New experimental feature: UDP DNS redirection

7 years ago · a182f52207
4 changed files with 1475 additions and 6 deletions
--- a/dnsredir.c
+++ b/dnsredir.c
@ -0,0 +1,178 @@
+/*
+ * DNS UDP Connection Tracker for GoodbyeDPI
+ *
+ * This is a simple connection tracker for DNS UDP data.
+ * It's not a proper one. The caveats as follows:
+ *    * Uses only source IP address and port as a hash key;
+ *    * One-shot only. Removes conntrack record as soon as gets the reply;
+ *    * Does not properly parse DNS request and response, only checks some bytes;
+ *
+ * But anyway, it works fine for DNS.
+ */
+
+#include <windows.h>
+#include <time.h>
+#include <stdio.h>
+#include "dnsredir.h"
+#include "uthash.h"
+
+// IPv6 incompatible!
+#define UDP_CONNRECORD_KEY_LEN 6
+
+#define DNS_CLEANUP_INTERVAL_SEC 30
+
+#ifndef debug
+#define debug(...) do {} while (0)
+#endif
+
+#ifndef debug
+#define debug(...) printf(...)
+#endif
+
+/* HACK!
+ * uthash uses strlen() for HASH_FIND_STR.
+ * We have null bytes in our key, so we can't use strlen()
+ * And since it's always UDP_CONNRECORD_KEY_LEN bytes long,
+ * we don't need to use any string function to determine length.
+ */
+#undef uthash_strlen
+#define uthash_strlen(s) UDP_CONNRECORD_KEY_LEN
+
+typedef struct udp_connrecord {
+    /* key (srcip[4] + srcport[2]) */
+    char key[UDP_CONNRECORD_KEY_LEN];
+    time_t time;         /* time when this record was added */
+    uint32_t dstip;
+    uint16_t dstport;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} udp_connrecord_t;
+
+static time_t last_cleanup = 0;
+static udp_connrecord_t *conntrack = NULL;
+
+inline static void construct_key(const uint32_t srcip, const uint16_t srcport, char *key) {
+    debug("Construct key enter\n");
+    if (key) {
+        debug("Constructing key\n");
+
+        *(uint32_t*)(key) = srcip;
+        *(uint16_t*)(key + sizeof(srcip)) = srcport;
+    }
+    debug("Construct key end\n");
+}
+
+inline static void deconstruct_key(const char *key, udp_connrecord_t *connrecord,
+                                   conntrack_info_t *conn_info) {
+    debug("Deconstruct key enter\n");
+    if (key && conn_info) {
+        debug("Deconstructing key\n");
+
+        conn_info->srcip = *(uint32_t*)(key);
+        conn_info->srcport = *(uint16_t*)(key + sizeof(conn_info->srcip));
+        conn_info->dstip = connrecord->dstip;
+        conn_info->dstport = connrecord->dstport;
+    }
+    debug("Deconstruct key end\n");
+}
+
+static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connrecord) {
+    udp_connrecord_t *tmp_connrecord = NULL;
+    if (!conntrack) return FALSE;
+
+    HASH_FIND_STR(conntrack, key, tmp_connrecord);
+    if (tmp_connrecord) {
+        if (connrecord)
+            *connrecord = tmp_connrecord;
+        debug("check_get_udp_conntrack_key found key\n");
+        return TRUE;
+    }
+    debug("check_get_udp_conntrack_key key not found\n");
+    return FALSE;
+}
+
+static int add_udp_conntrack(const uint32_t srcip, const uint16_t srcport,
+                             const uint32_t dstip, const uint16_t dstport) {
+    udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
+    if (!(srcip && srcport && dstip && dstport))
+        return FALSE;
+
+    construct_key(srcip, srcport, tmp_connrecord->key);
+
+    if (!check_get_udp_conntrack_key(tmp_connrecord->key, NULL)) {
+        tmp_connrecord->time = time(NULL);
+        tmp_connrecord->dstip = dstip;
+        tmp_connrecord->dstport = dstport;
+        HASH_ADD_STR(conntrack, key, tmp_connrecord);
+        debug("Added UDP conntrack\n");
+        return TRUE;
+    }
+    debug("Not added UDP conntrack\n");
+    return FALSE;
+}
+
+void dns_cleanup() {
+    udp_connrecord_t *tmp_connrecord, *tmp_connrecord2 = NULL;
+
+    if (last_cleanup == 0) {
+        last_cleanup = time(NULL);
+        return;
+    }
+
+    if (difftime(time(NULL), last_cleanup) >= DNS_CLEANUP_INTERVAL_SEC) {
+        last_cleanup = time(NULL);
+
+        HASH_ITER(hh, conntrack, tmp_connrecord, tmp_connrecord2) {
+            if (difftime(last_cleanup, tmp_connrecord->time) >= DNS_CLEANUP_INTERVAL_SEC) {
+                HASH_DEL(conntrack, tmp_connrecord);
+                free(tmp_connrecord);
+            }
+        }
+    }
+}
+
+int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
+                        const uint32_t dstip, const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen) {
+
+    if (packet_dataLen < 16)
+        return FALSE;
+
+    dns_cleanup();
+
+    if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
+        (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
+        /* Looks like DNS request */
+        debug("trying to add srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+        return add_udp_conntrack(srcip, srcport, dstip, dstport);
+    }
+    debug("____dns_handle_outgoing FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return FALSE;
+}
+
+int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
+                        const uint32_t dstip, const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info) {
+
+    char key[UDP_CONNRECORD_KEY_LEN];
+    udp_connrecord_t *tmp_connrecord = NULL;
+
+    if (packet_dataLen < 16 || !conn_info)
+        return FALSE;
+
+    dns_cleanup();
+
+    if ((ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
+        /* Looks like DNS response */
+        construct_key(srcip, srcport, key);
+        if (check_get_udp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
+            /* Connection exists in conntrack, moving on */
+            deconstruct_key(key, tmp_connrecord, conn_info);
+            HASH_DEL(conntrack, tmp_connrecord);
+            free(tmp_connrecord);
+            return TRUE;
+        }
+    }
+    debug("____dns_handle_incoming FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return FALSE;
+}
--- a/dnsredir.h
+++ b/dnsredir.h
@ -0,0 +1,17 @@
+#include <stdint.h>
+
+typedef struct conntrack_info {
+    uint32_t srcip;
+    uint16_t srcport;
+    uint32_t dstip;
+    uint16_t dstport;
+} conntrack_info_t;
+
+int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
+                        const uint32_t dstip, const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info);
+
+int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
+                        const uint32_t dstip, const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen);
--- a/goodbyedpi.c
+++ b/goodbyedpi.c
@ -10,6 +10,7 @@
 #include <string.h>
 #include <getopt.h>
 #include "windivert.h"
+#include "dnsredir.h"

 #define die() do { printf("Something went wrong!\n" \
    "Make sure you're running this program with administrator privileges\n"); \
@ -58,6 +59,8 @@ static const char *http_methods[] = {

 static struct option long_options[] = {
    {"port",      required_argument, 0,  'z' },
+    {"dns-addr",  required_argument, 0,  'd' },
+    {"dns-port",  required_argument, 0,  'g' },
    {0,           0,                 0,   0  }
 };

@ -230,14 +233,18 @@ int main(int argc, char *argv[]) {
    UINT packet_dataLen;
    PWINDIVERT_IPHDR ppIpHdr;
    PWINDIVERT_TCPHDR ppTcpHdr;
+    PWINDIVERT_UDPHDR ppUdpHdr;
+    conntrack_info_t dns_conn_info;

    int do_passivedpi = 0, do_fragment_http = 0,
        do_fragment_https = 0, do_host = 0,
        do_host_removespace = 0, do_additional_space = 0,
        do_http_allports = 0,
-        do_host_mixedcase = 0;
+        do_host_mixedcase = 0, do_dns_redirect = 0;
    int http_fragment_size = 2;
    int https_fragment_size = 2;
+    uint32_t dns_addr = 0;
+    uint16_t dns_port = htons(53);
    char *host_addr, *useragent_addr, *method_addr;
    int host_len, useragent_len;

@ -315,6 +322,24 @@ int main(int argc, char *argv[]) {
                add_filter_str(IPPROTO_TCP, i);
                i = 0;
                break;
+            case 'd':
+                do_dns_redirect = 1;
+                dns_addr = inet_addr(optarg);
+                if (!dns_addr) {
+                    printf("DNS address parameter error!\n");
+                    exit(EXIT_FAILURE);
+                }
+                add_filter_str(IPPROTO_UDP, 53);
+                break;
+            case 'g':
+                dns_port = atoi(optarg);
+                if (dns_port <= 0 || dns_port > 65535) {
+                    printf("DNS port parameter error!\n");
+                    exit(EXIT_FAILURE);
+                }
+                add_filter_str(IPPROTO_UDP, dns_port);
+                dns_port = ntohs(dns_port);
+                break;
            default:
                printf("Usage: goodbyedpi.exe [OPTION...]\n"
                " -p          block passive DPI\n"
@ -326,6 +351,8 @@ int main(int argc, char *argv[]) {
                " -e [value]  set HTTPS fragmentation to value\n"
                " -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)\n"
                " --port      additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n"
+                " --dns-addr  redirect UDP DNS requests to the supplied IP address (experimental)\n"
+                " --dns-port  redirect UDP DNS requests to the supplied port (53 by default)\n"
                "\n"
                " -1          -p -r -s -f 2 -e 2 (most compatible mode, default)\n"
                " -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)\n"
@ -337,11 +364,11 @@ int main(int argc, char *argv[]) {

    printf("Block passive: %d, Fragment HTTP: %d, Fragment HTTPS: %d, "
           "hoSt: %d, Host no space: %d, Additional space: %d, Mix Host: %d, "
-           "HTTP AllPorts: %d\n",
+           "HTTP AllPorts: %d, DNS redirect: %d\n",
           do_passivedpi, (do_fragment_http ? http_fragment_size : 0),
           (do_fragment_https ? https_fragment_size : 0),
           do_host, do_host_removespace, do_additional_space, do_host_mixedcase,
-           do_http_allports
+           do_http_allports, do_dns_redirect
          );

    if (do_fragment_http && http_fragment_size > 2) {
@ -391,7 +418,7 @@ int main(int argc, char *argv[]) {
            if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
                NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
                //printf("Got parsed packet, len=%d!\n", packet_dataLen);
-                /* Got a packet WITH DATA */
+                /* Got a TCP packet WITH DATA */

                /* Handle INBOUND packet with data and find HTTP REDIRECT in there */
                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) {
@ -493,13 +520,13 @@ int main(int argc, char *argv[]) {
                        } /* else if (do_host_removespace) */
                    } /* if (find_header_and_get_info http_host) */
                } /* Handle OUTBOUND packet with data */
-            } /* Handle packet with data */
+            } /* Handle TCP packet with data */

            /* Else if we got TCP packet without data */
            else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
                NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
                /* If we got INBOUND SYN+ACK packet */
-                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && 
+                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND &&
                    ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) {
                    //printf("Changing Window Size!\n");
                    if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
@ -513,6 +540,45 @@ int main(int argc, char *argv[]) {
                }
            }

+            /* Else if we got UDP packet with data */
+            else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
+                NULL, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)) {
+
+                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) {
+                    if (dns_handle_incoming(ppIpHdr->DstAddr, ppUdpHdr->DstPort,
+                                        ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
+                                        packet_data, packet_dataLen,
+                                        &dns_conn_info))
+                    {
+                        /* Changing source IP and port to the values
+                         * from DNS conntrack */
+                        ppIpHdr->SrcAddr = dns_conn_info.dstip;
+                        ppUdpHdr->DstPort = dns_conn_info.srcport;
+                        ppUdpHdr->SrcPort = dns_conn_info.dstport;
+                        should_recalc_checksum = 1;
+                    }
+                    else {
+                        printf("[DNS] Error handling incoming packet!\n");
+                    }
+                }
+
+                else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND) {
+                    if (dns_handle_outgoing(ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
+                                        ppIpHdr->DstAddr, ppUdpHdr->DstPort,
+                                        packet_data, packet_dataLen))
+                    {
+                        /* Changing destination IP and port to the values
+                         * from configuration */
+                        ppIpHdr->DstAddr = dns_addr;
+                        ppUdpHdr->DstPort = dns_port;
+                        should_recalc_checksum = 1;
+                    }
+                    else {
+                        printf("[DNS] Error handling outgoing packet!\n");
+                    }
+                }
+            }
+
            if (should_reinject) {
                //printf("Re-injecting!\n");
                if (should_recalc_checksum) {
--- a/uthash.h
+++ b/uthash.h