From f1d02aa81d2e2ffe95ced85599e9676336810abb Mon Sep 17 00:00:00 2001 From: bol-van Date: Sun, 23 Nov 2025 13:51:54 +0300 Subject: [PATCH] zapret_antidpi: rst --- docs/changes.txt | 1 + lua/zapret-antidpi.lua | 25 +++++++++++++++++++++++++ nfq2/crypto/aes-ctr.c | 2 +- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/docs/changes.txt b/docs/changes.txt index 1aa0caa..57b578a 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -11,3 +11,4 @@ v0.1.2 * nfqws2: 'mtproto' protocol, 'mtproto_initial' payload * nfqws2: 'known' protocol and payload filter * nfqws2: 'aes_ctr' luacall +* zapret-antidpi: rst diff --git a/lua/zapret-antidpi.lua b/lua/zapret-antidpi.lua index c9ca1e2..9360e97 100644 --- a/lua/zapret-antidpi.lua +++ b/lua/zapret-antidpi.lua @@ -323,6 +323,31 @@ function syndata(ctx, desync) end end +-- nfqws1 : "--dpi-desync=rst" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : rstack - send RST,ACK instead of RST +function rst(ctx, desync) + if not desync.dis.tcp then + instance_cutoff(ctx) + return + end + direction_cutoff_opposite(ctx, desync) + if direction_check(desync, "any") and payload_check(desync) then + if replay_first(desync) then + local dis = deepcopy(desync.dis) + dis.payload = "" + dis.tcp.th_flags = TH_RST + (desync.arg.rstack and TH_ACK or 0) + apply_fooling(desync, dis) + apply_ip_id(desync, dis, nil, "none") + DLOG("rst") + -- it uses rawsend, reconstruct and ipfrag options + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + else + DLOG("rst: not acting on further replay pieces") + end + end +end + -- nfqws1 : "--dpi-desync=fake" -- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag -- arg : blob= - fake payload diff --git a/nfq2/crypto/aes-ctr.c b/nfq2/crypto/aes-ctr.c index dc37fe1..28aa4b9 100644 --- a/nfq2/crypto/aes-ctr.c +++ b/nfq2/crypto/aes-ctr.c @@ -12,7 +12,7 @@ void aes_ctr_xcrypt_buffer(aes_context *ctx, const uint8_t *iv, const uint8_t *i for (i = 0, bi = AES_BLOCKLEN; i < length; ++i, ++bi) { - if (bi == AES_BLOCKLEN) /* we need to regen xor compliment in buffer */ + if (bi == AES_BLOCKLEN) /* we need to regen xor complement in buffer */ { memcpy(buffer, ivc, AES_BLOCKLEN); aes_cipher(ctx, buffer, buffer);