From 74ddd4f9d2dc6fa0d691113ac574bbfaa5cd5900 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 15 Jan 2026 21:29:37 +0300
Subject: [PATCH] AI inspired fixes

---
 lua/zapret-lib.lua    | 11 ++++++-----
 lua/zapret-wgobfs.lua |  2 +-
 nfq2/lua.c            | 11 ++++++-----
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/lua/zapret-lib.lua b/lua/zapret-lib.lua
index 856842f..4cc70b4 100644
--- a/lua/zapret-lib.lua
+++ b/lua/zapret-lib.lua
@@ -1170,9 +1170,9 @@ function replay_drop_set(desync, v)
 		if v == nil then v=true end
 		local rdk = replay_drop_key(desync)
 		if v then
-			if desync.replay then desync.track.lua_state[replay_drop_key] = true end
+			if desync.replay then desync.track.lua_state[rdk] = true end
 		else
-			desync.track.lua_state[replay_drop_key] = nil
+			desync.track.lua_state[rdk] = nil
 		end
 	end
 end
@@ -1180,7 +1180,7 @@ end
 -- return true if the caller should return VERDICT_DROP
 function replay_drop(desync)
 	if desync.track then
-		local drop = desync.replay and desync.track.lua_state[replay_drop_key]
+		local drop = desync.replay and desync.track.lua_state[replay_drop_key(desync)]
 		if not desync.replay or desync.replay_piece_last then
 			-- replay stopped or last piece of reasm
 			replay_drop_set(desync, false)
@@ -1557,7 +1557,7 @@ function http_dissect_header(header)
 end
 -- make table with structured http header representation
 function http_dissect_headers(http, pos)
-	local eol,pnext,header,value,idx,headers,pos_endheader,pos_startvalue,pos_headers_next
+	local eol,pnext,header,value,idx,headers,pos_endheader,pos_startvalue,pos_headers_end
 	headers={}
 	while pos do
 		eol,pnext = find_next_line(http,pos)
@@ -1616,9 +1616,10 @@ function http_dissect_reply(http)
 	s = string.sub(http,1,8)
 	if s~="HTTP/1.1" and s~="HTTP/1.0" then return nil end
 	pos = string.find(http,"[ \t\r\n]",10)
+	if not pos then return nil end
 	code = tonumber(string.sub(http,10,pos-1))
 	if not code then return nil end
-	pos = find_next_line(http,pos)
+	s,pos = find_next_line(http,pos)
 	local hdis = { code = code }
 	hdis.headers, hdis.pos_headers_end = http_dissect_headers(http,pos)
 	if hdis.pos_headers_end then
diff --git a/lua/zapret-wgobfs.lua b/lua/zapret-wgobfs.lua
index d243eb8..203b463 100644
--- a/lua/zapret-wgobfs.lua
+++ b/lua/zapret-wgobfs.lua
@@ -47,7 +47,7 @@ function wgobfs(ctx, desync)
 	if padmin>padmax then
 		error("wgobfs: padmin>padmax")
 	end
-	if desync.l7payload=="wireguard_initiation" or desync.l7payload=="wireguard_response" or desync.l7payload=="wireguard_cookie" and #desync.dis.payload<65506 then
+	if (desync.l7payload=="wireguard_initiation" or desync.l7payload=="wireguard_response" or desync.l7payload=="wireguard_cookie") and #desync.dis.payload<65506 then
 		DLOG("wgobfs: encrypting '"..desync.l7payload.."'. size "..#desync.dis.payload)
 		local key = genkey()
 		-- in aes-gcm every message require it's own crypto secure random iv
diff --git a/nfq2/lua.c b/nfq2/lua.c
index 1fe6803..a6c6812 100644
--- a/nfq2/lua.c
+++ b/nfq2/lua.c
@@ -465,6 +465,7 @@ static int luacall_brandom_az09(lua_State *L)
 
 // hacky function. breaks immutable string behavior.
 // if you change a string, it will change in all variables that hold the same string
+/*
 static int luacall_memcpy(lua_State *L)
 {
 	// memcpy(to,to_offset,from,from_offset,size)
@@ -485,7 +486,7 @@ static int luacall_memcpy(lua_State *L)
 	memcpy(to+off_to,from+off_from,size);
 	return 0;
 }
-
+*/
 
 static int luacall_parse_hex(lua_State *L)
 {
@@ -1183,7 +1184,7 @@ void lua_pushf_tcphdr_options(lua_State *L, const struct tcphdr *tcp, size_t len
 	uint8_t *t = (uint8_t*)(tcp+1);
 	uint8_t *end = (uint8_t*)tcp + (tcp->th_off<<2);
 	uint8_t opt;
-	if ((end-(uint8_t*)tcp) < len) end=(uint8_t*)tcp + len;
+	if ((end-(uint8_t*)tcp) > len) end=(uint8_t*)tcp + len;
 	lua_Integer idx=1;
 	while(t<end)
 	{
@@ -1267,7 +1268,7 @@ void lua_pushf_iphdr(lua_State *L, const struct ip *ip, size_t len)
 	if (ip && len>=sizeof(struct ip))
 	{
 		uint16_t hl = ip->ip_hl<<2;
-		bool b_has_opt = hl>sizeof(struct tcphdr) && hl<=len;
+		bool b_has_opt = hl>sizeof(struct ip) && hl<=len;
 		lua_createtable(L, 0, 11+b_has_opt);
 		lua_pushf_int(L,"ip_v",ip->ip_v);
 		lua_pushf_int(L,"ip_hl",ip->ip_hl);
@@ -1560,7 +1561,7 @@ void lua_pushf_range(lua_State *L, const char *name, const struct packet_range *
 	LUA_STACK_GUARD_ENTER(L)
 
 	lua_pushf_table(L, name);
-	lua_getfield(L, -1, "range");
+	lua_getfield(L, -1, name);
 	lua_pushf_bool(L, "upper_cutoff",range->upper_cutoff);
 	lua_pushf_pos(L, "from", &range->from);
 	lua_pushf_pos(L, "to", &range->to);
@@ -3375,7 +3376,7 @@ static void lua_init_functions(void)
 		{"divint",luacall_divint},
 
 		// hacky function, write to immutable strings
-		{"memcpy",luacall_memcpy},
+		//{"memcpy",luacall_memcpy},
 
 		// random blob generation
 		{"brandom",luacall_brandom},