nfqws: QUIC protocol recognition

2026-02-03 08:10:34 +03:00 · 2022-03-20 20:46:39 +03:00
parent 38dca7da70
commit 0a5ffc1a54
10 changed files with 140 additions and 62 deletions
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -656,8 +656,19 @@ packet_process_result dpi_desync_udp_packet(uint8_t *data_pkt, size_t len_pkt, s
 		size_t fake_size;
 		bool b;

-		if (!params.desync_any_proto) return res;
-		DLOG("applying tampering to unknown protocol\n")
+		if (IsQUICInitial(data_payload,len_payload))
+		{
+			DLOG("packet contains QUIC initial\n")
+			fake = params.fake_quic;
+			fake_size = params.fake_quic_size;
+		}
+		else
+		{
+			if (!params.desync_any_proto) return res;
+			DLOG("applying tampering to unknown protocol\n")
+			fake = params.fake_unknown_udp;
+			fake_size = params.fake_unknown_udp_size;
+		}

 		enum dpi_desync_mode desync_mode = params.desync_mode;
 		uint8_t fooling_orig = FOOL_NONE;
@@ -667,9 +678,6 @@ packet_process_result dpi_desync_udp_packet(uint8_t *data_pkt, size_t len_pkt, s
 		else ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
 		extract_endpoints(ip, ip6hdr, NULL, udphdr, &src, &dst);

-		fake = params.fake_unknown_udp;
-		fake_size = params.fake_unknown_udp_size;
-
 		if (params.debug)
 		{
 			printf("dpi desync src=");