AI inspired fixes

2026-03-13 22:03:09 +00:00 · 2026-01-31 17:47:18 +03:00
parent a531da39fd
commit 2490ef6951
5 changed files with 11 additions and 6 deletions
--- a/lua/zapret-obfs.lua
+++ b/lua/zapret-obfs.lua
@@ -410,7 +410,7 @@ function synhide(ctx, desync)
 		if magic=="tsecr" then
 			desync.dis.tcp.options[tsidx].data = string.sub(desync.dis.tcp.options[tsidx].data,1,6) .. "\x00\x00"
 		elseif magic=="x2" then
-			desync.dis.tcp.th_x2 = bitand(desync.dis.tcp.th_x2,bitnot(1))
+			desync.dis.tcp.th_x2 = bitand(desync.dis.tcp.th_x2,bitnot(x2))
 		elseif magic=="urp" then
 			desync.dis.tcp.th_urp = 0
 		elseif magic=="opt" then
--- a/nfq2/darkmagic.c
+++ b/nfq2/darkmagic.c
@@ -373,7 +373,7 @@ void print_icmphdr(const struct icmp46 *icmp, bool v6)

 bool proto_check_ipv4(const uint8_t *data, size_t len)
 {
-	return 	len >= sizeof(struct ip) && (data[0] & 0xF0) == 0x40 &&
+	return 	len >= sizeof(struct ip) && (data[0] & 0xF0) == 0x40 && (data[0] & 0x0F)>=5 &&
 		len >= ((data[0] & 0x0F) << 2);
 }
 // move to transport protocol
@@ -402,7 +402,8 @@ bool proto_check_udp(const uint8_t *data, size_t len)
 }
 bool proto_check_udp_payload(const uint8_t *data, size_t len)
 {
-	return len >= ntohs(((struct udphdr*)data)->uh_ulen);
+	uint16_t l = ntohs(((struct udphdr*)data)->uh_ulen);
+	return l>=sizeof(struct udphdr) && len >= l;
 }
 void proto_skip_udp(const uint8_t **data, size_t *len)
 {
@@ -2267,8 +2268,10 @@ void verdict_udp_csum_fix(uint8_t verdict, struct udphdr *udphdr, size_t transpo
 		#ifdef __FreeBSD__
 		if (ip6hdr)
 		#endif
+		{
 			DLOG("fixing udp checksum\n");
 			udp_fix_checksum(udphdr,transport_len,ip,ip6hdr);
+		}
 	}
 #endif
 }
@@ -2284,8 +2287,10 @@ void verdict_icmp_csum_fix(uint8_t verdict, struct icmp46 *icmphdr, size_t trans
 		#ifdef __FreeBSD__
 		if (ip6hdr)
 		#endif
+		{
 			DLOG("fixing icmp checksum\n");
 			icmp_fix_checksum(icmphdr,transport_len,ip6hdr);
+		}
 	}
 #endif
 }
--- a/nfq2/desync.c
+++ b/nfq2/desync.c
@@ -630,8 +630,8 @@ static uint8_t ct_new_postnat_fix(const t_ctrack *ctrack, const struct dissect *
 				((struct ip*)mod_pkt)->ip_ttl = 1;
 			}
 			*len_mod_pkt = dis->len_pkt;
+			return VERDICT_MODIFY | VERDICT_NOCSUM;
 		}
-		return VERDICT_MODIFY | VERDICT_NOCSUM;
 	}
 #endif
 	return VERDICT_DROP;
--- a/nfq2/helpers.c
+++ b/nfq2/helpers.c
@@ -109,7 +109,7 @@ bool load_file(const char *filename, off_t offset, void *buffer, size_t *buffer_

 	if (offset)
 	{
-		if (-1 == lseek(fileno(F), offset, SEEK_SET))
+		if (fseek(F, offset, SEEK_SET))
 		{
 			fclose(F);
 			return false;
--- a/nfq2/lua.c
+++ b/nfq2/lua.c
@@ -1565,7 +1565,7 @@ void lua_push_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len)
 {
 	LUA_STACK_GUARD_ENTER(L)

-	if (ip6)
+	if (ip6 && len>=sizeof(struct ip6_hdr))
 	{
 		lua_createtable(L, 0, 7);
 		lua_pushf_lint(L,"ip6_flow",ntohl(ip6->ip6_ctlun.ip6_un1.ip6_un1_flow));