Mirror/youtubeUnblock
1
0
Fork 0
mirror of https://github.com/Waujito/youtubeUnblock.git synced 2025-12-06 11:36:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use size_t instead of uint32_t

Browse Source 
Encountered some crossplatform errors with uint_t-like length type
definition.
This commit is contained in:
Vadim Vetrov
2025-01-07 00:52:36 +03:00
parent 1b62bb6cb2
commit 7b321b5a2d
13 changed files with 333 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/config.h
View File

@@ -26,12 +26,12 @@
#include "types.h"
typedef int (*raw_send_t)(const unsigned char *data, unsigned int data_len);
typedef int (*raw_send_t)(const unsigned char *data, size_t data_len);
/**
* Sends the packet after delay_ms. The function should schedule send and return immediately
* (for example, open daemon thread)
*/
typedef int (*delayed_send_t)(const unsigned char *data, unsigned int data_len, unsigned int delay_ms);
typedef int (*delayed_send_t)(const unsigned char *data, size_t data_len, unsigned int delay_ms);
struct instance_config_t {
raw_send_t send_raw_packet;

12
src/kytunblock.c
View File

@@ -79,7 +79,7 @@ static void close_raw_socket(void) {
sock_release(rawsocket);
}
static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_ipv4(const uint8_t *pkt, size_t pktlen) {
int ret = 0;
if (pktlen > AVAILABLE_MTU) return -ENOMEM;
@@ -141,7 +141,7 @@ static void close_raw6_socket(void) {
sock_release(raw6socket);
}
static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_ipv6(const uint8_t *pkt, size_t pktlen) {
int ret = 0;
if (pktlen > AVAILABLE_MTU) return -ENOMEM;
@@ -177,7 +177,7 @@ static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
return ret;
}
static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_socket(const uint8_t *pkt, size_t pktlen) {
int ret;
if (pktlen > AVAILABLE_MTU) {
@@ -194,8 +194,8 @@ static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
NETBUF_FREE(buff2);
return -ENOMEM;
}
uint32_t buff1_size = MAX_PACKET_SIZE;
uint32_t buff2_size = MAX_PACKET_SIZE;
size_t buff1_size = MAX_PACKET_SIZE;
size_t buff2_size = MAX_PACKET_SIZE;
if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
buff1, &buff1_size, buff2, &buff2_size)) < 0) {
@@ -241,7 +241,7 @@ erret_lc:
return ret;
}
static int delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
static int delay_packet_send(const unsigned char *data, size_t data_len, unsigned int delay_ms) {
lginfo("delay_packet_send won't work on current youtubeUnblock version");
return send_raw_socket(data, data_len);
}

84
src/mangle.c
View File

@@ -30,16 +30,16 @@
#include <stdlib.h>
#endif
int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
int process_packet(const uint8_t *raw_payload, size_t raw_payload_len) {
if (raw_payload_len > MAX_PACKET_SIZE) {
return PKT_ACCEPT;
}
const struct iphdr *iph;
const struct ip6_hdr *ip6h;
uint32_t iph_len;
size_t iph_len;
const uint8_t *ip_payload;
uint32_t ip_payload_len;
size_t ip_payload_len;
int transport_proto = -1;
int ipver = netproto_version(raw_payload, raw_payload_len);
@@ -121,13 +121,13 @@ ret_verdict:
return verdict;
}
int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, uint32_t raw_payload_len) {
int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, size_t raw_payload_len) {
const void *ipxh;
uint32_t iph_len;
size_t iph_len;
const struct tcphdr *tcph;
uint32_t tcph_len;
size_t tcph_len;
const uint8_t *data;
uint32_t dlen;
size_t dlen;
int ipxv = netproto_version(raw_payload, raw_payload_len);
@@ -153,7 +153,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
memcpy(payload, ipxh, iph_len);
memcpy(payload + iph_len, tcph, tcph_len);
uint32_t fake_len = section->fake_sni_pkt_sz;
size_t fake_len = section->fake_sni_pkt_sz;
if (section->synfake_len)
fake_len = min(section->synfake_len, fake_len);
@@ -204,7 +204,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
size_t sni_offset = vrd.sni_ptr - data;
size_t target_sni_offset = vrd.target_sni_ptr - data;
uint32_t payload_len = raw_payload_len;
size_t payload_len = raw_payload_len;
NETBUF_ALLOC(payload, MAX_PACKET_SIZE);
if (!NETBUF_CHECK(payload)) {
lgerror(-ENOMEM, "Allocation error");
@@ -214,11 +214,11 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
memcpy(payload, raw_payload, raw_payload_len);
void *iph;
uint32_t iph_len;
size_t iph_len;
struct tcphdr *tcph;
uint32_t tcph_len;
size_t tcph_len;
uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret = tcp_payload_split(payload, payload_len,
&iph, &iph_len, &tcph, &tcph_len,
@@ -262,7 +262,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
ipd_offset = target_sni_offset;
mid_offset = ipd_offset + vrd.target_sni_len / 2;
uint32_t poses[2];
size_t poses[2];
int cnt = 0;
if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
@@ -274,7 +274,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
}
if (cnt > 1 && poses[0] > poses[1]) {
uint32_t tmp = poses[0];
size_t tmp = poses[0];
poses[0] = poses[1];
poses[1] = tmp;
}
@@ -294,7 +294,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
mid_offset = ipd_offset + vrd.target_sni_len / 2;
mid_offset += 8 - mid_offset % 8;
uint32_t poses[2];
size_t poses[2];
int cnt = 0;
if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
@@ -308,7 +308,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
}
if (cnt > 1 && poses[0] > poses[1]) {
uint32_t tmp = poses[0];
size_t tmp = poses[0];
poses[0] = poses[1];
poses[1] = tmp;
}
@@ -356,12 +356,12 @@ drop:
return PKT_DROP;
}
int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, uint32_t pktlen) {
int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, size_t pktlen) {
const void *iph;
uint32_t iph_len;
size_t iph_len;
const struct udphdr *udph;
const uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret = udp_payload_split((uint8_t *)pkt, pktlen,
(void **)&iph, &iph_len,
@@ -398,7 +398,7 @@ int process_udp_packet(const struct section_config_t *section, const uint8_t *pk
lgerror(-ENOMEM, "Allocation error");
return -ENOMEM;
}
uint32_t fsn_len = MAX_PACKET_SIZE;
size_t fsn_len = MAX_PACKET_SIZE;
struct udp_fake_type fake_type = {
.fake_len = section->udp_fake_len,
@@ -441,20 +441,20 @@ drop:
return PKT_DROP;
}
int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet, uint32_t pktlen, const uint32_t *poses, uint32_t poses_sz, uint32_t dvs) {
int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet, size_t pktlen, const size_t *poses, size_t poses_sz, size_t dvs) {
if (poses_sz == 0) {
if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
if (!instance_config.send_delayed_packet) {
return -EINVAL;
}
lgtrace_addp("Sent %d delayed for %d", pktlen, section->seg2_delay);
lgtrace_addp("Sent %zu delayed for %d", pktlen, section->seg2_delay);
instance_config.send_delayed_packet(
packet, pktlen, section->seg2_delay);
return 0;
} else {
lgtrace_addp("Sent %d bytes", pktlen);
lgtrace_addp("Sent %zu bytes", pktlen);
return instance_config.send_raw_packet(
packet, pktlen);
}
@@ -482,26 +482,26 @@ int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet
}
*/
uint32_t f1len = MAX_PACKET_SIZE;
uint32_t f2len = MAX_PACKET_SIZE;
// uint32_t fake_pad_len = MAX_PACKET_SIZE;
size_t f1len = MAX_PACKET_SIZE;
size_t f2len = MAX_PACKET_SIZE;
// size_t fake_pad_len = MAX_PACKET_SIZE;
int ret;
if (dvs > poses[0]) {
lgerror(-EINVAL, "send_frags: Recursive dvs(%d) is more than poses0(%d)", dvs, poses[0]);
lgerror(-EINVAL, "send_frags: Recursive dvs(%zu) is more than poses0(%zu)", dvs, poses[0]);
ret = -EINVAL;
goto erret_lc;
}
uint32_t frag_pos = poses[0] - dvs;
size_t frag_pos = poses[0] - dvs;
frag_pos += 8 - frag_pos % 8;
ret = ip4_frag(packet, pktlen, frag_pos,
frag1, &f1len, frag2, &f2len);
if (ret < 0) {
lgerror(ret, "send_frags: frag: with context packet with size %d, position: %d, recursive dvs: %d", pktlen, poses[0], dvs);
lgerror(ret, "send_frags: frag: with context packet with size %zu, position: %zu, recursive dvs: %zu", pktlen, poses[0], dvs);
goto erret_lc;
}
@@ -522,7 +522,7 @@ send_fake:
/*
if (section->frag_sni_faked) {
ITER_FAKE_STRAT(section->faking_strategy, strategy) {
uint32_t iphfl;
size_t iphfl;
fake_pad_len = f2len;
ret = ip4_payload_split(frag2, f2len, NULL, &iphfl, NULL, NULL);
if (ret < 0) {
@@ -573,7 +573,7 @@ out:
return 0;
}
int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet, uint32_t pktlen, const uint32_t *poses, uint32_t poses_sz, uint32_t dvs) {
int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet, size_t pktlen, const size_t *poses, size_t poses_sz, size_t dvs) {
if (poses_sz == 0) {
if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
if (!instance_config.send_delayed_packet) {
@@ -585,7 +585,7 @@ int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet
return 0;
} else {
lgtrace_addp("raw send packet of %d bytes with %d dvs", pktlen, dvs);
lgtrace_addp("raw send packet of %zu bytes with %zu dvs", pktlen, dvs);
return instance_config.send_raw_packet(
packet, pktlen);
}
@@ -603,13 +603,13 @@ int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet
return -ENOMEM;
}
uint32_t f1len = MAX_PACKET_SIZE;
uint32_t f2len = MAX_PACKET_SIZE;
size_t f1len = MAX_PACKET_SIZE;
size_t f2len = MAX_PACKET_SIZE;
int ret;
if (dvs > poses[0]) {
lgerror(-EINVAL, "send_frags: Recursive dvs(%d) is more than poses0(%d)", dvs, poses[0]);
lgerror(-EINVAL, "send_frags: Recursive dvs(%zu) is more than poses0(%zu)", dvs, poses[0]);
ret = -EINVAL;
goto erret_lc;
}
@@ -619,10 +619,10 @@ int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet
frag1, &f1len, frag2, &f2len);
lgtrace_addp("Packet split in %d bytes position of payload start, dvs: %d to two packets of %d and %d lengths", poses[0], dvs, f1len, f2len);
lgtrace_addp("Packet split in %zu bytes position of payload start, dvs: %zu to two packets of %zu and %zu lengths", poses[0], dvs, f1len, f2len);
if (ret < 0) {
lgerror(ret, "send_frags: tcp_frag: with context packet with size %d, position: %d", pktlen, poses[0]);
lgerror(ret, "send_frags: tcp_frag: with context packet with size %zu, position: %zu", pktlen, poses[0]);
goto erret_lc;
}
@@ -643,7 +643,7 @@ send_frag1:
send_fake:
if (section->frag_sni_faked) {
uint32_t iphfl, tcphfl;
size_t iphfl, tcphfl;
void *iph;
struct tcphdr *tcph;
ret = tcp_payload_split(frag2, f2len, &iph, &iphfl, &tcph, &tcphfl, NULL, NULL);
@@ -712,7 +712,7 @@ int post_fake_sni(struct fake_type f_type,
lgerror(-ENOMEM, "Allocation error");
return -ENOMEM;
}
uint32_t fsn_len = MAX_PACKET_SIZE;
size_t fsn_len = MAX_PACKET_SIZE;
ret = gen_fake_sni(
fake_seq_type,
@@ -734,9 +734,9 @@ int post_fake_sni(struct fake_type f_type,
lgerror(ret, "send fake sni");
goto erret_lc;
}
uint32_t iph_len;
uint32_t tcph_len;
uint32_t plen;
size_t iph_len;
size_t tcph_len;
size_t plen;
ret = tcp_payload_split(
fake_sni, fsn_len,
&fsiph, &iph_len,

14
src/mangle.h
View File

@@ -32,21 +32,21 @@
* Processes the packet and returns verdict.
* This is the primary function that traverses the packet.
*/
int process_packet(const uint8_t *packet, uint32_t packet_len);
int process_packet(const uint8_t *packet, size_t packet_len);
/**
* Processe the TCP packet.
* Returns verdict.
*/
int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, uint32_t raw_payload_len);
int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, size_t raw_payload_len);
/**
* Processes the UDP packet.
* Returns verdict.
*/
int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, uint32_t pktlen);
int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, size_t pktlen);
@@ -63,8 +63,8 @@ int post_fake_sni(struct fake_type f_type,
* dvs used internally and should be zero.
*/
int send_tcp_frags(const struct section_config_t *section,
const uint8_t *packet, uint32_t pktlen,
const uint32_t *poses, uint32_t poses_len, uint32_t dvs);
const uint8_t *packet, size_t pktlen,
const size_t *poses, size_t poses_len, size_t dvs);
/**
* Splits packet by poses and posts.
@@ -72,6 +72,6 @@ int send_tcp_frags(const struct section_config_t *section,
* dvs used internally and should be zero.
*/
int send_ip4_frags(const struct section_config_t *section,
const uint8_t *packet, uint32_t pktlen,
const uint32_t *poses, uint32_t poses_len, uint32_t dvs);
const uint8_t *packet, size_t pktlen,
const size_t *poses, size_t poses_len, size_t dvs);
#endif /* YU_MANGLE_H */

101
src/quic.c
View File

@@ -32,7 +32,7 @@ struct quic_pnumber {
uint8_t d4;
};
uint64_t quic_parse_varlength(const uint8_t *variable, uint64_t *mlen) {
uint64_t quic_parse_varlength(const uint8_t *variable, size_t *mlen) {
if (mlen && *mlen == 0) return 0;
uint64_t vr = (*variable & 0x3F);
uint8_t len = 1 << (*variable >> 6);
@@ -54,20 +54,23 @@ uint64_t quic_parse_varlength(const uint8_t *variable, uint64_t *mlen) {
return vr;
}
int64_t quic_get_version(const struct quic_lhdr *qch) {
int64_t qversion = ntohl(qch->version);
int quic_get_version(uint32_t *version, const struct quic_lhdr *qch) {
uint32_t qversion = ntohl(qch->version);
*version = qversion;
switch (qversion) {
case QUIC_V1:
case QUIC_V2:
return qversion;
return 0;
default:
return -qversion;
return -EINVAL;
}
}
int quic_check_is_initial(const struct quic_lhdr *qch) {
int64_t qversion = quic_get_version(qch);
uint32_t qversion;
int ret;
ret = quic_get_version(&qversion, qch);
if (qversion < 0) return 0;
uint8_t qtype = qch->type;
@@ -90,30 +93,33 @@ int quic_check_is_initial(const struct quic_lhdr *qch) {
return 1;
}
int quic_parse_data(const uint8_t *raw_payload, uint32_t raw_payload_len,
const struct quic_lhdr **qch, uint32_t *qch_len,
int quic_parse_data(const uint8_t *raw_payload, size_t raw_payload_len,
const struct quic_lhdr **qch, size_t *qch_len,
struct quic_cids *qci,
const uint8_t **payload, uint32_t *plen) {
const uint8_t **payload, size_t *plen) {
if ( raw_payload == NULL ||
raw_payload_len < sizeof(struct quic_lhdr))
goto invalid_packet;
const struct quic_lhdr *nqch = (const struct quic_lhdr *)raw_payload;
uint32_t left_len = raw_payload_len - sizeof(struct quic_lhdr);
size_t left_len = raw_payload_len - sizeof(struct quic_lhdr);
const uint8_t *cur_rawptr = raw_payload + sizeof(struct quic_lhdr);
int ret;
uint32_t qversion;
if (!nqch->fixed) {
lgtrace_addp("quic fixed unset");
return -EPROTO;
}
int64_t qversion = quic_get_version(nqch);
ret = quic_get_version(&qversion, nqch);
if (qversion < 0) {
lgtrace_addp("quic version undefined %u", (uint32_t)(-qversion));
if (ret < 0) {
lgtrace_addp("quic version undefined %u", qversion);
return -EPROTO;
}
lgtrace_addp("quic version valid %u", (uint32_t)qversion);
lgtrace_addp("quic version valid %u", qversion);
if (left_len < 2) goto invalid_packet;
struct quic_cids nqci = {0};
@@ -147,14 +153,14 @@ invalid_packet:
return -EINVAL;
}
int quic_parse_initial_header(const uint8_t *inpayload, uint32_t inplen,
int quic_parse_initial_header(const uint8_t *inpayload, size_t inplen,
struct quici_hdr *qhdr) {
if (inplen < 3) goto invalid_packet;
struct quici_hdr nqhdr;
const uint8_t *cur_ptr = inpayload;
uint32_t left_len = inplen;
uint64_t tlen = left_len;
size_t left_len = inplen;
size_t tlen = left_len;
nqhdr.token_len = quic_parse_varlength(cur_ptr, &tlen);
nqhdr.token = cur_ptr + tlen;
@@ -188,10 +194,10 @@ invalid_packet:
}
ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
const uint8_t *frame, uint64_t flen) {
const uint8_t *frame, size_t flen) {
const uint8_t *curptr = frame;
uint64_t curptr_len = flen;
uint64_t vln;
size_t curptr_len = flen;
size_t vln;
*crypto_frame = (struct quic_frame_crypto){0};
if (flen == 0 || *frame != QUIC_FRAME_CRYPTO ||
@@ -202,14 +208,15 @@ ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
curptr++, curptr_len--;
vln = curptr_len;
uint64_t offset = quic_parse_varlength(curptr, &vln);
size_t offset = quic_parse_varlength(curptr, &vln);
curptr += vln, curptr_len -= vln;
if (vln == 0) {
return -EINVAL;
}
vln = curptr_len;
uint64_t length = quic_parse_varlength(curptr, &vln);
size_t length = quic_parse_varlength(curptr, &vln);
curptr += vln, curptr_len -= vln;
if (vln == 0) {
return -EINVAL;
@@ -228,12 +235,12 @@ ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
return flen - curptr_len;
}
int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen) {
int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen) {
void *iph;
uint32_t iph_len;
size_t iph_len;
struct udphdr *udph;
uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret;
ret = udp_payload_split(payload, *plen,
@@ -276,10 +283,10 @@ int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, uint
}
int gen_fake_udp(struct udp_fake_type type,
const void *ipxh, uint32_t iph_len,
const void *ipxh, size_t iph_len,
const struct udphdr *udph,
uint8_t *buf, uint32_t *buflen) {
uint32_t data_len = type.fake_len;
uint8_t *buf, size_t *buflen) {
size_t data_len = type.fake_len;
if (!ipxh || !udph || !buf || !buflen)
return -EINVAL;
@@ -305,7 +312,7 @@ int gen_fake_udp(struct udp_fake_type type,
return -EINVAL;
}
uint32_t dlen = iph_len + sizeof(struct udphdr) + data_len;
size_t dlen = iph_len + sizeof(struct udphdr) + data_len;
if (*buflen < dlen)
return -ENOMEM;
@@ -338,8 +345,8 @@ int gen_fake_udp(struct udp_fake_type type,
int parse_quic_decrypted(
const struct section_config_t *section,
const uint8_t *decrypted_message, uint32_t decrypted_message_len,
uint8_t **crypto_message_buf, uint32_t *crypto_message_buf_len
const uint8_t *decrypted_message, size_t decrypted_message_len,
uint8_t **crypto_message_buf, size_t *crypto_message_buf_len
) {
const uint8_t *curptr = decrypted_message;
ssize_t curptr_len = decrypted_message_len;
@@ -372,14 +379,19 @@ pl_incr:
break;
case QUIC_FRAME_CRYPTO:
fret = quic_parse_crypto(&fr_cr, curptr, curptr_len);
lgtrace_addp("crypto %d %d %d", (int)fr_cr.offset, (int)fr_cr.payload_length, (int)fret);
if (fret < 0)
break;
lgtrace_addp("crypto len=%zu offset=%zu fret=%zd", fr_cr.payload_length, fr_cr.offset, fret);
if (fret < 0) {
lgtrace_addp("Crypto parse error");
goto out;
}
curptr += fret;
curptr_len -= fret;
if (fr_cr.offset + fr_cr.payload_length <=
crypto_message_len) {
if (fr_cr.offset <= crypto_message_len &&
fr_cr.payload_length <= crypto_message_len &&
fr_cr.payload_length <= crypto_message_len
) {
memcpy(crypto_message + fr_cr.offset,
fr_cr.payload, fr_cr.payload_length);
@@ -387,6 +399,7 @@ pl_incr:
break;
default:
lgtrace_addp("Frame invalid hash: %02x", type);
goto out;
}
}
@@ -399,12 +412,12 @@ out:
}
int detect_udp_filtered(const struct section_config_t *section,
const uint8_t *payload, uint32_t plen) {
const uint8_t *payload, size_t plen) {
const void *iph;
uint32_t iph_len;
size_t iph_len;
const struct udphdr *udph;
const uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret;
ret = udp_payload_split((uint8_t *)payload, plen,
@@ -421,10 +434,10 @@ int detect_udp_filtered(const struct section_config_t *section,
if (section->udp_filter_quic != UDP_FILTER_QUIC_DISABLED) {
const struct quic_lhdr *qch;
uint32_t qch_len;
size_t qch_len;
struct quic_cids qci;
const uint8_t *quic_in_payload;
uint32_t quic_in_plen;
size_t quic_in_plen;
lgtrace_addp("QUIC probe");
@@ -453,11 +466,11 @@ int detect_udp_filtered(const struct section_config_t *section,
}
uint8_t *decrypted_payload;
uint32_t decrypted_payload_len;
size_t decrypted_payload_len;
const uint8_t *decrypted_message;
uint32_t decrypted_message_len;
size_t decrypted_message_len;
uint8_t *crypto_message;
uint32_t crypto_message_len;
size_t crypto_message_len;
struct tls_verdict tlsv;
ret = quic_parse_initial_message(

42
src/quic.h
View File

@@ -140,10 +140,10 @@ struct quic_cids {
* \qch_len is sizeof(qch) + qci->dst_len + qci->src_id
* \payload is Type-Specific payload (#17.2).
*/
int quic_parse_data(const uint8_t *raw_payload, uint32_t raw_payload_len,
const struct quic_lhdr **qch, uint32_t *qch_len,
int quic_parse_data(const uint8_t *raw_payload, size_t raw_payload_len,
const struct quic_lhdr **qch, size_t *qch_len,
struct quic_cids *qci,
const uint8_t **payload, uint32_t *plen);
const uint8_t **payload, size_t *plen);
/**
@@ -156,7 +156,7 @@ int quic_parse_data(const uint8_t *raw_payload, uint32_t raw_payload_len,
*
* On error/buffer overflow mlen set to 0, otherwise it is higher
*/
uint64_t quic_parse_varlength(const uint8_t *variable, uint64_t *mlen);
uint64_t quic_parse_varlength(const uint8_t *variable, size_t *mlen);
// quici stands for QUIC Initial
@@ -164,21 +164,21 @@ uint64_t quic_parse_varlength(const uint8_t *variable, uint64_t *mlen);
* This structure should be parsed
*/
struct quici_hdr {
uint64_t token_len;
size_t token_len;
const uint8_t *token;
uint64_t length;
size_t length;
const uint8_t *protected_payload; // with packet number
// RFC 9001 5.4.2
uint64_t sample_length;
size_t sample_length;
const uint8_t *sample;
};
/**
* Checks for quic version and checks if it is supported
*/
int64_t quic_get_version(const struct quic_lhdr *qch);
int quic_get_version(uint32_t *version, const struct quic_lhdr *qch);
/**
* Checks quic message to be initial according to version.
@@ -187,8 +187,8 @@ int64_t quic_get_version(const struct quic_lhdr *qch);
int quic_check_is_initial(const struct quic_lhdr *qch);
struct quic_frame_crypto {
uint64_t offset;
uint64_t payload_length;
size_t offset;
size_t payload_length;
const uint8_t *payload;
};
/**
@@ -196,14 +196,14 @@ struct quic_frame_crypto {
* Returns parsed size or -EINVAL on error
*/
ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
const uint8_t *frame, uint64_t flen);
const uint8_t *frame, size_t flen);
/**
* Parses QUIC initial message header.
* \inpayload is a QUIC Initial message payload (payload after quic large header)
*/
int quic_parse_initial_header(const uint8_t *inpayload, uint32_t inplen,
int quic_parse_initial_header(const uint8_t *inpayload, size_t inplen,
struct quici_hdr *qhdr);
/**
@@ -215,9 +215,9 @@ int quic_parse_initial_header(const uint8_t *inpayload, uint32_t inplen,
*
*/
int quic_parse_initial_message(
const uint8_t *quic_payload, uint32_t quic_plen,
uint8_t **udecrypted_payload, uint32_t *udecrypted_payload_len,
const uint8_t **udecrypted_message, uint32_t *udecrypted_message_len
const uint8_t *quic_payload, size_t quic_plen,
uint8_t **udecrypted_payload, size_t *udecrypted_payload_len,
const uint8_t **udecrypted_message, size_t *udecrypted_message_len
);
/**
@@ -227,20 +227,20 @@ int quic_parse_initial_message(
*/
int parse_quic_decrypted(
const struct section_config_t *section,
const uint8_t *decrypted_message, uint32_t decrypted_message_len,
uint8_t **crypto_message_buf, uint32_t *crypto_message_buf_len
const uint8_t *decrypted_message, size_t decrypted_message_len,
uint8_t **crypto_message_buf, size_t *crypto_message_buf_len
);
// Like fail_packet for TCP
int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen);
int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen);
// Like gen_fake_sni for TCP
int gen_fake_udp(struct udp_fake_type type,
const void *ipxh, uint32_t iph_len,
const void *ipxh, size_t iph_len,
const struct udphdr *udph,
uint8_t *buf, uint32_t *buflen);
uint8_t *buf, size_t *buflen);
int detect_udp_filtered(const struct section_config_t *section,
const uint8_t *payload, uint32_t plen);
const uint8_t *payload, size_t plen);
#endif /* QUIC_H */

29
src/quic_crypto.c
View File

@@ -34,16 +34,16 @@ const uint8_t quic2_iv_info[] = "\0\x0c\x0ftls13 quicv2 iv\0";
const uint8_t quic2_hp_info[] = "\0\x10\x0ftls13 quicv2 hp\0";
int quic_parse_initial_message(
const uint8_t *quic_payload, uint32_t quic_plen,
uint8_t **udecrypted_payload, uint32_t *udecrypted_payload_len,
const uint8_t **udecrypted_message, uint32_t *udecrypted_message_len
const uint8_t *quic_payload, size_t quic_plen,
uint8_t **udecrypted_payload, size_t *udecrypted_payload_len,
const uint8_t **udecrypted_message, size_t *udecrypted_message_len
) {
int ret;
const struct quic_lhdr *qch;
uint32_t qch_len;
size_t qch_len;
struct quic_cids qci;
const uint8_t *inpayload;
uint32_t inplen;
size_t inplen;
struct quici_hdr qich;
size_t quic_header_len;
@@ -61,29 +61,32 @@ int quic_parse_initial_message(
uint8_t quic_hp[QUIC_HP_SIZE];
uint8_t mask[QUIC_SAMPLE_SIZE];
uint8_t *decrypted_payload = NULL;
uint32_t decrypted_payload_len;
size_t decrypted_payload_len;
uint8_t *decrypted_packet_number = NULL;
uint8_t *dcptr = NULL;
// Decrypted plain message without header
uint8_t *decrypted_message = NULL;
uint32_t decrypted_message_len;
size_t decrypted_message_len;
AesContext actx;
GcmContext gctx;
int64_t qversion;
uint32_t qversion;
const uint8_t *iv_info;
uint32_t iv_info_size;
size_t iv_info_size;
const uint8_t *key_info;
uint32_t key_info_size;
size_t key_info_size;
const uint8_t *hp_info;
uint32_t hp_info_size;
size_t hp_info_size;
const uint8_t *initial_salt;
uint32_t initial_salt_size;
size_t initial_salt_size;
ret = quic_parse_data(quic_payload, quic_plen,
&qch, &qch_len, &qci, &inpayload, &inplen
);
qversion = quic_get_version(qch);
ret = quic_get_version(&qversion, qch);
if (ret < 0) {
return -EINVAL;
}
if (!quic_check_is_initial(qch)) {
return -EINVAL;
}

14
src/tls.c
View File

@@ -256,7 +256,7 @@ invalid:
struct tls_verdict analyze_tls_data(
const struct section_config_t *section,
const uint8_t *data,
uint32_t dlen)
size_t dlen)
{
struct tls_verdict vrd = {0};
@@ -317,13 +317,13 @@ out:
}
int gen_fake_sni(struct fake_type type,
const void *ipxh, uint32_t iph_len,
const struct tcphdr *tcph, uint32_t tcph_len,
uint8_t *buf, uint32_t *buflen) {
uint32_t data_len = type.fake_len;
const void *ipxh, size_t iph_len,
const struct tcphdr *tcph, size_t tcph_len,
uint8_t *buf, size_t *buflen) {
size_t data_len = type.fake_len;
if (type.type == FAKE_PAYLOAD_RANDOM && data_len == 0) {
data_len = (uint32_t)randint() % 1200;
data_len = (size_t)randint() % 1200;
}
if (!ipxh || !tcph || !buf || !buflen)
@@ -350,7 +350,7 @@ int gen_fake_sni(struct fake_type type,
return -EINVAL;
}
uint32_t dlen = iph_len + tcph_len + data_len;
size_t dlen = iph_len + tcph_len + data_len;
if (*buflen < dlen)
return -ENOMEM;

8
src/tls.h
View File

@@ -71,15 +71,15 @@ int bruteforce_analyze_sni_str(
*
* Note that all the constant pointers of tls_verdict will be relative to data pointer
*/
struct tls_verdict analyze_tls_data(const struct section_config_t *section, const uint8_t *data, uint32_t dlen);
struct tls_verdict analyze_tls_data(const struct section_config_t *section, const uint8_t *data, size_t dlen);
/**
* Generates the fake client hello message
*/
int gen_fake_sni(struct fake_type type,
const void *iph, uint32_t iph_len,
const struct tcphdr *tcph, uint32_t tcph_len,
uint8_t *buf, uint32_t *buflen);
const void *iph, size_t iph_len,
const struct tcphdr *tcph, size_t tcph_len,
uint8_t *buf, size_t *buflen);
#endif /* TLS_H */

152
src/utils.c
View File

@@ -40,7 +40,7 @@
void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph)
{
#ifdef KERNEL_SPACE
uint32_t tcp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
size_t tcp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
tcph->check = 0;
tcph->check = csum_tcpudp_magic(
iph->saddr, iph->daddr, tcp_packet_len,
@@ -54,7 +54,7 @@ void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph)
void udp4_set_checksum(struct udphdr *udph, struct iphdr *iph)
{
#ifdef KERNEL_SPACE
uint32_t udp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
size_t udp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
udph->check = 0;
udph->check = csum_tcpudp_magic(
iph->saddr, iph->daddr, udp_packet_len,
@@ -97,7 +97,7 @@ void udp6_set_checksum(struct udphdr *udph, struct ip6_hdr *iph) {
#endif
}
int set_ip_checksum(void *iph, uint32_t iphb_len) {
int set_ip_checksum(void *iph, size_t iphb_len) {
int ipvx = netproto_version(iph, iphb_len);
if (ipvx == IP4VERSION) {
@@ -109,7 +109,7 @@ int set_ip_checksum(void *iph, uint32_t iphb_len) {
return 0;
}
int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len) {
int set_tcp_checksum(struct tcphdr *tcph, void *iph, size_t iphb_len) {
int ipvx = netproto_version(iph, iphb_len);
if (ipvx == IP4VERSION) {
@@ -122,7 +122,7 @@ int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len) {
return 0;
}
int set_udp_checksum(struct udphdr *udph, void *iph, uint32_t iphb_len) {
int set_udp_checksum(struct udphdr *udph, void *iph, size_t iphb_len) {
int ipvx = netproto_version(iph, iphb_len);
if (ipvx == IP4VERSION) {
@@ -137,9 +137,9 @@ int set_udp_checksum(struct udphdr *udph, void *iph, uint32_t iphb_len) {
}
int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
uint8_t **payload, uint32_t *plen) {
int ip4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
uint8_t **payload, size_t *plen) {
if (pkt == NULL || buflen < sizeof(struct iphdr)) {
lgerror(-EINVAL, "ip4_payload_split: pkt|buflen");
return -EINVAL;
@@ -151,8 +151,8 @@ int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
return -EINVAL;
}
uint32_t hdr_len = hdr->ihl * 4;
uint32_t pktlen = ntohs(hdr->tot_len);
size_t hdr_len = hdr->ihl * 4;
size_t pktlen = ntohs(hdr->tot_len);
if (buflen < pktlen || hdr_len > pktlen) {
lgerror(-EINVAL, "ip4_payload_split: buflen cmp pktlen");
return -EINVAL;
@@ -170,17 +170,17 @@ int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen) {
int tcp4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen) {
struct iphdr *hdr;
uint32_t hdr_len;
size_t hdr_len;
struct tcphdr *thdr;
uint32_t thdr_len;
size_t thdr_len;
uint8_t *tcph_pl;
uint32_t tcph_plen;
size_t tcph_plen;
if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len,
&tcph_pl, &tcph_plen)){
@@ -212,9 +212,9 @@ int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
uint8_t **payload, uint32_t *plen) {
int ip6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
uint8_t **payload, size_t *plen) {
if (pkt == NULL || buflen < sizeof(struct ip6_hdr)) {
lgerror(-EINVAL, "ip6_payload_split: pkt|buflen");
return -EINVAL;
@@ -226,10 +226,10 @@ int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
return -EINVAL;
}
uint32_t hdr_len = sizeof(struct ip6_hdr);
uint32_t pktlen = ntohs(hdr->ip6_plen);
size_t hdr_len = sizeof(struct ip6_hdr);
size_t pktlen = ntohs(hdr->ip6_plen);
if (buflen < pktlen) {
lgerror(-EINVAL, "ip6_payload_split: buflen cmp pktlen: %d %d", buflen, pktlen);
lgerror(-EINVAL, "ip6_payload_split: buflen cmp pktlen: %zu %zu", buflen, pktlen);
return -EINVAL;
}
@@ -245,17 +245,17 @@ int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen) {
int tcp6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen) {
struct ip6_hdr *hdr;
uint32_t hdr_len;
size_t hdr_len;
struct tcphdr *thdr;
uint32_t thdr_len;
size_t thdr_len;
uint8_t *tcph_pl;
uint32_t tcph_plen;
size_t tcph_plen;
if (ip6_payload_split(pkt, buflen, &hdr, &hdr_len,
&tcph_pl, &tcph_plen)){
@@ -287,10 +287,10 @@ int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
void **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen) {
int tcp_payload_split(uint8_t *pkt, size_t buflen,
void **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen) {
int netvers = netproto_version(pkt, buflen);
if (netvers == IP4VERSION) {
return tcp4_payload_split(pkt, buflen, (struct iphdr **)iph, iph_len, tcph, tcph_len, payload, plen);
@@ -303,16 +303,16 @@ int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
}
int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
int udp4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen) {
uint8_t **payload, size_t *plen) {
struct iphdr *hdr;
uint32_t hdr_len;
size_t hdr_len;
struct udphdr *uhdr;
uint8_t *ip_ph;
uint32_t ip_phlen;
size_t ip_phlen;
if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len,
&ip_ph, &ip_phlen)){
@@ -341,16 +341,16 @@ int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
int udp6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen) {
uint8_t **payload, size_t *plen) {
struct ip6_hdr *hdr;
uint32_t hdr_len;
size_t hdr_len;
struct udphdr *uhdr;
uint8_t *ip_ph;
uint32_t ip_phlen;
size_t ip_phlen;
if (ip6_payload_split(pkt, buflen, &hdr, &hdr_len,
&ip_ph, &ip_phlen)){
@@ -379,10 +379,10 @@ int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
return 0;
}
int udp_payload_split(uint8_t *pkt, uint32_t buflen,
void **iph, uint32_t *iph_len,
int udp_payload_split(uint8_t *pkt, size_t buflen,
void **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen) {
uint8_t **payload, size_t *plen) {
int netvers = netproto_version(pkt, buflen);
if (netvers == IP4VERSION) {
return udp4_payload_split(pkt, buflen, (struct iphdr **)iph, iph_len, udph, payload, plen);
@@ -395,14 +395,14 @@ int udp_payload_split(uint8_t *pkt, uint32_t buflen,
}
// split packet to two ipv4 fragments.
int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
uint8_t *frag1, uint32_t *f1len,
uint8_t *frag2, uint32_t *f2len) {
int ip4_frag(const uint8_t *pkt, size_t buflen, size_t payload_offset,
uint8_t *frag1, size_t *f1len,
uint8_t *frag2, size_t *f2len) {
struct iphdr *hdr;
const uint8_t *payload;
uint32_t plen;
uint32_t hdr_len;
size_t plen;
size_t hdr_len;
int ret;
if (!frag1 || !f1len || !frag2 || !f2len)
@@ -425,11 +425,11 @@ int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
return -EINVAL;
}
uint32_t f1_plen = payload_offset;
uint32_t f1_dlen = f1_plen + hdr_len;
size_t f1_plen = payload_offset;
size_t f1_dlen = f1_plen + hdr_len;
uint32_t f2_plen = plen - payload_offset;
uint32_t f2_dlen = f2_plen + hdr_len;
size_t f2_plen = plen - payload_offset;
size_t f2_dlen = f2_plen + hdr_len;
if (*f1len < f1_dlen || *f2len < f2_dlen) {
return -ENOMEM;
@@ -474,15 +474,15 @@ int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
}
// split packet to two tcp-on-ipv4 segments.
int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
uint8_t *seg1, uint32_t *s1len,
uint8_t *seg2, uint32_t *s2len) {
int tcp_frag(const uint8_t *pkt, size_t buflen, size_t payload_offset,
uint8_t *seg1, size_t *s1len,
uint8_t *seg2, size_t *s2len) {
void *hdr;
uint32_t hdr_len;
size_t hdr_len;
struct tcphdr *tcph;
uint32_t tcph_len;
uint32_t plen;
size_t tcph_len;
size_t plen;
const uint8_t *payload;
int ret;
@@ -518,11 +518,11 @@ int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
return -EINVAL;
}
uint32_t s1_plen = payload_offset;
uint32_t s1_dlen = s1_plen + hdr_len + tcph_len;
size_t s1_plen = payload_offset;
size_t s1_dlen = s1_plen + hdr_len + tcph_len;
uint32_t s2_plen = plen - payload_offset;
uint32_t s2_dlen = s2_plen + hdr_len + tcph_len;
size_t s2_plen = plen - payload_offset;
size_t s2_dlen = s2_plen + hdr_len + tcph_len;
if (*s1len < s1_dlen || *s2len < s2_dlen)
return -ENOMEM;
@@ -589,7 +589,7 @@ void z_function(const char *str, int *zbuf, size_t len) {
}
}
void shift_data(uint8_t *data, uint32_t dlen, uint32_t delta) {
void shift_data(uint8_t *data, size_t dlen, size_t delta) {
uint8_t *ndptr = data + delta + dlen;
uint8_t *dptr = data + dlen;
uint8_t *ndlptr = data;
@@ -613,20 +613,20 @@ struct tcp_md5sig_opt {
// Real length of the option, with NOOP fillers
#define TCP_MD5SIG_OPT_RLEN 20
int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen) {
int fail_packet(struct failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen) {
void *iph;
uint32_t iph_len;
size_t iph_len;
struct tcphdr *tcph;
uint32_t tcph_len;
size_t tcph_len;
uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret;
ret = tcp_payload_split(payload, *plen,
&iph, &iph_len, &tcph, &tcph_len,
&data, &dlen);
uint32_t ipxv = netproto_version(payload, *plen);
int ipxv = netproto_version(payload, *plen);
if (ret < 0) {
return ret;
@@ -710,15 +710,15 @@ int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *pl
return 0;
}
int seqovl_packet(uint8_t *payload, uint32_t *plen, uint32_t seq_delta) {
int seqovl_packet(uint8_t *payload, size_t *plen, size_t seq_delta) {
int ipxv = netproto_version(payload, *plen);
void *iph;
uint32_t iph_len;
size_t iph_len;
struct tcphdr *tcph;
uint32_t tcph_len;
size_t tcph_len;
uint8_t *data;
uint32_t dlen;
size_t dlen;
int ret = tcp_payload_split(payload, *plen,

96
src/utils.h
View File

@@ -31,33 +31,33 @@
* payload_offset indicates the position relatively to start of IP payload
* (start of transport header)
*/
int ip4_frag(const uint8_t *pkt, uint32_t pktlen,
uint32_t payload_offset,
uint8_t *frag1, uint32_t *f1len,
uint8_t *frag2, uint32_t *f2len);
int ip4_frag(const uint8_t *pkt, size_t pktlen,
size_t payload_offset,
uint8_t *frag1, size_t *f1len,
uint8_t *frag2, size_t *f2len);
/**
* Splits the packet to two TCP segments on position payload_offset
* payload_offset indicates the position relatively to start of TCP payload.
*/
// int tcp4_frag(const uint8_t *pkt, uint32_t pktlen,
// uint32_t payload_offset,
// uint8_t *seg1, uint32_t *s1len,
// uint8_t *seg2, uint32_t *s2len);
int tcp_frag(const uint8_t *pkt, uint32_t pktlen,
uint32_t payload_offset,
uint8_t *seg1, uint32_t *s1len,
uint8_t *seg2, uint32_t *s2len);
// int tcp4_frag(const uint8_t *pkt, size_t pktlen,
// size_t payload_offset,
// uint8_t *seg1, size_t *s1len,
// uint8_t *seg2, size_t *s2len);
int tcp_frag(const uint8_t *pkt, size_t pktlen,
size_t payload_offset,
uint8_t *seg1, size_t *s1len,
uint8_t *seg2, size_t *s2len);
/**
* Splits the raw packet payload to ip header and ip payload.
*/
int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
uint8_t **payload, uint32_t *plen);
int ip4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
uint8_t **payload, size_t *plen);
static inline int netproto_version(const uint8_t *pkt, uint32_t buflen) {
static inline int netproto_version(const uint8_t *pkt, size_t buflen) {
if (pkt == NULL || buflen == 0)
return -1;
@@ -68,48 +68,48 @@ static inline int netproto_version(const uint8_t *pkt, uint32_t buflen) {
/**
* Splits the raw packet payload to ip header, tcp header and tcp payload.
*/
int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen);
int tcp4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen);
/**
* Splits the raw packet payload to ip header and ip payload.
*/
int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
uint8_t **payload, uint32_t *plen);
int ip6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
uint8_t **payload, size_t *plen);
/**
* Splits the raw packet payload to ip header, tcp header and tcp payload.
*/
int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen);
int tcp6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen);
int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
void **iph, uint32_t *iph_len,
struct tcphdr **tcph, uint32_t *tcph_len,
uint8_t **payload, uint32_t *plen);
int tcp_payload_split(uint8_t *pkt, size_t buflen,
void **iph, size_t *iph_len,
struct tcphdr **tcph, size_t *tcph_len,
uint8_t **payload, size_t *plen);
/**
* Splits the raw packet payload to ip header, udp header and udp payload.
*/
int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
struct iphdr **iph, uint32_t *iph_len,
int udp4_payload_split(uint8_t *pkt, size_t buflen,
struct iphdr **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen);
uint8_t **payload, size_t *plen);
int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
struct ip6_hdr **iph, uint32_t *iph_len,
int udp6_payload_split(uint8_t *pkt, size_t buflen,
struct ip6_hdr **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen);
uint8_t **payload, size_t *plen);
int udp_payload_split(uint8_t *pkt, uint32_t buflen,
void **iph, uint32_t *iph_len,
int udp_payload_split(uint8_t *pkt, size_t buflen,
void **iph, size_t *iph_len,
struct udphdr **udph,
uint8_t **payload, uint32_t *plen);
uint8_t **payload, size_t *plen);
void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
void ip4_set_checksum(struct iphdr *iph);
@@ -118,22 +118,22 @@ void tcp6_set_checksum(struct tcphdr *tcph, struct ip6_hdr *iph);
void udp4_set_checksum(struct udphdr *udph, struct iphdr *iph);
void udp6_set_checksum(struct udphdr *udph, struct ip6_hdr *iph);
int set_ip_checksum(void *iph, uint32_t iphb_len);
int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len);
int set_udp_checksum(struct udphdr *udph, void *iph, uint32_t iphb_len);
int set_ip_checksum(void *iph, size_t iphb_len);
int set_tcp_checksum(struct tcphdr *tcph, void *iph, size_t iphb_len);
int set_udp_checksum(struct udphdr *udph, void *iph, size_t iphb_len);
void z_function(const char *str, int *zbuf, size_t len);
/**
* Shifts data left delta bytes. Fills delta buffer with zeroes.
*/
void shift_data(uint8_t *data, uint32_t dlen, uint32_t delta);
void shift_data(uint8_t *data, size_t dlen, size_t delta);
struct failing_strategy {
unsigned int strategy;
uint8_t faking_ttl;
uint32_t randseq_offset;
size_t randseq_offset;
};
@@ -184,12 +184,12 @@ struct udp_fake_type {
*
* Does not support bitmask, pass standalone strategy.
*/
int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen);
int fail_packet(struct failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen);
/**
* Shifts the payload right and pushes zeroes before it. Useful for TCP TLS faking.
*/
int seqovl_packet(uint8_t *payload, uint32_t *plen, uint32_t seq_delta);
int seqovl_packet(uint8_t *payload, size_t *plen, size_t seq_delta);
@@ -197,7 +197,7 @@ static inline struct failing_strategy args_default_failing_strategy(const struct
struct failing_strategy fl_strat = {
.strategy = (unsigned int)section->faking_strategy,
.faking_ttl = section->faking_ttl,
.randseq_offset = (uint32_t)section->fakeseq_offset
.randseq_offset = (size_t)section->fakeseq_offset
};
return fl_strat;
}

16
src/youtubeUnblock.c
View File

@@ -196,7 +196,7 @@ static int close_raw6_socket(void) {
return 0;
}
static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_ipv4(const uint8_t *pkt, size_t pktlen) {
int ret;
if (pktlen > AVAILABLE_MTU) return -ENOMEM;
@@ -233,7 +233,7 @@ static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
return sent;
}
static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_ipv6(const uint8_t *pkt, size_t pktlen) {
int ret;
if (pktlen > AVAILABLE_MTU) return -ENOMEM;
@@ -270,7 +270,7 @@ static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
return sent;
}
static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
static int send_raw_socket(const uint8_t *pkt, size_t pktlen) {
int ret;
if (pktlen > AVAILABLE_MTU) {
@@ -289,8 +289,8 @@ static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
return -ENOMEM;
}
uint32_t buff1_size = MNL_SOCKET_BUFFER_SIZE;
uint32_t buff2_size = MNL_SOCKET_BUFFER_SIZE;
size_t buff1_size = MNL_SOCKET_BUFFER_SIZE;
size_t buff2_size = MNL_SOCKET_BUFFER_SIZE;
if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
buff1, &buff1_size, buff2, &buff2_size)) < 0) {
@@ -373,7 +373,7 @@ static int fallback_accept_packet(uint32_t id, struct queue_data qdata) {
struct dps_t {
uint8_t *pkt;
uint32_t pktlen;
size_t pktlen;
// Time for the packet in milliseconds
uint32_t timer;
};
@@ -382,7 +382,7 @@ void *delay_packet_send_fn(void *data) {
struct dps_t *dpdt = data;
uint8_t *pkt = dpdt->pkt;
uint32_t pktlen = dpdt->pktlen;
size_t pktlen = dpdt->pktlen;
usleep(dpdt->timer * 1000);
int ret = send_raw_socket(pkt, pktlen);
@@ -396,7 +396,7 @@ void *delay_packet_send_fn(void *data) {
return NULL;
}
int delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
int delay_packet_send(const unsigned char *data, size_t data_len, unsigned int delay_ms) {
struct dps_t *dpdt = malloc(sizeof(struct dps_t));
dpdt->pkt = malloc(data_len);
memcpy(dpdt->pkt, data, data_len);

47
test/quic.c
View File

@@ -7,6 +7,12 @@ static const int quic_padding_len = 917;
// Just a QUIC payload but with sparse frames (like ping, padding, ping, crypto 0, padding, ping, ping, padding, ping, crypto 425, padding)
static const char quic_sparse_payload[] = "\306\000\000\000\001\bB\302\246\317\237]S\226\000\000D\320\372/\3503Ac\222\312\360\355\030\223\231\340\360\022\222e\177$@\270\312\006\205-\267\304\207\036Zq?\246\2072zza\272\337\365'\335_\246\255\2502\347\245r\217>\2556\t\033\347\234w*Q4\003\330\270\037\271\004\346\254B(G\022\356\232\221P\357\305>\301T\331J xv.<\224\344Q\267\v\017b\254\260f\313\232\2213D:F\371\214\177\342C\234\022\301\316\277\342/\027\337X\317\250\200N< 6y\313\r\224\310i\263-\212\372\030\264Z\003#D4\234\315\205H\373\227\026yx\245d\375\211U\223\235\204\236\"T\255i\001\3308)ca%\243\376.mMc\225\b&\276\245n\233V\300\334\261\261\247\266(\334kA\314\250\261\271\353\nC\034\273\276\324\361J\341\017\361N\212\3128\261\233z\267|\344\260d\376\344\342\357\336\255X\366w\313\225C\022\022s\256\202\3568k!\177\025\375K~\224y\216\022\341\376\230\024\346\212l\025\253\300\256\031\360O\200|\331\342\315=I\306dS\030\306\320\212\177\356\350\207\360D7\177\agQ\"\031o6\202\352k\206]\210\370k5k\252\221\254\245\364\333\247\310\207\024\202Q#\314\214\264\341R?UL\340\271\313\213nj\217;\rU\304C\274\361[\327\002\321\372\212LO\325\324\237<\336\361<\205\331w\177`\210\\\276\304\314\220\235\3437\206g\323\275\036\a\033A!\254\217\341\277y6\211\304\031`-d\207wj\037\334MjY'!\327\245\002\255;\b\251\215\tY\310/\366N\224\206\027\037*\311\235\302\236=\377C\264\343o\255\264f\235%\036\026y\353\271(\3160\343*\300>\214&}\177-\363jj\336\204'\266\310\210\312\347\211h)\351\031\325\231\332\177\332#\3552bC\2775)\336\353\271gY\305\315`\212\342\325\376\250\2235y\a\315b\200R\361S\022\333\f\023\r\313\370\267\n\205\314\374\257\376\211\304Y?}.u\244b\315\221\264\211\371\256\224\332C\333@\025\027nb)G\360S\326_\277\362\201\365]\2745\376\253#\251\240\224=\316Y_\233\260\302\260\227.}\260\226\244\241r\320\347_\2273V\237\0262\375^\374F\266!\036k\346\352\204\222\300VuN\027\216\"\2531j\330\222\335\354Uz\367,\376\201\272O\177\376\026\220:?\n\202S\220\373\343\333'+%*rW\n\177Y{\347\211\357+\364(\270\034\207\371\221>\200Ua\026\034\235e\246D\036\352X\202\350\036\303\231\210\351j+\227e\352il\362\273`\360\361\304e\356\206\321\2232\327]\246\325\273\361\233G\336n\212.\335\250\t\177\233$\243\334<\304%\332\000\346\2777\343c\026`|\222\3666\207\021\034\001~\206\221I\f\316\f\006\000\036~\313kH\243L\343B\261Yg\031\362\324\370-\260B\330?e>fd\r\3544\\\312E\231\000\210oZ\033s\207\220\36379f=\017\032\256~\222\377!q\270w\305!\312o\343\035_\003U\313P\356\363^\016o\203,Yf \354\321\0038:\363I\300\215+h\316\305\257\305\002\t\232c\333'~\341\352\3170\362\244A\211\360\272\371\321\371Q\b\237\3076s.\032\322k\202,\345\374\266\233b OS\035\b*\242J\265\215\357\317\325\356\322\031g\2610G]\272i\265\\,\226\237\323\355\351\237\345\032b\364\347\250\227\217\323\353Y\002q[\335\365\034\363$*\312\231\317\302}\2600~\261O\336\265(d\240\323\214zr\371=\027\203\376\330\032w\002,90~{\3677\230\363\250b\320\202I\221\213?\272\227\ncc\343\031Ow\0347s\313\356\037\312t\206\002\006\336\270\203\277\020j\210g\372MU\2758\333\326:\312\262\r\022\210\275[}\314\377\035\241\267s\326\211\300\236;\217\001/\354k\365+?n\230e\350\002z\\K\035\227j\331\031\rj\230<z\272\220\311\036\000\264\017\020\255S\343\001\246\311\021\301\t\006\337\245\3565\2657D{9\b\271s=\a\202\254\326\365T+e\370)7AE\241\217z\276\331xe\n<\320\206\246-\313\330\035\"&\347\201\275\234r\355>\306\306\236\367\021p#\001\203\262\206+kg\313u\205a\004\t2>\322\224\327\001.c\t\225\244=\243M\006\311\347z\262\021Hl\027\202\271\033\345~\334\214\034\202\024m@\372\361Kk@~\374\340Z\260D\245\272'M\232\001$\242wJ:\r\r-\244\363\217\t\261WgS7\272\213\357\314\240\371\374\313\233r\235\017\235\031\230%}Z\345\"";
unsigned char filebr[] = {
0x06, 0x16, 0xea, 0x20, 0xf5, 0xb6, 0x09, 0x0e, 0x90, 0x54, 0x17, 0x78,
0xaa, 0x9a, 0xd9, 0xe1, 0xb8, 0xdf, 0xdc, 0x8e, 0xf8, 0x3a, 0xdb, 0x59,
0xbb, 0x84, 0x60, 0x2b
};
#include "unity.h"
#include "unity_fixture.h"
@@ -34,9 +40,9 @@ TEST(QuicTest, Test_decrypts)
{
int ret;
uint8_t *decrypted_payload;
uint32_t decrypted_payload_len;
size_t decrypted_payload_len;
const uint8_t *decrypted_message;
uint32_t decrypted_message_len;
size_t decrypted_message_len;
ret = quic_parse_initial_message(
(const uint8_t *)quic_testing_payload, sizeof(quic_testing_payload) - 1,
@@ -145,11 +151,11 @@ TEST(QuicTest, Test_parse_quic_decrypted)
int ret;
uint8_t *decrypted_payload;
uint32_t decrypted_payload_len;
size_t decrypted_payload_len;
const uint8_t *decrypted_message;
uint32_t decrypted_message_len;
size_t decrypted_message_len;
uint8_t *crypto_message;
uint32_t crypto_message_len;
size_t crypto_message_len;
struct tls_verdict tlsv = {0};
ret = quic_parse_initial_message(
@@ -169,6 +175,7 @@ TEST(QuicTest, Test_parse_quic_decrypted)
ret = analyze_tls_message(
&sconf, crypto_message, crypto_message_len, &tlsv
);
TEST_ASSERT_EQUAL(11, tlsv.sni_len);
TEST_ASSERT_EQUAL_STRING_LEN("example.com", tlsv.sni_ptr, 11);
free(crypto_message);
@@ -181,11 +188,11 @@ TEST(QuicTest, Test_parse_quic_decrypted_on_sparse)
int ret;
uint8_t *decrypted_payload;
uint32_t decrypted_payload_len;
size_t decrypted_payload_len;
const uint8_t *decrypted_message;
uint32_t decrypted_message_len;
size_t decrypted_message_len;
uint8_t *crypto_message;
uint32_t crypto_message_len;
size_t crypto_message_len;
struct tls_verdict tlsv = {0};
ret = quic_parse_initial_message(
@@ -212,6 +219,29 @@ TEST(QuicTest, Test_parse_quic_decrypted_on_sparse)
#define free unity_free
}
TEST(QuicTest, Test_parse_quic_decrypted_on_fail)
{
#undef free
int ret;
uint8_t *crypto_message;
size_t crypto_message_len;
struct tls_verdict tlsv = {0};
ret = parse_quic_decrypted(
&sconf, filebr, sizeof(filebr) - 1,
&crypto_message, &crypto_message_len);
TEST_ASSERT_EQUAL(0, ret);
ret = analyze_tls_message(
&sconf, crypto_message, crypto_message_len, &tlsv
);
TEST_ASSERT_EQUAL(0, tlsv.sni_len);
free(crypto_message);
#define free unity_free
}
TEST_GROUP_RUNNER(QuicTest)
{
RUN_TEST_CASE(QuicTest, Test_decrypts);
@@ -221,4 +251,5 @@ TEST_GROUP_RUNNER(QuicTest)
RUN_TEST_CASE(QuicTest, Test_varlength_parser);
RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted)
RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted_on_sparse)
RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted_on_fail)
}