From 2a4195070f7423ba8bc3db82f8d6b20763daf310 Mon Sep 17 00:00:00 2001 From: bol-van Date: Sun, 22 Feb 2026 09:06:53 +0300 Subject: [PATCH] AI fixes --- lua/zapret-lib.lua | 17 ++++++++--------- nfq2/conntrack.c | 3 --- nfq2/darkmagic.c | 6 +++--- nfq2/darkmagic.h | 2 +- nfq2/desync.c | 2 +- nfq2/filter.c | 4 ++-- nfq2/ipset.c | 2 +- nfq2/params.c | 4 ++-- nfq2/pools.c | 1 - 9 files changed, 18 insertions(+), 23 deletions(-) diff --git a/lua/zapret-lib.lua b/lua/zapret-lib.lua index 70b33d7..c8c44b8 100644 --- a/lua/zapret-lib.lua +++ b/lua/zapret-lib.lua @@ -96,7 +96,7 @@ function detect_payload_str(ctx, desync) error("detect_payload_str: missing 'pattern'") end local data = desync.reasm_data or desync.dis.payload - local b = string.find(data,desync.arg.pattern,1,true) + local b = data and string.find(data,desync.arg.pattern,1,true) if b then DLOG("detect_payload_str: detected '"..desync.arg.payload.."'") if desync.arg.payload then desync.l7payload = desync.arg.payload end @@ -337,9 +337,8 @@ end -- convert array a to packed string using 'packer' function. only numeric indexes starting from 1, order preserved function barray(a, packer) - local sa={} if a then - local s="" + local sa={} for i=1,#a do sa[i] = packer(a[i]) end @@ -348,16 +347,16 @@ function barray(a, packer) end -- convert table a to packed string using 'packer' function. any indexes, any order function btable(a, packer) - local sa={} if a then - local s="" + local sa={} + local i=1 for k,v in pairs(a) do - sa[k] = packer(v) + sa[i] = packer(v) + i=i+1 end return table.concat(sa) end end - -- sequence comparision functions. they work only within 2G interval -- seq1>=seq2 function seq_ge(seq1, seq2) @@ -1619,9 +1618,9 @@ function gzip_file(filename, data, expected_ratio, level, memlevel, compress_blo if not gz then error("gzip_file: stream init error") end - local off=1, block_size + local off=1 repeat - block_size = #data-off+1 + local block_size = #data-off+1 if block_size>compress_block_size then block_size=compress_block_size end local comp, eof = gzip_deflate(gz, string.sub(data,off,off+block_size-1), block_size / expected_ratio) if not comp then diff --git a/nfq2/conntrack.c b/nfq2/conntrack.c index 2f455c2..ae44b6d 100644 --- a/nfq2/conntrack.c +++ b/nfq2/conntrack.c @@ -172,9 +172,6 @@ static void ConntrackApplyPos(t_ctrack *t, bool bReverse, const struct dissect * static void ConntrackFeedPacket(t_ctrack *t, bool bReverse, const struct dissect *dis) { - uint8_t scale; - uint16_t mss; - if (bReverse) { t->pos.server.pcounter++; diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index 8d8ab89..273a857 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -48,7 +48,7 @@ uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment) { return htonl(ntohl(netorder_value)+cpuorder_increment); } -uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment) +uint16_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment) { return htons(ntohs(netorder_value)+cpuorder_increment); } @@ -229,7 +229,7 @@ uint16_t family_from_proto(uint8_t l3proto) { case IPPROTO_IP: return AF_INET; case IPPROTO_IPV6: return AF_INET6; - default: return -1; + default: return AF_UNSPEC; } } @@ -2160,8 +2160,8 @@ static uint8_t *find_ie(uint8_t *buf, size_t len, uint8_t ie) { if (len<(2+buf[1])) break; if (buf[0]==ie) return buf; - buf+=buf[1]+2; len-=buf[1]+2; + buf+=buf[1]+2; } return NULL; } diff --git a/nfq2/darkmagic.h b/nfq2/darkmagic.h index 6fca51d..5136410 100644 --- a/nfq2/darkmagic.h +++ b/nfq2/darkmagic.h @@ -94,7 +94,7 @@ // returns netorder value uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment); -uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment); +uint16_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment); #define SCALE_NONE ((uint8_t)-1) diff --git a/nfq2/desync.c b/nfq2/desync.c index 5937904..44c942c 100644 --- a/nfq2/desync.c +++ b/nfq2/desync.c @@ -1891,7 +1891,7 @@ rediscover_cancel: ps.verdict = desync(ps.dp, fwmark, ifin, ifout, ps.bReverseFixed, ps.ctrack_replay, tpos, ps.l7payload, ps.l7proto, dis, ps.sdip4, ps.sdip6, ps.sdport, mod_pkt, len_mod_pkt, replay_piece, replay_piece_count, reasm_offset, NULL, 0, data_decrypt, len_decrypt); pass: - return (!ps.bReverse && (ps.verdict & VERDICT_MASK) == VERDICT_DROP) ? ct_new_postnat_fix(ps.ctrack, dis, mod_pkt, len_mod_pkt) : ps.verdict; + return (!ps.bReverseFixed && (ps.verdict & VERDICT_MASK) == VERDICT_DROP) ? ct_new_postnat_fix(ps.ctrack, dis, mod_pkt, len_mod_pkt) : ps.verdict; } // conntrack is supported only for RELATED icmp diff --git a/nfq2/filter.c b/nfq2/filter.c index 4c736a1..9057e57 100644 --- a/nfq2/filter.c +++ b/nfq2/filter.c @@ -180,7 +180,7 @@ void str_cidr4(char *s, size_t s_len, const struct cidr4 *cidr) } void print_cidr4(const struct cidr4 *cidr) { - char s[19]; + char s[INET_ADDRSTRLEN+4]; str_cidr4(s,sizeof(s),cidr); printf("%s",s); } @@ -193,7 +193,7 @@ void str_cidr6(char *s, size_t s_len, const struct cidr6 *cidr) } void print_cidr6(const struct cidr6 *cidr) { - char s[INET_ADDRSTRLEN+4]; + char s[INET6_ADDRSTRLEN+4]; str_cidr6(s,sizeof(s),cidr); printf("%s",s); } diff --git a/nfq2/ipset.c b/nfq2/ipset.c index 7ec063f..6e11028 100644 --- a/nfq2/ipset.c +++ b/nfq2/ipset.c @@ -104,7 +104,7 @@ static bool AppendIpset(ipset *ips, const char *filename) { DLOG_CONDUP("loading plain text list\n"); - while (fgets(s, sizeof(s)-1, F)) + while (fgets_safe(s, sizeof(s)-1, F)) { p = s; if (!addpool(ips,&p,p+strlen(p),&ct)) diff --git a/nfq2/params.c b/nfq2/params.c index 1cb14a5..dc39328 100644 --- a/nfq2/params.c +++ b/nfq2/params.c @@ -116,7 +116,7 @@ static char log_buf[4096]; static size_t log_buf_sz=0; static void syslog_log_function(int priority, const char *line) { - syslog(priority,"%s",log_buf); + syslog(priority,"%s",line); } static int DLOG_FILENAME(const char *filename, const char *format, ...) @@ -405,7 +405,7 @@ static struct desync_profile_list *desync_profile_entry_alloc() struct desync_profile_list *dp_list_add(struct desync_profile_list_head *head) { struct desync_profile_list *entry = desync_profile_entry_alloc(); - if (!entry) return false; + if (!entry) return NULL; struct desync_profile_list *tail, *item; LIST_TAIL(head, tail, item); diff --git a/nfq2/pools.c b/nfq2/pools.c index 432ea4b..202012d 100644 --- a/nfq2/pools.c +++ b/nfq2/pools.c @@ -493,7 +493,6 @@ void kavl_bit_destroy(struct kavl_bit_elem **hdr) if (!e) break; kavl_bit_destroy_elem(e); } - free(*hdr); } struct kavl_bit_elem *kavl_bit_add(struct kavl_bit_elem **hdr, void *data, unsigned int bitlen, size_t struct_size) {