gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

lua: payload check for drop

Browse Source
This commit is contained in:
bol-van
2025-11-22 21:12:29 +03:00
parent a7e6f07ae4
commit a1f28e4c4a
3 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lua/zapret-antidpi.lua
View File

@@ -83,10 +83,10 @@ function pktdebug(ctx, desync)
end
-- drop packet
-- standard args : direction
-- standard args : direction, payload
function drop(ctx, desync)
direction_cutoff_opposite(ctx, desync, "any")
if direction_check(desync, "any") then
if direction_check(desync, "any") and payload_check(desync,"all") then
DLOG("drop")
return VERDICT_DROP
end

26
lua/zapret-lib.lua
View File

@@ -762,20 +762,19 @@ function direction_cutoff_opposite(ctx, desync, def)
end
end
-- check if desync payload type comply with payload type list in arg.payload
-- if arg.payload is not present - check if desync payload is not "empty" and not "unknown" (nfqws1 behavior without "--desync-any-protocol" option)
function payload_check(desync)
if desync.arg.payload and desync.arg.payload~="known" then
if not in_list(desync.arg.payload, "all") and not in_list(desync.arg.payload, desync.l7payload) then
DLOG("payload_check: payload '"..desync.l7payload.."' does not pass '"..desync.arg.payload.."' filter")
return false
end
else
if desync.l7payload=="empty" or desync.l7payload=="unknown" then
DLOG("payload_check: payload filter accepts only known protocols")
return false
end
-- if arg.payload is not present - check for known payload - not empty and not unknown (nfqws1 behavior without "--desync-any-protocol" option)
-- if arg.payload is prefixed with '~' - it means negation
function payload_check(desync, def)
local b
local argpl = desync.arg.payload or def or "known"
local neg = string.sub(argpl,1,1)=="~"
local pl = neg and string.sub(argpl,2) or argpl
b = neg ~= (in_list(pl, "all") or in_list(pl, desync.l7payload) or in_list(pl, "known") and desync.l7payload~="unknown" and desync.l7payload~="empty")
if not b then
DLOG("payload_check: payload '"..desync.l7payload.."' does not pass '"..argpl.."' filter")
end
return true
return b
end
-- return name of replay drop field in track.lua_state for the current desync function instance
@@ -978,3 +977,4 @@ function ipfrag2(dis, ipfrag_options)
return {dis1,dis2}
end

2
lua/zapret-wgobfs.lua
View File

@@ -53,7 +53,7 @@ function wgobfs(ctx, desync)
DLOG("wgobfs: encrypting '"..desync.l7payload.."'. size "..#desync.dis.payload)
local key = genkey()
-- in aes-gcm every message require it's own crypto secure random iv
-- encryption more than one message with the same iv is considered catastrophic failure
-- encrypting more than one message with the same iv is considered catastrophic failure
-- iv must be sent with encrypted message
local iv = bcryptorandom(12)
local encrypted, atag = aes_gcm(true, key, iv, bu16(#desync.dis.payload)..desync.dis.payload..brandom(math.random(padmin,padmax)), nil)