Merge branch 'ipv6' into masterv6

Some DPI send several TCP RST or HTTP redirection packets with
increasing IP ID number. Handle them all.

Makefile

@@ -1,13 +1,17 @@
-CPREFIX = x86_64-w64-mingw32
+ifndef MSYSTEM
+	CPREFIX = x86_64-w64-mingw32-
+endif
+
 WINDIVERTHEADERS = ../../include
 WINDIVERTLIBS = ../binary
 
 TARGET = goodbyedpi.exe
-LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
+LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32
-CC = $(CPREFIX)-gcc
+CC = $(CPREFIX)gcc
-CCWINDRES = $(CPREFIX)-windres
+CCWINDRES = $(CPREFIX)windres
-CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
+CFLAGS = -Wall -Wextra -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
-         -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
+         -O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
+LDFLAGS = -Wl,-O1,--sort-common,--as-needed
 
 .PHONY: default all clean
 
@@ -26,7 +30,7 @@ manifest:
 .PRECIOUS: $(TARGET) $(OBJECTS)
 
 $(TARGET): $(OBJECTS)
-	$(CC) $(OBJECTS) -Wall $(LIBS) -s -o $@
+	$(CC) $(OBJECTS) -Wall $(LDFLAGS) $(LIBS) -s -o $@
 
 clean:
 	-rm -f *.o

README.md

@@ -16,19 +16,31 @@ Usage: goodbyedpi.exe [OPTION...]
  -p          block passive DPI
  -r          replace Host with hoSt
  -s          remove space between host header and its value
+ -m          mix Host header case (test.com -> tEsT.cOm)
  -f [value]  set HTTP fragmentation to value
+ -k [value]  enable HTTP persistent (keep-alive) fragmentation and set it to value
+ -n          do not wait for first segment ACK when -k is enabled
  -e [value]  set HTTPS fragmentation to value
  -a          additional space between Method and Request-URI (enables -s, may break sites)
+ -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)
+ --port      [value]    additional TCP port to perform fragmentation on (and HTTP tricks with -w)
+ --ip-id     [value]    handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).
+                        This option can be supplied multiple times.
+ --dns-addr  [value]    redirect UDP DNS requests to the supplied IP address (experimental)
+ --dns-port  [value]    redirect UDP DNS requests to the supplied port (53 by default)
+ --dns-verb             print verbose DNS redirection messages
+ --blacklist [txtfile]  perform HTTP tricks only to host names and subdomains from
+                        supplied text file. This option can be supplied multiple times.
 
- -1          -p -r -s -f 2 -e 2 (most compatible mode, default)
+ -1          -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)
- -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)
+ -2          -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)
- -3          -p -r -s -e 40 (even better speed)
+ -3          -p -r -s -e 40 (better speed for HTTP and HTTPS)
  -4          -p -r -s (best speed)
 ```
 
-Try to run `goodbyedpi.exe -1 -a` first. If you can open blocked websites it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI.
+To check if your ISP's DPI could be circumvented, run `3_all_dnsredir_hardcore.cmd` first. This is the most hardcore mode which will show if this program is suitable for your ISP and DPI vendor at all. If you can open blocked websites with this mode, it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI.
 
-Try `-1` to see if it works too.
+Try `goodbyedpi -1` to see if it works too.
 
 Then try `goodbyedpi.exe -2`. It should be faster for HTTPS sites. Mode `-3` speed ups HTTP websites.
 
@@ -38,16 +50,18 @@ Use `goodbyedpi.exe -4` if it works for your ISP's DPI. This is the fastest mode
 
 ### Passive DPI
 
-Most Passive DPI send HTTP 302 Redirect if you try to access blocked website over HTTP and TCP Reset in case of HTTPS, faster than destination website. Packets sent by DPI always have IP Identification field equal to `0x0000` or `0x0001`, as seen with Russian providers. These packets, if they redirect you to another website (censorship page), are blocked by GoodbyeDPI.
+Most Passive DPI send HTTP 302 Redirect if you try to access blocked website over HTTP and TCP Reset in case of HTTPS, faster than destination website. Packets sent by DPI usually have IP Identification field equal to `0x0000` or `0x0001`, as seen with Russian providers. These packets, if they redirect you to another website (censorship page), are blocked by GoodbyeDPI.
 
 ### Active DPI
 
-Active DPI is more tricky to fool. Currently the software uses 4 methods to circumvent Active DPI:
+Active DPI is more tricky to fool. Currently the software uses 6 methods to circumvent Active DPI:
 
 * TCP-level fragmentation for first data packet
+* TCP-level fragmentation for persistent (keep-alive) HTTP sessions
 * Replacing `Host` header with `hoSt`
 * Removing space between header name and value in `Host` header
 * Adding additional space between HTTP Method (GET, POST etc) and URI
+* Mixing case of Host header value
 
 These methods should not break any website as they're fully compatible with TCP and HTTP standards, yet it's sufficient to prevent DPI data classification and to circumvent censorship. Additional space may break some websites, although it's acceptable by HTTP/1.1 specification (see 19.3 Tolerant Applications).
 
@@ -59,34 +73,16 @@ This project can be build using **GNU Make** and [**mingw**](https://mingw-w64.o
 
 To build x86 exe run:
 
-`make CPREFIX=i686-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`
+`make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`
 
 And for x86_64:
 
-`make CPREFIX=x86_64-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`
+`make CPREFIX=x86_64-w64-mingw32- WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`
 
 # How to install as Windows Service
 
-One way is using an [srvstart](http://www.rozanski.org.uk/software) program.  
+Use `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.  
-Unpack it to `goodbyedpi` directory and create 3 files:
+Modify them according to your own needs.
-
-*goodbyedpi.ini*
-```INI
-[GoodByeDPI]
-startup=goodbyedpi.exe
-shutdown_method=winmessage
-auto_restart=n
-```
-*srvinstall.bat*
-```Batchfile
-srvstart install GoodByeDPI -c %CD%\goodbyedpi.ini
-```
-*srvremove.bat*
-```Batchfile
-srvstart remove GoodByeDPI
-```
-Run these batch files as Administrator to install/remove service.  
-Open Windows Services panel to run service or make it start automaticaly.
 
 # Similar projects
 

blackwhitelist.c

@@ -0,0 +1,110 @@
+/*
+ * Blacklist for GoodbyeDPI HTTP DPI circumvention tricks
+ *
+ * This is a simple domain hash table.
+ * Domain records are added from a text file, where every
+ * domain is separated with a new line.
+ */
+#include <windows.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "uthash.h"
+#include "getline.h"
+
+typedef struct blackwhitelist_record {
+    const char *host;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} blackwhitelist_record_t;
+
+static blackwhitelist_record_t *blackwhitelist = NULL;
+
+static int check_get_hostname(const char *host) {
+    blackwhitelist_record_t *tmp_record = NULL;
+    if (!blackwhitelist) return FALSE;
+
+    HASH_FIND_STR(blackwhitelist, host, tmp_record);
+    if (tmp_record) {
+        debug("check_get_hostname found host\n");
+        return TRUE;
+    }
+    debug("check_get_hostname host not found\n");
+    return FALSE;
+}
+
+static int add_hostname(const char *host) {
+    if (!host)
+        return FALSE;
+
+    int host_len = strlen(host);
+
+    blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
+    char *host_c = malloc(host_len + 1);
+
+    if (!check_get_hostname(host)) {
+        strncpy(host_c, host, host_len);
+        host_c[host_len] = '\0';
+        tmp_record->host = host_c;
+        HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host,
+                        strlen(tmp_record->host), tmp_record);
+        debug("Added host %s\n", host_c);
+        return TRUE;
+    }
+    debug("Not added host %s\n", host);
+    free(tmp_record);
+    free(host_c);
+    return FALSE;
+}
+
+int blackwhitelist_load_list(const char *filename) {
+    char *line = malloc(HOST_MAXLEN + 1);
+    size_t linelen = HOST_MAXLEN + 1;
+    int cnt = 0;
+    ssize_t read;
+
+    FILE *fp = fopen(filename, "r");
+    if (!fp) return FALSE;
+
+    while ((read = getline(&line, &linelen, fp)) != -1) {
+        /* works with both \n and \r\n */
+        line[strcspn(line, "\r\n")] = '\0';
+        if (strlen(line) > HOST_MAXLEN) {
+            printf("WARNING: host %s exceeds maximum host length and has not been added\n",
+                line);
+            continue;
+        }
+        if (strlen(line) < 4)
+            continue;
+        if (add_hostname(line))
+            cnt++;
+    }
+    free(line);
+    if (!blackwhitelist) return FALSE;
+    printf("Loaded %d hosts from file %s\n", cnt, filename);
+    fclose(fp);
+    return TRUE;
+}
+
+int blackwhitelist_check_hostname(const char *host_addr, int host_len) {
+    char current_host[HOST_MAXLEN + 1];
+    char *tokenized_host = NULL;
+
+    if (host_len > HOST_MAXLEN) return FALSE;
+    if (host_addr && host_len) {
+        memcpy(current_host, host_addr, host_len);
+        current_host[host_len] = '\0';
+    }
+
+    if (check_get_hostname(current_host))
+            return TRUE;
+
+    tokenized_host = strchr(current_host, '.');
+    while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
+        /* Search hostname only if there is next token */
+        if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
+            return TRUE;
+        tokenized_host = strchr(tokenized_host + 1, '.');
+    }
+
+    debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
+    return FALSE;
+}

blackwhitelist.h

@@ -0,0 +1,2 @@
+int blackwhitelist_load_list(const char *filename);
+int blackwhitelist_check_hostname(const char *host_addr, int host_len);

dnsredir.c

@@ -0,0 +1,244 @@
+/*
+ * DNS UDP Connection Tracker for GoodbyeDPI
+ *
+ * This is a simple connection tracker for DNS UDP data.
+ * It's not a proper one. The caveats as follows:
+ *    * Uses only source IP address and port as a hash key;
+ *    * One-shot only. Removes conntrack record as soon as gets the reply;
+ *    * Does not properly parse DNS request and response, only checks some bytes;
+ *
+ * But anyway, it works fine for DNS.
+ */
+
+#include <windows.h>
+#include <time.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "dnsredir.h"
+#include "uthash.h"
+
+/* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + srcport[2]) */
+#define UDP_CONNRECORD_KEY_LEN 19
+
+#define DNS_CLEANUP_INTERVAL_SEC 30
+
+/* HACK!
+ * uthash uses strlen() for HASH_FIND_STR.
+ * We have null bytes in our key, so we can't use strlen()
+ * And since it's always UDP_CONNRECORD_KEY_LEN bytes long,
+ * we don't need to use any string function to determine length.
+ */
+#undef uthash_strlen
+#define uthash_strlen(s) UDP_CONNRECORD_KEY_LEN
+
+typedef struct udp_connrecord {
+    /* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + srcport[2]) */
+    char key[UDP_CONNRECORD_KEY_LEN];
+    time_t time;         /* time when this record was added */
+    uint32_t dstip[4];
+    uint16_t dstport;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} udp_connrecord_t;
+
+static time_t last_cleanup = 0;
+static udp_connrecord_t *conntrack = NULL;
+
+void flush_dns_cache() {
+    BOOL WINAPI (*DnsFlushResolverCache)();
+
+    HMODULE dnsapi = LoadLibrary("dnsapi.dll");
+    if (dnsapi == NULL)
+    {
+        printf("Can't load dnsapi.dll to flush DNS cache!\n");
+        exit(EXIT_FAILURE);
+    }
+
+    DnsFlushResolverCache = (void*)GetProcAddress(dnsapi, "DnsFlushResolverCache");
+    if (DnsFlushResolverCache == NULL || !DnsFlushResolverCache())
+        printf("Can't flush DNS cache!");
+    FreeLibrary(dnsapi);
+}
+
+inline static void fill_key_data(char *key, const uint8_t is_ipv6, const uint32_t srcip[4],
+                          const uint16_t srcport)
+{
+    if (is_ipv6) {
+        *(uint8_t*)(key) = '6';
+        ipv6_copy_addr((uint32_t*)(key + sizeof(uint8_t)), srcip);
+    }
+    else {
+        *(uint8_t*)(key) = '4';
+        ipv4_copy_addr((uint32_t*)(key + sizeof(uint8_t)), srcip);
+    }
+
+    *(uint16_t*)(key + sizeof(uint8_t) + sizeof(uint32_t) * 4) = srcport;
+}
+
+inline static void fill_data_from_key(uint8_t *is_ipv6, uint32_t srcip[4], uint16_t *srcport,
+                                      const char *key)
+{
+    if (key[0] == '6') {
+        *is_ipv6 = 1;
+        ipv6_copy_addr(srcip, (uint32_t*)(key + sizeof(uint8_t)));
+    }
+    else {
+        *is_ipv6 = 0;
+        ipv4_copy_addr(srcip, (uint32_t*)(key + sizeof(uint8_t)));
+    }
+    *srcport = *(uint16_t*)(key + sizeof(uint8_t) + sizeof(uint32_t) * 4);
+}
+
+inline static void construct_key(const uint32_t srcip[4], const uint16_t srcport,
+                                 char *key, int is_ipv6)
+{
+    debug("Construct key enter\n");
+    if (key) {
+        debug("Constructing key\n");
+        fill_key_data(key, is_ipv6, srcip, srcport);
+    }
+    debug("Construct key end\n");
+}
+
+inline static void deconstruct_key(const char *key, const udp_connrecord_t *connrecord,
+                                   conntrack_info_t *conn_info)
+{
+    debug("Deconstruct key enter\n");
+    if (key && conn_info) {
+        debug("Deconstructing key\n");
+        fill_data_from_key(&conn_info->is_ipv6, conn_info->srcip,
+                           &conn_info->srcport, key);
+
+        if (conn_info->is_ipv6)
+            ipv6_copy_addr(conn_info->dstip, connrecord->dstip);
+        else
+            ipv4_copy_addr(conn_info->dstip, connrecord->dstip);
+
+        conn_info->dstport = connrecord->dstport;
+    }
+    debug("Deconstruct key end\n");
+}
+
+static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connrecord) {
+    udp_connrecord_t *tmp_connrecord = NULL;
+    if (!conntrack) return FALSE;
+
+    HASH_FIND_STR(conntrack, key, tmp_connrecord);
+    if (tmp_connrecord) {
+        if (connrecord)
+            *connrecord = tmp_connrecord;
+        debug("check_get_udp_conntrack_key found key\n");
+        return TRUE;
+    }
+    debug("check_get_udp_conntrack_key key not found\n");
+    return FALSE;
+}
+
+static int add_udp_conntrack(const uint32_t srcip[4], const uint16_t srcport,
+                             const uint32_t dstip[4], const uint16_t dstport,
+                             const int is_ipv6
+                            )
+{
+    if (!(srcip && srcport && dstip && dstport))
+        return FALSE;
+
+    udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
+    construct_key(srcip, srcport, tmp_connrecord->key, is_ipv6);
+
+    if (!check_get_udp_conntrack_key(tmp_connrecord->key, NULL)) {
+        tmp_connrecord->time = time(NULL);
+
+        if (is_ipv6) {
+            ipv6_copy_addr(tmp_connrecord->dstip, dstip);
+        }
+        else {
+            ipv4_copy_addr(tmp_connrecord->dstip, dstip);
+        }
+        tmp_connrecord->dstport = dstport;
+        HASH_ADD_STR(conntrack, key, tmp_connrecord);
+        debug("Added UDP conntrack\n");
+        return TRUE;
+    }
+    debug("Not added UDP conntrack\n");
+    free(tmp_connrecord);
+    return FALSE;
+}
+
+static void dns_cleanup() {
+    udp_connrecord_t *tmp_connrecord, *tmp_connrecord2 = NULL;
+
+    if (last_cleanup == 0) {
+        last_cleanup = time(NULL);
+        return;
+    }
+
+    if (difftime(time(NULL), last_cleanup) >= DNS_CLEANUP_INTERVAL_SEC) {
+        last_cleanup = time(NULL);
+
+        HASH_ITER(hh, conntrack, tmp_connrecord, tmp_connrecord2) {
+            if (difftime(last_cleanup, tmp_connrecord->time) >= DNS_CLEANUP_INTERVAL_SEC) {
+                HASH_DEL(conntrack, tmp_connrecord);
+                free(tmp_connrecord);
+            }
+        }
+    }
+}
+
+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing) {
+    if (packet_dataLen < 16) return FALSE;
+
+    if (outgoing && (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
+        (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
+        return TRUE;
+    }
+    else if (!outgoing &&
+        (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
+        return TRUE;
+    }
+    return FALSE;
+}
+
+int dns_handle_outgoing(const uint32_t srcip[4], const uint16_t srcport,
+                        const uint32_t dstip[4], const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        const uint8_t is_ipv6)
+{
+    if (packet_dataLen < 16)
+        return FALSE;
+
+    dns_cleanup();
+
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 1)) {
+        /* Looks like DNS request */
+        debug("trying to add srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+        return add_udp_conntrack(srcip, srcport, dstip, dstport, is_ipv6);
+    }
+    debug("____dns_handle_outgoing FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return FALSE;
+}
+
+int dns_handle_incoming(const uint32_t srcip[4], const uint16_t srcport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info, const uint8_t is_ipv6)
+{
+    char key[UDP_CONNRECORD_KEY_LEN];
+    udp_connrecord_t *tmp_connrecord = NULL;
+
+    if (packet_dataLen < 16 || !conn_info)
+        return FALSE;
+
+    dns_cleanup();
+
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 0)) {
+        /* Looks like DNS response */
+        construct_key(srcip, srcport, key, is_ipv6);
+        if (check_get_udp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
+            /* Connection exists in conntrack, moving on */
+            deconstruct_key(key, tmp_connrecord, conn_info);
+            HASH_DEL(conntrack, tmp_connrecord);
+            free(tmp_connrecord);
+            return TRUE;
+        }
+    }
+    debug("____dns_handle_incoming FALSE: srcport = %hu\n", ntohs(srcport));
+    return FALSE;
+}

dnsredir.h

@@ -0,0 +1,36 @@
+#include <stdint.h>
+
+typedef struct conntrack_info {
+    uint8_t  is_ipv6;
+    uint32_t srcip[4];
+    uint16_t srcport;
+    uint32_t dstip[4];
+    uint16_t dstport;
+} conntrack_info_t;
+
+inline static void ipv4_copy_addr(uint32_t dst[4], const uint32_t src[4]) {
+    dst[0] = src[0];
+    dst[1] = 0;
+    dst[2] = 0;
+    dst[3] = 0;
+}
+
+inline static void ipv6_copy_addr(uint32_t dst[4], const uint32_t src[4]) {
+    dst[0] = src[0];
+    dst[1] = src[1];
+    dst[2] = src[2];
+    dst[3] = src[3];
+}
+
+int dns_handle_incoming(const uint32_t srcip[4], const uint16_t srcport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info, const uint8_t is_ipv6);
+
+int dns_handle_outgoing(const uint32_t srcip[4], const uint16_t srcport,
+                        const uint32_t dstip[4], const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        const uint8_t is_ipv6
+                       );
+
+void flush_dns_cache();
+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing);

getline.c

@@ -0,0 +1,92 @@
+/*	$NetBSD: getdelim.c,v 1.2 2015/12/25 20:12:46 joerg Exp $	*/
+/*	NetBSD-src: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp 	*/
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "getline.h"
+
+#if !HAVE_GETDELIM
+
+ssize_t
+getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp)
+{
+	char *ptr, *eptr;
+
+
+	if (*buf == NULL || *bufsiz == 0) {
+		*bufsiz = BUFSIZ;
+		if ((*buf = malloc(*bufsiz)) == NULL)
+			return -1;
+	}
+
+	for (ptr = *buf, eptr = *buf + *bufsiz;;) {
+		int c = fgetc(fp);
+		if (c == -1) {
+			if (feof(fp)) {
+				ssize_t diff = (ssize_t)(ptr - *buf);
+				if (diff != 0) {
+					*ptr = '\0';
+					return diff;
+				}
+			}
+			return -1;
+		}
+		*ptr++ = c;
+		if (c == delimiter) {
+			*ptr = '\0';
+			return ptr - *buf;
+		}
+		if (ptr + 2 >= eptr) {
+			char *nbuf;
+			size_t nbufsiz = *bufsiz * 2;
+			ssize_t d = ptr - *buf;
+			if ((nbuf = realloc(*buf, nbufsiz)) == NULL)
+				return -1;
+			*buf = nbuf;
+			*bufsiz = nbufsiz;
+			eptr = nbuf + nbufsiz;
+			ptr = nbuf + d;
+		}
+	}
+}
+
+#endif
+
+#if !HAVE_GETLINE
+
+ssize_t
+getline(char **buf, size_t *bufsiz, FILE *fp)
+{
+	return getdelim(buf, bufsiz, '\n', fp);
+}
+
+#endif

getline.h

@@ -0,0 +1,7 @@
+#if !HAVE_GETDELIM
+ssize_t	getdelim(char **, size_t *, int, FILE *);
+#endif
+
+#if !HAVE_GETLINE
+ssize_t	getline(char **, size_t *, FILE *);
+#endif

goodbyedpi.h

@@ -0,0 +1,10 @@
+#define HOST_MAXLEN 253
+
+#ifndef DEBUG
+#define debug(...) do {} while (0)
+#else
+#define debug(...) printf(__VA_ARGS__)
+#endif
+
+int main(int argc, char *argv[]);
+void deinit_all();

repl_str.c

@@ -0,0 +1,90 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stddef.h>
+
+#if (__STDC_VERSION__ >= 199901L)
+#include <stdint.h>
+#endif
+
+char *repl_str(const char *str, const char *from, const char *to) {
+
+	/* Adjust each of the below values to suit your needs. */
+
+	/* Increment positions cache size initially by this number. */
+	size_t cache_sz_inc = 16;
+	/* Thereafter, each time capacity needs to be increased,
+	 * multiply the increment by this factor. */
+	const size_t cache_sz_inc_factor = 3;
+	/* But never increment capacity by more than this number. */
+	const size_t cache_sz_inc_max = 1048576;
+
+	char *pret, *ret = NULL;
+	const char *pstr2, *pstr = str;
+	size_t i, count = 0;
+	#if (__STDC_VERSION__ >= 199901L)
+	uintptr_t *pos_cache_tmp, *pos_cache = NULL;
+	#else
+	ptrdiff_t *pos_cache_tmp, *pos_cache = NULL;
+	#endif
+	size_t cache_sz = 0;
+	size_t cpylen, orglen, retlen, tolen, fromlen = strlen(from);
+
+	/* Find all matches and cache their positions. */
+	while ((pstr2 = strstr(pstr, from)) != NULL) {
+		count++;
+
+		/* Increase the cache size when necessary. */
+		if (cache_sz < count) {
+			cache_sz += cache_sz_inc;
+			pos_cache_tmp = realloc(pos_cache, sizeof(*pos_cache) * cache_sz);
+			if (pos_cache_tmp == NULL) {
+				goto end_repl_str;
+			} else pos_cache = pos_cache_tmp;
+			cache_sz_inc *= cache_sz_inc_factor;
+			if (cache_sz_inc > cache_sz_inc_max) {
+				cache_sz_inc = cache_sz_inc_max;
+			}
+		}
+
+		pos_cache[count-1] = pstr2 - str;
+		pstr = pstr2 + fromlen;
+	}
+
+	orglen = pstr - str + strlen(pstr);
+
+	/* Allocate memory for the post-replacement string. */
+	if (count > 0) {
+		tolen = strlen(to);
+		retlen = orglen + (tolen - fromlen) * count;
+	} else	retlen = orglen;
+	ret = malloc(retlen + 1);
+	if (ret == NULL) {
+		goto end_repl_str;
+	}
+
+	if (count == 0) {
+		/* If no matches, then just duplicate the string. */
+		strcpy(ret, str);
+	} else {
+		/* Otherwise, duplicate the string whilst performing
+		 * the replacements using the position cache. */
+		pret = ret;
+		memcpy(pret, str, pos_cache[0]);
+		pret += pos_cache[0];
+		for (i = 0; i < count; i++) {
+			memcpy(pret, to, tolen);
+			pret += tolen;
+			pstr = str + pos_cache[i] + fromlen;
+			cpylen = (i == count-1 ? orglen : pos_cache[i+1]) - pos_cache[i] - fromlen;
+			memcpy(pret, pstr, cpylen);
+			pret += cpylen;
+		}
+		ret[retlen] = '\0';
+	}
+
+end_repl_str:
+	/* Free the cache and return the post-replacement string,
+	 * which will be NULL in the event of an error. */
+	free(pos_cache);
+	return ret;
+}

repl_str.h

@@ -0,0 +1 @@
+char *repl_str(const char *str, const char *from, const char *to);

service.c

@@ -0,0 +1,96 @@
+#include <windows.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "service.h"
+
+#define SERVICE_NAME "GoodbyeDPI"
+
+static SERVICE_STATUS ServiceStatus;
+static SERVICE_STATUS_HANDLE hStatus;
+static int service_argc = 0;
+static char **service_argv = NULL;
+
+int service_register(int argc, char *argv[])
+{
+    int i, ret;
+    SERVICE_TABLE_ENTRY ServiceTable[] = {
+        {SERVICE_NAME, (LPSERVICE_MAIN_FUNCTION)service_main},
+        {NULL, NULL}
+    };
+    /*
+     * Save argc & argv as service_main is called with different
+     * arguments, which are passed from "start" command, not
+     * from the program command line.
+     * We don't need this behaviour.
+     *
+     * Note that if StartServiceCtrlDispatcher() succeedes
+     * it does not return until the service is stopped,
+     * so we should copy all arguments first and then
+     * handle the failure.
+     */
+    if (!service_argc && !service_argv) {
+        service_argc = argc;
+        service_argv = malloc(sizeof(void*) * argc);
+        for (i = 0; i < argc; i++) {
+            service_argv[i] = strdup(argv[i]);
+        }
+    }
+
+    ret = StartServiceCtrlDispatcher(ServiceTable);
+
+    if (service_argc && service_argv) {
+        for (i = 0; i < service_argc; i++) {
+            free(service_argv[i]);
+        }
+        free(service_argv);
+    }
+
+    return ret;
+}
+
+void service_main(int argc __attribute__((unused)),
+                  char *argv[] __attribute__((unused)))
+{
+    ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; 
+    ServiceStatus.dwCurrentState = SERVICE_RUNNING;
+    ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
+    ServiceStatus.dwWin32ExitCode = 0;
+    ServiceStatus.dwServiceSpecificExitCode = 0;
+    ServiceStatus.dwCheckPoint = 1;
+    ServiceStatus.dwWaitHint = 0;
+
+    hStatus = RegisterServiceCtrlHandler(
+        SERVICE_NAME,
+        (LPHANDLER_FUNCTION)service_controlhandler);
+    if (hStatus == (SERVICE_STATUS_HANDLE)0)
+    {
+        // Registering Control Handler failed
+        return;
+    }
+
+    SetServiceStatus(hStatus, &ServiceStatus);
+
+    // Calling main with saved argc & argv
+    ServiceStatus.dwWin32ExitCode = main(service_argc, service_argv);
+    ServiceStatus.dwCurrentState  = SERVICE_STOPPED;
+    SetServiceStatus(hStatus, &ServiceStatus);
+    return;
+}
+
+// Control handler function
+void service_controlhandler(DWORD request)
+{
+    switch(request)
+    {
+        case SERVICE_CONTROL_STOP:
+        case SERVICE_CONTROL_SHUTDOWN:
+            deinit_all();
+            ServiceStatus.dwWin32ExitCode = 0;
+            ServiceStatus.dwCurrentState  = SERVICE_STOPPED;
+        default:
+            break;
+    }
+    // Report current status
+    SetServiceStatus(hStatus, &ServiceStatus);
+    return;
+}

service.h

@@ -0,0 +1,3 @@
+int service_register();
+void service_main(int argc, char *argv[]);
+void service_controlhandler(DWORD request);