diff --git a/desync.c b/desync.c index f2b32e2..e88d88a 100644 --- a/desync.c +++ b/desync.c @@ -51,17 +51,6 @@ int setttl(int fd, int ttl) #ifdef __linux__ -static int get_family(const struct sockaddr_in6 *dst) -{ - static const char map[12] = "\0\0\0\0\0\0\0\0\0\0\xff\xff"; - if (dst->sin6_family == AF_INET6 - && !memcmp(&dst->sin6_addr, map, sizeof(map))) { - return AF_INET; - } - return dst->sin6_family; -} - - static int drop_sack(int fd) { struct sock_filter code[] = { @@ -136,26 +125,37 @@ static struct packet get_tcp_fake(const char *buffer, size_t n, #ifdef __linux__ +static int set_md5sig(int sfd, unsigned short key_len) +{ + struct tcp_md5sig md5 = { + .tcpm_keylen = key_len + }; + socklen_t addr_size = sizeof(md5.tcpm_addr); + + if (getpeername(sfd, + (struct sockaddr *)&md5.tcpm_addr, &addr_size) < 0) { + uniperror("getpeername"); + return -1; + } + if (setsockopt(sfd, IPPROTO_TCP, + TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) { + uniperror("setsockopt TCP_MD5SIG"); + return -1; + } + return 0; +} + + static ssize_t send_fake(int sfd, const char *buffer, long pos, const struct desync_params *opt, struct packet pkt) { - struct sockaddr_in6 addr; - socklen_t addr_size = sizeof(addr); - - if (opt->md5sig || opt->ip_options) { - if (getpeername(sfd, - (struct sockaddr *)&addr, &addr_size) < 0) { - uniperror("getpeername"); - return -1; - } - } int fds[2]; if (pipe(fds) < 0) { uniperror("pipe"); return -1; } char *p = 0; - ssize_t len = -1; + ssize_t ret = -1; while (1) { p = mmap(0, pos, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); @@ -169,27 +169,12 @@ static ssize_t send_fake(int sfd, const char *buffer, if (setttl(sfd, opt->ttl ? opt->ttl : DEFAULT_TTL) < 0) { break; } - if (opt->md5sig) { - struct tcp_md5sig md5 = { - .tcpm_keylen = 5 - }; - memcpy(&md5.tcpm_addr, &addr, addr_size); - - if (setsockopt(sfd, IPPROTO_TCP, - TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) { - uniperror("setsockopt TCP_MD5SIG"); - break; - } - } - if (opt->ip_options && get_family(&addr) == AF_INET - && setsockopt(sfd, IPPROTO_IP, IP_OPTIONS, - opt->ip_options, opt->ip_options_len) < 0) { - uniperror("setsockopt IP_OPTIONS"); + if (opt->md5sig && set_md5sig(sfd, 5)) { break; } struct iovec vec = { .iov_base = p, .iov_len = pos }; - len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT); + ssize_t len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT); if (len < 0) { uniperror("vmsplice"); break; @@ -204,30 +189,16 @@ static ssize_t send_fake(int sfd, const char *buffer, if (setttl(sfd, params.def_ttl) < 0) { break; } - if (opt->ip_options && get_family(&addr) == AF_INET - && setsockopt(sfd, IPPROTO_IP, - IP_OPTIONS, opt->ip_options, 0) < 0) { - uniperror("setsockopt IP_OPTIONS"); + if (opt->md5sig && set_md5sig(sfd, 0)) { break; } - if (opt->md5sig) { - struct tcp_md5sig md5 = { - .tcpm_keylen = 0 - }; - memcpy(&md5.tcpm_addr, &addr, addr_size); - - if (setsockopt(sfd, IPPROTO_TCP, - TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) { - uniperror("setsockopt TCP_MD5SIG"); - break; - } - } + ret = len; break; } if (p) munmap(p, pos); close(fds[0]); close(fds[1]); - return len; + return ret; } #endif diff --git a/main.c b/main.c index ed8dd35..01c465d 100644 --- a/main.c +++ b/main.c @@ -31,8 +31,6 @@ ASSERT(sizeof(struct in_addr) == 4) ASSERT(sizeof(struct in6_addr) == 16) -char ip_option[1] = "\0"; - struct packet fake_tls = { sizeof(tls_data), tls_data }, @@ -106,7 +104,6 @@ static const char help_text[] = { #ifdef FAKE_SUPPORT " -f, --fake Split and send fake packet\n" #ifdef __linux__ - " -k, --ip-opt[=f|:str] IP options of fake packets\n" " -S, --md5sig Add MD5 Signature option for fake packets\n" #endif " -n, --tls-sni Change SNI in fake ClientHello\n" @@ -165,7 +162,6 @@ const struct option options[] = { #ifdef FAKE_SUPPORT {"fake", 1, 0, 'f'}, #ifdef __linux__ - {"ip-opt", 2, 0, 'k'}, {"md5sig", 0, 0, 'S'}, #endif {"tls-sni", 1, 0, 'n'}, @@ -582,10 +578,6 @@ void clear_params(void) if (params.dp) { for (int i = 0; i < params.dp_count; i++) { struct desync_params s = params.dp[i]; - if (s.ip_options != ip_option) { - free(s.ip_options); - s.ip_options = ip_option; - } if (s.parts != 0) { free(s.parts); s.parts = 0; @@ -919,22 +911,6 @@ int main(int argc, char **argv) dp->ttl = val; break; - case 'k': - if (dp->ip_options) { - continue; - } - if (optarg) - dp->ip_options = ftob(optarg, &dp->ip_options_len); - else { - dp->ip_options = ip_option; - dp->ip_options_len = sizeof(ip_option); - } - if (!dp->ip_options) { - uniperror("read/parse"); - invalid = 1; - } - break; - case 'S': dp->md5sig = 1; break; diff --git a/params.h b/params.h index 8e399e8..bacb24f 100644 --- a/params.h +++ b/params.h @@ -71,8 +71,6 @@ struct packet { struct desync_params { int ttl; - char *ip_options; - ssize_t ip_options_len; bool md5sig; struct packet fake_data; int udp_fake_count; @@ -136,8 +134,6 @@ extern struct packet fake_tls; extern struct packet fake_http; extern struct packet fake_udp; -extern char ip_option[1]; - #define ASSERT(exp) \ char t[(exp) ? 1 : -1]; #endif