0xFE, 0x0D, 0x01, 0x19, 0x00, 0x00, 0x01, 0x00, 0x01, 0xAA, 0x00, 0x20,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0x00, 0xEF,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
+};
+// JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0
+// JA4_r: t13d1715h2_002f,0035,009c,009d,1301,1302,1303,c009,c00a,c013,c014,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0017,001c,0022,0023,002b,002d,0033,fe0d,ff01_0403,0503,0603,0804,0805,0806,0401,0501,0601,0203,0201
+// JA3 Fullstring: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-65037,29-23-24-25-256-257,0
+// JA3: b5001237acdf006056b409cc433726b0
+
+static int send_fake_data(const HANDLE w_filter,
+                          const PWINDIVERT_ADDRESS addr,
+                          const char *pkt,
+                          const UINT packetLen,
+                          const BOOL is_ipv6,
+                          const BOOL is_https,
+                          const BYTE set_ttl,
+                          const BYTE set_checksum,
+                          const BYTE set_seq,
+                          const struct fake_t *fake_data
+                         ) {
+    char packet_fake[MAX_PACKET_SIZE];
+    WINDIVERT_ADDRESS addr_new;
+    PVOID packet_data;
+    UINT packet_dataLen;
+    UINT packetLen_new;
+    PWINDIVERT_IPHDR ppIpHdr;
+    PWINDIVERT_IPV6HDR ppIpV6Hdr;
+    PWINDIVERT_TCPHDR ppTcpHdr;
+    unsigned const char *fake_request_data = is_https ? fake_https_request : fake_http_request;
+    UINT fake_request_size = is_https ? sizeof(fake_https_request) : sizeof(fake_http_request) - 1;
+    if (fake_data) {
+        fake_request_data = fake_data->data;
+        fake_request_size = fake_data->size;
+    }
+
+    memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
+    memcpy(packet_fake, pkt, packetLen);
+
+    addr_new.TCPChecksum = 0;
+    addr_new.IPChecksum = 0;
+
+    if (!is_ipv6) {
+        // IPv4 TCP Data packet
+        if (!WinDivertHelperParsePacket(packet_fake, packetLen, &ppIpHdr,
+            NULL, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
+            NULL, NULL))
+            return 1;
+    }
+    else {
+        // IPv6 TCP Data packet
+        if (!WinDivertHelperParsePacket(packet_fake, packetLen, NULL,
+            &ppIpV6Hdr, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
+            NULL, NULL))
+            return 1;
+    }
+
+    if (packetLen + fake_request_size + 1 > MAX_PACKET_SIZE)
+        return 2;
+
+    memcpy(packet_data, fake_request_data, fake_request_size);
+    packetLen_new = packetLen - packet_dataLen + fake_request_size;
+
+    if (!is_ipv6) {
+        ppIpHdr->Length = htons(
+            ntohs(ppIpHdr->Length) -
+            packet_dataLen + fake_request_size
+        );
+
+        if (set_ttl)
+            ppIpHdr->TTL = set_ttl;
+    }
+    else {
+        ppIpV6Hdr->Length = htons(
+            ntohs(ppIpV6Hdr->Length) -
+            packet_dataLen + fake_request_size
+        );
+
+        if (set_ttl)
+            ppIpV6Hdr->HopLimit = set_ttl;
+    }
+
+    if (set_seq) {
+        // This is the smallest ACK drift Linux can't handle already, since at least v2.6.18.
+        // https://github.com/torvalds/linux/blob/v2.6.18/net/netfilter/nf_conntrack_proto_tcp.c#L395
+        ppTcpHdr->AckNum = htonl(ntohl(ppTcpHdr->AckNum) - 66000);
+        // This is just random, no specifics about this value.
+        ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) - 10000);
+    }
+
+    // Recalculate the checksum
+    WinDivertHelperCalcChecksums(packet_fake, packetLen_new, &addr_new, 0ULL);
+
+    if (set_checksum) {
+        // ...and damage it
+        ppTcpHdr->Checksum = htons(ntohs(ppTcpHdr->Checksum) - 1);
+    }
+    //printf("Pseudo checksum: %d\n", addr_new.TCPChecksum);
+
+    WinDivertSend(
+        w_filter, packet_fake,
+        packetLen_new,
+        NULL, &addr_new
+    );
+    debug("Fake packet: OK");
+
+    return 0;
+}
+
+static int send_fake_request(const HANDLE w_filter,
+                                  const PWINDIVERT_ADDRESS addr,
+                                  const char *pkt,
+                                  const UINT packetLen,
+                                  const BOOL is_ipv6,
+                                  const BOOL is_https,
+                                  const BYTE set_ttl,
+                                  const BYTE set_checksum,
+                                  const BYTE set_seq,
+                                  const struct fake_t *fake_data
+                                 ) {
+    if (set_ttl) {
+        send_fake_data(w_filter, addr, pkt, packetLen,
+                          is_ipv6, is_https,
+                          set_ttl, FALSE, FALSE,
+                          fake_data);
+    }
+    if (set_checksum) {
+        send_fake_data(w_filter, addr, pkt, packetLen,
+                          is_ipv6, is_https,
+                          FALSE, set_checksum, FALSE,
+                          fake_data);
+    }
+    if (set_seq) {
+        send_fake_data(w_filter, addr, pkt, packetLen,
+                          is_ipv6, is_https,
+                          FALSE, FALSE, set_seq,
+                          fake_data);
+    }
+    return 0;
+}
+
+int send_fake_http_request(const HANDLE w_filter,
+                                  const PWINDIVERT_ADDRESS addr,
+                                  const char *pkt,
+                                  const UINT packetLen,
+                                  const BOOL is_ipv6,
+                                  const BYTE set_ttl,
+                                  const BYTE set_checksum,
+                                  const BYTE set_seq
+                                 ) {
+    int ret = 0;
+    for (int i=0; i<fakes_count || i == 0; i++) {
+        for (int j=0; j<fakes_resend; j++)
+            if (send_fake_request(w_filter, addr, pkt, packetLen,
+                            is_ipv6, FALSE,
+                            set_ttl, set_checksum, set_seq,
+                            fakes[i]))
+            {
+                ret++;
+            }
+    }
+    return ret;
+}
+
+int send_fake_https_request(const HANDLE w_filter,
+                                   const PWINDIVERT_ADDRESS addr,
+                                   const char *pkt,
+                                   const UINT packetLen,
+                                   const BOOL is_ipv6,
+                                   const BYTE set_ttl,
+                                   const BYTE set_checksum,
+                                   const BYTE set_seq
+                                 ) {
+    int ret = 0;
+    for (int i=0; i<fakes_count || i == 0; i++) {
+        for (int j=0; j<fakes_resend; j++)
+            if (send_fake_request(w_filter, addr, pkt, packetLen,
+                          is_ipv6, TRUE,
+                          set_ttl, set_checksum, set_seq,
+                          fakes[i]))
+            {
+                ret++;
+            }
+    }
+    return ret;
+}
+
+static int fake_add(const unsigned char *data, size_t size) {
+    struct fake_t *fake = malloc(sizeof(struct fake_t));
+    fake->size = size;
+    fake->data = data;
+
+    for (size_t k = 0; k <= sizeof(fakes) / sizeof(*fakes); k++) {
+        if (!fakes[k]) {
+            fakes[k] = fake;
+            fakes_count++;
+            return 0;
+        }
+    }
+    return 3;
+}
+
+int fake_load_from_hex(const char *data) {
+    size_t len = strlen(data);
+    if (len < 2 || len % 2 || len > (1420 * 2))
+        return 1;
+
+    unsigned char *finaldata = calloc((len + 2) / 2, 1);
+
+    for (size_t i = 0; i<len - 1; i+=2) {
+        char num1 = data[i];
+        char num2 = data[i+1];
+        debug("Current num1: %X, num2: %X\n", num1, num2);
+        unsigned char finalchar = 0;
+        char curchar = num1;
+
+        for (int j=0; j<=1; j++) {
+            if (curchar >= '0' && curchar <= '9')
+                curchar -= '0';
+            else if (curchar >= 'a' && curchar <= 'f')
+                curchar -= 'a' - 0xA;
+            else if (curchar >= 'A' && curchar <= 'F')
+                curchar -= 'A' - 0xA;
+            else
+                return 2; // incorrect character, not a hex data
+
+            if (!j) {
+                num1 = curchar;
+                curchar = num2;
+                continue;
+            }
+            num2 = curchar;
+        }
+        debug("Processed num1: %X, num2: %X\n", num1, num2);
+        finalchar = (num1 << 4) | num2;
+        debug("Final char: %X\n", finalchar);
+        finaldata[i/2] = finalchar;
+    }
+
+    return fake_add(finaldata, len / 2);
+}
+
+int fake_load_random(unsigned int count, unsigned int maxsize) {
+    if (count < 1 || count > sizeof(fakes) / sizeof(*fakes))
+        return 1;
+
+    unsigned int random = 0;
+
+    for (unsigned int i=0; i<count; i++) {
+        unsigned int len = 0;
+        if (rand_s(&len))
+            return 1;
+        len = 8 + (len % maxsize);
+
+        unsigned char *data = calloc(len, 1);
+        for (unsigned int j=0; j<len; j++) {
+            rand_s(&random);
+            data[j] = random % 0xFF;
+        }
+        if (fake_add(data, len))
+            return 2;
+    }
+    return 0;
+}
+
+void set_uint16be(unsigned char *buffer, int offset, int value) {
+    buffer[offset] = (value >> 8) & 0xFF;
+    buffer[offset + 1] = value & 0xFF;
+}
+
+int fake_load_from_sni(const char *domain_name) {
+    if (!domain_name) {
+        return 1; // just extra safeguard against NPE
+    }
+    // calculate sizes
+    const int name_size = strlen(domain_name);
+    const int part0_size = sizeof(fake_clienthello_part0);
+    const int part1_size = sizeof(fake_clienthello_part1);
+    const int sni_head_size = 9;
+    const int packet_size = part0_size + part1_size + sni_head_size + name_size;
+    // allocate memory
+    unsigned char *packet = malloc(packet_size);
+    // copy major parts of packet
+    memcpy(packet, fake_clienthello_part0, part0_size);
+    memcpy(&packet[part0_size + sni_head_size + name_size], fake_clienthello_part1, part1_size);
+    // replace placeholders with random generated values
+    unsigned int random = 0;
+    for (int i = 0; i < packet_size; i++) {
+        if (packet[i] == 0xAA) {
+            rand_s(&random);
+            packet[i] = random & 0xFF;
+        }
+    }
+    // write size fields into packet
+    set_uint16be(packet, 0x0003, packet_size - 5);
+    set_uint16be(packet, 0x0007, packet_size - 9);
+    set_uint16be(packet, 0x0072, packet_size - 116);
+    // write SNI extension
+    set_uint16be(packet, part0_size + 0, 0x0000);
+    set_uint16be(packet, part0_size + 2, name_size + 5);
+    set_uint16be(packet, part0_size + 4, name_size + 3);
+    packet[part0_size + 6] = 0x00;
+    set_uint16be(packet, part0_size + 7, name_size);
+    memcpy(&packet[part0_size + sni_head_size], domain_name, name_size);
+    // add packet to fakes
+    return fake_add(packet, packet_size);
+}

src/fakepackets.h

@@ -0,0 +1,23 @@
+extern int fakes_count;
+extern int fakes_resend;
+int send_fake_http_request(const HANDLE w_filter,
+                                  const PWINDIVERT_ADDRESS addr,
+                                  const char *pkt,
+                                  const UINT packetLen,
+                                  const BOOL is_ipv6,
+                                  const BYTE set_ttl,
+                                  const BYTE set_checksum,
+                                  const BYTE set_seq
+                                 );
+int send_fake_https_request(const HANDLE w_filter,
+                                   const PWINDIVERT_ADDRESS addr,
+                                   const char *pkt,
+                                   const UINT packetLen,
+                                   const BOOL is_ipv6,
+                                   const BYTE set_ttl,
+                                   const BYTE set_checksum,
+                                   const BYTE set_seq
+                                 );
+int fake_load_from_hex(const char *data);
+int fake_load_from_sni(const char *domain_name);
+int fake_load_random(unsigned int count, unsigned int maxsize);

src/goodbyedpi.h

@@ -1,4 +1,5 @@
 #define HOST_MAXLEN 253
+#define MAX_PACKET_SIZE 9016
 
 #ifndef DEBUG
 #define debug(...) do {} while (0)

src/service.c

@@ -30,7 +30,7 @@ int service_register(int argc, char *argv[])
      */
     if (!service_argc && !service_argv) {
         service_argc = argc;
-        service_argv = malloc(sizeof(void*) * argc);
+        service_argv = calloc((size_t)(argc + 1), sizeof(void*));
         for (i = 0; i < argc; i++) {
             service_argv[i] = strdup(argv[i]);
         }
@@ -71,7 +71,7 @@ void service_main(int argc __attribute__((unused)),
     SetServiceStatus(hStatus, &ServiceStatus);
 
     // Calling main with saved argc & argv
-    ServiceStatus.dwWin32ExitCode = main(service_argc, service_argv);
+    ServiceStatus.dwWin32ExitCode = (DWORD)main(service_argc, service_argv);
     ServiceStatus.dwCurrentState  = SERVICE_STOPPED;
     SetServiceStatus(hStatus, &ServiceStatus);
     return;

src/ttltrack.c

@@ -0,0 +1,252 @@
+/**
+ * TCP (TTL) Connection Tracker for GoodbyeDPI
+ *
+ * Monitors SYN/ACK only, to extract the TTL value of the remote server.
+ *
+ */
+
+#include <windows.h>
+#include <time.h>
+#include <stdio.h>
+#include <math.h>
+#include "goodbyedpi.h"
+#include "ttltrack.h"
+#include "utils/uthash.h"
+
+
+/* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + dstip[16] + srcport[2] + dstport[2]) */
+#define TCP_CONNRECORD_KEY_LEN 37
+
+#define TCP_CLEANUP_INTERVAL_SEC 30
+
+/* HACK!
+ * uthash uses strlen() for HASH_FIND_STR.
+ * We have null bytes in our key, so we can't use strlen()
+ * And since it's always TCP_CONNRECORD_KEY_LEN bytes long,
+ * we don't need to use any string function to determine length.
+ */
+#undef uthash_strlen
+#define uthash_strlen(s) TCP_CONNRECORD_KEY_LEN
+
+typedef struct tcp_connrecord {
+    /* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + dstip[16] + srcport[2] + dstport[2]) */
+    char key[TCP_CONNRECORD_KEY_LEN];
+    time_t time;         /* time when this record was added */
+    uint16_t ttl;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} tcp_connrecord_t;
+
+static time_t last_cleanup = 0;
+static tcp_connrecord_t *conntrack = NULL;
+
+inline static void fill_key_data(char *key, const uint8_t is_ipv6, const uint32_t srcip[4],
+                    const uint32_t dstip[4], const uint16_t srcport, const uint16_t dstport)
+{
+    unsigned int offset = 0;
+
+    if (is_ipv6) {
+        *(uint8_t*)(key) = '6';
+        offset += sizeof(uint8_t);
+        ipv6_copy_addr((uint32_t*)(key + offset), srcip);
+        offset += sizeof(uint32_t) * 4;
+        ipv6_copy_addr((uint32_t*)(key + offset), dstip);
+        offset += sizeof(uint32_t) * 4;
+    }
+    else {
+        *(uint8_t*)(key) = '4';
+        offset += sizeof(uint8_t);
+        ipv4_copy_addr((uint32_t*)(key + offset), srcip);
+        offset += sizeof(uint32_t) * 4;
+        ipv4_copy_addr((uint32_t*)(key + offset), dstip);
+        offset += sizeof(uint32_t) * 4;
+    }
+
+    *(uint16_t*)(key + offset) = srcport;
+    offset += sizeof(srcport);
+    *(uint16_t*)(key + offset) = dstport;
+    offset += sizeof(dstport);
+}
+
+inline static void fill_data_from_key(uint8_t *is_ipv6, uint32_t srcip[4], uint32_t dstip[4],
+                                     uint16_t *srcport, uint16_t *dstport, const char *key)
+{
+    unsigned int offset = 0;
+
+    if (key[0] == '6') {
+        *is_ipv6 = 1;
+        offset += sizeof(uint8_t);
+        ipv6_copy_addr(srcip, (uint32_t*)(key + offset));
+        offset += sizeof(uint32_t) * 4;
+        ipv6_copy_addr(dstip, (uint32_t*)(key + offset));
+        offset += sizeof(uint32_t) * 4;
+    }
+    else {
+        *is_ipv6 = 0;
+        offset += sizeof(uint8_t);
+        ipv4_copy_addr(srcip, (uint32_t*)(key + offset));
+        offset += sizeof(uint32_t) * 4;
+        ipv4_copy_addr(dstip, (uint32_t*)(key + offset));
+        offset += sizeof(uint32_t) * 4;
+    }
+    *srcport = *(uint16_t*)(key + offset);
+    offset += sizeof(*srcport);
+    *dstport = *(uint16_t*)(key + offset);
+    offset += sizeof(*dstport);
+}
+
+inline static void construct_key(const uint32_t srcip[4], const uint32_t dstip[4],
+                                 const uint16_t srcport, const uint16_t dstport,
+                                 char *key, const uint8_t is_ipv6)
+{
+    debug("Construct key enter\n");
+    if (key) {
+        debug("Constructing key\n");
+        fill_key_data(key, is_ipv6, srcip, dstip, srcport, dstport);
+    }
+    debug("Construct key end\n");
+}
+
+inline static void deconstruct_key(const char *key, const tcp_connrecord_t *connrecord,
+                                   tcp_conntrack_info_t *conn_info)
+{
+    debug("Deconstruct key enter\n");
+    if (key && conn_info) {
+        debug("Deconstructing key\n");
+        fill_data_from_key(&conn_info->is_ipv6,
+                           conn_info->srcip, conn_info->dstip,
+                           &conn_info->srcport, &conn_info->dstport,
+                           key);
+
+        conn_info->ttl = connrecord->ttl;
+    }
+    debug("Deconstruct key end\n");
+}
+
+static int check_get_tcp_conntrack_key(const char *key, tcp_connrecord_t **connrecord) {
+    tcp_connrecord_t *tmp_connrecord = NULL;
+    if (!conntrack) return FALSE;
+
+    HASH_FIND_STR(conntrack, key, tmp_connrecord);
+    if (tmp_connrecord) {
+        if (connrecord)
+            *connrecord = tmp_connrecord;
+        debug("check_get_tcp_conntrack_key found key\n");
+        return TRUE;
+    }
+    debug("check_get_tcp_conntrack_key key not found\n");
+    return FALSE;
+}
+
+static int add_tcp_conntrack(const uint32_t srcip[4], const uint32_t dstip[4],
+                             const uint16_t srcport, const uint16_t dstport,
+                             const uint8_t is_ipv6, const uint8_t ttl
+                            )
+{
+    if (!(srcip && srcport && dstip && dstport))
+        return FALSE;
+
+    tcp_connrecord_t *tmp_connrecord = malloc(sizeof(tcp_connrecord_t));
+    construct_key(srcip, dstip, srcport, dstport, tmp_connrecord->key, is_ipv6);
+
+    if (!check_get_tcp_conntrack_key(tmp_connrecord->key, NULL)) {
+        tmp_connrecord->time = time(NULL);
+        tmp_connrecord->ttl = ttl;
+        HASH_ADD_STR(conntrack, key, tmp_connrecord);
+        debug("Added TCP conntrack %u:%hu - %u:%hu\n", srcip[0], ntohs(srcport), dstip[0], ntohs(dstport));
+        return TRUE;
+    }
+    debug("Not added TCP conntrack %u:%hu - %u:%hu\n", srcip[0], ntohs(srcport), dstip[0], ntohs(dstport));
+    free(tmp_connrecord);
+    return FALSE;
+}
+
+static void tcp_cleanup() {
+    tcp_connrecord_t *tmp_connrecord, *tmp_connrecord2 = NULL;
+
+    if (last_cleanup == 0) {
+        last_cleanup = time(NULL);
+        return;
+    }
+
+    if (difftime(time(NULL), last_cleanup) >= TCP_CLEANUP_INTERVAL_SEC) {
+        last_cleanup = time(NULL);
+
+        HASH_ITER(hh, conntrack, tmp_connrecord, tmp_connrecord2) {
+            if (difftime(last_cleanup, tmp_connrecord->time) >= TCP_CLEANUP_INTERVAL_SEC) {
+                HASH_DEL(conntrack, tmp_connrecord);
+                free(tmp_connrecord);
+            }
+        }
+    }
+}
+
+int tcp_handle_incoming(uint32_t srcip[4], uint32_t dstip[4],
+                        uint16_t srcport, uint16_t dstport,
+                        uint8_t is_ipv6, uint8_t ttl)
+{
+    tcp_cleanup();
+
+    debug("trying to add TCP srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return add_tcp_conntrack(srcip, dstip, srcport, dstport, is_ipv6, ttl);
+
+    debug("____tcp_handle_incoming FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return FALSE;
+}
+
+int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
+                        uint16_t srcport, uint16_t dstport,
+                        tcp_conntrack_info_t *conn_info,
+                        uint8_t is_ipv6)
+{
+    char key[TCP_CONNRECORD_KEY_LEN];
+    tcp_connrecord_t *tmp_connrecord = NULL;
+
+    if (!conn_info)
+        return FALSE;
+
+    tcp_cleanup();
+    construct_key(dstip, srcip, dstport, srcport, key, is_ipv6);
+    if (check_get_tcp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
+        /* Connection exists in conntrack, moving on */
+        deconstruct_key(key, tmp_connrecord, conn_info);
+        HASH_DEL(conntrack, tmp_connrecord);
+        free(tmp_connrecord);
+        debug("____tcp_handle_outgoing TRUE: srcport = %hu\n", ntohs(srcport));
+        return TRUE;
+    }
+
+    debug("____tcp_handle_outgoing FALSE: srcport = %hu\n", ntohs(srcport));
+    return FALSE;
+}
+
+int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
+                     const uint8_t autottl2, const uint8_t minhops,
+                     const uint8_t maxttl) {
+    uint8_t nhops = 0;
+    uint8_t ttl_of_fake_packet = 0;
+
+    if (ttl > 98 && ttl < 128) {
+        nhops = 128 - ttl;
+    }
+    else if (ttl > 34 && ttl < 64) {
+        nhops = 64 - ttl;
+    }
+    else {
+        return 0;
+    }
+
+    if (nhops <= autottl1 || nhops < minhops) {
+        return 0;
+    }
+
+    ttl_of_fake_packet = nhops - autottl2;
+    if (ttl_of_fake_packet < autottl2 && nhops <= 9) {
+        ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
+    }
+
+    if (maxttl && ttl_of_fake_packet > maxttl) {
+        ttl_of_fake_packet = maxttl;
+    }
+
+    return ttl_of_fake_packet;
+}

src/ttltrack.h

@@ -0,0 +1,27 @@
+#ifndef _TTLTRACK_H
+#define _TTLTRACK_H
+#include <stdint.h>
+#include "dnsredir.h"
+
+typedef struct tcp_conntrack_info {
+    uint8_t  is_ipv6;
+    uint8_t  ttl;
+    uint32_t srcip[4];
+    uint16_t srcport;
+    uint32_t dstip[4];
+    uint16_t dstport;
+} tcp_conntrack_info_t;
+
+int tcp_handle_incoming(uint32_t srcip[4], uint32_t dstip[4],
+                        uint16_t srcport, uint16_t dstport,
+                        uint8_t is_ipv6, uint8_t ttl);
+
+int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
+                        uint16_t srcport, uint16_t dstport,
+                        tcp_conntrack_info_t *conn_info,
+                        uint8_t is_ipv6);
+
+int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
+                     const uint8_t autottl2, const uint8_t minhops,
+                     const uint8_t maxttl);
+#endif

src/utils/repl_str.c

@@ -46,11 +46,11 @@ char *repl_str(const char *str, const char *from, const char *to) {
 			}
 		}
 
-		pos_cache[count-1] = pstr2 - str;
+		pos_cache[count-1] = (uintptr_t)(pstr2 - str);
 		pstr = pstr2 + fromlen;
 	}
 
-	orglen = pstr - str + strlen(pstr);
+	orglen = (size_t)(pstr - str) + strlen(pstr);
 
 	/* Allocate memory for the post-replacement string. */
 	if (count > 0) {

src/utils/uthash.h

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2003-2017, Troy D. Hanson     http://troydhanson.github.com/uthash/
+Copyright (c) 2003-2021, Troy D. Hanson     http://troydhanson.github.io/uthash/
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -24,12 +24,22 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #ifndef UTHASH_H
 #define UTHASH_H
 
-#define UTHASH_VERSION 2.0.2
+#define UTHASH_VERSION 2.3.0
 
 #include <string.h>   /* memcmp, memset, strlen */
 #include <stddef.h>   /* ptrdiff_t */
 #include <stdlib.h>   /* exit */
 
+#if defined(HASH_DEFINE_OWN_STDINT) && HASH_DEFINE_OWN_STDINT
+/* This codepath is provided for backward compatibility, but I plan to remove it. */
+#warning "HASH_DEFINE_OWN_STDINT is deprecated; please use HASH_NO_STDINT instead"
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+#elif defined(HASH_NO_STDINT) && HASH_NO_STDINT
+#else
+#include <stdint.h>   /* uint8_t, uint32_t */
+#endif
+
 /* These macros use decltype or the earlier __typeof GNU extension.
    As decltype is only available in newer compilers (VS2010 or gcc 4.3+
    when compiling c++ source) this code uses whatever method is needed
@@ -62,23 +72,6 @@ do {
 } while (0)
 #endif
 
-/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */
-#if defined(_WIN32)
-#if defined(_MSC_VER) && _MSC_VER >= 1600
-#include <stdint.h>
-#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__)
-#include <stdint.h>
-#else
-typedef unsigned int uint32_t;
-typedef unsigned char uint8_t;
-#endif
-#elif defined(__GNUC__) && !defined(__VXWORKS__)
-#include <stdint.h>
-#else
-typedef unsigned int uint32_t;
-typedef unsigned char uint8_t;
-#endif
-
 #ifndef uthash_malloc
 #define uthash_malloc(sz) malloc(sz)      /* malloc fcn                      */
 #endif
@@ -88,13 +81,18 @@ typedef unsigned char uint8_t;
 #ifndef uthash_bzero
 #define uthash_bzero(a,n) memset(a,'\0',n)
 #endif
-#ifndef uthash_memcmp
-#define uthash_memcmp(a,b,n) memcmp(a,b,n)
-#endif
 #ifndef uthash_strlen
 #define uthash_strlen(s) strlen(s)
 #endif
 
+#ifndef HASH_FUNCTION
+#define HASH_FUNCTION(keyptr,keylen,hashv) HASH_JEN(keyptr, keylen, hashv)
+#endif
+
+#ifndef HASH_KEYCMP
+#define HASH_KEYCMP(a,b,n) memcmp(a,b,n)
+#endif
+
 #ifndef uthash_noexpand_fyi
 #define uthash_noexpand_fyi(tbl)          /* can be defined to log noexpand  */
 #endif
@@ -136,7 +134,7 @@ typedef unsigned char uint8_t;
 /* calculate the element whose hash handle address is hhp */
 #define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho)))
 /* calculate the hash handle from element address elp */
-#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho)))
+#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle*)(void*)(((char*)(elp)) + ((tbl)->hho)))
 
 #define HASH_ROLLBACK_BKT(hh, head, itemptrhh)                                   \
 do {                                                                             \
@@ -150,7 +148,7 @@ do {
 
 #define HASH_VALUE(keyptr,keylen,hashv)                                          \
 do {                                                                             \
-  HASH_FCN(keyptr, keylen, hashv);                                               \
+  HASH_FUNCTION(keyptr, keylen, hashv);                                          \
 } while (0)
 
 #define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out)                 \
@@ -167,9 +165,12 @@ do {
 
 #define HASH_FIND(hh,head,keyptr,keylen,out)                                     \
 do {                                                                             \
+  (out) = NULL;                                                                  \
+  if (head) {                                                                    \
     unsigned _hf_hashv;                                                          \
     HASH_VALUE(keyptr, keylen, _hf_hashv);                                       \
     HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out);             \
+  }                                                                              \
 } while (0)
 
 #ifdef HASH_BLOOM
@@ -397,7 +398,7 @@ do {
 do {                                                                             \
   IF_HASH_NONFATAL_OOM( int _ha_oomed = 0; )                                     \
   (add)->hh.hashv = (hashval);                                                   \
-  (add)->hh.key = (char*) (keyptr);                                              \
+  (add)->hh.key = (const void*) (keyptr);                                        \
   (add)->hh.keylen = (unsigned) (keylen_in);                                     \
   if (!(head)) {                                                                 \
     (add)->hh.next = NULL;                                                       \
@@ -478,11 +479,20 @@ do {
 
 /* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */
 #define HASH_FIND_STR(head,findstr,out)                                          \
-    HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out)
+do {                                                                             \
+    unsigned _uthash_hfstr_keylen = (unsigned)uthash_strlen(findstr);            \
+    HASH_FIND(hh, head, findstr, _uthash_hfstr_keylen, out);                     \
+} while (0)
 #define HASH_ADD_STR(head,strfield,add)                                          \
-    HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add)
+do {                                                                             \
+    unsigned _uthash_hastr_keylen = (unsigned)uthash_strlen((add)->strfield);    \
+    HASH_ADD(hh, head, strfield[0], _uthash_hastr_keylen, add);                  \
+} while (0)
 #define HASH_REPLACE_STR(head,strfield,add,replaced)                             \
-    HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced)
+do {                                                                             \
+    unsigned _uthash_hrstr_keylen = (unsigned)uthash_strlen((add)->strfield);    \
+    HASH_REPLACE(hh, head, strfield[0], _uthash_hrstr_keylen, add, replaced);    \
+} while (0)
 #define HASH_FIND_INT(head,findint,out)                                          \
     HASH_FIND(hh,head,findint,sizeof(int),out)
 #define HASH_ADD_INT(head,intfield,add)                                          \
@@ -502,7 +512,8 @@ do {
  * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined.
  */
 #ifdef HASH_DEBUG
-#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
+#include <stdio.h>   /* fprintf, stderr */
+#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); exit(-1); } while (0)
 #define HASH_FSCK(hh,head,where)                                                 \
 do {                                                                             \
   struct UT_hash_handle *_thh;                                                   \
@@ -569,13 +580,6 @@ do {
 #define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)
 #endif
 
-/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */
-#ifdef HASH_FUNCTION
-#define HASH_FCN HASH_FUNCTION
-#else
-#define HASH_FCN HASH_JEN
-#endif
-
 /* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */
 #define HASH_BER(key,keylen,hashv)                                               \
 do {                                                                             \
@@ -674,7 +678,8 @@ do {
     case 4:  _hj_i += ( (unsigned)_hj_key[3] << 24 );  /* FALLTHROUGH */         \
     case 3:  _hj_i += ( (unsigned)_hj_key[2] << 16 );  /* FALLTHROUGH */         \
     case 2:  _hj_i += ( (unsigned)_hj_key[1] << 8 );   /* FALLTHROUGH */         \
-    case 1:  _hj_i += _hj_key[0];                                                \
+    case 1:  _hj_i += _hj_key[0];                      /* FALLTHROUGH */         \
+    default: ;                                                                   \
   }                                                                              \
   HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                             \
 } while (0)
@@ -722,6 +727,8 @@ do {
     case 1: hashv += *_sfh_key;                                                  \
             hashv ^= hashv << 10;                                                \
             hashv += hashv >> 1;                                                 \
+            break;                                                               \
+    default: ;                                                                   \
   }                                                                              \
                                                                                  \
   /* Force "avalanching" of final 127 bits */                                    \
@@ -733,87 +740,6 @@ do {
   hashv += hashv >> 6;                                                           \
 } while (0)
 
-#ifdef HASH_USING_NO_STRICT_ALIASING
-/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads.
- * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error.
- * MurmurHash uses the faster approach only on CPU's where we know it's safe.
- *
- * Note the preprocessor built-in defines can be emitted using:
- *
- *   gcc -m64 -dM -E - < /dev/null                  (on gcc)
- *   cc -## a.c (where a.c is a simple test file)   (Sun Studio)
- */
-#if (defined(__i386__) || defined(__x86_64__)  || defined(_M_IX86))
-#define MUR_GETBLOCK(p,i) p[i]
-#else /* non intel */
-#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL)
-#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL)
-#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL)
-#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL)
-#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL))
-#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__))
-#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24))
-#define MUR_TWO_TWO(p)   ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16))
-#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >>  8))
-#else /* assume little endian non-intel */
-#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24))
-#define MUR_TWO_TWO(p)   ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16))
-#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) <<  8))
-#endif
-#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) :           \
-                            (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \
-                             (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) :  \
-                                                      MUR_ONE_THREE(p))))
-#endif
-#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))
-#define MUR_FMIX(_h) \
-do {                 \
-  _h ^= _h >> 16;    \
-  _h *= 0x85ebca6bu; \
-  _h ^= _h >> 13;    \
-  _h *= 0xc2b2ae35u; \
-  _h ^= _h >> 16;    \
-} while (0)
-
-#define HASH_MUR(key,keylen,hashv)                                     \
-do {                                                                   \
-  const uint8_t *_mur_data = (const uint8_t*)(key);                    \
-  const int _mur_nblocks = (int)(keylen) / 4;                          \
-  uint32_t _mur_h1 = 0xf88D5353u;                                      \
-  uint32_t _mur_c1 = 0xcc9e2d51u;                                      \
-  uint32_t _mur_c2 = 0x1b873593u;                                      \
-  uint32_t _mur_k1 = 0;                                                \
-  const uint8_t *_mur_tail;                                            \
-  const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \
-  int _mur_i;                                                          \
-  for (_mur_i = -_mur_nblocks; _mur_i != 0; _mur_i++) {                \
-    _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i);                        \
-    _mur_k1 *= _mur_c1;                                                \
-    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
-    _mur_k1 *= _mur_c2;                                                \
-                                                                       \
-    _mur_h1 ^= _mur_k1;                                                \
-    _mur_h1 = MUR_ROTL32(_mur_h1,13);                                  \
-    _mur_h1 = (_mur_h1*5U) + 0xe6546b64u;                              \
-  }                                                                    \
-  _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4));          \
-  _mur_k1=0;                                                           \
-  switch ((keylen) & 3U) {                                             \
-    case 0: break;                                                     \
-    case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \
-    case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8;  /* FALLTHROUGH */ \
-    case 1: _mur_k1 ^= (uint32_t)_mur_tail[0];                         \
-    _mur_k1 *= _mur_c1;                                                \
-    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
-    _mur_k1 *= _mur_c2;                                                \
-    _mur_h1 ^= _mur_k1;                                                \
-  }                                                                    \
-  _mur_h1 ^= (uint32_t)(keylen);                                       \
-  MUR_FMIX(_mur_h1);                                                   \
-  hashv = _mur_h1;                                                     \
-} while (0)
-#endif  /* HASH_USING_NO_STRICT_ALIASING */
-
 /* iterate over items in a known bucket to find desired item */
 #define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out)               \
 do {                                                                             \
@@ -824,7 +750,7 @@ do {
   }                                                                              \
   while ((out) != NULL) {                                                        \
     if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) {       \
-      if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) {                \
+      if (HASH_KEYCMP((out)->hh.key, keyptr, keylen_in) == 0) {                  \
         break;                                                                   \
       }                                                                          \
     }                                                                            \
@@ -910,12 +836,12 @@ do {
   struct UT_hash_handle *_he_thh, *_he_hh_nxt;                                   \
   UT_hash_bucket *_he_new_buckets, *_he_newbkt;                                  \
   _he_new_buckets = (UT_hash_bucket*)uthash_malloc(                              \
-           2UL * (tbl)->num_buckets * sizeof(struct UT_hash_bucket));            \
+           sizeof(struct UT_hash_bucket) * (tbl)->num_buckets * 2U);             \
   if (!_he_new_buckets) {                                                        \
     HASH_RECORD_OOM(oomed);                                                      \
   } else {                                                                       \
     uthash_bzero(_he_new_buckets,                                                \
-        2UL * (tbl)->num_buckets * sizeof(struct UT_hash_bucket));               \
+        sizeof(struct UT_hash_bucket) * (tbl)->num_buckets * 2U);                \
     (tbl)->ideal_chain_maxlen =                                                  \
        ((tbl)->num_items >> ((tbl)->log2_num_buckets+1U)) +                      \
        ((((tbl)->num_items & (((tbl)->num_buckets*2U)-1U)) != 0U) ? 1U : 0U);    \
@@ -928,7 +854,9 @@ do {
         _he_newbkt = &(_he_new_buckets[_he_bkt]);                                \
         if (++(_he_newbkt->count) > (tbl)->ideal_chain_maxlen) {                 \
           (tbl)->nonideal_items++;                                               \
-          _he_newbkt->expand_mult = _he_newbkt->count / (tbl)->ideal_chain_maxlen; \
+          if (_he_newbkt->count > _he_newbkt->expand_mult * (tbl)->ideal_chain_maxlen) { \
+            _he_newbkt->expand_mult++;                                           \
+          }                                                                      \
         }                                                                        \
         _he_thh->hh_prev = NULL;                                                 \
         _he_thh->hh_next = _he_newbkt->hh_head;                                  \
@@ -1061,7 +989,7 @@ do {
         _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh);                         \
         if (cond(_elt)) {                                                        \
           IF_HASH_NONFATAL_OOM( int _hs_oomed = 0; )                             \
-          _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho);                 \
+          _dst_hh = (UT_hash_handle*)(void*)(((char*)_elt) + _dst_hho);          \
           _dst_hh->key = _src_hh->key;                                           \
           _dst_hh->keylen = _src_hh->keylen;                                     \
           _dst_hh->hashv = _src_hh->hashv;                                       \
@@ -1200,7 +1128,7 @@ typedef struct UT_hash_handle {
    void *next;                       /* next element in app order      */
    struct UT_hash_handle *hh_prev;   /* previous hh in bucket order    */
    struct UT_hash_handle *hh_next;   /* next hh in bucket order        */
-   void *key;                        /* ptr to enclosing struct's key  */
+   const void *key;                  /* ptr to enclosing struct's key  */
    unsigned keylen;                  /* enclosing struct's key len     */
    unsigned hashv;                   /* result of hash-fcn(key)        */
 } UT_hash_handle;