tpws: --skip

4 months ago · 1779cfad30
4 changed files with 85 additions and 47 deletions
--- a/tpws/params.c
+++ b/tpws/params.c
@ -155,22 +155,26 @@ void hexdump_limited_dlog(const uint8_t *data, size_t size, size_t limit)
 	if (bcut) VPRINT(" ...");
 }

+void dp_init(struct desync_profile *dp)
+{
+	LIST_INIT(&dp->hl_collection);
+	LIST_INIT(&dp->hl_collection_exclude);
+	LIST_INIT(&dp->ips_collection);
+	LIST_INIT(&dp->ips_collection_exclude);
+	LIST_INIT(&dp->pf_tcp);
+
+	dp->filter_ipv4 = dp->filter_ipv6 = true;
+	memcpy(dp->hostspell, "host", 4); // default hostspell
+	dp->hostlist_auto_fail_threshold = HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT;
+	dp->hostlist_auto_fail_time = HOSTLIST_AUTO_FAIL_TIME_DEFAULT;
+}

 struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head)
 {
 	struct desync_profile_list *entry = calloc(1,sizeof(struct desync_profile_list));
 	if (!entry) return NULL;

-	LIST_INIT(&entry->dp.hl_collection);
-	LIST_INIT(&entry->dp.hl_collection_exclude);
-	LIST_INIT(&entry->dp.ips_collection);
-	LIST_INIT(&entry->dp.ips_collection_exclude);
-	LIST_INIT(&entry->dp.pf_tcp);
-
-	entry->dp.filter_ipv4 = entry->dp.filter_ipv6 = true;
-	memcpy(entry->dp.hostspell, "host", 4); // default hostspell
-	entry->dp.hostlist_auto_fail_threshold = HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT;
-	entry->dp.hostlist_auto_fail_time = HOSTLIST_AUTO_FAIL_TIME_DEFAULT;
+	dp_init(&entry->dp);

 	// add to the tail
 	struct desync_profile_list *dpn,*dpl=LIST_FIRST(&params.desync_profiles);
@ -184,14 +188,23 @@ struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head)

 	return entry;
 }
-static void dp_entry_destroy(struct desync_profile_list *entry)
+static void dp_clear_dynamic(struct desync_profile *dp)
+{
+	hostlist_collection_destroy(&dp->hl_collection);
+	hostlist_collection_destroy(&dp->hl_collection_exclude);
+	ipset_collection_destroy(&dp->ips_collection);
+	ipset_collection_destroy(&dp->ips_collection_exclude);
+	port_filters_destroy(&dp->pf_tcp);
+	HostFailPoolDestroy(&dp->hostlist_auto_fail_counters);
+}
+void dp_clear(struct desync_profile *dp)
+{
+	dp_clear_dynamic(dp);
+	memset(dp,0,sizeof(*dp));
+}
+void dp_entry_destroy(struct desync_profile_list *entry)
 {
-	hostlist_collection_destroy(&entry->dp.hl_collection);
-	hostlist_collection_destroy(&entry->dp.hl_collection_exclude);
-	ipset_collection_destroy(&entry->dp.ips_collection);
-	ipset_collection_destroy(&entry->dp.ips_collection_exclude);
-	port_filters_destroy(&entry->dp.pf_tcp);
-	HostFailPoolDestroy(&entry->dp.hostlist_auto_fail_counters);
+	dp_clear_dynamic(&entry->dp);
 	free(entry);
 }
 void dp_list_destroy(struct desync_profile_list_head *head)
--- a/tpws/params.h
+++ b/tpws/params.h
@ -83,7 +83,10 @@ struct desync_profile_list {
 };
 LIST_HEAD(desync_profile_list_head, desync_profile_list);
 struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head);
+void dp_entry_destroy(struct desync_profile_list *entry);
 void dp_list_destroy(struct desync_profile_list_head *head);
+void dp_init(struct desync_profile *dp);
+void dp_clear(struct desync_profile *dp);

 struct params_s
 {
--- a/tpws/tpws.c
+++ b/tpws/tpws.c
@ -177,6 +177,7 @@ static void exithelp(void)
 		" --debug-level=0|1|2\t\t\t; specify debug level\n"
 		"\nMULTI-STRATEGY:\n"
 		" --new\t\t\t\t\t; begin new strategy\n"
+		" --skip\t\t\t\t\t; do not use this strategy\n"
 		" --filter-l3=ipv4|ipv6\t\t\t; L3 protocol filter. multiple comma separated values allowed.\n"
 		" --filter-tcp=[~]port1[-port2]|*\t; TCP port filter. ~ means negation. multiple comma separated values allowed.\n"
 		" --filter-l7=[http|tls|unknown]\t\t; L6-L7 protocol filter. multiple comma separated values allowed.\n"
@ -524,6 +525,7 @@ void parse_params(int argc, char *argv[])
 {
 	int option_index = 0;
 	int v, i;
+	bool bSkip=false;

 	memset(&params, 0, sizeof(params));
 	params.maxconn = DEFAULT_MAX_CONN;
@ -630,24 +632,25 @@ void parse_params(int argc, char *argv[])
 		{ "connect-bind-addr",required_argument,0,0 },// optidx=55

 		{ "new",no_argument,0,0 },				// optidx=56
-		{ "filter-l3",required_argument,0,0 },			// optidx=57
-		{ "filter-tcp",required_argument,0,0 },			// optidx=58
-		{ "filter-l7",required_argument,0,0 },			// optidx=59
-		{ "ipset",required_argument,0,0 },			// optidx=60
-		{ "ipset-exclude",required_argument,0,0 },		// optidx=61
+		{ "skip",no_argument,0,0 },				// optidx=57
+		{ "filter-l3",required_argument,0,0 },			// optidx=58
+		{ "filter-tcp",required_argument,0,0 },			// optidx=59
+		{ "filter-l7",required_argument,0,0 },			// optidx=60
+		{ "ipset",required_argument,0,0 },			// optidx=61
+		{ "ipset-exclude",required_argument,0,0 },		// optidx=62

 #if defined(__FreeBSD__)
 		{ "enable-pf",no_argument,0,0 },// optidx=62
 #elif defined(__APPLE__)
-		{ "local-tcp-user-timeout",required_argument,0,0 },	// optidx=62
-		{ "remote-tcp-user-timeout",required_argument,0,0 },	// optidx=63
+		{ "local-tcp-user-timeout",required_argument,0,0 },	// optidx=63
+		{ "remote-tcp-user-timeout",required_argument,0,0 },	// optidx=64
 #elif defined(__linux__)
-		{ "local-tcp-user-timeout",required_argument,0,0 },	// optidx=62
-		{ "remote-tcp-user-timeout",required_argument,0,0 },	// optidx=63
-		{ "mss",required_argument,0,0 },			// optidx=64
-		{ "fix-seg",optional_argument,0,0 },			// optidx=65
+		{ "local-tcp-user-timeout",required_argument,0,0 },	// optidx=63
+		{ "remote-tcp-user-timeout",required_argument,0,0 },	// optidx=64
+		{ "mss",required_argument,0,0 },			// optidx=65
+		{ "fix-seg",optional_argument,0,0 },			// optidx=66
 #ifdef SPLICE_PRESENT
-		{ "nosplice",no_argument,0,0 },				// optidx=66
+		{ "nosplice",no_argument,0,0 },				// optidx=67
 #endif
 #endif
 		{ "hostlist-auto-retrans-threshold",optional_argument,0,0}, // ignored. for nfqws command line compatibility
@ -1160,6 +1163,15 @@ void parse_params(int argc, char *argv[])


 		case 56: /* new */
+			if (bSkip)
+			{
+				dp_clear(dp);
+				dp_init(dp);
+				dp->n = desync_profile_count;
+				bSkip = false;
+			}
+			else
+			{
 				if (!(dpl = dp_list_add(&params.desync_profiles)))
 				{
 					DLOG_ERR("desync_profile_add: out of memory\n");
@ -1167,29 +1179,33 @@ void parse_params(int argc, char *argv[])
 				}
 				dp = &dpl->dp;
 				dp->n = ++desync_profile_count;
+			}
 			break;
-		case 57: /* filter-l3 */
+		case 57: /* skip */
+			bSkip = true;
+			break;
+		case 58: /* filter-l3 */
 			if (!wf_make_l3(optarg,&dp->filter_ipv4,&dp->filter_ipv6))
 			{
 				DLOG_ERR("bad value for --filter-l3\n");
 				exit_clean(1);
 			}
 			break;
-		case 58: /* filter-tcp */
+		case 59: /* filter-tcp */
 			if (!parse_pf_list(optarg,&dp->pf_tcp))
 			{
 				DLOG_ERR("Invalid port filter : %s\n",optarg);
 				exit_clean(1);
 			}
 			break;
-		case 59: /* filter-l7 */
+		case 60: /* filter-l7 */
 			if (!parse_l7_list(optarg,&dp->filter_l7))
 			{
 				DLOG_ERR("Invalid l7 filter : %s\n",optarg);
 				exit_clean(1);
 			}
 			break;
-		case 60: /* ipset */
+		case 61: /* ipset */
 			if (!RegisterIpset(dp, false, optarg))
 			{
 				DLOG_ERR("failed to register ipset '%s'\n", optarg);
@ -1197,7 +1213,7 @@ void parse_params(int argc, char *argv[])
 			}
 			params.tamper = true;
 			break;
-		case 61: /* ipset-exclude */
+		case 62: /* ipset-exclude */
 			if (!RegisterIpset(dp, true, optarg))
 			{
 				DLOG_ERR("failed to register ipset '%s'\n", optarg);
@ -1207,11 +1223,11 @@ void parse_params(int argc, char *argv[])
 			break;

 #if defined(__FreeBSD__)
-		case 62: /* enable-pf */
+		case 63: /* enable-pf */
 			params.pf_enable = true;
 			break;
 #elif defined(__linux__) || defined(__APPLE__)
-		case 62: /* local-tcp-user-timeout */
+		case 63: /* local-tcp-user-timeout */
 			params.tcp_user_timeout_local = atoi(optarg);
 			if (params.tcp_user_timeout_local<0 || params.tcp_user_timeout_local>86400)
 			{
@ -1219,7 +1235,7 @@ void parse_params(int argc, char *argv[])
 				exit_clean(1);
 			}
 			break;
-		case 63: /* remote-tcp-user-timeout */
+		case 64: /* remote-tcp-user-timeout */
 			params.tcp_user_timeout_remote = atoi(optarg);
 			if (params.tcp_user_timeout_remote<0 || params.tcp_user_timeout_remote>86400)
 			{
@ -1230,7 +1246,7 @@ void parse_params(int argc, char *argv[])
 #endif

 #if defined(__linux__)
-		case 64: /* mss */
+		case 65: /* mss */
 			// this option does not work in any BSD and MacOS. OS may accept but it changes nothing
 			dp->mss = atoi(optarg);
 			if (dp->mss<88 || dp->mss>32767)
@ -1239,7 +1255,7 @@ void parse_params(int argc, char *argv[])
 				exit_clean(1);
 			}
 			break;
-		case 65: /* fix-seg */
+		case 66: /* fix-seg */
 			if (!params.fix_seg_avail)
 			{
 				DLOG_ERR("--fix-seg is supported since kernel 4.6\n");
@ -1259,13 +1275,20 @@ void parse_params(int argc, char *argv[])
 				params.fix_seg = FIX_SEG_DEFAULT_MAX_WAIT;
 			break;
 #ifdef SPLICE_PRESENT
-		case 66: /* nosplice */
+		case 67: /* nosplice */
 			params.nosplice = true;
 			break;
 #endif
 #endif
 		}
 	}
+	if (bSkip)
+	{
+		dp_entry_destroy(dpl);
+		LIST_REMOVE(dpl,next);
+		desync_profile_count--;
+	}
+
 	if (!params.bind_wait_only && !params.port)
 	{
 		DLOG_ERR("Need port number\n");
--- a/tpws/tpws_conn.c
+++ b/tpws/tpws_conn.c
@ -485,7 +485,7 @@ static bool connect_remote_conn(tproxy_conn_t *conn)

 	apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);

-	if (conn->track.dp)
+	if (conn->track.dp && conn->track.dp->mss)
 	{
 		mss = conn->track.dp->mss;
 		if (conn->track.dp->hostlist_auto)
@ -836,7 +836,6 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
 		return false;
 	}

-
 	if (!(conn->partner = new_conn(remote_fd, true)))
 	{
 		close(remote_fd);