nfqws: --dpi-desync-fake-unknown

3 years ago · 606063dd48
13 changed files with 21 additions and 8 deletions
--- a/binaries/aarch64/nfqws
+++ b/binaries/aarch64/nfqws
--- a/binaries/arm/nfqws
+++ b/binaries/arm/nfqws
--- a/binaries/mips32r1-lsb/nfqws
+++ b/binaries/mips32r1-lsb/nfqws
--- a/binaries/mips32r1-msb/nfqws
+++ b/binaries/mips32r1-msb/nfqws
--- a/binaries/mips64r2-msb/nfqws
+++ b/binaries/mips64r2-msb/nfqws
--- a/binaries/ppc/nfqws
+++ b/binaries/ppc/nfqws
--- a/binaries/x86/nfqws
+++ b/binaries/x86/nfqws
--- a/binaries/x86_64/nfqws
+++ b/binaries/x86_64/nfqws
--- a/docs/readme.eng.md
+++ b/docs/readme.eng.md
@ -153,6 +153,7 @@ nfqws takes the following parameters:
 --dpi-desync-any-protocol=0|1		; 0(default)=desync only http and tls  1=desync any nonempty data packet
 --dpi-desync-fake-http=<filename>      ; file containing fake http request. replacement for built-in
 --dpi-desync-fake-tls=<filename>       ; file containing fake TLS ClientHello (for https). replacement for built-in
+ --dpi-desync-fake-unknown=<filename>   ; file containing unknown protocol fake payload. default is 256 zeroes
 --dpi-desync-cutoff=N                  ; apply dpi desync only to packet numbers less than N
 --hostlist=<filename>                  ; apply fooling only to the listed hosts (one host per line, subdomains auto apply)
 ```
--- a/docs/readme.txt
+++ b/docs/readme.txt
@ -201,6 +201,7 @@ nfqws
 --dpi-desync-any-protocol=0|1		; 0(default)=работать только по http request и tls clienthello  1=по всем непустым пакетам данных
 --dpi-desync-fake-http=<filename>	; файл, содержащий фейковый http запрос для dpi-desync=fake, на замену стандартному w3.org
 --dpi-desync-fake-tls=<filename>	; файл, содержащий фейковый tls clienthello для dpi-desync=fake, на замену стандартному w3.org
+ --dpi-desync-fake-unknown=<filename>	; файл, содержащий фейковый пейлоад неизвестного протокола для dpi-desync=fake, на замену стандартным нулям 256 байт
 --dpi-desync-cutoff=N                  ; применять dpi desync только к исходящим пакетам по номеру меньше N
 --hostlist=<filename>			; применять дурение только к хостам из листа

--- a/nfq/desync.c
+++ b/nfq/desync.c
@ -230,8 +230,8 @@ packet_process_result dpi_desync_packet(uint8_t *data_pkt, size_t len_pkt, struc
 		{
 			if (!params.desync_any_proto) return res;
 			DLOG("applying tampering to unknown protocol\n")
-			fake = zeropkt;
-			fake_size = 256;
+			fake = params.fake_unknown;
+			fake_size = params.fake_unknown_size;
 		}

 		if (bHaveHost)
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@ -499,6 +499,7 @@ static void exithelp()
 		" --dpi-desync-any-protocol=0|1\t\t; 0(default)=desync only http and tls  1=desync any nonempty data packet\n"
 		" --dpi-desync-fake-http=<filename>\t; file containing fake http request\n"
 		" --dpi-desync-fake-tls=<filename>\t; file containing fake TLS ClientHello (for https)\n"
+		" --dpi-desync-fake-unknown=<filename>\t; file containing unknown protocol fake payload\n"
 		" --dpi-desync-cutoff=N\t\t\t; apply dpi desync only to packet numbers less than N\n"
 		" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply)\n",
 		CTRACK_T_SYN, CTRACK_T_EST, CTRACK_T_FIN,
@ -552,6 +553,7 @@ int main(int argc, char **argv)
 	memcpy(params.fake_tls,fake_tls_clienthello_default,params.fake_tls_size);
 	params.fake_http_size = strlen(fake_http_request_default);
 	memcpy(params.fake_http,fake_http_request_default,params.fake_http_size);
+	params.fake_unknown_size = 256;
 	params.wscale=-1; // default - dont change scale factor (client)
 	params.ctrack_t_syn = CTRACK_T_SYN;
 	params.ctrack_t_est = CTRACK_T_EST;
@ -607,8 +609,9 @@ int main(int argc, char **argv)
 		{"dpi-desync-any-protocol",optional_argument,0,0},// optidx=25
 		{"dpi-desync-fake-http",required_argument,0,0},// optidx=26
 		{"dpi-desync-fake-tls",required_argument,0,0},// optidx=27
-		{"dpi-desync-cutoff",required_argument,0,0},// optidx=28
-		{"hostlist",required_argument,0,0},		// optidx=29
+		{"dpi-desync-fake-unknown",required_argument,0,0},// optidx=28
+		{"dpi-desync-cutoff",required_argument,0,0},// optidx=29
+		{"hostlist",required_argument,0,0},		// optidx=30
 		{NULL,0,NULL,0}
 	};
 	if (argc < 2) exithelp();
@ -862,14 +865,22 @@ int main(int argc, char **argv)
 				exit_clean(1);
 			}
 			break;
-		case 28: /* desync-cutoff */
+		case 28: /* dpi-desync-fake-unknown */
+			params.fake_unknown_size = sizeof(params.fake_unknown);
+			if (!load_file_nonempty(optarg,params.fake_unknown,&params.fake_unknown_size))
+			{
+				fprintf(stderr, "could not read %s\n",optarg);
+				exit_clean(1);
+			}
+			break;
+		case 29: /* desync-cutoff */
 			if (!sscanf(optarg, "%u", &params.desync_cutoff))
 			{
 				fprintf(stderr, "invalid desync-cutoff value\n");
 				exit_clean(1);
 			}
 			break;
-		case 29: /* hostlist */
+		case 30: /* hostlist */
 			if (!LoadHostList(&params.hostlist, optarg))
 				exit_clean(1);
 			strncpy(params.hostfile,optarg,sizeof(params.hostfile));
--- a/nfq/params.h
+++ b/nfq/params.h
@ -43,8 +43,8 @@ struct params_s
 	uint32_t desync_badseq_increment, desync_badseq_ack_increment;
 	char hostfile[256];
 	strpool *hostlist;
-	uint8_t fake_http[1460],fake_tls[1460];
-	size_t fake_http_size,fake_tls_size;
+	uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432];
+	size_t fake_http_size,fake_tls_size,fake_unknown_size;
 	bool droproot;
 	uid_t uid;
 	gid_t gid;