gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-21 08:45:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfqws2: profile names

Browse Source
This commit is contained in:
bol-van
2025-12-02 21:38:13 +03:00
parent 6010307667
commit e61967ac2b
6 changed files with 49 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
nfq2/desync.c
View File

@@ -209,7 +209,7 @@ static struct desync_profile *dp_find(
{
if (dp_match(&dpl->dp, l3proto, ip, ip6, port, hostname, bNoSubdom, l7proto, ssid, bCheckDone, bCheckResult, bExcluded))
{
DLOG("desync profile %u matches\n", dpl->dp.n);
DLOG("desync profile %u (%s) matches\n", dpl->dp.n, PROFILE_NAME(&dpl->dp));
return &dpl->dp;
}
}
@@ -234,8 +234,8 @@ static void auto_hostlist_reset_fail_counter(struct desync_profile *dp, const ch
if (fail_counter)
{
HostFailPoolDel(&dp->hostlist_auto_fail_counters, fail_counter);
DLOG("auto hostlist (profile %u) : %s : fail counter reset. website is working.\n", dp->n, hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : fail counter reset. website is working.", hostname, dp->n, client_ip_port, l7proto_str(l7proto));
DLOG("auto hostlist (profile %u (%s)) : %s : fail counter reset. website is working.\n", dp->n, PROFILE_NAME(dp), hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : fail counter reset. website is working.", hostname, dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto));
}
}
}
@@ -283,19 +283,19 @@ static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname
}
}
fail_counter->counter++;
DLOG("auto hostlist (profile %u) : %s : fail counter %d/%d\n", dp->n, hostname, fail_counter->counter, dp->hostlist_auto_fail_threshold);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : fail counter %d/%d", hostname, dp->n, client_ip_port, l7proto_str(l7proto), fail_counter->counter, dp->hostlist_auto_fail_threshold);
DLOG("auto hostlist (profile %u (%s)) : %s : fail counter %d/%d\n", dp->n, PROFILE_NAME(dp), hostname, fail_counter->counter, dp->hostlist_auto_fail_threshold);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : fail counter %d/%d", hostname, dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto), fail_counter->counter, dp->hostlist_auto_fail_threshold);
if (fail_counter->counter >= dp->hostlist_auto_fail_threshold)
{
DLOG("auto hostlist (profile %u) : fail threshold reached. about to add %s to auto hostlist\n", dp->n, hostname);
DLOG("auto hostlist (profile %u (%s)) : fail threshold reached. about to add %s to auto hostlist\n", dp->n, PROFILE_NAME(dp), hostname);
HostFailPoolDel(&dp->hostlist_auto_fail_counters, fail_counter);
DLOG("auto hostlist (profile %u) : rechecking %s to avoid duplicates\n", dp->n, hostname);
DLOG("auto hostlist (profile %u (%s)) : rechecking %s to avoid duplicates\n", dp->n, PROFILE_NAME(dp), hostname);
bool bExcluded = false;
if (!HostlistCheck(dp, hostname, bNoSubdom, &bExcluded, false) && !bExcluded)
{
DLOG("auto hostlist (profile %u) : adding %s to %s\n", dp->n, hostname, dp->hostlist_auto->filename);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : adding to %s", hostname, dp->n, client_ip_port, l7proto_str(l7proto), dp->hostlist_auto->filename);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : adding to %s", hostname, dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto), dp->hostlist_auto->filename);
if (!HostlistPoolAddStr(&dp->hostlist_auto->hostlist, hostname, 0))
{
DLOG_ERR("StrPoolAddStr out of memory\n");
@@ -312,7 +312,7 @@ static void auto_hostlist_failed(struct desync_profile *dp, const char *hostname
else
{
DLOG("auto hostlist (profile %u) : NOT adding %s\n", dp->n, hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : NOT adding, duplicate detected", hostname, dp->n, client_ip_port, l7proto_str(l7proto));
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : NOT adding, duplicate detected", hostname, dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto));
}
}
}
@@ -328,7 +328,7 @@ static void process_retrans_fail(t_ctrack *ctrack, uint8_t proto, const struct s
*client_ip_port = 0;
if (ctrack && ctrack->dp && ctrack->hostname && auto_hostlist_retrans(ctrack, proto, ctrack->dp->hostlist_auto_retrans_threshold, client_ip_port, ctrack->l7proto))
{
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : retrans threshold reached", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(ctrack->l7proto));
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : retrans threshold reached", ctrack->hostname, ctrack->dp->n, PROFILE_NAME(ctrack->dp), client_ip_port, l7proto_str(ctrack->l7proto));
auto_hostlist_failed(ctrack->dp, ctrack->hostname, ctrack->hostname_is_ip, client_ip_port, ctrack->l7proto);
}
}
@@ -719,10 +719,11 @@ static uint8_t desync(
else
{
// create arg table that persists across multiple desync function calls
lua_createtable(params.L, 0, 12 + !!ctrack + !!dis->tcp + 3*!!replay_piece_count);
lua_createtable(params.L, 0, 12 + !!dp->name + !!ctrack + !!dis->tcp + 3*!!replay_piece_count);
lua_pushf_dissect(dis);
lua_pushf_ctrack(ctrack);
lua_pushf_int("profile_n", dp->n);
if (dp->name) lua_pushf_str("profile_name", dp->name);
lua_pushf_bool("outgoing", !bIncoming);
lua_pushf_str("ifin", (ifin && *ifin) ? ifin : NULL);
lua_pushf_str("ifout", (ifout && *ifout) ? ifout : NULL);
@@ -943,7 +944,7 @@ static uint8_t dpi_desync_tcp_packet_play(unsigned int replay_piece, unsigned in
l7proto = ctrack_replay->l7proto;
dp = ctrack_replay->dp;
if (dp)
DLOG("using cached desync profile %u\n", dp->n);
DLOG("using cached desync profile %u (%s)\n", dp->n, PROFILE_NAME(dp));
else if (!ctrack_replay->dp_search_complete)
{
dp = ctrack_replay->dp = dp_find(&params.desync_profiles, IPPROTO_TCP, sdip4, sdip6, sdport, ctrack_replay->hostname, ctrack_replay->hostname_is_ip, l7proto, ssid, NULL, NULL, NULL);
@@ -979,7 +980,7 @@ static uint8_t dpi_desync_tcp_packet_play(unsigned int replay_piece, unsigned in
#endif
if (ctrack) l7proto = ctrack->l7proto;
if (dp)
DLOG("using cached desync profile %u\n", dp->n);
DLOG("using cached desync profile %u (%s)\n", dp->n, PROFILE_NAME(dp));
else if (!ctrack || !ctrack->dp_search_complete)
{
const char *hostname = NULL;
@@ -1073,7 +1074,7 @@ static uint8_t dpi_desync_tcp_packet_play(unsigned int replay_piece, unsigned in
if (dis->tcp->th_flags & TH_RST)
{
DLOG("incoming RST detected for hostname %s\n", ctrack->hostname);
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : incoming RST", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(l7proto));
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : incoming RST", ctrack->hostname, ctrack->dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto));
bFail = true;
}
else if (dis->len_payload && l7proto == L7_HTTP)
@@ -1085,7 +1086,7 @@ static uint8_t dpi_desync_tcp_packet_play(unsigned int replay_piece, unsigned in
if (bFail)
{
DLOG("redirect to another domain detected. possibly DPI redirect.\n");
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u : client %s : proto %s : redirect to another domain", ctrack->hostname, ctrack->dp->n, client_ip_port, l7proto_str(l7proto));
HOSTLIST_DEBUGLOG_APPEND("%s : profile %u (%s) : client %s : proto %s : redirect to another domain", ctrack->hostname, ctrack->dp->n, PROFILE_NAME(dp), client_ip_port, l7proto_str(l7proto));
}
else
DLOG("local or in-domain redirect detected. it's not a DPI redirect.\n");
@@ -1416,7 +1417,7 @@ static uint8_t dpi_desync_udp_packet_play(unsigned int replay_piece, unsigned in
l7proto = ctrack_replay->l7proto;
dp = ctrack_replay->dp;
if (dp)
DLOG("using cached desync profile %u\n", dp->n);
DLOG("using cached desync profile %u (%s)\n", dp->n, PROFILE_NAME(dp));
else if (!ctrack_replay->dp_search_complete)
{
dp = ctrack_replay->dp = dp_find(&params.desync_profiles, IPPROTO_UDP, sdip4, sdip6, sdport, ctrack_replay->hostname, ctrack_replay->hostname_is_ip, l7proto, ssid, NULL, NULL, NULL);
@@ -1452,7 +1453,7 @@ static uint8_t dpi_desync_udp_packet_play(unsigned int replay_piece, unsigned in
#endif
if (ctrack) l7proto = ctrack->l7proto;
if (dp)
DLOG("using cached desync profile %u\n", dp->n);
DLOG("using cached desync profile %u (%s)\n", dp->n, PROFILE_NAME(dp));
else if (!ctrack || !ctrack->dp_search_complete)
{
const char *hostname = NULL;

12
nfq2/hostlist.c
View File

@@ -258,7 +258,7 @@ static bool HostlistCheck_(const struct hostlist_collection_head *hostlists, con
// return : true = apply fooling, false = do not apply
bool HostlistCheck(const struct desync_profile *dp, const char *host, bool no_match_subdomains, bool *excluded, bool bSkipReloadCheck)
{
DLOG("* hostlist check for profile %u\n",dp->n);
DLOG("* hostlist check for profile %u (%s)\n",dp->n,PROFILE_NAME(dp));
return HostlistCheck_(&dp->hl_collection, &dp->hl_collection_exclude, host, no_match_subdomains, excluded, bSkipReloadCheck);
}
@@ -323,18 +323,18 @@ void HostlistsDebug()
if (hl_item->hfile!=dpl->dp.hostlist_auto)
{
if (hl_item->hfile->filename)
DLOG("profile %u include hostlist %s%s\n",dpl->dp.n, hl_item->hfile->filename,hl_item->hfile->hostlist ? "" : " (empty)");
DLOG("profile %u (%s) include hostlist %s%s\n",dpl->dp.n, PROFILE_NAME(&dpl->dp), hl_item->hfile->filename,hl_item->hfile->hostlist ? "" : " (empty)");
else
DLOG("profile %u include fixed hostlist%s\n",dpl->dp.n, hl_item->hfile->hostlist ? "" : " (empty)");
DLOG("profile %u (%s) include fixed hostlist%s\n",dpl->dp.n, PROFILE_NAME(&dpl->dp), hl_item->hfile->hostlist ? "" : " (empty)");
}
LIST_FOREACH(hl_item, &dpl->dp.hl_collection_exclude, next)
{
if (hl_item->hfile->filename)
DLOG("profile %u exclude hostlist %s%s\n",dpl->dp.n,hl_item->hfile->filename,hl_item->hfile->hostlist ? "" : " (empty)");
DLOG("profile %u (%s) exclude hostlist %s%s\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),hl_item->hfile->filename,hl_item->hfile->hostlist ? "" : " (empty)");
else
DLOG("profile %u exclude fixed hostlist%s\n",dpl->dp.n,hl_item->hfile->hostlist ? "" : " (empty)");
DLOG("profile %u (%s) exclude fixed hostlist%s\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),hl_item->hfile->hostlist ? "" : " (empty)");
}
if (dpl->dp.hostlist_auto)
DLOG("profile %u auto hostlist %s%s\n",dpl->dp.n,dpl->dp.hostlist_auto->filename,dpl->dp.hostlist_auto->hostlist ? "" : " (empty)");
DLOG("profile %u (%s) auto hostlist %s%s\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),dpl->dp.hostlist_auto->filename,dpl->dp.hostlist_auto->hostlist ? "" : " (empty)");
}
}

10
nfq2/ipset.c
View File

@@ -235,7 +235,7 @@ static bool IpsetCheck_(const struct ipset_collection_head *ips, const struct ip
bool IpsetCheck(const struct desync_profile *dp, const struct in_addr *ipv4, const struct in6_addr *ipv6)
{
if (PROFILE_IPSETS_ABSENT(dp)) return true;
DLOG("* ipset check for profile %u\n",dp->n);
DLOG("* ipset check for profile %u (%s)\n",dp->n,PROFILE_NAME(dp));
return IpsetCheck_(&dp->ips_collection,&dp->ips_collection_exclude,ipv4,ipv6);
}
@@ -307,13 +307,13 @@ void IpsetsDebug()
{
LIST_FOREACH(ips_item, &dpl->dp.ips_collection, next)
if (ips_item->hfile->filename)
DLOG("profile %u include ipset %s (%s)\n",dpl->dp.n,ips_item->hfile->filename,dbg_ipset_fill(&ips_item->hfile->ipset));
DLOG("profile %u (%s) include ipset %s (%s)\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),ips_item->hfile->filename,dbg_ipset_fill(&ips_item->hfile->ipset));
else
DLOG("profile %u include fixed ipset (%s)\n",dpl->dp.n,dbg_ipset_fill(&ips_item->hfile->ipset));
DLOG("profile %u (%s) include fixed ipset (%s)\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),dbg_ipset_fill(&ips_item->hfile->ipset));
LIST_FOREACH(ips_item, &dpl->dp.ips_collection_exclude, next)
if (ips_item->hfile->filename)
DLOG("profile %u exclude ipset %s (%s)\n",dpl->dp.n,ips_item->hfile->filename,dbg_ipset_fill(&ips_item->hfile->ipset));
DLOG("profile %u (%s) exclude ipset %s (%s)\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),ips_item->hfile->filename,dbg_ipset_fill(&ips_item->hfile->ipset));
else
DLOG("profile %u exclude fixed ipset (%s)\n",dpl->dp.n,dbg_ipset_fill(&ips_item->hfile->ipset));
DLOG("profile %u (%s) exclude fixed ipset (%s)\n",dpl->dp.n,PROFILE_NAME(&dpl->dp),dbg_ipset_fill(&ips_item->hfile->ipset));
}
}

23
nfq2/nfqws.c
View File

@@ -99,7 +99,7 @@ static void onusr2(int sig)
struct desync_profile_list *dpl;
LIST_FOREACH(dpl, &params.desync_profiles, next)
{
printf("\nDESYNC profile %u\n", dpl->dp.n);
printf("\nDESYNC profile %u (%s)\n", dpl->dp.n, PROFILE_NAME(&dpl->dp));
HostFailPoolDump(dpl->dp.hostlist_auto_fail_counters);
}
printf("\nIPCACHE\n");
@@ -1165,7 +1165,7 @@ static void LuaDesyncDebug(struct desync_profile *dp)
int n,i;
LIST_FOREACH(func, &dp->lua_desync, next)
{
DLOG("profile %u lua %s(",dp->n,func->func);
DLOG("profile %u (%s) lua %s(",dp->n,PROFILE_NAME(dp),func->func);
n=0;
LIST_FOREACH(arg, &func->args, next)
{
@@ -1412,8 +1412,9 @@ static void exithelp(void)
" --lua-init=@<filename>|<lua_text>\t\t\t; load LUA program from a file or string. if multiple parameters present order of execution is preserved.\n"
" --lua-gc=<int>\t\t\t\t\t\t; forced garbage collection every N sec. default %u sec. triggers only when a packet arrives. 0 = disable.\n"
"\nMULTI-STRATEGY:\n"
" --new\t\t\t\t\t\t\t; begin new strategy\n"
" --skip\t\t\t\t\t\t\t; do not use this strategy\n"
" --new\t\t\t\t\t\t\t; begin new profile\n"
" --skip\t\t\t\t\t\t\t; do not use this profile\n"
" --name\t\t\t\t\t\t\t; set profile name\n"
" --filter-l3=ipv4|ipv6\t\t\t\t\t; L3 protocol filter. multiple comma separated values allowed.\n"
" --filter-tcp=[~]port1[-port2]|*\t\t\t; TCP port filter. ~ means negation. setting tcp and not setting udp filter denies udp. comma separated list allowed.\n"
" --filter-udp=[~]port1[-port2]|*\t\t\t; UDP port filter. ~ means negation. setting udp and not setting tcp filter denies tcp. comma separated list allowed.\n"
@@ -1563,6 +1564,7 @@ enum opt_indices {
IDX_HOSTLIST_AUTO_DEBUG,
IDX_NEW,
IDX_SKIP,
IDX_NAME,
IDX_FILTER_L3,
IDX_FILTER_TCP,
IDX_FILTER_UDP,
@@ -1643,6 +1645,7 @@ static const struct option long_options[] = {
[IDX_HOSTLIST_AUTO_DEBUG] = {"hostlist-auto-debug", required_argument, 0, 0},
[IDX_NEW] = {"new", no_argument, 0, 0},
[IDX_SKIP] = {"skip", no_argument, 0, 0},
[IDX_NAME] = {"name", required_argument, 0, 0},
[IDX_FILTER_L3] = {"filter-l3", required_argument, 0, 0},
[IDX_FILTER_TCP] = {"filter-tcp", required_argument, 0, 0},
[IDX_FILTER_UDP] = {"filter-udp", required_argument, 0, 0},
@@ -2138,6 +2141,14 @@ int main(int argc, char **argv)
case IDX_SKIP:
bSkip = true;
break;
case IDX_NAME:
free(dp->name);
if (!(dp->name = strdup(optarg)))
{
DLOG_ERR("out of memory\n");
exit_clean(1);
}
break;
case IDX_FILTER_L3:
if (!wf_make_l3(optarg, &dp->filter_ipv4, &dp->filter_ipv6))
@@ -2424,7 +2435,7 @@ int main(int argc, char **argv)
DLOG("adding low-priority default empty desync profile\n");
// add default empty profile
if (!(dpl = dp_list_add(&params.desync_profiles)))
if (!(dpl = dp_list_add(&params.desync_profiles)) || !(dpl->dp.name=strdup("no_action")))
{
DLOG_ERR("desync_profile_add: out of memory\n");
exit_clean(1);
@@ -2464,7 +2475,7 @@ int main(int argc, char **argv)
if (params.droproot)
#endif
{
if (dp->hostlist_auto && ensure_file_access(dp->hostlist_auto->filename))
if (dp->hostlist_auto && !ensure_file_access(dp->hostlist_auto->filename))
DLOG_ERR("could not make '%s' accessible. auto hostlist file may not be writable after privilege drop\n", dp->hostlist_auto->filename);
}

1
nfq2/params.c
View File

@@ -369,6 +369,7 @@ static void dp_clear_dynamic(struct desync_profile *dp)
strlist_destroy(&dp->filter_ssid);
#endif
HostFailPoolDestroy(&dp->hostlist_auto_fail_counters);
free(dp->name);
}
void dp_clear(struct desync_profile *dp)
{

2
nfq2/params.h
View File

@@ -53,6 +53,7 @@ enum log_target { LOG_TARGET_CONSOLE=0, LOG_TARGET_FILE, LOG_TARGET_SYSLOG, LOG_
struct desync_profile
{
unsigned int n; // number of the profile
char *name; // optional malloced name string
bool filter_ipv4,filter_ipv6;
struct port_filters_head pf_tcp,pf_udp;
@@ -78,6 +79,7 @@ struct desync_profile
struct func_list_head lua_desync;
};
#define PROFILE_NAME(dp) ((dp)->name ? (dp)->name : "noname")
#define PROFILE_IPSETS_ABSENT(dp) (!LIST_FIRST(&(dp)->ips_collection) && !LIST_FIRST(&(dp)->ips_collection_exclude))
#define PROFILE_IPSETS_EMPTY(dp) (ipset_collection_is_empty(&(dp)->ips_collection) && ipset_collection_is_empty(&(dp)->ips_collection_exclude))