change dht and wireguard detection

2026-03-14 06:13:09 +00:00 · 2025-12-25 15:54:49 +03:00
parent 1696f1b552
commit 50a1bb72d9
6 changed files with 15 additions and 9 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -132,3 +132,4 @@ v0.7.6
 * nfqws2: dtls protocol detection
 * nfqws2: autohostlist reset retransmitter to break long wait
 * zapret-auto: stadard_failure_detector reset retransmitter to break long wait
+* nfqws2, init.d, windivert : dht and wg detection changes
--- a/init.d/custom.d.examples.linux/50-dht4all
+++ b/init.d/custom.d.examples.linux/50-dht4all
@@ -21,9 +21,9 @@ zapret_custom_firewall()
 	local f uf4 uf6
 	local first_packet_only="$ipt_connbytes 1:1"

-	f='-p udp -m length --length 109:407 -m u32 --u32'
-	uf4='0>>22&0x3C@8>>16=0x6431'
-	uf6='48>>16=0x6431'
+	f='-p udp -m u32 --u32'
+	uf4='0>>22&0x3C@4>>16=13:0xFFFF && 0>>22&0x3C@8>>16=0x6431:0x6432'
+	uf6='44>>16=13:0xFFFF && 48>>16=0x6431:0x6432'
 	fw_nfqws_post $1 "$f $uf4 $first_packet_only"  "$f $uf6 $first_packet_only" $QNUM_DHT4ALL
 }
 zapret_custom_firewall_nft()
@@ -33,6 +33,6 @@ zapret_custom_firewall_nft()
        local f
        local first_packet_only="$nft_connbytes 1"

-        f="meta length 109-407 meta l4proto udp @ih,0,16 0x6431"
+        f="udp length ge 13 meta l4proto udp @ih,0,16 0x6431-0x6432"
        nft_fw_nfqws_post "$f $first_packet_only" "$f $first_packet_only" $QNUM_DHT4ALL
 }
--- a/init.d/windivert.filter.examples/windivert_part.dht.txt
+++ b/init.d/windivert.filter.examples/windivert_part.dht.txt
@@ -0,0 +1 @@
+udp.Length>=5 and udp.Payload[0]=0x64 and udp.Payload[1]>=0x31 and udp.Payload[1]<=0x32
--- a/init.d/windivert.filter.examples/windivert_part.quic_initial_ietf.txt
+++ b/init.d/windivert.filter.examples/windivert_part.quic_initial_ietf.txt
@@ -1,4 +1,4 @@
  outbound and
  udp.PayloadLength>=256 and
  udp.Payload[0]>=0xC0 and udp.Payload[0]<0xD0 and
-  udp.Payload[1]=0 and udp.Payload16[1]=0 and udp.Payload[4]=1
+  udp.Payload[1]=0 and udp.Payload16[1]=0 and udp.Payload[4]=1
--- a/init.d/windivert.filter.examples/windivert_part.wireguard.txt
+++ b/init.d/windivert.filter.examples/windivert_part.wireguard.txt
@@ -1,3 +1,3 @@
-  outbound and
-  udp.PayloadLength=148 and
-  udp.Payload[0]=0x01
+udp.PayloadLength=148 and udp.Payload[0]=0x01 or
+udp.PayloadLength=92 and udp.Payload[0]=0x02 or
+udp.PayloadLength=64 and udp.Payload[0]=0x03
--- a/nfq2/protocol.c
+++ b/nfq2/protocol.c
@@ -1408,7 +1408,11 @@ bool IsWireguardKeepalive(const uint8_t *data, size_t len)
 }
 bool IsDht(const uint8_t *data, size_t len)
 {
-	return len>=7 && data[0]=='d' && (data[1]=='1' || data[1]=='2') && data[2]==':' && data[len-1]=='e';
+	return len>=5 && data[0]=='d' && data[2]==':' && data[len-1]=='e' &&
+		(data[1]=='1' && data[3]=='a' && data[4]=='d' ||
+		data[1]=='1' && data[3]=='r' && data[4]=='d' ||
+		data[1]=='2' && data[3]=='i' && data[4]=='p' ||
+		data[1]=='1' && data[3]=='e' && data[4]=='l');
 }
 bool IsDiscordIpDiscoveryRequest(const uint8_t *data, size_t len)
 {
				`@@ -0,0 +1 @@`
				`udp.Length>=5 and udp.Payload[0]=0x64 and udp.Payload[1]>=0x31 and udp.Payload[1]<=0x32`