Loading nfq/desync.c +22 −8 Original line number Diff line number Diff line Loading @@ -83,16 +83,19 @@ const uint8_t fake_tls_clienthello_default[680] = { #define TCP_MAX_REASM 16384 #define UDP_MAX_REASM 16384 void TLSDebug(const uint8_t *tls,size_t sz) static void TLSDebugHandshake(const uint8_t *tls,size_t sz) { if (sz<11) return; if (!params.debug) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2; DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); if (sz<6) return; const uint8_t *ext; size_t len,len2; if (TLSFindExt(tls,sz,43,&ext,&len,false)) uint16_t v_handshake=pntoh16(tls+4), v, v2; DLOG("TLS handshake version : %s\n",TLSVersionStr(v_handshake)); if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false)) { if (len) { Loading @@ -110,7 +113,7 @@ void TLSDebug(const uint8_t *tls,size_t sz) else DLOG("TLS supported versions ext : not present\n"); if (TLSFindExt(tls,sz,16,&ext,&len,false)) if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) { if (len>=2) { Loading Loading @@ -139,9 +142,18 @@ void TLSDebug(const uint8_t *tls,size_t sz) else DLOG("TLS ALPN ext : not present\n"); DLOG("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); DLOG("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); } static void TLSDebug(const uint8_t *tls,size_t sz) { if (!params.debug) return; if (sz<11) return; DLOG("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1))); TLSDebugHandshake(tls+5,sz-5); } bool desync_valid_zero_stage(enum dpi_desync_mode mode) { Loading Loading @@ -1026,7 +1038,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint DLOG(bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n"); l7proto = TLS; if (bReqFull && params.debug) TLSDebug(rdata_payload,rlen_payload); if (bReqFull) TLSDebug(rdata_payload,rlen_payload); bHaveHost=TLSHelloExtractHost(rdata_payload,rlen_payload,host,sizeof(host),TLS_PARTIALS_ENABLE); Loading Loading @@ -2051,6 +2063,8 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint DLOG(bIsHello ? bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n" : "packet does not contain TLS ClientHello\n"); if (bReqFull) TLSDebugHandshake(defrag+hello_offset,hello_len); if (ctrack) { if (bIsHello && !bReqFull && ReasmIsEmpty(&ctrack->reasm_orig)) Loading tpws/tamper.c +20 −7 Original line number Diff line number Diff line Loading @@ -15,16 +15,19 @@ void packet_debug(const uint8_t *data, size_t sz) hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n"); } void TLSDebug(const uint8_t *tls,size_t sz) static void TLSDebugHandshake(const uint8_t *tls,size_t sz) { if (sz<11) return; if (!params.debug) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2; VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); if (sz<6) return; const uint8_t *ext; size_t len,len2; if (TLSFindExt(tls,sz,43,&ext,&len,false)) uint16_t v_handshake=pntoh16(tls+4), v, v2; VPRINT("TLS handshake version : %s\n",TLSVersionStr(v_handshake)); if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false)) { if (len) { Loading @@ -42,7 +45,7 @@ void TLSDebug(const uint8_t *tls,size_t sz) else VPRINT("TLS supported versions ext : not present\n"); if (TLSFindExt(tls,sz,16,&ext,&len,false)) if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) { if (len>=2) { Loading Loading @@ -71,7 +74,17 @@ void TLSDebug(const uint8_t *tls,size_t sz) else VPRINT("TLS ALPN ext : not present\n"); VPRINT("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); VPRINT("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); } static void TLSDebug(const uint8_t *tls,size_t sz) { if (!params.debug) return; if (sz<11) return; VPRINT("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1))); TLSDebugHandshake(tls+5,sz-5); } static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) Loading Loading
nfq/desync.c +22 −8 Original line number Diff line number Diff line Loading @@ -83,16 +83,19 @@ const uint8_t fake_tls_clienthello_default[680] = { #define TCP_MAX_REASM 16384 #define UDP_MAX_REASM 16384 void TLSDebug(const uint8_t *tls,size_t sz) static void TLSDebugHandshake(const uint8_t *tls,size_t sz) { if (sz<11) return; if (!params.debug) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2; DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); if (sz<6) return; const uint8_t *ext; size_t len,len2; if (TLSFindExt(tls,sz,43,&ext,&len,false)) uint16_t v_handshake=pntoh16(tls+4), v, v2; DLOG("TLS handshake version : %s\n",TLSVersionStr(v_handshake)); if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false)) { if (len) { Loading @@ -110,7 +113,7 @@ void TLSDebug(const uint8_t *tls,size_t sz) else DLOG("TLS supported versions ext : not present\n"); if (TLSFindExt(tls,sz,16,&ext,&len,false)) if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) { if (len>=2) { Loading Loading @@ -139,9 +142,18 @@ void TLSDebug(const uint8_t *tls,size_t sz) else DLOG("TLS ALPN ext : not present\n"); DLOG("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); DLOG("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); } static void TLSDebug(const uint8_t *tls,size_t sz) { if (!params.debug) return; if (sz<11) return; DLOG("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1))); TLSDebugHandshake(tls+5,sz-5); } bool desync_valid_zero_stage(enum dpi_desync_mode mode) { Loading Loading @@ -1026,7 +1038,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint DLOG(bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n"); l7proto = TLS; if (bReqFull && params.debug) TLSDebug(rdata_payload,rlen_payload); if (bReqFull) TLSDebug(rdata_payload,rlen_payload); bHaveHost=TLSHelloExtractHost(rdata_payload,rlen_payload,host,sizeof(host),TLS_PARTIALS_ENABLE); Loading Loading @@ -2051,6 +2063,8 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint DLOG(bIsHello ? bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n" : "packet does not contain TLS ClientHello\n"); if (bReqFull) TLSDebugHandshake(defrag+hello_offset,hello_len); if (ctrack) { if (bIsHello && !bReqFull && ReasmIsEmpty(&ctrack->reasm_orig)) Loading
tpws/tamper.c +20 −7 Original line number Diff line number Diff line Loading @@ -15,16 +15,19 @@ void packet_debug(const uint8_t *data, size_t sz) hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n"); } void TLSDebug(const uint8_t *tls,size_t sz) static void TLSDebugHandshake(const uint8_t *tls,size_t sz) { if (sz<11) return; if (!params.debug) return; uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v, v2; VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake)); if (sz<6) return; const uint8_t *ext; size_t len,len2; if (TLSFindExt(tls,sz,43,&ext,&len,false)) uint16_t v_handshake=pntoh16(tls+4), v, v2; VPRINT("TLS handshake version : %s\n",TLSVersionStr(v_handshake)); if (TLSFindExtInHandshake(tls,sz,43,&ext,&len,false)) { if (len) { Loading @@ -42,7 +45,7 @@ void TLSDebug(const uint8_t *tls,size_t sz) else VPRINT("TLS supported versions ext : not present\n"); if (TLSFindExt(tls,sz,16,&ext,&len,false)) if (TLSFindExtInHandshake(tls,sz,16,&ext,&len,false)) { if (len>=2) { Loading Loading @@ -71,7 +74,17 @@ void TLSDebug(const uint8_t *tls,size_t sz) else VPRINT("TLS ALPN ext : not present\n"); VPRINT("TLS ECH ext : %s\n",TLSFindExt(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); VPRINT("TLS ECH ext : %s\n",TLSFindExtInHandshake(tls,sz,65037,NULL,NULL,false) ? "present" : "not present"); } static void TLSDebug(const uint8_t *tls,size_t sz) { if (!params.debug) return; if (sz<11) return; VPRINT("TLS record layer version : %s\n",TLSVersionStr(pntoh16(tls+1))); TLSDebugHandshake(tls+5,sz-5); } static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto) Loading
