gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfqws2: dissect of partial packets

Browse Source
This commit is contained in:
bol-van
2026-01-26 16:04:06 +03:00
parent 12a9bf8b19
commit 1d869650b1
2 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lua/zapret-tests.lua
View File

@@ -119,7 +119,7 @@ function test_aes()
print()
print("* aes test key_size "..tostring(key_size))
print("clear text: "..clear_text);
print("clear text: "..clear_text)
print("* encrypting")
encrypted = aes(true, key, clear_text)
@@ -158,8 +158,8 @@ function test_aes_gcm()
print()
print("* aes_gcm test key_size "..tostring(key_size))
print("clear text: "..clear_text);
print("authenticated data: "..authenticated_data);
print("clear text: "..clear_text)
print("authenticated data: "..authenticated_data)
print("* encrypting")
encrypted, atag = aes_gcm(true, key, iv, clear_text, authenticated_data)
@@ -224,7 +224,7 @@ function test_aes_ctr()
print()
print("* aes_ctr test key_size "..tostring(key_size))
print("clear text: "..clear_text);
print("clear text: "..clear_text)
print("* encrypting")
encrypted = aes_ctr(key, iv, clear_text)
@@ -425,7 +425,7 @@ end
function test_ipstr()
local s_ip, ip, s_ip2
s_ip = string.format("%u.%u.%u.%u", math.random(0,255), math.random(0,255), math.random(0,255), math.random(0,255));
s_ip = string.format("%u.%u.%u.%u", math.random(0,255), math.random(0,255), math.random(0,255), math.random(0,255))
ip = pton(s_ip)
s_ip2 = ntop(ip)
print("IP: "..s_ip)
@@ -433,7 +433,7 @@ function test_ipstr()
print("IP2: "..s_ip2)
test_assert(s_ip==s_ip2)
s_ip = string.format("%x:%x:%x:%x:%x:%x:%x:%x", math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF));
s_ip = string.format("%x:%x:%x:%x:%x:%x:%x:%x", math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF))
ip = pton(s_ip)
s_ip2 = ntop(ip)
print("IP: "..s_ip)
@@ -568,7 +568,7 @@ function test_dissect()
test_assert(raw1==raw2)
print("IP6 standalone")
ip6_udp.ip6.ip6_plen = nil;
ip6_udp.ip6.ip6_plen = nil
raw1 = reconstruct_ip6hdr(ip6_udp.ip6,{ip6_last_proto=IPPROTO_UDP})
print("IP1: "..string2hex(raw1))
dis1 = dissect_ip6hdr(raw1)
@@ -576,6 +576,13 @@ function test_dissect()
print("IP2: "..string2hex(raw2))
print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" )
test_assert(raw1==raw2)
raw1 = string.sub(reconstruct_dissect(ip6_udp),1,-4-#ip6_udp.payload)
dis1 = dissect(raw1, false)
dis2 = dissect(raw1, true)
local ok = not dis1.ip6 and dis2.ip6
print("IP6 partial : "..(ok and "OK" or "FAIL"))
test_assert(ok)
end
end
@@ -901,7 +908,7 @@ function test_rawsend(opts)
test_assert(rawsend_dissect_print(dis, {repeats=3}))
ip2 = deepcopy(ip6)
ip2.ip6_plen = UDP_BASE_LEN + #payload;
ip2.ip6_plen = UDP_BASE_LEN + #payload
raw_ip = reconstruct_ip6hdr(ip2, {ip6_last_proto = IPPROTO_UDP})
raw_udp = reconstruct_udphdr({uh_sport = udp.uh_sport, uh_dport = udp.uh_dport, uh_ulen = UDP_BASE_LEN + #payload})
raw_udp = csum_udp_fix(raw_ip,raw_udp,payload)
@@ -927,7 +934,7 @@ function test_rawsend(opts)
insert_ip6_exthdr(ip6, nil, IPPROTO_DSTOPTS, "\x00\x00\x00\x00\x00\x00")
insert_ip6_exthdr(ip6, nil, IPPROTO_DSTOPTS, "\x00\x00\x00\x00\x00\x00")
ip6.ip6_flow = 0x60001234;
ip6.ip6_flow = 0x60001234
ddis = ipfrag2(dis, {ipfrag_pos_udp = 80})
for k,d in ipairs(ddis) do
print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part")
@@ -935,7 +942,7 @@ function test_rawsend(opts)
end
fix_ip_proto(dis) -- ip6_preserve_next requires next fields in ip6.exthdr
ip6.ip6_flow = 0x6000AE38;
ip6.ip6_flow = 0x6000AE38
ddis = ipfrag2(dis, {ipfrag_pos_udp = 72, ipfrag_next = IPPROTO_TCP})
for k,d in ipairs(ddis) do
print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part. forge next proto in fragment header of the second fragment to TCP")
@@ -955,8 +962,8 @@ function test_rawsend(opts)
test_assert(rawsend_dissect_print(dis, {fwmark = 0xD133, repeats=3}))
ip6.exthdr={{ type = IPPROTO_HOPOPTS, data = "\x00\x00\x00\x00\x00\x00" }}
ip6.ip6_flow=0x60009E3B;
icmp.icmp_type = ICMP6_ECHO_REQUEST;
ip6.ip6_flow=0x60009E3B
icmp.icmp_type = ICMP6_ECHO_REQUEST
dis = {ip6 = ip6, icmp = icmp, payload = payload}
print("send ipv6 icmp")
test_assert(rawsend_dissect_print(dis, {fwmark = 0x8E10, repeats=3}))

6
nfq2/lua.c
View File

@@ -2571,15 +2571,17 @@ static int luacall_reconstruct_dissect(lua_State *L)
static int luacall_dissect(lua_State *L)
{
// dissect(packet_data)
lua_check_argc(L,"dissect",1);
lua_check_argc_range(L,"dissect",1,2);
LUA_STACK_GUARD_ENTER(L)
size_t len;
const uint8_t *data = (const uint8_t*)lua_reqlstring(L, 1, &len);
int argc = lua_gettop(L);
bool no_payload_check = argc>=2 ? lua_toboolean(L, 2) : false;
struct dissect dis;
proto_dissect_l3l4(data, len, &dis, false);
proto_dissect_l3l4(data, len, &dis, no_payload_check);
lua_push_dissect(L, &dis);