UDP faking support

2025-12-27 01:48:07 +03:00 · 2024-12-04 23:48:18 +03:00
parent 5ee77d517b
commit b2ac2e0d03
5 changed files with 187 additions and 30 deletions
--- a/mangle.c
+++ b/mangle.c
@@ -74,16 +74,32 @@ int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
 			break;
 		}

-		if (verdict == PKT_CONTINUE)
+		if (verdict == PKT_CONTINUE) {
+			lgtrace_addp("continue_flow");
 			continue;
+		}

-		lgtrace_end();
-		return verdict;
+		goto ret_verdict;
 	}

 accept:	
+	verdict = PKT_ACCEPT;
+
+ret_verdict:
+
+	switch (verdict) {
+	case PKT_ACCEPT:
+		lgtrace_addp("accept");
+		break;
+	case PKT_DROP:
+		lgtrace_addp("drop");
+		break;
+	default:
+		lgtrace_addp("unknow verdict: %d", verdict);
+	}
 	lgtrace_end();
-	return PKT_ACCEPT;
+
+	return verdict;
 }

 int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, uint32_t raw_payload_len) {
@@ -309,13 +325,10 @@ drop_lc:
 	}

 continue_flow:
-	lgtrace_addp("continue_flow");
 	return PKT_CONTINUE;
 accept:
-	lgtrace_addp("accept");
 	return PKT_ACCEPT;
 drop:
-	lgtrace_addp("drop");
 	return PKT_DROP;
 }

@@ -350,6 +363,7 @@ int process_udp_packet(const struct section_config_t *section, const uint8_t *pk
 	}


+
 	if (section->quic_drop) {
 		lgtrace_addp("QUIC probe");
 		const struct quic_lhdr *qch;
@@ -384,39 +398,48 @@ int process_udp_packet(const struct section_config_t *section, const uint8_t *pk
 		lgtrace_addp("quic initial message");
 	}

-/*
 	if (1) {
-		lgtrace_addp("Probe udp");
-		if (ipver == IP4VERSION && ntohs(udph->dest) > 30) {
-			lgtrace_addp("udp fool");
-			const uint8_t *payload;
-			uint32_t payload_len;
-
-			uint32_t poses[10];
-			int cnt = 3;
-
-			poses[0] = 8;
-			for (int i = 1; i < cnt; i++) {
-				poses[i] = poses[i - 1] + 8;
+		for (int i = 0; i < 6; i++) {
+			NETBUF_ALLOC(fake_udp, MAX_PACKET_SIZE);
+			if (!NETBUF_CHECK(fake_udp)) {
+				lgerror(-ENOMEM, "Allocation error");
+				return -ENOMEM;
 			}
+			uint32_t fsn_len = MAX_PACKET_SIZE;

-			ret = send_ip4_frags(pkt, pktlen, poses, cnt, 0);
+			struct udp_fake_type fake_type = {
+				.fake_len = 64,
+				.strategy = {
+					.strategy = FAKE_STRAT_UDP_CHECK,
+				},
+			};
+			ret = gen_fake_udp(fake_type, iph, iph_len, udph, fake_udp, &fsn_len);
 			if (ret < 0) {
-				lgerror("ip4 send frags", ret);
-				goto accept;
+				lgerror(ret, "gen_fake_udp");
+				goto erret_lc;
 			}

-			goto drop;
-		} else {
-			lginfo("WARNING: IP fragmentation is supported only for IPv4\n");	
+			lgtrace_addp("post fake udp #%d", i + 1);
+
+			ret = instance_config.send_raw_packet(fake_udp, fsn_len);
+			if (ret < 0) {
+				lgerror(ret, "send fake udp");
+				goto erret_lc;
+			}
+						
+			NETBUF_FREE(fake_udp);
+			continue;
+erret_lc:
+			NETBUF_FREE(fake_udp);
 			goto accept;
 		}
-	}
-*/

+		
+		ret = instance_config.send_raw_packet(pkt, pktlen);
+		goto drop;
+	}

 continue_flow:
-	lgtrace_addp("continue_flow");
 	return PKT_CONTINUE;
 accept_quic:
 accept: