klavirshik
/
GoodbyeDPI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: klavirshik:master
Branches Tags
klavirshik:master
klavirshik:quic_block
klavirshik:test_windres
klavirshik:openvpn
klavirshik:windivert2
klavirshik:masterv6
klavirshik:ipv6
klavirshik:windivert-test
klavirshik:0.2.3rc1
klavirshik:0.2.2
klavirshik:0.2.1
klavirshik:0.2.0
klavirshik:0.1.8
klavirshik:0.1.7
klavirshik:0.1.6
klavirshik:0.1.5
klavirshik:0.1.5rc3
klavirshik:0.1.5rc2
klavirshik:0.1.5rc1
klavirshik:0.1.4
klavirshik:0.1.3
klavirshik:0.1.2
klavirshik:0.1.2rc3
klavirshik:0.1.2rc2
klavirshik:0.1.2rc1
klavirshik:0.1.1
klavirshik:0.1.0
klavirshik:0.0.9
klavirshik:0.0.8
klavirshik:0.0.7
klavirshik:0.0.6
klavirshik:0.0.5
klavirshik:0.0.4
klavirshik:0.0.3
klavirshik:0.0.2
klavirshik:0.0.1
..
compare: klavirshik:0.2.2
Branches Tags
klavirshik:master
klavirshik:quic_block
klavirshik:test_windres
klavirshik:openvpn
klavirshik:windivert2
klavirshik:masterv6
klavirshik:ipv6
klavirshik:windivert-test
klavirshik:0.2.3rc1
klavirshik:0.2.2
klavirshik:0.2.1
klavirshik:0.2.0
klavirshik:0.1.8
klavirshik:0.1.7
klavirshik:0.1.6
klavirshik:0.1.5
klavirshik:0.1.5rc3
klavirshik:0.1.5rc2
klavirshik:0.1.5rc1
klavirshik:0.1.4
klavirshik:0.1.3
klavirshik:0.1.2
klavirshik:0.1.2rc3
klavirshik:0.1.2rc2
klavirshik:0.1.2rc1
klavirshik:0.1.1
klavirshik:0.1.0
klavirshik:0.0.9
klavirshik:0.0.8
klavirshik:0.0.7
klavirshik:0.0.6
klavirshik:0.0.5
klavirshik:0.0.4
klavirshik:0.0.3
klavirshik:0.0.2
klavirshik:0.0.1

No commits in common. "master" and "0.2.2" have entirely different histories.
master ... 0.2.2

6 changed files with 92 additions and 121 deletions
Show Stats Expand all files Collapse all files

4
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@ -5,7 +5,7 @@ body:
- type: markdown
attributes:
value: |
### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do not report it here!
**USE THIS FORM ONLY FOR BUGS**
GoodbyeDPI does not guarantee to work with your ISP for every blocked website or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it here.
Please only report software bugs, such as:
@ -18,7 +18,7 @@ body:
Please make sure to check other opened and closed issues, it could be your bug has been reported already.
For questions, or if in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда!
**ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ**
GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу с каждым заблокированным сайтом. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
Пожалуйста, сообщайте только об ошибках в программе, таких как:

30
.github/workflows/build.yml vendored
View File

@ -4,24 +4,22 @@ on:
push:
paths:
- 'src/**'
workflow_dispatch:
env:
WINDIVERT_URL: https://reqrypt.org/download/WinDivert-2.2.0-D.zip
WINDIVERT_NAME: WinDivert-2.2.0-D.zip
WINDIVERT_BASENAME: WinDivert-2.2.0-D
WINDIVERT_SHA256: 1d461cfdfa7ba88ebcfbb3603b71b703e9f72aba8aeff99a75ce293e6f89d2ba
WINDIVERT_URL: https://www.reqrypt.org/download/WinDivert-1.4.3-A.zip
WINDIVERT_NAME: WinDivert-1.4.3-A.zip
WINDIVERT_SHA256: 4084bc3931f31546d375ed89e3f842776efa46f321ed0adcd32d3972a7d02566
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v2
- name: Declare short commit variable
id: vars
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Install MinGW-w64
run: >
@ -31,7 +29,7 @@ jobs:
- name: Download WinDivert from cache
id: windivert-cache
uses: actions/cache@v4
uses: actions/cache@v2
with:
path: ${{ env. WINDIVERT_NAME }}
key: ${{ env. WINDIVERT_SHA256 }}
@ -48,15 +46,15 @@ jobs:
- name: Compile x86_64
run: >
cd src && make clean &&
make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x64 -j4
make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../WinDivert-1.4.3-A/include WINDIVERTLIBS=../WinDivert-1.4.3-A/x86_64 -j4
- name: Prepare x86_64 directory
run: |
mkdir goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe WinDivert-1.4.3-A/x86_64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86_64
uses: actions/upload-artifact@v4
- name: Upload output file x86_64 (64 bit)
uses: actions/upload-artifact@v2
with:
name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
path: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
@ -64,15 +62,15 @@ jobs:
- name: Compile i686
run: >
cd src && make clean &&
make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x86 -j4
make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=../WinDivert-1.4.3-A/include WINDIVERTLIBS=../WinDivert-1.4.3-A/x86 -j4
- name: Prepare x86 directory
run: |
mkdir goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
cp src/goodbyedpi.exe WinDivert-1.4.3-A/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v2
with:
name: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
path: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}

16
README.md
View File

@ -43,7 +43,6 @@ Usage: goodbyedpi.exe [OPTION...]
supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times.
--allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.
--frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).
--auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease
@ -88,7 +87,7 @@ To check if your ISP's DPI could be circumvented, first make sure that your prov
Then run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resover running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
Check the .cmd scripts and modify it according to your preference and network conditions.
@ -141,15 +140,12 @@ Modify them according to your own needs.
# Similar projects
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for MacOS, Linux and Windows)
- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)
- **[DPI Tunnel CLI](https://github.com/zhenyolka/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
- **[DPI Tunnel for Android](https://github.com/zhenyolka/DPITunnel-android)** by @zhenyolka (for Android)
- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux)
- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android)
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for Linux).
- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows).
- **[DPITunnel](https://github.com/zhenyolka/DPITunnel)** by @zhenyolka (for Android).
- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux).
- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android).
- **[SpoofDPI](https://github.com/xvzc/SpoofDPI)** by @xvzc (for macOS and Linux)
- **[GhosTCP](https://github.com/macronut/ghostcp)** by @macronut (for Windows)
- **[ByeDPI](https://github.com/hufrea/byedpi)** for Linux/Windows + **[ByeDPIAndroid](https://github.com/dovecoteescapee/ByeDPIAndroid/)** for Android (no root)
# Kudos

5
src/Makefile
View File

@ -11,12 +11,7 @@ TARGET = goodbyedpi.exe
#LIBS = -L$(WINDIVERTLIBS) -Wl,-Bstatic -lssp -Wl,-Bdynamic -lWinDivert -lws2_32
LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32 -l:libssp.a
CC = $(CPREFIX)gcc
CCWINDRES = $(CPREFIX)windres
ifeq (, $(shell which $(CPREFIX)windres))
CCWINDRES = windres
endif
CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
-O2 -D_FORTIFY_SOURCE=2 -fstack-protector \
-Wall -Wextra -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 \

14
src/fakepackets.c
View File

@ -70,21 +70,19 @@ static int send_fake_data(const HANDLE w_filter,
memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
memcpy(packet_fake, pkt, packetLen);
addr_new.TCPChecksum = 0;
addr_new.IPChecksum = 0;
addr_new.PseudoTCPChecksum = 0;
addr_new.PseudoIPChecksum = 0;
if (!is_ipv6) {
// IPv4 TCP Data packet
if (!WinDivertHelperParsePacket(packet_fake, packetLen, &ppIpHdr,
NULL, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
NULL, NULL))
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen))
return 1;
}
else {
// IPv6 TCP Data packet
if (!WinDivertHelperParsePacket(packet_fake, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen,
NULL, NULL))
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen))
return 1;
}
@ -128,12 +126,12 @@ static int send_fake_data(const HANDLE w_filter,
// ...and damage it
ppTcpHdr->Checksum = htons(ntohs(ppTcpHdr->Checksum) - 1);
}
//printf("Pseudo checksum: %d\n", addr_new.TCPChecksum);
//printf("Pseudo checksum: %d\n", addr_new.PseudoTCPChecksum);
WinDivertSend(
w_filter, packet_fake,
packetLen_new,
NULL, &addr_new
&addr_new, NULL
);
debug("Fake packet: OK");

144
src/goodbyedpi.c
View File

@ -162,7 +162,6 @@ static struct option long_options[] = {
{"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' },
{"allow-no-sni",no_argument, 0, ']' },
{"frag-by-sni", no_argument, 0, '>' },
{"ip-id", required_argument, 0, 'i' },
{"set-ttl", required_argument, 0, '$' },
{"min-ttl", required_argument, 0, '[' },
@ -217,8 +216,7 @@ static void add_ip_id_str(int id) {
static void add_maxpayloadsize_str(unsigned short maxpayload) {
char *newstr;
/* 0x47455420 is "GET ", 0x504F5354 is "POST", big endian. */
const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu or tcp.Payload32[0] == 0x47455420 or tcp.Payload32[0] == 0x504F5354 : true)";
const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu : true)";
char *addfilter = malloc(strlen(maxpayloadsize_str) + 16);
sprintf(addfilter, maxpayloadsize_str, maxpayload);
@ -311,7 +309,6 @@ static HANDLE init(char *filter, UINT64 flags) {
static int deinit(HANDLE handle) {
if (handle) {
WinDivertShutdown(handle, WINDIVERT_SHUTDOWN_BOTH);
WinDivertClose(handle);
return TRUE;
}
@ -475,7 +472,7 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
PWINDIVERT_TCPHDR ppTcpHdr,
unsigned int fragment_size, int step) {
char packet_bak[MAX_PACKET_SIZE];
memcpy(packet_bak, packet, packetLen);
memcpy(&packet_bak, packet, packetLen);
UINT orig_packetLen = packetLen;
if (fragment_size >= packet_dataLen) {
@ -521,8 +518,8 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
ppTcpHdr->SeqNum = htonl(ntohl(ppTcpHdr->SeqNum) + fragment_size);
}
addr.IPChecksum = 0;
addr.TCPChecksum = 0;
addr.PseudoIPChecksum = 0;
addr.PseudoTCPChecksum = 0;
WinDivertHelperCalcChecksums(
packet, packetLen, &addr, 0
@ -530,9 +527,9 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
WinDivertSend(
w_filter, packet,
packetLen,
NULL, &addr
&addr, NULL
);
memcpy(packet, packet_bak, orig_packetLen);
memcpy(packet, &packet_bak, orig_packetLen);
//printf("Sent native fragment of %d size (step%d)\n", packetLen, step);
}
@ -569,7 +566,6 @@ int main(int argc, char *argv[]) {
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0,
do_allow_no_sni = 0,
do_fragment_by_sni = 0,
do_fake_packet = 0,
do_auto_ttl = 0,
do_wrong_chksum = 0,
@ -808,11 +804,7 @@ int main(int argc, char *argv[]) {
case ']': // --allow-no-sni
do_allow_no_sni = 1;
break;
case '>': // --frag-by-sni
do_fragment_by_sni = 1;
break;
case '$': // --set-ttl
do_auto_ttl = auto_ttl_1 = auto_ttl_2 = auto_ttl_max = 0;
do_fake_packet = 1;
ttl_of_fake_packet = atoub(optarg, "Set TTL parameter error!");
break;
@ -904,7 +896,6 @@ int main(int argc, char *argv[]) {
" supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n"
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
" --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
" --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease\n"
@ -963,7 +954,6 @@ int main(int argc, char *argv[]) {
"Fragment HTTP: %u\n" /* 2 */
"Fragment persistent HTTP: %u\n" /* 3 */
"Fragment HTTPS: %u\n" /* 4 */
"Fragment by SNI: %u\n" /* 5 */
"Native fragmentation (splitting): %d\n" /* 5 */
"Fragments sending in reverse: %d\n" /* 6 */
"hoSt: %d\n" /* 7 */
@ -983,24 +973,23 @@ int main(int argc, char *argv[]) {
(do_fragment_http ? http_fragment_size : 0), /* 2 */
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
(do_fragment_https ? https_fragment_size : 0), /* 4 */
do_fragment_by_sni, /* 5 */
do_native_frag, /* 6 */
do_reverse_frag, /* 7 */
do_host, /* 8 */
do_host_removespace, /* 9 */
do_additional_space, /* 10 */
do_host_mixedcase, /* 11 */
do_http_allports, /* 12 */
do_fragment_http_persistent_nowait, /* 13 */
do_dnsv4_redirect, /* 14 */
do_dnsv6_redirect, /* 15 */
do_allow_no_sni, /* 16 */
do_auto_ttl ? "auto" : (do_fake_packet ? "fixed" : "disabled"), /* 17 */
do_native_frag, /* 5 */
do_reverse_frag, /* 6 */
do_host, /* 7 */
do_host_removespace, /* 8 */
do_additional_space, /* 9 */
do_host_mixedcase, /* 10 */
do_http_allports, /* 11 */
do_fragment_http_persistent_nowait, /* 12 */
do_dnsv4_redirect, /* 13 */
do_dnsv6_redirect, /* 14 */
do_allow_no_sni, /* 15 */
ttl_of_fake_packet ? "fixed" : (do_auto_ttl ? "auto" : "disabled"), /* 16 */
ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0,
do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
do_wrong_chksum, /* 18 */
do_wrong_seq, /* 19 */
max_payload_size /* 20 */
do_wrong_chksum, /* 17 */
do_wrong_seq, /* 18 */
max_payload_size /* 19 */
);
if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) {
@ -1012,7 +1001,7 @@ int main(int argc, char *argv[]) {
if (do_native_frag && !(do_fragment_http || do_fragment_https)) {
puts("\nERROR: Native fragmentation is enabled but fragment sizes are not set.\n"
"Fragmentation has no effect.");
die();
exit(EXIT_FAILURE);
}
if (max_payload_size)
@ -1049,12 +1038,11 @@ int main(int argc, char *argv[]) {
signal(SIGINT, sigint_handler);
while (1) {
if (WinDivertRecv(w_filter, packet, sizeof(packet), &packetLen, &addr)) {
debug("Got %s packet, len=%d!\n", addr.Outbound ? "outbound" : "inbound",
if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) {
debug("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
packetLen);
should_reinject = 1;
should_recalc_checksum = 0;
sni_ok = 0;
ppIpHdr = (PWINDIVERT_IPHDR)NULL;
ppIpV6Hdr = (PWINDIVERT_IPV6HDR)NULL;
@ -1064,35 +1052,35 @@ int main(int argc, char *argv[]) {
packet_type = unknown;
// Parse network packet and set it's type
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
&ppIpV6Hdr, NULL, NULL, NULL, &ppTcpHdr, &ppUdpHdr, &packet_data, &packet_dataLen,
NULL, NULL))
if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)))
{
if (ppIpHdr) {
packet_v4 = 1;
if (ppTcpHdr) {
packet_type = ipv4_tcp;
if (packet_data) {
packet_type = ipv4_tcp_data;
}
}
else if (ppUdpHdr && packet_data) {
packet_type = ipv4_udp_data;
}
}
else if (ppIpV6Hdr) {
packet_v6 = 1;
if (ppTcpHdr) {
packet_type = ipv6_tcp;
if (packet_data) {
packet_type = ipv6_tcp_data;
}
}
else if (ppUdpHdr && packet_data) {
packet_type = ipv6_udp_data;
}
}
packet_type = ipv4_tcp_data;
}
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)))
{
packet_type = ipv6_tcp_data;
}
else if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)))
{
packet_type = ipv4_tcp;
}
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)))
{
packet_type = ipv6_tcp;
}
else if ((packet_v4 = WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)))
{
packet_type = ipv4_udp_data;
}
else if ((packet_v6 = WinDivertHelperParsePacket(packet, packetLen, NULL,
&ppIpV6Hdr, NULL, NULL, NULL, &ppUdpHdr, &packet_data, &packet_dataLen)))
{
packet_type = ipv6_udp_data;
}
debug("packet_type: %d, packet_v4: %d, packet_v6: %d\n", packet_type, packet_v4, packet_v6);
@ -1102,7 +1090,7 @@ int main(int argc, char *argv[]) {
/* Got a TCP packet WITH DATA */
/* Handle INBOUND packet with data and find HTTP REDIRECT in there */
if (!addr.Outbound && packet_dataLen > 16) {
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) {
/* If INBOUND packet with DATA (tcp.Ack) */
/* Drop packets from filter with HTTP 30x Redirect */
@ -1126,7 +1114,7 @@ int main(int argc, char *argv[]) {
/* Handle OUTBOUND packet on port 443, search for something that resembles
* TLS handshake, send fake request.
*/
else if (addr.Outbound &&
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
((do_fragment_https ? packet_dataLen == https_fragment_size : 0) ||
packet_dataLen > 16) &&
ppTcpHdr->DstPort != htons(80) &&
@ -1138,9 +1126,9 @@ int main(int argc, char *argv[]) {
* But if the packet is more than 2 bytes, check ClientHello byte.
*/
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
(packet_dataLen >= 3 && memcmp(packet_data, "\x16\x03\x01", 3) == 0))
{
if (do_blacklist || do_fragment_by_sni) {
if (do_blacklist) {
sni_ok = extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len);
}
@ -1156,7 +1144,7 @@ int main(int argc, char *argv[]) {
char lsni[HOST_MAXLEN + 1] = {0};
extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len);
memcpy(lsni, host_addr, host_len);
memcpy(&lsni, host_addr, host_len);
printf("Blocked HTTPS website SNI: %s\n", lsni);
#endif
if (do_fake_packet) {
@ -1170,7 +1158,7 @@ int main(int argc, char *argv[]) {
}
}
/* Handle OUTBOUND packet on port 80, search for Host header */
else if (addr.Outbound &&
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 &&
(do_http_allports ? 1 : (ppTcpHdr->DstPort == htons(80))) &&
find_http_method_end(packet_data,
@ -1191,7 +1179,7 @@ int main(int argc, char *argv[]) {
host_len = hdr_value_len;
#ifdef DEBUG
char lhost[HOST_MAXLEN + 1] = {0};
memcpy(lhost, host_addr, host_len);
memcpy(&lhost, host_addr, host_len);
printf("Blocked HTTP website Host: %s\n", lhost);
#endif
@ -1293,11 +1281,7 @@ int main(int argc, char *argv[]) {
current_fragment_size = http_fragment_size;
}
else if (do_fragment_https && ppTcpHdr->DstPort != htons(80)) {
if (do_fragment_by_sni && sni_ok) {
current_fragment_size = (void*)host_addr - packet_data;
} else {
current_fragment_size = https_fragment_size;
}
current_fragment_size = https_fragment_size;
}
if (current_fragment_size) {
@ -1318,7 +1302,7 @@ int main(int argc, char *argv[]) {
/* Else if we got TCP packet without data */
else if (packet_type == ipv4_tcp || packet_type == ipv6_tcp) {
/* If we got INBOUND SYN+ACK packet */
if (!addr.Outbound &&
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND &&
ppTcpHdr->Syn == 1 && ppTcpHdr->Ack == 1) {
//printf("Changing Window Size!\n");
/*
@ -1358,7 +1342,7 @@ int main(int argc, char *argv[]) {
else if ((do_dnsv4_redirect && (packet_type == ipv4_udp_data)) ||
(do_dnsv6_redirect && (packet_type == ipv6_udp_data)))
{
if (!addr.Outbound) {
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) {
if ((packet_v4 && dns_handle_incoming(&ppIpHdr->DstAddr, ppUdpHdr->DstPort,
packet_data, packet_dataLen,
&dns_conn_info, 0))
@ -1388,7 +1372,7 @@ int main(int argc, char *argv[]) {
}
}
else if (addr.Outbound) {
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND) {
if ((packet_v4 && dns_handle_outgoing(&ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
&ppIpHdr->DstAddr, ppUdpHdr->DstPort,
packet_data, packet_dataLen, 0))
@ -1426,7 +1410,7 @@ int main(int argc, char *argv[]) {
if (should_recalc_checksum) {
WinDivertHelperCalcChecksums(packet, packetLen, &addr, (UINT64)0LL);
}
WinDivertSend(w_filter, packet, packetLen, NULL, &addr);
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
}
}
else {