gsd
/
GoodbyeDPI
mirror of https://github.com/ValdikSS/GoodbyeDPI
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add whitelist option

pull/843/head
jimraynor2470 3 years ago
committed by Tarik
parent
f593a276f9
commit
3074df048a
3 changed files with 57 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 44
      src/blackwhitelist.c
  2. 6
      src/blackwhitelist.h
  3. 30
      src/goodbyedpi.c

44
src/blackwhitelist.c
View File

@ -16,13 +16,14 @@ typedef struct blackwhitelist_record {
UT_hash_handle hh; /* makes this structure hashable */ UT_hash_handle hh; /* makes this structure hashable */
} blackwhitelist_record_t; } blackwhitelist_record_t;
static blackwhitelist_record_t *blackwhitelist = NULL; static blackwhitelist_record_t *blacklist = NULL;
static blackwhitelist_record_t *whitelist = NULL;
static int check_get_hostname(const char *host) { static int check_get_hostname(const char *host, blackwhitelist_record_t **list) {
blackwhitelist_record_t *tmp_record = NULL; blackwhitelist_record_t *tmp_record = NULL;
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
HASH_FIND_STR(blackwhitelist, host, tmp_record); HASH_FIND_STR(*list, host, tmp_record);
if (tmp_record) { if (tmp_record) {
debug("check_get_hostname found host\n"); debug("check_get_hostname found host\n");
return TRUE; return TRUE;
@ -31,17 +32,17 @@ static int check_get_hostname(const char *host) {
return FALSE; return FALSE;
} }
static int add_hostname(const char *host) { static int add_hostname(const char *host, blackwhitelist_record_t **list) {
if (!host) if (!host)
return FALSE; return FALSE;
blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t)); blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
char *host_c = NULL; char *host_c = NULL;
if (!check_get_hostname(host)) { if (!check_get_hostname(host, list)) {
host_c = strdup(host); host_c = strdup(host);
tmp_record->host = host_c; tmp_record->host = host_c;
HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host, HASH_ADD_KEYPTR(hh, *list, tmp_record->host,
strlen(tmp_record->host), tmp_record); strlen(tmp_record->host), tmp_record);
debug("Added host %s\n", host_c); debug("Added host %s\n", host_c);
return TRUE; return TRUE;
@ -53,7 +54,7 @@ static int add_hostname(const char *host) {
return FALSE; return FALSE;
} }
int blackwhitelist_load_list(const char *filename) { static int blackwhitelist_load_list(const char *filename, blackwhitelist_record_t **list) {
char *line = malloc(HOST_MAXLEN + 1); char *line = malloc(HOST_MAXLEN + 1);
size_t linelen = HOST_MAXLEN + 1; size_t linelen = HOST_MAXLEN + 1;
int cnt = 0; int cnt = 0;
@ -74,17 +75,25 @@ int blackwhitelist_load_list(const char *filename) {
printf("WARNING: host %s is less than 2 characters, skipping\n", line); printf("WARNING: host %s is less than 2 characters, skipping\n", line);
continue; continue;
} }
if (add_hostname(line)) if (add_hostname(line, list))
cnt++; cnt++;
} }
free(line); free(line);
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
printf("Loaded %d hosts from file %s\n", cnt, filename); printf("Loaded %d hosts from file %s\n", cnt, filename);
fclose(fp); fclose(fp);
return TRUE; return TRUE;
} }
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) { int blackwhitelist_load_blacklist(const char *filename) {
return blackwhitelist_load_list(filename, &blacklist);
}
int blackwhitelist_load_whitelist(const char *filename) {
return blackwhitelist_load_list(filename, &whitelist);
}
static int blackwhitelist_check_hostname(const char *host_addr, size_t host_len, blackwhitelist_record_t **list) {
char current_host[HOST_MAXLEN + 1]; char current_host[HOST_MAXLEN + 1];
char *tokenized_host = NULL; char *tokenized_host = NULL;
@ -94,12 +103,13 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
current_host[host_len] = '\0'; current_host[host_len] = '\0';
} }
if (check_get_hostname(current_host)) if (check_get_hostname(current_host, list))
return TRUE; return TRUE;
tokenized_host = strchr(current_host, '.'); tokenized_host = strchr(current_host, '.');
while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) { while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
if (check_get_hostname(tokenized_host + 1)) /* Search hostname only if there is next token */
if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1, list))
return TRUE; return TRUE;
tokenized_host = strchr(tokenized_host + 1, '.'); tokenized_host = strchr(tokenized_host + 1, '.');
} }
@ -107,3 +117,11 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host); debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
return FALSE; return FALSE;
} }
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &blacklist);
}
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &whitelist);
}

6
src/blackwhitelist.h
View File

@ -1,2 +1,4 @@
int blackwhitelist_load_list(const char *filename); int blackwhitelist_load_blacklist(const char *filename);
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len); int blackwhitelist_load_whitelist(const char *filename);
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len);
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len);

30
src/goodbyedpi.c
View File

@ -177,6 +177,7 @@ static struct option long_options[] = {
{"dnsv6-port", required_argument, 0, '@' }, {"dnsv6-port", required_argument, 0, '@' },
{"dns-verb", no_argument, 0, 'v' }, {"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' }, {"blacklist", required_argument, 0, 'b' },
{"whitelist", required_argument, 0, 't' },
{"allow-no-sni",no_argument, 0, ']' }, {"allow-no-sni",no_argument, 0, ']' },
{"frag-by-sni", no_argument, 0, '>' }, {"frag-by-sni", no_argument, 0, '>' },
{"ip-id", required_argument, 0, 'i' }, {"ip-id", required_argument, 0, 'i' },
@ -610,7 +611,8 @@ int main(int argc, char *argv[]) {
do_http_allports = 0, do_http_allports = 0,
do_host_mixedcase = 0, do_host_mixedcase = 0,
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0, do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0, do_dns_verb = 0, do_tcp_verb = 0,
do_blacklist = 0, do_whitelist = 0,
do_allow_no_sni = 0, do_allow_no_sni = 0,
do_fragment_by_sni = 0, do_fragment_by_sni = 0,
do_fake_packet = 0, do_fake_packet = 0,
@ -863,9 +865,16 @@ int main(int argc, char *argv[]) {
break; break;
case 'b': // --blacklist case 'b': // --blacklist
do_blacklist = 1; do_blacklist = 1;
if (!blackwhitelist_load_list(optarg)) { if (!blackwhitelist_load_blacklist(optarg)) {
printf("Can't load blacklist from file!\n"); printf("Can't load blacklist from file!\n");
exit(ERROR_BLACKLIST_LOAD); exit(EXIT_FAILURE);
}
break;
case 't': // --whitelist
do_whitelist = 1;
if (!blackwhitelist_load_whitelist(optarg)) {
printf("Can't load whitelist from file!\n");
exit(EXIT_FAILURE);
} }
break; break;
case ']': // --allow-no-sni case ']': // --allow-no-sni
@ -994,6 +1003,9 @@ int main(int argc, char *argv[]) {
" --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n" " --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n" " supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n" " This option can be supplied multiple times.\n"
" --whitelist <txtfile> does not perform circumvention tricks to host names and subdomains from\n"
" supplied text file.\n"
" This option can be supplied multiple times.\n"
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n" " --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
" --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n" " --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n" " --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
@ -1264,16 +1276,17 @@ int main(int argc, char *argv[]) {
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) || if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 ))) (packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
{ {
if (do_blacklist || do_fragment_by_sni) { if (do_blacklist || do_whitelist) {
sni_ok = extract_sni(packet_data, packet_dataLen, sni_ok = extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len); &host_addr, &host_len);
} }
if ( if (
(do_blacklist && sni_ok && ((do_blacklist && sni_ok &&
blackwhitelist_check_hostname(host_addr, host_len) blackwhitelist_check_hostname_blacklist(host_addr, host_len)
) || ) ||
(do_blacklist && !sni_ok && do_allow_no_sni) || (do_blacklist && !sni_ok && do_allow_no_sni) ||
(!do_blacklist) (!do_blacklist)) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(host_addr, host_len) : 1)
) )
{ {
#ifdef DEBUG #ifdef DEBUG
@ -1309,7 +1322,8 @@ int main(int argc, char *argv[]) {
if (find_header_and_get_info(packet_data, packet_dataLen, if (find_header_and_get_info(packet_data, packet_dataLen,
http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) && http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN && hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
(do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1)) (do_blacklist ? blackwhitelist_check_hostname_blacklist(hdr_value_addr, hdr_value_len) : 1) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(hdr_value_addr, hdr_value_len) : 1))
{ {
host_addr = hdr_value_addr; host_addr = hdr_value_addr;
host_len = hdr_value_len; host_len = hdr_value_len;

Write Preview
Loading…
Cancel
Save