Mirrors/bolvan-zapret2
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-06-17 12:50:04 +04:00
Code Issues Packages Projects Releases Wiki Activity

AI and manual fixes

Browse Source
This commit is contained in:
bol-van
2026-02-16 19:39:52 +03:00
parent 178bced5f3
commit 2120264e0b
9 changed files with 73 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/changes.txt
+1
View File
@@ -246,3 +246,4 @@ v0.9.4
* github actions: update upx to 5.1.0. use upx for linux-riscv5 * github actions: update upx to 5.1.0. use upx for linux-riscv5
* github actions: stronger zip and gz compression * github actions: stronger zip and gz compression
* nfqws2: --chdir * nfqws2: --chdir
* nfqws2: fixed wrong scale factor application to winsize
lua/zapret-lib.lua
+5 -6
View File
@@ -805,9 +805,9 @@ function autottl(incoming_ttl, attl)
if incoming_ttl>223 then if incoming_ttl>223 then
orig=255 orig=255
elseif incoming_ttl<128 and incoming_ttl>96 then elseif incoming_ttl<=128 and incoming_ttl>96 then
orig=128 orig=128
elseif incoming_ttl<64 and incoming_ttl>32 then elseif incoming_ttl<=64 and incoming_ttl>32 then
orig=64 orig=64
else else
return nil return nil
@@ -1161,16 +1161,15 @@ function rawsend_dissect_segmented(desync, dis, mss, options)
local pos=1 local pos=1
local len local len
local payload=discopy.payload local payload=discopy.payload
while pos <= #payload do while pos <= #payload do
len = #payload - pos + 1 len = #payload - pos + 1
if len > max_data then len = max_data end if len > max_data then len = max_data end
if oob then if oob then
if urp>=pos and urp<(pos+len)then if urp>=pos and urp<(pos+len)then
discopy.tcp.th_flags = bitor(dis.tcp.th_flags, TH_URG) discopy.tcp.th_flags = bitor(discopy.tcp.th_flags, TH_URG)
discopy.tcp.th_urp = urp-pos+1 discopy.tcp.th_urp = urp-pos+1
else else
discopy.tcp.th_flags = bitand(dis.tcp.th_flags, bitnot(TH_URG)) discopy.tcp.th_flags = bitand(discopy.tcp.th_flags, bitnot(TH_URG))
discopy.tcp.th_urp = 0 discopy.tcp.th_urp = 0
end end
end end
@@ -2449,7 +2448,7 @@ function tls_dissect(tls, offset, partialOK)
encrypted = true encrypted = true
elseif typ==TLS_RECORD_TYPE_HANDSHAKE and not encrypted then elseif typ==TLS_RECORD_TYPE_HANDSHAKE and not encrypted then
-- need 4 bytes for handshake type and 24-bit length -- need 4 bytes for handshake type and 24-bit length
if (#tls-offset+1)<9 then if (#tls-off+1)<9 then
if not partialOK then return end if not partialOK then return end
break break
end end
nfq2/conntrack.c
+11 -6
View File
@@ -140,8 +140,17 @@ static void ConntrackApplyPos(t_ctrack *t, bool bReverse, const struct dissect *
if (dis->ip6) direct->ip6flow = ntohl(dis->ip6->ip6_ctlun.ip6_un1.ip6_un1_flow); if (dis->ip6) direct->ip6flow = ntohl(dis->ip6->ip6_ctlun.ip6_un1.ip6_un1_flow);
scale = tcp_find_scale_factor(dis->tcp); direct->winsize_calc = direct->winsize = ntohs(dis->tcp->th_win);
mss = tcp_find_mss(dis->tcp); if (t->pos.state == SYN)
{
// scale and mss only valid in syn packets
scale = tcp_find_scale_factor(dis->tcp);
if (scale != SCALE_NONE) direct->scale = scale;
direct->mss = tcp_find_mss(dis->tcp);
}
else if (direct->scale != SCALE_NONE)
// apply scale only outside of the SYN stage
direct->winsize_calc <<= direct->scale;
direct->seq_last = ntohl(dis->tcp->th_seq); direct->seq_last = ntohl(dis->tcp->th_seq);
direct->pos = direct->seq_last + dis->len_payload; direct->pos = direct->seq_last + dis->len_payload;
@@ -154,10 +163,6 @@ static void ConntrackApplyPos(t_ctrack *t, bool bReverse, const struct dissect *
if (!((direct->pos - direct->uppos) & 0x80000000)) if (!((direct->pos - direct->uppos) & 0x80000000))
direct->uppos = direct->pos; direct->uppos = direct->pos;
} }
direct->winsize_calc = direct->winsize = ntohs(dis->tcp->th_win);
if (scale != SCALE_NONE) direct->scale = scale;
if (direct->scale != SCALE_NONE) direct->winsize_calc <<= direct->scale;
if (mss && !direct->mss) direct->mss = mss;
if (!direct->rseq_over_2G && ((direct->seq_last - direct->seq0) & 0x80000000)) if (!direct->rseq_over_2G && ((direct->seq_last - direct->seq0) & 0x80000000))
direct->rseq_over_2G = true; direct->rseq_over_2G = true;
nfq2/desync.c
+5 -2
View File
@@ -1574,8 +1574,9 @@ static uint8_t dpi_desync_tcp_packet_play(
if (!bReqFull && ReasmIsEmpty(&ps.ctrack->reasm_client) && !is_retransmission(&ps.ctrack->pos.client)) if (!bReqFull && ReasmIsEmpty(&ps.ctrack->reasm_client) && !is_retransmission(&ps.ctrack->pos.client))
{ {
// do not reconstruct unexpected large payload (they are feeding garbage ?) // do not reconstruct unexpected large payload (they are feeding garbage ?)
// also do not reconstruct if server window size is low
if (!reasm_client_start(ps.ctrack, IPPROTO_TCP, TLSRecordLen(dis->data_payload), TCP_MAX_REASM, dis->data_payload, dis->len_payload)) if (!reasm_client_start(ps.ctrack, IPPROTO_TCP, TLSRecordLen(dis->data_payload), TCP_MAX_REASM, dis->data_payload, dis->len_payload))
goto pass_reasm_cancel; goto rediscover;
} }
if (!ReasmIsEmpty(&ps.ctrack->reasm_client)) if (!ReasmIsEmpty(&ps.ctrack->reasm_client))
@@ -1601,6 +1602,7 @@ static uint8_t dpi_desync_tcp_packet_play(
} }
} }
rediscover:
if (!dp_rediscovery(&ps)) if (!dp_rediscovery(&ps))
goto pass_reasm_cancel; goto pass_reasm_cancel;
@@ -1661,7 +1663,8 @@ static const uint8_t *dns_extract_name(const uint8_t *a, const uint8_t *b, const
if (p>=e) return NULL; if (p>=e) return NULL;
for (nl=0; *p ;) for (nl=0; *p ;)
{ {
if ((p+*p+1)>=e || (*p+1)>=(name_size-nl)) return NULL; // do not support mixed ptr+real
if ((*p & 0xC0) || (p+*p+1)>=e || (*p+1)>=(name_size-nl)) return NULL;
if (nl) name[nl++] = '.'; if (nl) name[nl++] = '.';
memcpy(name + nl, p + 1, *p); memcpy(name + nl, p + 1, *p);
nl += *p; nl += *p;
nfq2/gzip.c
+18 -4
View File
@@ -40,7 +40,8 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
} }
zs.avail_in = rd; zs.avail_in = rd;
zs.next_in = in; zs.next_in = in;
do printf("\nCHUNK\n");
for(;;)
{ {
if ((bufsize - *size) < BUFMIN) if ((bufsize - *size) < BUFMIN)
{ {
@@ -55,10 +56,23 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
} }
zs.avail_out = bufsize - *size; zs.avail_out = bufsize - *size;
zs.next_out = (unsigned char*)(*buf + *size); zs.next_out = (unsigned char*)(*buf + *size);
r = inflate(&zs, Z_NO_FLUSH); r = inflate(&zs, Z_NO_FLUSH);
if (r != Z_OK && r != Z_STREAM_END) goto zerr;
*size = bufsize - zs.avail_out; *size = bufsize - zs.avail_out;
} while (r == Z_OK && zs.avail_in); if (r==Z_STREAM_END) break;
if (r==Z_BUF_ERROR)
{
if (zs.avail_in)
goto zerr;
else
{
r = Z_OK;
break;
}
}
if (r!=Z_OK) goto zerr;
}
} while (r == Z_OK); } while (r == Z_OK);
if (*size < bufsize) if (*size < bufsize)
@@ -68,7 +82,7 @@ int z_readfile(FILE *F, char **buf, size_t *size, size_t extra_alloc)
} }
inflateEnd(&zs); inflateEnd(&zs);
return Z_OK; return r;
zerr: zerr:
inflateEnd(&zs); inflateEnd(&zs);
nfq2/hostlist.c
+1 -1
View File
@@ -60,7 +60,7 @@ bool AppendHostList(hostlist_pool **hostlist, const char *filename)
{ {
r = z_readfile(F,&zbuf,&zsize,0); r = z_readfile(F,&zbuf,&zsize,0);
fclose(F); fclose(F);
if (r==Z_OK) if (r==Z_STREAM_END)
{ {
DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize); DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
nfq2/ipset.c
+1 -1
View File
@@ -77,7 +77,7 @@ static bool AppendIpset(ipset *ips, const char *filename)
{ {
r = z_readfile(F,&zbuf,&zsize,0); r = z_readfile(F,&zbuf,&zsize,0);
fclose(F); fclose(F);
if (r==Z_OK) if (r==Z_STREAM_END)
{ {
DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize); DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
nfq2/lua.c
+31 -12
View File
@@ -1901,7 +1901,7 @@ static bool lua_reconstruct_ip6exthdr(lua_State *L, int idx, struct ip6_hdr *ip6
lua_getfield(L,-1, "data"); lua_getfield(L,-1, "data");
if (lua_type(L,-1)!=LUA_TSTRING) goto err; if (lua_type(L,-1)!=LUA_TSTRING) goto err;
if (!(p=(uint8_t*)lua_tolstring(L,-1,&l))) l=0; if (!(p=(uint8_t*)lua_tolstring(L,-1,&l))) l=0;
if (!l || (l+2)>left || ((type==IPPROTO_AH) ? (l<6 || ((l+2) & 3)) : ((l+2) & 7))) goto err; if (l<6 || (l+2)>left || (type==IPPROTO_AH ? (l>=1024 || ((l+2) & 3)) : (l>=2048 || ((l+2) & 7)))) goto err;
memcpy(data+2,p,l); memcpy(data+2,p,l);
l+=2; l+=2;
data[0] = next; // may be overwritten later data[0] = next; // may be overwritten later
@@ -3470,7 +3470,7 @@ static int luacall_gunzip_inflate(lua_State *L)
size_t increment = bufchunk / 2; size_t increment = bufchunk / 2;
if (increment < Z_INFL_BUF_INCREMENT) increment = Z_INFL_BUF_INCREMENT; if (increment < Z_INFL_BUF_INCREMENT) increment = Z_INFL_BUF_INCREMENT;
do for(;;)
{ {
if ((bufsize - size) < BUFMIN) if ((bufsize - size) < BUFMIN)
{ {
@@ -3493,11 +3493,20 @@ static int luacall_gunzip_inflate(lua_State *L)
} }
uzs->zs.avail_out = bufsize - size; uzs->zs.avail_out = bufsize - size;
uzs->zs.next_out = buf + size; uzs->zs.next_out = buf + size;
r = inflate(&uzs->zs, Z_NO_FLUSH);
if (r != Z_OK && r != Z_STREAM_END) goto zerr;
size = bufsize - uzs->zs.avail_out;
} while (r == Z_OK && uzs->zs.avail_in);
r = inflate(&uzs->zs, Z_NO_FLUSH);
size = bufsize - uzs->zs.avail_out;
if (r==Z_STREAM_END) break;
if (r==Z_BUF_ERROR)
{
if (uzs->zs.avail_in)
goto zerr;
else
break; // OK
}
if (r!=Z_OK) goto zerr;
}
lua_pushlstring(L, (const char*)buf, size); lua_pushlstring(L, (const char*)buf, size);
lua_pushboolean(L, r==Z_STREAM_END); lua_pushboolean(L, r==Z_STREAM_END);
end: end:
@@ -3571,7 +3580,7 @@ static int luacall_gzip_deflate(lua_State *L)
int argc=lua_gettop(L); int argc=lua_gettop(L);
size_t l=0; size_t l=0;
int r; int r, flush;
size_t bufsize=0, size=0; size_t bufsize=0, size=0;
uint8_t *buf=NULL, *newbuf; uint8_t *buf=NULL, *newbuf;
struct userdata_zs *uzs = lua_uzs(L, 1, false); struct userdata_zs *uzs = lua_uzs(L, 1, false);
@@ -3584,7 +3593,8 @@ static int luacall_gzip_deflate(lua_State *L)
size_t increment = bufchunk / 2; size_t increment = bufchunk / 2;
if (increment < Z_DEFL_BUF_INCREMENT) increment = Z_DEFL_BUF_INCREMENT; if (increment < Z_DEFL_BUF_INCREMENT) increment = Z_DEFL_BUF_INCREMENT;
do flush = l ? Z_NO_FLUSH : Z_FINISH;
for(;;)
{ {
if ((bufsize - size) < BUFMIN) if ((bufsize - size) < BUFMIN)
{ {
@@ -3607,10 +3617,19 @@ static int luacall_gzip_deflate(lua_State *L)
} }
uzs->zs.avail_out = bufsize - size; uzs->zs.avail_out = bufsize - size;
uzs->zs.next_out = buf + size; uzs->zs.next_out = buf + size;
r = deflate(&uzs->zs, l ? Z_NO_FLUSH : Z_FINISH);
if (r != Z_OK && r != Z_STREAM_END) goto zerr; r = deflate(&uzs->zs, flush);
size = bufsize - uzs->zs.avail_out; size = bufsize - uzs->zs.avail_out;
} while (r == Z_OK && (uzs->zs.avail_in || !uzs->zs.avail_out)); if (r==Z_STREAM_END) break;
if (r==Z_OK)
{
if (uzs->zs.avail_out && !uzs->zs.avail_in && flush != Z_FINISH)
break;
}
else
goto zerr;
}
lua_pushlstring(L, (const char*)buf, size); lua_pushlstring(L, (const char*)buf, size);
lua_pushboolean(L, r==Z_STREAM_END); lua_pushboolean(L, r==Z_STREAM_END);
@@ -3938,7 +3957,7 @@ static int luaL_doZfile(lua_State *L, const char *filename)
luaL_error(L, "could not open lua file '%s'", fname); luaL_error(L, "could not open lua file '%s'", fname);
r = z_readfile(F, &buf, &size, 0); r = z_readfile(F, &buf, &size, 0);
fclose(F); fclose(F);
if (r != Z_OK) if (r != Z_STREAM_END)
luaL_error(L, "could not unzip lua file '%s'", fname); luaL_error(L, "could not unzip lua file '%s'", fname);
r = luaL_loadbuffer(L, buf, size, fname); r = luaL_loadbuffer(L, buf, size, fname);
free(buf); free(buf);
nfq2/protocol.c
-1
View File
@@ -145,7 +145,6 @@ bool posmarker_parse(const char *s, struct proto_pos *m)
m->pos = 0; m->pos = 0;
} }
return true; return true;
} }
bool posmarker_list_parse(const char *s, struct proto_pos *m, int *mct) bool posmarker_list_parse(const char *s, struct proto_pos *m, int *mct)
{ {