2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 21:04:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:0.2.2
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
..
compare: 2gW94:openvpn
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

9 Commits
0.2.2 ... openvpn

Author SHA1 Message Date
ValdikSS
404850245e Add manual Github Action trigger 2023-03-29 13:39:15 +03:00
ValdikSS
ecc681a60b OpenVPN detection & fragmentation/fake packet support 2022-07-21 15:16:29 +03:00
ValdikSS
4f18a73239 Print correct set-ttl/auto-ttl mode in the status 2022-03-31 12:15:40 +03:00
ValdikSS
67629fb6ef Disable auto-ttl if set-ttl has been used after auto-ttl 2022-03-31 12:14:03 +03:00
ValdikSS
27a6d256f0 Handle HTTP GET and POST in packets larger than --max-payload 
If --max-payload 1200 is used and there's HTTP request with lots of cookies
which exceed 1200 bytes in size, this packet would have been skipped as
'too large', and the circumvention won't be applied.
Fix this by checking for "GET " or "POST" in the beginning of the packet
regardless of its size.
 2022-03-21 15:17:27 +03:00
ValdikSS
938dce7333 Merge branch 'windivert2' 2022-03-21 15:06:15 +03:00
ValdikSS
68a68aede9 Use WinDivert 2.2.0 for Github Actions building 2022-01-04 15:13:57 +03:00
ValdikSS
4a8f7ac4fb Call WinDivertShutdown on shutdown 2022-01-04 03:14:47 +03:00
ValdikSS
ee4ce8893c Initial support for WinDivert 2.0+ 
This patch adds WinDivert 2.0+ support in a backward-incompatible way.
WinDivert 1.4 won't work after this commit anymore.
 2022-01-03 21:23:40 +03:00
4 changed files with 91 additions and 62 deletions
Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View File

@@ -4,11 +4,13 @@ on:
push: push:
paths: paths:
- 'src/**' - 'src/**'
workflow_dispatch:
env: env:
WINDIVERT_URL: https://www.reqrypt.org/download/WinDivert-1.4.3-A.zip WINDIVERT_URL: https://www.reqrypt.org/download/WinDivert-2.2.0-A.zip
WINDIVERT_NAME: WinDivert-1.4.3-A.zip WINDIVERT_NAME: WinDivert-2.2.0-A.zip
WINDIVERT_SHA256: 4084bc3931f31546d375ed89e3f842776efa46f321ed0adcd32d3972a7d02566 WINDIVERT_BASENAME: WinDivert-2.2.0-A
WINDIVERT_SHA256: 2a7630aac0914746fbc565ac862fa096e3e54233883ac52d17c83107496b7a7f
jobs: jobs:
build: build:
@@ -46,14 +48,14 @@ jobs:
- name: Compile x86_64 - name: Compile x86_64
run: > run: >
cd src && make clean && cd src && make clean &&
make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../WinDivert-1.4.3-A/include WINDIVERTLIBS=../WinDivert-1.4.3-A/x86_64 -j4 make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x64 -j4
- name: Prepare x86_64 directory - name: Prepare x86_64 directory
run: | run: |
mkdir goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }} mkdir goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe WinDivert-1.4.3-A/x86_64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }} cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86_64 (64 bit) - name: Upload output file x86_64
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }} name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
@@ -62,12 +64,12 @@ jobs:
- name: Compile i686 - name: Compile i686
run: > run: >
cd src && make clean && cd src && make clean &&
make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=../WinDivert-1.4.3-A/include WINDIVERTLIBS=../WinDivert-1.4.3-A/x86 -j4 make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x86 -j4
- name: Prepare x86 directory - name: Prepare x86 directory
run: | run: |
mkdir goodbyedpi_x86_${{ steps.vars.outputs.sha_short }} mkdir goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe WinDivert-1.4.3-A/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }} cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86 - name: Upload output file x86
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2

2
src/Makefile
View File

@@ -19,7 +19,7 @@ CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
-Wnull-dereference -Warray-bounds=2 -Wimplicit-fallthrough=3 \ -Wnull-dereference -Warray-bounds=2 -Wimplicit-fallthrough=3 \
-Wstringop-overflow=4 \ -Wstringop-overflow=4 \
-Wformat-signedness -Wstrict-overflow=2 -Wcast-align=strict \ -Wformat-signedness -Wstrict-overflow=2 -Wcast-align=strict \
-Wfloat-equal -Wcast-align -Wsign-conversion \ -Wfloat-equal -Wcast-align -Wsign-conversion -Wno-stringop-overflow -Wno-stringop-overread \
#-fstack-protector-strong #-fstack-protector-strong
LDFLAGS = -fstack-protector -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \ LDFLAGS = -fstack-protector -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
-Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base -Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base

14
src/fakepackets.c
View File

@@ -70,19 +70,21 @@ static int send_fake_data(const HANDLE w_filter,
memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS)); memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
memcpy(packet_fake, pkt, packetLen); memcpy(packet_fake, pkt, packetLen);
addr_new.PseudoTCPChecksum = 0; addr_new.TCPChecksum = 0;
addr_new.PseudoIPChecksum = 0; addr_new.IPChecksum = 0;
if (!is_ipv6) { if (!is_ipv6) {
// IPv4 TCP Data packet // IPv4 TCP Data packet
if (!WinDivertHelperParsePacket(packet_fake, packetLen, &ppIpHdr, if (!WinDivertHelperParsePacket(packet_fake, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) NULL, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
NULL, NULL))
return 1; return 1;
} }
else { else {
// IPv6 TCP Data packet // IPv6 TCP Data packet
if (!WinDivertHelperParsePacket(packet_fake, packetLen, NULL, if (!WinDivertHelperParsePacket(packet_fake, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) &ppIpV6Hdr, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
NULL, NULL))
return 1; return 1;
} }
@@ -126,12 +128,12 @@ static int send_fake_data(const HANDLE w_filter,
// ...and damage it // ...and damage it
ppTcpHdr->Checksum = htons(ntohs(ppTcpHdr->Checksum) - 1); ppTcpHdr->Checksum = htons(ntohs(ppTcpHdr->Checksum) - 1);
} }
//printf("Pseudo checksum: %d\n", addr_new.PseudoTCPChecksum); //printf("Pseudo checksum: %d\n", addr_new.TCPChecksum);
WinDivertSend( WinDivertSend(
w_filter, packet_fake, w_filter, packet_fake,
packetLen_new, packetLen_new,
&addr_new, NULL NULL, &addr_new
); );
debug("Fake packet: OK"); debug("Fake packet: OK");

107
src/goodbyedpi.c
View File

@@ -171,6 +171,7 @@ static struct option long_options[] = {
{"native-frag", no_argument, 0, '*' }, {"native-frag", no_argument, 0, '*' },
{"reverse-frag",no_argument, 0, '(' }, {"reverse-frag",no_argument, 0, '(' },
{"max-payload", optional_argument, 0, '|' }, {"max-payload", optional_argument, 0, '|' },
{"openvpn", no_argument, 0, '#' },
{0, 0, 0, 0 } {0, 0, 0, 0 }
}; };
@@ -216,7 +217,8 @@ static void add_ip_id_str(int id) {
static void add_maxpayloadsize_str(unsigned short maxpayload) { static void add_maxpayloadsize_str(unsigned short maxpayload) {
char *newstr; char *newstr;
const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu : true)"; /* 0x47455420 is "GET ", 0x504F5354 is "POST", big endian. */
const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu or tcp.Payload32[0] == 0x47455420 or tcp.Payload32[0] == 0x504F5354 : true)";
char *addfilter = malloc(strlen(maxpayloadsize_str) + 16); char *addfilter = malloc(strlen(maxpayloadsize_str) + 16);
sprintf(addfilter, maxpayloadsize_str, maxpayload); sprintf(addfilter, maxpayloadsize_str, maxpayload);
@@ -309,6 +311,7 @@ static HANDLE init(char *filter, UINT64 flags) {
static int deinit(HANDLE handle) { static int deinit(HANDLE handle) {
if (handle) { if (handle) {
WinDivertShutdown(handle, WINDIVERT_SHUTDOWN_BOTH);
WinDivertClose(handle); WinDivertClose(handle);
return TRUE; return TRUE;
} }
@@ -431,6 +434,16 @@ static int extract_sni(const char *pktdata, unsigned int pktlen,
return FALSE; return FALSE;
} }
static inline int is_openvpn_handshake(const char *pktdata, unsigned int pktlen) {
/*
* 0x38 is P_CONTROL_HARD_RESET_CLIENT_V2 + peer_id(0),
* 0x50 is P_CONTROL_HARD_RESET_CLIENT_V3 + peer_id(0)
*/
return pktlen >= 16
&& ntohs(((uint16_t*)pktdata)[0]) == pktlen - 2
&& (pktdata[2] == '\x38' || pktdata[2] == '\x50');
}
static inline void change_window_size(const PWINDIVERT_TCPHDR ppTcpHdr, unsigned int size) { static inline void change_window_size(const PWINDIVERT_TCPHDR ppTcpHdr, unsigned int size) {
if (size >= 1 && size <= 0xFFFFu) { if (size >= 1 && size <= 0xFFFFu) {
ppTcpHdr->Window = htons((u_short)size); ppTcpHdr->Window = htons((u_short)size);
@@ -518,8 +531,8 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) + fragment_size); ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) + fragment_size);
} }
addr.PseudoIPChecksum = 0; addr.IPChecksum = 0;
addr.PseudoTCPChecksum = 0; addr.TCPChecksum = 0;
WinDivertHelperCalcChecksums( WinDivertHelperCalcChecksums(
packet, packetLen, &addr, 0 packet, packetLen, &addr, 0
@@ -527,7 +540,7 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
WinDivertSend( WinDivertSend(
w_filter, packet, w_filter, packet,
packetLen, packetLen,
&addr, NULL NULL, &addr
); );
memcpy(packet, &packet_bak, orig_packetLen); memcpy(packet, &packet_bak, orig_packetLen);
//printf("Sent native fragment of %d size (step%d)\n", packetLen, step); //printf("Sent native fragment of %d size (step%d)\n", packetLen, step);
@@ -541,6 +554,7 @@ int main(int argc, char *argv[]) {
} packet_type; } packet_type;
int i, should_reinject, should_recalc_checksum = 0; int i, should_reinject, should_recalc_checksum = 0;
int sni_ok = 0; int sni_ok = 0;
int openvpn_handshake = 0;
int opt; int opt;
int packet_v4, packet_v6; int packet_v4, packet_v6;
HANDLE w_filter = NULL; HANDLE w_filter = NULL;
@@ -567,6 +581,7 @@ int main(int argc, char *argv[]) {
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0, do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0,
do_allow_no_sni = 0, do_allow_no_sni = 0,
do_fake_packet = 0, do_fake_packet = 0,
do_openvpn = 0,
do_auto_ttl = 0, do_auto_ttl = 0,
do_wrong_chksum = 0, do_wrong_chksum = 0,
do_wrong_seq = 0, do_wrong_seq = 0,
@@ -805,6 +820,7 @@ int main(int argc, char *argv[]) {
do_allow_no_sni = 1; do_allow_no_sni = 1;
break; break;
case '$': // --set-ttl case '$': // --set-ttl
do_auto_ttl = auto_ttl_1 = auto_ttl_2 = auto_ttl_max = 0;
do_fake_packet = 1; do_fake_packet = 1;
ttl_of_fake_packet = atoub(optarg, "Set TTL parameter error!"); ttl_of_fake_packet = atoub(optarg, "Set TTL parameter error!");
break; break;
@@ -846,6 +862,9 @@ int main(int argc, char *argv[]) {
free(autottl_copy); free(autottl_copy);
} }
break; break;
case '#': // --openvpn
do_openvpn = 1;
break;
case '%': // --wrong-chksum case '%': // --wrong-chksum
do_fake_packet = 1; do_fake_packet = 1;
do_wrong_chksum = 1; do_wrong_chksum = 1;
@@ -921,6 +940,7 @@ int main(int argc, char *argv[]) {
" (like file transfers) in already established sessions.\n" " (like file transfers) in already established sessions.\n"
" May skip some huge HTTP requests from being processed.\n" " May skip some huge HTTP requests from being processed.\n"
" Default (if set): --max-payload 1200.\n" " Default (if set): --max-payload 1200.\n"
" --openvpn Detect OpenVPN TCP and fragment/send fake packet.\n"
"\n"); "\n");
puts("LEGACY modesets:\n" puts("LEGACY modesets:\n"
" -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)\n" " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)\n"
@@ -968,7 +988,8 @@ int main(int argc, char *argv[]) {
"Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 16 */ "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 16 */
"Fake requests, wrong checksum: %d\n" /* 17 */ "Fake requests, wrong checksum: %d\n" /* 17 */
"Fake requests, wrong SEQ/ACK: %d\n" /* 18 */ "Fake requests, wrong SEQ/ACK: %d\n" /* 18 */
"Max payload size: %hu\n", /* 19 */ "Max payload size: %hu\n" /* 19 */
"OpenVPN: %d\n", /* 20 */
do_passivedpi, /* 1 */ do_passivedpi, /* 1 */
(do_fragment_http ? http_fragment_size : 0), /* 2 */ (do_fragment_http ? http_fragment_size : 0), /* 2 */
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */ (do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
@@ -984,12 +1005,13 @@ int main(int argc, char *argv[]) {
do_dnsv4_redirect, /* 13 */ do_dnsv4_redirect, /* 13 */
do_dnsv6_redirect, /* 14 */ do_dnsv6_redirect, /* 14 */
do_allow_no_sni, /* 15 */ do_allow_no_sni, /* 15 */
ttl_of_fake_packet ? "fixed" : (do_auto_ttl ? "auto" : "disabled"), /* 16 */ do_auto_ttl ? "auto" : (do_fake_packet ? "fixed" : "disabled"), /* 16 */
ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0, ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0,
do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops, do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
do_wrong_chksum, /* 17 */ do_wrong_chksum, /* 17 */
do_wrong_seq, /* 18 */ do_wrong_seq, /* 18 */
max_payload_size /* 19 */ max_payload_size, /* 19 */
do_openvpn /* 20 */
); );
if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) { if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) {
@@ -1001,7 +1023,7 @@ int main(int argc, char *argv[]) {
if (do_native_frag && !(do_fragment_http || do_fragment_https)) { if (do_native_frag && !(do_fragment_http || do_fragment_https)) {
puts("\nERROR: Native fragmentation is enabled but fragment sizes are not set.\n" puts("\nERROR: Native fragmentation is enabled but fragment sizes are not set.\n"
"Fragmentation has no effect."); "Fragmentation has no effect.");
exit(EXIT_FAILURE); die();
} }
if (max_payload_size) if (max_payload_size)
@@ -1038,8 +1060,8 @@ int main(int argc, char *argv[]) {
signal(SIGINT, sigint_handler); signal(SIGINT, sigint_handler);
while (1) { while (1) {
if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) { if (WinDivertRecv(w_filter, packet, sizeof(packet), &packetLen, &addr)) {
debug("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound", debug("Got %s packet, len=%d!\n", addr.Outbound ? "outbound" : "inbound",
packetLen); packetLen);
should_reinject = 1; should_reinject = 1;
should_recalc_checksum = 0; should_recalc_checksum = 0;
@@ -1052,36 +1074,36 @@ int main(int argc, char *argv[]) {
packet_type = unknown; packet_type = unknown;
// Parse network packet and set it's type // Parse network packet and set it's type
if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen))) &ppIpV6Hdr, NULL, NULL, NULL, &ppTcpHdr, &ppUdpHdr, &packet_data, &packet_dataLen,
NULL, NULL))
{ {
if (ppIpHdr) {
packet_v4 = 1;
if (ppTcpHdr) {
packet_type = ipv4_tcp;
if (packet_data) {
packet_type = ipv4_tcp_data; packet_type = ipv4_tcp_data;
} }
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)))
{
packet_type = ipv6_tcp_data;
} }
else if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, else if (ppUdpHdr && packet_data) {
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)))
{
packet_type = ipv4_tcp;
}
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)))
{
packet_type = ipv6_tcp;
}
else if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)))
{
packet_type = ipv4_udp_data; packet_type = ipv4_udp_data;
} }
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL, }
&ppIpV6Hdr, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)))
{ else if (ppIpV6Hdr) {
packet_v6 = 1;
if (ppTcpHdr) {
packet_type = ipv6_tcp;
if (packet_data) {
packet_type = ipv6_tcp_data;
}
}
else if (ppUdpHdr && packet_data) {
packet_type = ipv6_udp_data; packet_type = ipv6_udp_data;
} }
}
}
debug("packet_type: %d, packet_v4: %d, packet_v6: %d\n", packet_type, packet_v4, packet_v6); debug("packet_type: %d, packet_v4: %d, packet_v6: %d\n", packet_type, packet_v4, packet_v6);
@@ -1090,7 +1112,7 @@ int main(int argc, char *argv[]) {
/* Got a TCP packet WITH DATA */ /* Got a TCP packet WITH DATA */
/* Handle INBOUND packet with data and find HTTP REDIRECT in there */ /* Handle INBOUND packet with data and find HTTP REDIRECT in there */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) { if (!addr.Outbound && packet_dataLen > 16) {
/* If INBOUND packet with DATA (tcp.Ack) */ /* If INBOUND packet with DATA (tcp.Ack) */
/* Drop packets from filter with HTTP 30x Redirect */ /* Drop packets from filter with HTTP 30x Redirect */
@@ -1114,9 +1136,9 @@ int main(int argc, char *argv[]) {
/* Handle OUTBOUND packet on port 443, search for something that resembles /* Handle OUTBOUND packet on port 443, search for something that resembles
* TLS handshake, send fake request. * TLS handshake, send fake request.
*/ */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND && else if (addr.Outbound &&
((do_fragment_https ? packet_dataLen == https_fragment_size : 0) || ((do_fragment_https ? packet_dataLen == https_fragment_size : 0) ||
packet_dataLen > 16) && packet_dataLen >= 16) &&
ppTcpHdr->DstPort != htons(80) && ppTcpHdr->DstPort != htons(80) &&
(do_fake_packet || do_native_frag) (do_fake_packet || do_native_frag)
) )
@@ -1126,7 +1148,9 @@ int main(int argc, char *argv[]) {
* But if the packet is more than 2 bytes, check ClientHello byte. * But if the packet is more than 2 bytes, check ClientHello byte.
*/ */
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) || if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && memcmp(packet_data, "\x16\x03\x01", 3) == 0)) (packet_dataLen >= 3 && memcmp(packet_data, "\x16\x03\x01", 3) == 0) ||
(do_openvpn && (openvpn_handshake = is_openvpn_handshake(packet_data, packet_dataLen)))
)
{ {
if (do_blacklist) { if (do_blacklist) {
sni_ok = extract_sni(packet_data, packet_dataLen, sni_ok = extract_sni(packet_data, packet_dataLen,
@@ -1137,6 +1161,7 @@ int main(int argc, char *argv[]) {
blackwhitelist_check_hostname(host_addr, host_len) blackwhitelist_check_hostname(host_addr, host_len)
) || ) ||
(do_blacklist && !sni_ok && do_allow_no_sni) || (do_blacklist && !sni_ok && do_allow_no_sni) ||
(do_openvpn && openvpn_handshake) ||
(!do_blacklist) (!do_blacklist)
) )
{ {
@@ -1158,7 +1183,7 @@ int main(int argc, char *argv[]) {
} }
} }
/* Handle OUTBOUND packet on port 80, search for Host header */ /* Handle OUTBOUND packet on port 80, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND && else if (addr.Outbound &&
packet_dataLen > 16 && packet_dataLen > 16 &&
(do_http_allports ? 1 : (ppTcpHdr->DstPort == htons(80))) && (do_http_allports ? 1 : (ppTcpHdr->DstPort == htons(80))) &&
find_http_method_end(packet_data, find_http_method_end(packet_data,
@@ -1302,7 +1327,7 @@ int main(int argc, char *argv[]) {
/* Else if we got TCP packet without data */ /* Else if we got TCP packet without data */
else if (packet_type == ipv4_tcp || packet_type == ipv6_tcp) { else if (packet_type == ipv4_tcp || packet_type == ipv6_tcp) {
/* If we got INBOUND SYN+ACK packet */ /* If we got INBOUND SYN+ACK packet */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && if (!addr.Outbound &&
ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) { ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) {
//printf("Changing Window Size!\n"); //printf("Changing Window Size!\n");
/* /*
@@ -1342,7 +1367,7 @@ int main(int argc, char *argv[]) {
else if ((do_dnsv4_redirect && (packet_type == ipv4_udp_data)) || else if ((do_dnsv4_redirect && (packet_type == ipv4_udp_data)) ||
(do_dnsv6_redirect && (packet_type == ipv6_udp_data))) (do_dnsv6_redirect && (packet_type == ipv6_udp_data)))
{ {
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) { if (!addr.Outbound) {
if ((packet_v4 && dns_handle_incoming(&ppIpHdr->DstAddr, ppUdpHdr->DstPort, if ((packet_v4 && dns_handle_incoming(&ppIpHdr->DstAddr, ppUdpHdr->DstPort,
packet_data, packet_dataLen, packet_data, packet_dataLen,
&dns_conn_info, 0)) &dns_conn_info, 0))
@@ -1372,7 +1397,7 @@ int main(int argc, char *argv[]) {
} }
} }
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND) { else if (addr.Outbound) {
if ((packet_v4 && dns_handle_outgoing(&ppIpHdr->SrcAddr, ppUdpHdr->SrcPort, if ((packet_v4 && dns_handle_outgoing(&ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
&ppIpHdr->DstAddr, ppUdpHdr->DstPort, &ppIpHdr->DstAddr, ppUdpHdr->DstPort,
packet_data, packet_dataLen, 0)) packet_data, packet_dataLen, 0))
@@ -1410,7 +1435,7 @@ int main(int argc, char *argv[]) {
if (should_recalc_checksum) { if (should_recalc_checksum) {
WinDivertHelperCalcChecksums(packet, packetLen, &addr, (UINT64)0LL); WinDivertHelperCalcChecksums(packet, packetLen, &addr, (UINT64)0LL);
} }
WinDivertSend(w_filter, packet, packetLen, &addr, NULL); WinDivertSend(w_filter, packet, packetLen, NULL, &addr);
} }
} }
else { else {