From 4a9072a94987b7c61cd572dd4ab88dd90218dc65 Mon Sep 17 00:00:00 2001 From: bol-van Date: Wed, 4 Feb 2026 14:23:21 +0300 Subject: [PATCH] nfqws2: unblocked bcryptorandom, --new=name, AI fixes --- nfq2/andr/random.c | 33 +++++++ nfq2/andr/random.h | 17 ++++ nfq2/conntrack.c | 19 +++-- nfq2/darkmagic.c | 2 +- nfq2/helpers.c | 59 +++++++++++-- nfq2/helpers.h | 2 + nfq2/lua.c | 208 +++++++++++++++++++++------------------------ nfq2/nfqws.c | 16 +++- nfq2/params.c | 2 +- nfq2/pools.c | 20 ++--- nfq2/pools.h | 1 - 11 files changed, 237 insertions(+), 142 deletions(-) create mode 100644 nfq2/andr/random.c create mode 100644 nfq2/andr/random.h diff --git a/nfq2/andr/random.c b/nfq2/andr/random.c new file mode 100644 index 0000000..10d2f3b --- /dev/null +++ b/nfq2/andr/random.c @@ -0,0 +1,33 @@ +#if __ANDROID_API__ < 28 + +#include "random.h" +#include +#include + +#ifndef SYS_getrandom + +#if defined(__aarch64__) + #define SYS_getrandom 278 + +#elif defined(__arm__) + /* ARM EABI */ + #define SYS_getrandom 384 + +#elif defined(__x86_64__) + #define SYS_getrandom 318 + +#elif defined(__i386__) + #define SYS_getrandom 355 + +#else + #error "Unsupported architecture: SYS_getrandom not defined" +#endif + +#endif + +ssize_t getrandom(void *ptr, size_t len, unsigned int flags) +{ + return syscall(SYS_getrandom, ptr, len, flags); +} + +#endif diff --git a/nfq2/andr/random.h b/nfq2/andr/random.h new file mode 100644 index 0000000..c4178fa --- /dev/null +++ b/nfq2/andr/random.h @@ -0,0 +1,17 @@ +#pragma once + +#if __ANDROID_API__ < 28 + +#include + +/* getrandom flags */ +#define GRND_NONBLOCK 1 +#define GRND_RANDOM 2 + +ssize_t getrandom(void *ptr, size_t len, unsigned int flags); + +#else + +#include + +#endif diff --git a/nfq2/conntrack.c b/nfq2/conntrack.c index f3245a6..176b3d4 100644 --- a/nfq2/conntrack.c +++ b/nfq2/conntrack.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE #include "conntrack.h" #include "darkmagic.h" #include @@ -66,7 +67,7 @@ void ConntrackPoolInit(t_conntrack *p, time_t purge_interval, uint32_t timeout_s p->timeout_fin = timeout_fin; p->timeout_udp = timeout_udp; p->t_purge_interval = purge_interval; - time(&p->t_last_purge); + p->t_last_purge = boottime(); p->pool = NULL; } @@ -215,7 +216,7 @@ static void ConntrackFeedPacket(t_ctrack *t, bool bReverse, const struct dissect ConntrackApplyPos(t, bReverse, dis); } - clock_gettime(CLOCK_REALTIME, &t->pos.t_last); + clock_gettime(CLOCK_BOOTTIME, &t->pos.t_last); // make sure t_start gets exactly the same value as first t_last if (!t->t_start.tv_sec) t->t_start = t->pos.t_last; } @@ -314,14 +315,14 @@ bool ConntrackPoolDrop(t_conntrack *p, const struct dissect *dis) void ConntrackPoolPurge(t_conntrack *p) { time_t tidle; - struct timespec tnow; + time_t tnow; t_conntrack_pool *t, *tmp; - if (clock_gettime(CLOCK_REALTIME, &tnow)) return; - if ((tnow.tv_sec - p->t_last_purge) >= p->t_purge_interval) + if (!(tnow=boottime())) return; + if ((tnow - p->t_last_purge) >= p->t_purge_interval) { HASH_ITER(hh, p->pool, t, tmp) { - tidle = tnow.tv_sec - t->track.pos.t_last.tv_sec; + tidle = tnow - t->track.pos.t_last.tv_sec; if (t->track.b_cutoff || (t->conn.l4proto == IPPROTO_TCP && ( (t->track.pos.state == SYN && tidle >= p->timeout_syn) || @@ -333,7 +334,7 @@ void ConntrackPoolPurge(t_conntrack *p) HASH_DEL(p->pool, t); ConntrackFreeElem(t); } } - p->t_last_purge = tnow.tv_sec; + p->t_last_purge = tnow; } } @@ -348,7 +349,7 @@ void ConntrackPoolDump(const t_conntrack *p) struct timespec tnow; char sa1[40], sa2[40]; - if (clock_gettime(CLOCK_REALTIME, &tnow)) return; + if (clock_gettime(CLOCK_BOOTTIME, &tnow)) return; HASH_ITER(hh, p->pool, t, tmp) { taddr2str(t->conn.l3proto, &t->conn.src, sa1, sizeof(sa1)); taddr2str(t->conn.l3proto, &t->conn.dst, sa2, sizeof(sa2)); @@ -418,7 +419,7 @@ bool ReasmFeed(t_reassemble *reasm, uint32_t seq, const void *payload, size_t le if ((reasm->size_present - neg_overlap + szcopy) > reasm->size) return false; // buffer overflow // in case of seq overlap new data replaces old - unix behavior - memcpy(reasm->packet + reasm->size_present - neg_overlap, payload + szignore, szcopy); + memcpy(reasm->packet + reasm->size_present - neg_overlap, (const uint8_t*)payload + szignore, szcopy); if (szcopy>neg_overlap) { reasm->size_present += szcopy - neg_overlap; diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index a0b4ca8..94da04b 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -2169,7 +2169,7 @@ static time_t wlan_info_last = 0; static bool wlan_info_rate_limited(struct mnl_socket* nl, uint16_t wlan_family_id, struct wlan_interface_collection* w) { bool bres = true; - time_t now = time(NULL); + time_t now = boottime(); // do not purge too often to save resources if (wlan_info_last != now) diff --git a/nfq2/helpers.c b/nfq2/helpers.c index 09efd40..2004fe3 100644 --- a/nfq2/helpers.c +++ b/nfq2/helpers.c @@ -9,6 +9,13 @@ #include #include #include +#include + +#if defined(__ANDROID__) +#include "andr/random.h" +#elif defined(__linux__) || defined(__CYGWIN__) +#include +#endif #define UNIQ_SORT \ { \ @@ -474,12 +481,46 @@ void fill_random_az09(uint8_t *p,size_t sz) } bool fill_crypto_random_bytes(uint8_t *p,size_t sz) { - bool b; - FILE *F = fopen("/dev/random","rb"); - if (!F) return false; - b = fread(p,sz,1,F)==1; - fclose(F); - return b; + ssize_t rd; + int fd; + +#if defined(__linux__) || defined(__CYGWIN__) + for(; sz && (rd=getrandom(p,sz,GRND_NONBLOCK))>0 ; p+=rd, sz-=rd); + if (sz) +#elif defined(BSD) + while(sz) + { + rd = sz<256 ? sz : 256; // BSD limitation + if (getentropy(p,rd)) break; + p+=rd; sz-=rd; + } + if (sz) +#endif + { + if ((fd = open("/dev/random",O_NONBLOCK))>=0) + { + do + { + if ((rd=read(fd,p,sz))>0) + { + p+=rd; sz-=rd; + } + } while(sz && rd>0); + close(fd); + } + if (sz && (fd = open("/dev/urandom",0))>=0) + { + do + { + if ((rd=read(fd,p,sz))>0) + { + p+=rd; sz-=rd; + } + } while(sz && rd>0); + close(fd); + } + } + return !sz; } #if defined(__GNUC__) && !defined(__llvm__) @@ -581,3 +622,9 @@ const struct in6_addr *mask_from_bitcount6(uint32_t zct) { return ip6_mask+zct; } + +time_t boottime(void) +{ + struct timespec ts; + return clock_gettime(CLOCK_BOOTTIME, &ts) ? 0 : ts.tv_sec; +} diff --git a/nfq2/helpers.h b/nfq2/helpers.h index 1f622af..4b3ef47 100644 --- a/nfq2/helpers.h +++ b/nfq2/helpers.h @@ -104,3 +104,5 @@ bool parse_int16(const char *p, int16_t *v); uint32_t mask_from_bitcount(uint32_t zct); void mask_from_bitcount6_prepare(void); const struct in6_addr *mask_from_bitcount6(uint32_t zct); + +time_t boottime(void); diff --git a/nfq2/lua.c b/nfq2/lua.c index fa602c8..9bc4d71 100644 --- a/nfq2/lua.c +++ b/nfq2/lua.c @@ -465,41 +465,41 @@ static int luacall_divint(lua_State *L) static int luacall_brandom(lua_State *L) { lua_check_argc(L,"brandom",1); + + LUA_STACK_GUARD_ENTER(L) lua_Integer len = luaL_checkinteger(L,1); if (len<0) luaL_error(L, "brandom: invalid arg"); - uint8_t *p = malloc(len); - if (!p) luaL_error(L, "out of memory"); + uint8_t *p = lua_newuserdata(L, len); fill_random_bytes(p,len); - // in out of memory condition this will leave p unfreed lua_pushlstring(L,(char*)p,len); - free(p); - return 1; + lua_remove(L,-2); + LUA_STACK_GUARD_RETURN(L,1) } static int luacall_brandom_az(lua_State *L) { lua_check_argc(L,"brandom_az",1); + + LUA_STACK_GUARD_ENTER(L) lua_Integer len = luaL_checkinteger(L,1); - if (len<0) luaL_error(L, "brandom_az: invalid arg"); - uint8_t *p = malloc(len); - if (!p) luaL_error(L, "out of memory"); + if (len<0) luaL_error(L, "brandom: invalid arg"); + uint8_t *p = lua_newuserdata(L, len); fill_random_az(p,len); - // in out of memory condition this will leave p unfreed lua_pushlstring(L,(char*)p,len); - free(p); - return 1; + lua_remove(L,-2); + LUA_STACK_GUARD_RETURN(L,1) } static int luacall_brandom_az09(lua_State *L) { lua_check_argc(L,"brandom_az09",1); + + LUA_STACK_GUARD_ENTER(L) lua_Integer len = luaL_checkinteger(L,1); - if (len<0) luaL_error(L, "brandom_az09: invalid arg"); - uint8_t *p = malloc(len); - if (!p) luaL_error(L, "out of memory"); + if (len<0) luaL_error(L, "brandom: invalid arg"); + uint8_t *p = lua_newuserdata(L, len); fill_random_az09(p,len); - // in out of memory condition this will leave p unfreed lua_pushlstring(L,(char*)p,len); - free(p); - return 1; + lua_remove(L,-2); + LUA_STACK_GUARD_RETURN(L,1) } // hacky function. breaks immutable string behavior. @@ -537,16 +537,14 @@ static int luacall_parse_hex(lua_State *L) const char *hex = lua_reqlstring(L,1,&l); if ((l&1)) goto err; l>>=1; - uint8_t *p = malloc(l); - if (!p) goto err; + uint8_t *p = lua_newuserdata(L, l); if (!parse_hex_str(hex,p,&l)) { - free(p); + lua_pop(L,1); goto err; } - // in out of memory condition this will leave p unfreed lua_pushlstring(L,(char*)p,l); - free(p); + lua_remove(L,-2); ex: LUA_STACK_GUARD_RETURN(L,1) err: @@ -577,18 +575,15 @@ static int luacall_bcryptorandom(lua_State *L) lua_Integer len = luaL_checkinteger(L,1); if (len<0) luaL_error(L, "bcryptorandom: invalid arg"); - uint8_t *p = malloc(len); - if (!p) luaL_error(L, "out of memory"); - + uint8_t *p = lua_newuserdata(L, len); if (!fill_crypto_random_bytes(p,len)) { - free(p); // this is fatal. they expect us to give them crypto secure random blob - luaL_error(L, "could not read random data from /dev/random"); + luaL_error(L, "could not get entropy bytes"); } lua_pushlstring(L,(char*)p,len); - free(p); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -603,13 +598,12 @@ static int luac_bop(lua_State *L, const char *name, void (*op)(const uint8_t *x1 const uint8_t *d1 = (const uint8_t*)lua_reqlstring(L,1,&sz1); const uint8_t *d2 = (const uint8_t*)lua_reqlstring(L,2,&sz2); if (sz1!=sz2) luaL_error(L, "string lengths must be the same\n"); - uint8_t *d3 = malloc(sz1); - if (!d3) luaL_error(L, "out of memory"); + uint8_t *d3 = lua_newuserdata(L, sz1); op(d1,d2,d3,sz1); lua_pushlstring(L,(char*)d3,sz1); - free(d3); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -699,8 +693,7 @@ static int luacall_aes_gcm(lua_State *L) const uint8_t *add = lua_isnoneornil(L,5) ? NULL : (uint8_t*)lua_reqlstring(L,5,&add_len); uint8_t atag[16]; - uint8_t *output = malloc(input_len); - if (!output) luaL_error(L, "out of memory"); + uint8_t *output = lua_newuserdata(L, input_len); if (aes_gcm_crypt(bEncrypt, output, input, input_len, key, key_len, iv, iv_len, add, add_len, atag, sizeof(atag))) { @@ -712,7 +705,7 @@ static int luacall_aes_gcm(lua_State *L) lua_pushlstring(L,(const char*)output,input_len); lua_pushlstring(L,(const char*)atag,sizeof(atag)); } - free(output); + lua_remove(L,-3); LUA_STACK_GUARD_RETURN(L,2) } @@ -737,14 +730,14 @@ static int luacall_aes_ctr(lua_State *L) size_t input_len; const uint8_t *input = (uint8_t*)luaL_checklstring(L,3,&input_len); - uint8_t *output = malloc(input_len); - if (!output) luaL_error(L, "out of memory"); + uint8_t *output = lua_newuserdata(L, input_len); if (aes_ctr_crypt(key, key_len, iv, input, input_len, output)) lua_pushnil(L); else lua_pushlstring(L,(const char*)output,input_len); - free(output); + + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -768,15 +761,14 @@ static int luacall_hkdf(lua_State *L) lua_Integer okm_len = luaL_checkinteger(L,5); if (okm_len<0) luaL_error(L, "hkdf: invalid arg"); - uint8_t *okm = malloc(okm_len); - if (!okm) luaL_error(L, "out of memory"); + uint8_t *okm = lua_newuserdata(L, okm_len); if (hkdf(sha_ver, salt, salt_len, ikm, ikm_len, info, info_len, okm, okm_len)) lua_pushnil(L); else lua_pushlstring(L,(const char*)okm, okm_len); - free(okm); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -2668,8 +2660,7 @@ static int luacall_csum_tcp_fix(lua_State *L) luaL_error(L, "invalid payload length"); size_t l_tpl = l_tcp + l_pl; - uint8_t *tpl = malloc(l_tpl); - if (!tpl) luaL_error(L, "out of memory"); + uint8_t *tpl = lua_newuserdata(L, l_tpl); memcpy(tpl, b_tcp, l_tcp); memcpy(tpl+l_tcp, b_pl, l_pl); @@ -2677,7 +2668,7 @@ static int luacall_csum_tcp_fix(lua_State *L) tcp_fix_checksum(tcp, l_tpl, ip, ip6); lua_pushlstring(L,(char*)tpl,l_tcp); - free(tpl); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -2711,8 +2702,7 @@ static int luacall_csum_udp_fix(lua_State *L) luaL_error(L, "invalid payload length"); size_t l_tpl = l_udp + l_pl; - uint8_t *tpl = malloc(l_tpl); - if (!tpl) luaL_error(L, "out of memory"); + uint8_t *tpl = lua_newuserdata(L, l_tpl); memcpy(tpl, b_udp, l_udp); memcpy(tpl+l_udp, b_pl, l_pl); @@ -2720,7 +2710,7 @@ static int luacall_csum_udp_fix(lua_State *L) udp_fix_checksum(udp, l_tpl, ip, ip6); lua_pushlstring(L,(char*)tpl,l_udp); - free(tpl); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -2754,8 +2744,7 @@ static int luacall_csum_icmp_fix(lua_State *L) luaL_error(L, "invalid payload length"); size_t l_tpl = l_icmp + l_pl; - uint8_t *tpl = malloc(l_tpl); - if (!tpl) luaL_error(L, "out of memory"); + uint8_t *tpl = lua_newuserdata(L, l_tpl); memcpy(tpl, b_icmp, l_icmp); memcpy(tpl+l_icmp, b_pl, l_pl); @@ -2763,7 +2752,7 @@ static int luacall_csum_icmp_fix(lua_State *L) icmp_fix_checksum(icmp, l_tpl, ip6); lua_pushlstring(L,(char*)tpl,l_icmp); - free(tpl); + lua_remove(L,-2); LUA_STACK_GUARD_RETURN(L,1) } @@ -3014,74 +3003,71 @@ static int lua_get_ifaddrs(lua_State *L) ULONG Size=0; if (GetAdaptersAddresses(AF_UNSPEC, GAA_FLAGS, NULL, NULL, &Size)==ERROR_BUFFER_OVERFLOW) { - PIP_ADAPTER_ADDRESSES pip, pips = (PIP_ADAPTER_ADDRESSES)malloc(Size); - if (pips) + PIP_ADAPTER_ADDRESSES pip, pips = (PIP_ADAPTER_ADDRESSES)lua_newuserdata(L, Size); + if (GetAdaptersAddresses(AF_UNSPEC, GAA_FLAGS, NULL, pips, &Size)==ERROR_SUCCESS) { - if (GetAdaptersAddresses(AF_UNSPEC, GAA_FLAGS, NULL, pips, &Size)==ERROR_SUCCESS) + lua_newtable(L); + for(pip=pips; pip ; pip=pip->Next) { - lua_newtable(L); - for(pip=pips; pip ; pip=pip->Next) + if (!pip->FirstUnicastAddress || pip->OperStatus!=IfOperStatusUp) continue; // disconnected ? + + char ifname[16]; + snprintf(ifname,sizeof(ifname),"%u.0",pip->IfIndex); + lua_pushf_table(L,ifname); + lua_getfield(L,-1,ifname); + lua_pushf_str(L, "guid", pip->AdapterName); + if (pip->PhysicalAddressLength) lua_pushf_lstr(L, "phys", pip->PhysicalAddress, pip->PhysicalAddressLength); + lua_pushf_int(L, "index", pip->IfIndex); + lua_pushf_int(L, "index6", pip->Ipv6IfIndex); + lua_pushf_int(L, "flags", pip->Flags); + lua_pushf_lint(L, "mtu", pip->Mtu); + lua_pushf_int(L, "iftype", pip->IfType); + lua_pushf_lint(L, "speed_xmit", pip->TransmitLinkSpeed); + lua_pushf_lint(L, "speed_recv", pip->ReceiveLinkSpeed); + lua_pushf_lint(L, "metric4", pip->Ipv4Metric); + lua_pushf_lint(L, "metric6", pip->Ipv6Metric); + lua_pushf_lint(L, "conntype", pip->ConnectionType); + lua_pushf_lint(L, "tunneltype", pip->TunnelType); + lua_pushf_table(L,"addr"); + lua_getfield(L,-1,"addr"); + + int n; + uint32_t a4,a44; + PIP_ADAPTER_UNICAST_ADDRESS_LH pa; + for(pa=pip->FirstUnicastAddress, n=1; pa ; pa=pa->Next, n++) { - if (!pip->FirstUnicastAddress || pip->OperStatus!=IfOperStatusUp) continue; // disconnected ? - - char ifname[16]; - snprintf(ifname,sizeof(ifname),"%u.0",pip->IfIndex); - lua_pushf_table(L,ifname); - lua_getfield(L,-1,ifname); - - lua_pushf_str(L, "guid", pip->AdapterName); - if (pip->PhysicalAddressLength) lua_pushf_lstr(L, "phys", pip->PhysicalAddress, pip->PhysicalAddressLength); - lua_pushf_int(L, "index", pip->IfIndex); - lua_pushf_int(L, "index6", pip->Ipv6IfIndex); - lua_pushf_int(L, "flags", pip->Flags); - lua_pushf_lint(L, "mtu", pip->Mtu); - lua_pushf_int(L, "iftype", pip->IfType); - lua_pushf_lint(L, "speed_xmit", pip->TransmitLinkSpeed); - lua_pushf_lint(L, "speed_recv", pip->ReceiveLinkSpeed); - lua_pushf_lint(L, "metric4", pip->Ipv4Metric); - lua_pushf_lint(L, "metric6", pip->Ipv6Metric); - lua_pushf_lint(L, "conntype", pip->ConnectionType); - lua_pushf_lint(L, "tunneltype", pip->TunnelType); - lua_pushf_table(L,"addr"); - lua_getfield(L,-1,"addr"); - - int n; - uint32_t a4,a44; - PIP_ADAPTER_UNICAST_ADDRESS_LH pa; - for(pa=pip->FirstUnicastAddress, n=1; pa ; pa=pa->Next, n++) + lua_pushi_table(L, n); + lua_rawgeti(L, -1, n); + lua_pushf_ipaddr(L, "addr", pa->Address.lpSockaddr); + switch(pa->Address.lpSockaddr->sa_family) { - lua_pushi_table(L, n); - lua_rawgeti(L, -1, n); - lua_pushf_ipaddr(L, "addr", pa->Address.lpSockaddr); - switch(pa->Address.lpSockaddr->sa_family) - { - case AF_INET: - if (pa->OnLinkPrefixLength<=32) - { - a44 = mask_from_bitcount(pa->OnLinkPrefixLength); - a4 = ~a44; - lua_pushf_lstr(L, "netmask", (const char*)&a4, 4); - a4 &= ((struct sockaddr_in*)pa->Address.lpSockaddr)->sin_addr.s_addr; - a4 |= a44; - lua_pushf_lstr(L, "broadcast", (const char*)&a4, 4); - } - break; - case AF_INET6: - if (pa->OnLinkPrefixLength<=128) - { - lua_pushf_lstr(L, "netmask", (const char*)mask_from_bitcount6(128 - pa->OnLinkPrefixLength), 16); - } - break; - } - lua_pushf_ipaddr(L, "addr", pa->Address.lpSockaddr); - lua_pop(L,1); + case AF_INET: + if (pa->OnLinkPrefixLength<=32) + { + a44 = mask_from_bitcount(pa->OnLinkPrefixLength); + a4 = ~a44; + lua_pushf_lstr(L, "netmask", (const char*)&a4, 4); + a4 &= ((struct sockaddr_in*)pa->Address.lpSockaddr)->sin_addr.s_addr; + a4 |= a44; + lua_pushf_lstr(L, "broadcast", (const char*)&a4, 4); + } + break; + case AF_INET6: + if (pa->OnLinkPrefixLength<=128) + { + lua_pushf_lstr(L, "netmask", (const char*)mask_from_bitcount6(128 - pa->OnLinkPrefixLength), 16); + } + break; } - lua_pop(L,2); + lua_pushf_ipaddr(L, "addr", pa->Address.lpSockaddr); + lua_pop(L,1); } + lua_pop(L,2); } - free (pips); + lua_remove(L,-2); goto ok; } + lua_remove(L,-1); } lua_pushnil(L); @@ -3309,14 +3295,14 @@ static int luacall_tls_mod(lua_State *L) if (mod.mod) { size_t newlen = fake_tls_len, maxlen = fake_tls_len + sizeof(mod.sni) + 4; - uint8_t *newtls = malloc(maxlen); - if (!newtls) luaL_error(L, "out of memory"); + + uint8_t *newtls = lua_newuserdata(L, maxlen); memcpy(newtls, fake_tls, newlen); bRes = TLSMod(&mod, payload, payload_len, newtls, &newlen, maxlen); lua_pushlstring(L,(char*)newtls,newlen); - free(newtls); + lua_remove(L,-2); } else { diff --git a/nfq2/nfqws.c b/nfq2/nfqws.c index 0ed6482..058b405 100644 --- a/nfq2/nfqws.c +++ b/nfq2/nfqws.c @@ -426,7 +426,10 @@ static int nfq_main(void) if (r) DLOG_ERR("nfq_handle_packet error %d\n", r); } else - DLOG("recv from nfq returned 0 !\n"); + { + DLOG_ERR("recv from nfq returned 0 !\n"); + goto err; + } } if (errno==EINTR) { @@ -695,6 +698,8 @@ static int win_main() res=ERROR_NOT_ENOUGH_MEMORY; goto ex; } + catch_signals(); + for (;;) { if (!logical_net_filter_match()) @@ -1676,7 +1681,7 @@ static void exithelp(void) " --lua-init=@|\t\t\t; load LUA program from a file or string. if multiple parameters present order of execution is preserved. gzipped files are supported.\n" " --lua-gc=\t\t\t\t\t\t; forced garbage collection every N sec. default %u sec. triggers only when a packet arrives. 0 = disable.\n" "\nMULTI-STRATEGY:\n" - " --new\t\t\t\t\t\t\t; begin new profile\n" + " --new[=]\t\t\t\t\t\t\t; begin new profile. optionally set name\n" " --skip\t\t\t\t\t\t\t; do not use this profile\n" " --name=\t\t\t\t\t\t; set profile name\n" " --template[=]\t\t\t\t\t; use this profile as template (must be named or will be useless)\n" @@ -1926,7 +1931,7 @@ static const struct option long_options[] = { [IDX_HOSTLIST_AUTO_UDP_IN] = {"hostlist-auto-udp-in", required_argument, 0, 0}, [IDX_HOSTLIST_AUTO_UDP_OUT] = {"hostlist-auto-udp-out", required_argument, 0, 0}, [IDX_HOSTLIST_AUTO_DEBUG] = {"hostlist-auto-debug", required_argument, 0, 0}, - [IDX_NEW] = {"new", no_argument, 0, 0}, + [IDX_NEW] = {"new", optional_argument, 0, 0}, [IDX_SKIP] = {"skip", no_argument, 0, 0}, [IDX_NAME] = {"name", required_argument, 0, 0}, [IDX_TEMPLATE] = {"template", optional_argument, 0, 0}, @@ -2486,6 +2491,11 @@ int main(int argc, char **argv) dp = &dpl->dp; dp->n = desync_profile_count; } + if (optarg && !(dp->name = strdup(optarg))) + { + DLOG_ERR("out of memory\n"); + exit_clean(1); + } anon_hl = anon_hl_exclude = NULL; anon_ips = anon_ips_exclude = NULL; payload_type = 0; diff --git a/nfq2/params.c b/nfq2/params.c index fae9255..a090dfa 100644 --- a/nfq2/params.c +++ b/nfq2/params.c @@ -446,7 +446,7 @@ bool dp_copy(struct desync_profile *to, const struct desync_profile *from) free(to->cookie); if (!(to->cookie = strdup(from->cookie))) return false; } - if (from->hostlist_auto) + if (from->hostlist_auto && from->hostlist_auto!=to->hostlist_auto) { if (to->hostlist_auto) { diff --git a/nfq2/pools.c b/nfq2/pools.c index 54cb529..b631447 100644 --- a/nfq2/pools.c +++ b/nfq2/pools.c @@ -86,7 +86,7 @@ hostfail_pool * HostFailPoolAdd(hostfail_pool **pp,const char *s,int fail_time) { size_t slen = strlen(s); ADD_STR_POOL(hostfail_pool, pp, s, slen) - elem->expire = time(NULL) + fail_time; + elem->expire = boottime() + fail_time; elem->counter = 0; return elem; } @@ -105,7 +105,7 @@ void HostFailPoolDel(hostfail_pool **p, hostfail_pool *elem) void HostFailPoolPurge(hostfail_pool **pp) { hostfail_pool *elem, *tmp; - time_t now = time(NULL); + time_t now = boottime(); HASH_ITER(hh, *pp, elem, tmp) { if (now >= elem->expire) @@ -114,7 +114,7 @@ void HostFailPoolPurge(hostfail_pool **pp) } void HostFailPoolPurgeRateLimited(hostfail_pool **pp, time_t *purge_prev) { - time_t now = time(NULL); + time_t now = boottime(); // do not purge too often to save resources if (*purge_prev != now) { @@ -125,7 +125,7 @@ void HostFailPoolPurgeRateLimited(hostfail_pool **pp, time_t *purge_prev) void HostFailPoolDump(hostfail_pool *p) { hostfail_pool *elem, *tmp; - time_t now = time(NULL); + time_t now = boottime(); HASH_ITER(hh, p, elem, tmp) printf("host=%s counter=%d time_left=%lld\n",elem->str,elem->counter,(long long int)elem->expire-now); } @@ -966,7 +966,7 @@ struct blob_item *blob_collection_search_name(struct blob_collection_head *head, static void ipcache_item_touch(ip_cache_item *item) { - time(&item->last); + item->last = boottime(); } static void ipcache_item_init(ip_cache_item *item) { @@ -1029,7 +1029,7 @@ static void ipcache4Print(ip_cache4 *ipcache) time_t now; ip_cache4 *ipc, *tmp; - time(&now); + now = boottime(); HASH_ITER(hh, ipcache , ipc, tmp) { *s_ip=0; @@ -1087,7 +1087,7 @@ static void ipcache6Print(ip_cache6 *ipcache) time_t now; ip_cache6 *ipc, *tmp; - time(&now); + now = boottime(); HASH_ITER(hh, ipcache , ipc, tmp) { *s_ip=0; @@ -1133,7 +1133,7 @@ ip_cache_item *ipcacheTouch(ip_cache *ipcache, const struct in_addr *a4, const s static void ipcache4_purge(ip_cache4 **ipcache, time_t lifetime) { ip_cache4 *elem, *tmp; - time_t now = time(NULL); + time_t now = boottime(); HASH_ITER(hh, *ipcache, elem, tmp) { if (now >= (elem->data.last + lifetime)) @@ -1147,7 +1147,7 @@ static void ipcache4_purge(ip_cache4 **ipcache, time_t lifetime) static void ipcache6_purge(ip_cache6 **ipcache, time_t lifetime) { ip_cache6 *elem, *tmp; - time_t now = time(NULL); + time_t now = boottime(); HASH_ITER(hh, *ipcache, elem, tmp) { if (now >= (elem->data.last + lifetime)) @@ -1169,7 +1169,7 @@ static void ipcache_purge(ip_cache *ipcache, time_t lifetime) static time_t ipcache_purge_prev=0; void ipcachePurgeRateLimited(ip_cache *ipcache, time_t lifetime) { - time_t now = time(NULL); + time_t now = boottime(); // do not purge too often to save resources if (ipcache_purge_prev != now) { diff --git a/nfq2/pools.h b/nfq2/pools.h index 3cda4bc..62cbf41 100644 --- a/nfq2/pools.h +++ b/nfq2/pools.h @@ -4,7 +4,6 @@ #include #include #include -#include #include "helpers.h" #include "filter.h"