Allow to select synfake length

Waujito · Aug 29, 2024 · 3d9481d · 3d9481d
1 parent 0f71d5f
commit 3d9481d
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -175,6 +175,8 @@ Available flags:
 
 - `--synfake={1|0}` If 1, syn payload will be sent before each request. The idea is taken from syndata from zapret project. Syn payload will normally be discarded by endpoint but may be handled by TSPU. This option sends normal fake in that payload. Please note, that the option works for all the sites, so --sni-domains won't change anything.
 
+- `--synfake-len=<len>` The fake packet sent in synfake may be too large. If you experience issues, lower up synfake-len. where len stands for how much bytes should be sent as syndata. Pass 0 if you want to send an entire fake packet. Defaults to 0
+
 - `--sni-detection={parse|brute}` Specifies how to detect SNI. Parse will normally detect it by parsing the Client Hello message. Brute will go through the entire message and check possibility of SNI occurrence. Please note, that when `--sni-domains` option is not all brute will be O(nm) time complexity where n stands for length of the message and m is number of domains. Defaults to parse.
 
 - `--seg2delay=<delay>` This flag forces **youtubeUnblock** to wait a little bit before send the 2nd part of the split packet.

diff --git a/args.c b/args.c
@@ -24,6 +24,7 @@ struct config_t config = {
 	.fakeseq_offset = 10000,
 	.mark = DEFAULT_RAWSOCKET_MARK,
 	.synfake = 0,
+	.synfake_len = 0,
 
 	.sni_detection = SNI_DETECTION_PARSE,
 
@@ -71,20 +72,22 @@ struct config_t config = {
 #define OPT_FAKE_SEQ_OFFSET	21
 #define OPT_PACKET_MARK 	22
 #define OPT_SYNFAKE	 	23
+#define OPT_SYNFAKE_LEN	 	24
 #define OPT_SEG2DELAY 		5
 #define OPT_THREADS 		6
 #define OPT_SILENT 		7
 #define OPT_NO_GSO 		8
 #define OPT_QUEUE_NUM		9
 
-#define OPT_MAX OPT_SYNFAKE
+#define OPT_MAX OPT_SYNFAKE_LEN
 
 static struct option long_opt[] = {
 	{"help",		0, 0, 'h'},
 	{"version",		0, 0, 'v'},
 	{"sni-domains",		1, 0, OPT_SNI_DOMAINS},
 	{"fake-sni",		1, 0, OPT_FAKE_SNI},
 	{"synfake",		1, 0, OPT_SYNFAKE},
+	{"synfake-len",		1, 0, OPT_SYNFAKE_LEN},
 	{"fake-sni-seq-len",	1, 0, OPT_FAKE_SNI_SEQ_LEN},
 	{"faking-strategy",	1, 0, OPT_FAKING_STRATEGY},
 	{"fake-seq-offset",	1, 0, OPT_FAKE_SEQ_OFFSET},
@@ -145,6 +148,7 @@ void print_usage(const char *argv0) {
 	printf("\t--faking-ttl=<ttl>\n");
 	printf("\t--faking-strategy={randseq|ttl|tcp_check|pastseq}\n");
 	printf("\t--synfake={1|0}\n");
+	printf("\t--synfake-len=<len>\n");
 	printf("\t--frag={tcp,ip,none}\n");
 	printf("\t--frag-sni-reverse={0|1}\n");
 	printf("\t--frag-sni-faked={0|1}\n");
@@ -324,6 +328,14 @@ int parse_args(int argc, char *argv[]) {
 				goto invalid_opt;
 			}
 
+			break;
+		case OPT_SYNFAKE_LEN:
+			num = parse_numeric_option(optarg);
+			if (errno != 0 || num < 0) {
+				goto invalid_opt;
+			}
+
+			config.synfake_len = num;
 			break;
 		case OPT_SEG2DELAY:
 			num = parse_numeric_option(optarg);

diff --git a/config.h b/config.h
@@ -47,6 +47,7 @@ struct config_t {
 	unsigned int fakeseq_offset;
 	unsigned int mark;
 	int synfake;
+	unsigned int synfake_len;
 };
 
 extern struct config_t config;

diff --git a/mangle.c b/mangle.c
@@ -94,25 +94,36 @@ int process_tcp_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
 		uint8_t payload[MAX_PACKET_SIZE];
 		memcpy(payload, ipxh, iph_len);
 		memcpy(payload + iph_len, tcph, tcph_len);
-		memcpy(payload + iph_len + tcph_len, config.fake_sni_pkt, config.fake_sni_pkt_sz);
+		uint32_t fake_len = config.fake_sni_pkt_sz;
+
+		if (config.synfake_len) 
+			fake_len = min(config.synfake_len, fake_len);
+
+		memcpy(payload + iph_len + tcph_len, config.fake_sni_pkt, fake_len);
 
 
 		struct tcphdr *tcph = (struct tcphdr *)(payload + iph_len);
 		if (ipxv == IP4VERSION) {
 			struct iphdr *iph = (struct iphdr *)payload;
-			iph->tot_len = htons(iph_len + tcph_len + config.fake_sni_pkt_sz);
+			iph->tot_len = htons(iph_len + tcph_len + fake_len);
 			set_ip_checksum(payload, iph_len);
 			set_tcp_checksum(tcph, iph, iph_len);
 		} else if (ipxv == IP6VERSION) {
 			struct ip6_hdr *ip6h = (struct ip6_hdr *)payload;
-			ip6h->ip6_ctlun.ip6_un1.ip6_un1_plen = ntohs(tcph_len + config.fake_sni_pkt_sz);
+			ip6h->ip6_ctlun.ip6_un1.ip6_un1_plen = 
+				ntohs(tcph_len + fake_len);
 			set_ip_checksum(ip6h, iph_len);
 			set_tcp_checksum(tcph, ip6h, iph_len);
 		}
 
 
 
-		instance_config.send_raw_packet(payload, iph_len + tcph_len + config.fake_sni_pkt_sz);
+		ret = instance_config.send_raw_packet(payload, iph_len + tcph_len + fake_len);
+		if (ret < 0) {
+			lgerror("send_syn_altered", ret);
+			goto accept;
+		}
+		lgtrace_addp("rawsocket sent %d", ret);
 		goto drop;
 	}