From 2490ef695134576e82569ff4c99135b0cdcdec16 Mon Sep 17 00:00:00 2001 From: bol-van Date: Sat, 31 Jan 2026 17:47:18 +0300 Subject: [PATCH] AI inspired fixes --- lua/zapret-obfs.lua | 2 +- nfq2/darkmagic.c | 9 +++++++-- nfq2/desync.c | 2 +- nfq2/helpers.c | 2 +- nfq2/lua.c | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/lua/zapret-obfs.lua b/lua/zapret-obfs.lua index 3d8dbd0..393cf33 100644 --- a/lua/zapret-obfs.lua +++ b/lua/zapret-obfs.lua @@ -410,7 +410,7 @@ function synhide(ctx, desync) if magic=="tsecr" then desync.dis.tcp.options[tsidx].data = string.sub(desync.dis.tcp.options[tsidx].data,1,6) .. "\x00\x00" elseif magic=="x2" then - desync.dis.tcp.th_x2 = bitand(desync.dis.tcp.th_x2,bitnot(1)) + desync.dis.tcp.th_x2 = bitand(desync.dis.tcp.th_x2,bitnot(x2)) elseif magic=="urp" then desync.dis.tcp.th_urp = 0 elseif magic=="opt" then diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index 95f9d2b..a4c883c 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -373,7 +373,7 @@ void print_icmphdr(const struct icmp46 *icmp, bool v6) bool proto_check_ipv4(const uint8_t *data, size_t len) { - return len >= sizeof(struct ip) && (data[0] & 0xF0) == 0x40 && + return len >= sizeof(struct ip) && (data[0] & 0xF0) == 0x40 && (data[0] & 0x0F)>=5 && len >= ((data[0] & 0x0F) << 2); } // move to transport protocol @@ -402,7 +402,8 @@ bool proto_check_udp(const uint8_t *data, size_t len) } bool proto_check_udp_payload(const uint8_t *data, size_t len) { - return len >= ntohs(((struct udphdr*)data)->uh_ulen); + uint16_t l = ntohs(((struct udphdr*)data)->uh_ulen); + return l>=sizeof(struct udphdr) && len >= l; } void proto_skip_udp(const uint8_t **data, size_t *len) { @@ -2267,8 +2268,10 @@ void verdict_udp_csum_fix(uint8_t verdict, struct udphdr *udphdr, size_t transpo #ifdef __FreeBSD__ if (ip6hdr) #endif + { DLOG("fixing udp checksum\n"); udp_fix_checksum(udphdr,transport_len,ip,ip6hdr); + } } #endif } @@ -2284,8 +2287,10 @@ void verdict_icmp_csum_fix(uint8_t verdict, struct icmp46 *icmphdr, size_t trans #ifdef __FreeBSD__ if (ip6hdr) #endif + { DLOG("fixing icmp checksum\n"); icmp_fix_checksum(icmphdr,transport_len,ip6hdr); + } } #endif } diff --git a/nfq2/desync.c b/nfq2/desync.c index 2270fb9..423d607 100644 --- a/nfq2/desync.c +++ b/nfq2/desync.c @@ -630,8 +630,8 @@ static uint8_t ct_new_postnat_fix(const t_ctrack *ctrack, const struct dissect * ((struct ip*)mod_pkt)->ip_ttl = 1; } *len_mod_pkt = dis->len_pkt; + return VERDICT_MODIFY | VERDICT_NOCSUM; } - return VERDICT_MODIFY | VERDICT_NOCSUM; } #endif return VERDICT_DROP; diff --git a/nfq2/helpers.c b/nfq2/helpers.c index 58dc86a..43c5f8e 100644 --- a/nfq2/helpers.c +++ b/nfq2/helpers.c @@ -109,7 +109,7 @@ bool load_file(const char *filename, off_t offset, void *buffer, size_t *buffer_ if (offset) { - if (-1 == lseek(fileno(F), offset, SEEK_SET)) + if (fseek(F, offset, SEEK_SET)) { fclose(F); return false; diff --git a/nfq2/lua.c b/nfq2/lua.c index aae015a..8fb2a55 100644 --- a/nfq2/lua.c +++ b/nfq2/lua.c @@ -1565,7 +1565,7 @@ void lua_push_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len) { LUA_STACK_GUARD_ENTER(L) - if (ip6) + if (ip6 && len>=sizeof(struct ip6_hdr)) { lua_createtable(L, 0, 7); lua_pushf_lint(L,"ip6_flow",ntohl(ip6->ip6_ctlun.ip6_un1.ip6_un1_flow));