From eda1d53bec9228def15837598fe0dd3f7026f004 Mon Sep 17 00:00:00 2001 From: SashaXser <24498484+SashaXser@users.noreply.github.com> Date: Thu, 3 Aug 2023 11:09:24 +0400 Subject: [PATCH] Update goodbyedpi.c --- src/goodbyedpi.c | 197 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 142 insertions(+), 55 deletions(-) diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index f80581f..90c385c 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -440,28 +440,119 @@ static inline void change_window_size(const PWINDIVERT_TCPHDR ppTcpHdr, unsigned } /* HTTP method end without trailing space */ -static PVOID find_http_method_end(const char *pkt, unsigned int http_frag, int *is_fragmented) { - unsigned int i; - for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) { - if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) { - if (is_fragmented) - *is_fragmented = 0; - return (char*)pkt + strlen(http_methods[i]) - 1; - } - /* Try to find HTTP method in a second part of fragmented packet */ - if ((http_frag == 1 || http_frag == 2) && - memcmp(pkt, http_methods[i] + http_frag, - strlen(http_methods[i]) - http_frag) == 0 - ) - { - if (is_fragmented) - *is_fragmented = 1; - return (char*)pkt + strlen(http_methods[i]) - http_frag - 1; - } - } - return NULL; +static const char *find_http_method_end(const char *pkt, unsigned int http_frag, int *is_fragmented) { + switch (*pkt) { + case 'G': + if (strncmp(pkt, "GET", 3) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 3; + } + break; + case 'P': + if (strncmp(pkt, "POST", 4) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 4; + } + break; + case 'H': + if (strncmp(pkt, "HEAD", 4) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 4; + } + break; + case 'O': + if (strncmp(pkt, "OPTIONS", 7) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 7; + } + break; + case 'D': + if (strncmp(pkt, "DELETE", 6) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 6; + } + break; + case 'T': + if (strncmp(pkt, "TRACE", 5) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 5; + } + break; + case 'C': + if (strncmp(pkt, "CONNECT", 7) == 0) { + if (is_fragmented) + *is_fragmented = 0; + return pkt + 7; + } + break; + default: + /* Try to find HTTP method in a second part of fragmented packet */ + if ((http_frag == 1 || http_frag == 2)) { + switch (*pkt) { + case 'E': + if (strncmp(pkt, "ET", http_frag) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'S': + if (strncmp(pkt, "ST", http_frag) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'A': + if (strncmp(pkt, "AD", http_frag) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'N': + if (strncmp(pkt, "NS", http_frag) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'L': + if (strncmp(pkt, "LE", http_frag) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'R': + if (strncmp(pkt, "RACE", http_frag + 1) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + case 'O': + if (strncmp(pkt, "ONNECT", http_frag + 1) == 0) { + if (is_fragmented) + *is_fragmented = 1; + return pkt + http_frag - 1; + } + break; + default: + return NULL; + } + } + } + return NULL; } + /** Fragment and send the packet. * * This function cuts off the end of the packet (step=0) or @@ -484,40 +575,36 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr, return; } - if (step == 0) { - if (packet_v4) - ppIpHdr->Length = htons( - ntohs(ppIpHdr->Length) - - packet_dataLen + fragment_size - ); - else if (packet_v6) - ppIpV6Hdr->Length = htons( - ntohs(ppIpV6Hdr->Length) - - packet_dataLen + fragment_size - ); - //printf("step0 (%d:%d), pp:%d, was:%d, now:%d\n", - // packet_v4, packet_v6, ntohs(ppIpHdr->Length), - // packetLen, packetLen - packet_dataLen + fragment_size); - packetLen = packetLen - packet_dataLen + fragment_size; - } - - else if (step == 1) { - if (packet_v4) - ppIpHdr->Length = htons( - ntohs(ppIpHdr->Length) - fragment_size - ); - else if (packet_v6) - ppIpV6Hdr->Length = htons( - ntohs(ppIpV6Hdr->Length) - fragment_size - ); - //printf("step1 (%d:%d), pp:%d, was:%d, now:%d\n", packet_v4, packet_v6, ntohs(ppIpHdr->Length), - // packetLen, packetLen - fragment_size); - memmove(packet_data, - (char*)packet_data + fragment_size, - packet_dataLen - fragment_size); - packetLen -= fragment_size; - - ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) + fragment_size); + switch(step) { + case 0: + if (packet_v4) + ppIpHdr->Length = htons( + ntohs(ppIpHdr->Length) - + packet_dataLen + fragment_size + ); + else if (packet_v6) + ppIpV6Hdr->Length = htons( + ntohs(ppIpV6Hdr->Length) - + packet_dataLen + fragment_size + ); + packetLen = packetLen - packet_dataLen + fragment_size; + break; + case 1: + if (packet_v4) + ppIpHdr->Length = htons( + ntohs(ppIpHdr->Length) - fragment_size + ); + else if (packet_v6) + ppIpV6Hdr->Length = htons( + ntohs(ppIpV6Hdr->Length) - fragment_size + ); + memmove(packet_data, + (char*)packet_data + fragment_size, + packet_dataLen - fragment_size); + packetLen -= fragment_size; + + ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) + fragment_size); + break; } addr.IPChecksum = 0; @@ -532,9 +619,9 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr, NULL, &addr ); memcpy(packet, packet_bak, orig_packetLen); - //printf("Sent native fragment of %d size (step%d)\n", packetLen, step); } + int main(int argc, char *argv[]) { static enum packet_type_e { unknown,