mirror of
https://github.com/bol-van/zapret2.git
synced 2026-03-14 06:13:09 +00:00
Compare commits
16 Commits
v0.9.4.4
...
7cdc75d0db
| Author | SHA1 | Date | |
|---|---|---|---|
|
7cdc75d0db | ||
|
|
348f907b47 | ||
|
|
d641b00083 | ||
|
|
d3b3011000 | ||
|
|
2ec512af17 | ||
|
|
d41151ef6f | ||
|
|
60ac3693fc | ||
|
|
766b60544f | ||
|
|
e563f60153 | ||
|
|
6d7f8efc49 | ||
|
|
e46cde8e6e | ||
|
|
52072359f0 | ||
|
|
cafacf35bc | ||
|
|
55dc47bae4 | ||
|
|
14a2548bf5 | ||
|
|
f59ddbb645 |
20
.github/workflows/build.yml
vendored
20
.github/workflows/build.yml
vendored
@@ -100,12 +100,17 @@ jobs:
|
||||
export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig
|
||||
export STAGING_DIR=$RUNNER_TEMP
|
||||
OPTIMIZE=-Oz
|
||||
SYSMALLOC=-DLUAJIT_USE_SYSMALLOC
|
||||
case "$ARCH" in
|
||||
lexra)
|
||||
OPTIMIZE=-Os
|
||||
;;
|
||||
arm)
|
||||
CPU="-mcpu=cortex-a7 -mthumb"
|
||||
CPU="-mcpu=arm1176jzf-s -mthumb"
|
||||
;;
|
||||
arm64|mips64)
|
||||
# not safe without GC64
|
||||
SYSMALLOC=
|
||||
;;
|
||||
esac
|
||||
MINSIZE="$OPTIMIZE $MINSIZE"
|
||||
@@ -131,9 +136,10 @@ jobs:
|
||||
*)
|
||||
HOSTCC="cc -m32"
|
||||
esac
|
||||
echo ARCH=$ARCH SYSMALLOC=$SYSMALLOC
|
||||
(
|
||||
cd luajit2-*
|
||||
make BUILDMODE=static XCFLAGS="-DLUAJIT_USE_SYSMALLOC -DLUAJIT_DISABLE_FFI" HOST_CC="$HOSTCC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$CPU $MINSIZE $CFLAGS" TARGET_LDFLAGS="$CPU $LDMINSIZE $LDFLAGS" -j$(nproc)
|
||||
make BUILDMODE=static XCFLAGS="$SYSMALLOC -DLUAJIT_DISABLE_FFI" HOST_CC="$HOSTCC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$CPU $MINSIZE $CFLAGS" TARGET_LDFLAGS="$CPU $LDMINSIZE $LDFLAGS" -j$(nproc)
|
||||
make install PREFIX= DESTDIR=$DEPS_DIR
|
||||
)
|
||||
LJIT=1
|
||||
@@ -236,10 +242,16 @@ jobs:
|
||||
export RANLIB=$TOOLCHAIN/bin/llvm-ranlib
|
||||
export STRIP=$TOOLCHAIN/bin/llvm-strip
|
||||
export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig
|
||||
SYSMALLOC=-DLUAJIT_USE_SYSMALLOC
|
||||
case "$ABI" in
|
||||
armeabi-v7a)
|
||||
CPU="-mthumb"
|
||||
;;
|
||||
arm64-v8a)
|
||||
# not safe without GC64
|
||||
SYSMALLOC=
|
||||
PAGESIZE="-Wl,-z,max-page-size=16384"
|
||||
;;
|
||||
esac
|
||||
|
||||
# luajit
|
||||
@@ -253,7 +265,7 @@ jobs:
|
||||
esac
|
||||
(
|
||||
cd luajit2-*
|
||||
make BUILDMODE=static XCFLAGS="-DLUAJIT_USE_SYSMALLOC -DLUAJIT_DISABLE_FFI" HOST_CC="$HOSTCC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$CPU $MINSIZE $CFLAGS" TARGET_LDFLAGS="$LDMINSIZE $LDFLAGS" -j$(nproc)
|
||||
make BUILDMODE=static XCFLAGS="$SYSMALLOC -DLUAJIT_DISABLE_FFI" HOST_CC="$HOSTCC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$CPU $MINSIZE $CFLAGS" TARGET_LDFLAGS="$LDMINSIZE $LDFLAGS" -j$(nproc)
|
||||
make install PREFIX= DESTDIR=$DEPS_DIR
|
||||
)
|
||||
LJIT=1
|
||||
@@ -279,7 +291,7 @@ jobs:
|
||||
|
||||
# zapret2
|
||||
CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -I$DEPS_DIR/include $CPU" \
|
||||
LDFLAGS="-L$DEPS_DIR/lib" \
|
||||
LDFLAGS="-L$DEPS_DIR/lib $PAGESIZE" \
|
||||
make -C zapret2 LUA_JIT=$LJIT LUA_CFLAGS="$LCFLAGS" LUA_LIB="$LLIB" -j$(nproc) android
|
||||
|
||||
# strip unwanted ELF sections to prevent warnings on old Android versions
|
||||
|
||||
@@ -266,3 +266,10 @@ v0.9.4.3
|
||||
* github, linux-builder: reduce arm executable size by 20% - move to armv7+thumb
|
||||
* init.d: warn if hostlist/ipset files are inside zapret2 root
|
||||
* zapret-lib: do not call apply_arg_prefix in apply_execution_plan - call it right before instance execute
|
||||
|
||||
0.9.4.5
|
||||
|
||||
* github: rollback to lj_alloc in luajit for arm64 and mips64
|
||||
* github: use 16K page size for android arm64 build
|
||||
* nfqws2: join fragments in quic CRYPTO reconstruction. allow intersections.
|
||||
|
||||
|
||||
@@ -62,11 +62,20 @@ build_lua()
|
||||
build_luajit()
|
||||
{
|
||||
local CFL="$CFLAGS"
|
||||
local SYSMALLOC=
|
||||
(
|
||||
cd luajit2-*
|
||||
CFLAGS="-Os"
|
||||
make clean
|
||||
make BUILDMODE=static XCFLAGS="-DLUAJIT_USE_SYSMALLOC -DLUAJIT_DISABLE_FFI $CFLAGS_PIC" HOST_CC="$HOST_CC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$OPTIMIZE $MINSIZE $CFL" TARGET_LDFLAGS="$CPU $LDMINSIZE $LDFLAGS"
|
||||
case $TARGET in
|
||||
aarch64*|mips64*)
|
||||
# sysmalloc can cause troubles without GC64. GC64 slows down by 10-15%. better not to use sysmalloc and leave lj_alloc.
|
||||
;;
|
||||
*)
|
||||
# save some exe size
|
||||
SYSMALLOC=-DLUAJIT_USE_SYSMALLOC
|
||||
esac
|
||||
make BUILDMODE=static XCFLAGS="$SYSMALLOC -DLUAJIT_DISABLE_FFI $CFLAGS_PIC" HOST_CC="$HOST_CC" CROSS= CC="$CC" TARGET_AR="$AR rcus" TARGET_STRIP=$STRIP TARGET_CFLAGS="$OPTIMIZE $MINSIZE $CFL" TARGET_LDFLAGS="$CPU $LDMINSIZE $LDFLAGS"
|
||||
make install PREFIX= DESTDIR="$STAGING_DIR"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -389,7 +389,8 @@ function syndata(ctx, desync)
|
||||
dis.payload = blob(desync, desync.arg.blob, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
|
||||
apply_fooling(desync, dis)
|
||||
if desync.arg.tls_mod then
|
||||
dis.payload = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil)
|
||||
local pl = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil)
|
||||
if pl then dis.payload = pl end
|
||||
end
|
||||
if b_debug then DLOG("syndata: "..hexdump_dlog(dis.payload)) end
|
||||
if rawsend_dissect_ipfrag(dis, desync_opts(desync)) then
|
||||
@@ -449,7 +450,8 @@ function fake(ctx, desync)
|
||||
end
|
||||
local fake_payload = blob(desync, desync.arg.blob)
|
||||
if desync.reasm_data and desync.arg.tls_mod then
|
||||
fake_payload = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data)
|
||||
local pl = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data)
|
||||
if pl then fake_payload = pl end
|
||||
end
|
||||
-- check debug to save CPU
|
||||
if b_debug then DLOG("fake: "..hexdump_dlog(fake_payload)) end
|
||||
|
||||
@@ -175,7 +175,12 @@ end
|
||||
-- arg : server=[0|1] - override server mode. by default use "--server" nfqws2 parameter
|
||||
function udp2icmp(ctx, desync)
|
||||
local dataxor
|
||||
local bserver = desync.arg.server and (desync.arg.server~="0") or b_server
|
||||
local bserver
|
||||
if desync.arg.server then
|
||||
bserver = desync.arg.server~="0"
|
||||
else
|
||||
bserver = b_server
|
||||
end
|
||||
|
||||
local function one_byte_arg(name)
|
||||
if desync.arg[name] then
|
||||
|
||||
@@ -14,6 +14,7 @@ CFLAGS_UBSAN = -fsanitize=undefined,alignment -fno-sanitize-recover=undefined,al
|
||||
LDFLAGS_PIE = -pie
|
||||
LDFLAGS += -flto=auto -Wl,--gc-sections $(LDFLAGS_PIE)
|
||||
LDFLAGS_ANDROID = -llog
|
||||
LDFLAGS_CYGWIN = -Wl,--build-id=none
|
||||
STRIPP=-s
|
||||
LIBS =
|
||||
LIBS_LINUX = -lz -lnetfilter_queue -lnfnetlink -lmnl -lm
|
||||
@@ -157,9 +158,9 @@ bsd: $(SRC_FILES)
|
||||
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_BSD) -o dvtws2 $(SRC_FILES) $(LIBS) $(LUA_LIB) $(LIBS_BSD) $(LDFLAGS)
|
||||
|
||||
cygwin64:
|
||||
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN64) -o winws2 $(SRC_FILES) $(RES_CYGWIN64) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN64) $(LDFLAGS)
|
||||
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN64) -o winws2 $(SRC_FILES) $(RES_CYGWIN64) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN64) $(LDFLAGS) $(LDFLAGS_CYGWIN)
|
||||
cygwin32:
|
||||
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN32) -o winws2 $(SRC_FILES) $(RES_CYGWIN32) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN32) $(LDFLAGS)
|
||||
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN32) -o winws2 $(SRC_FILES) $(RES_CYGWIN32) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN32) $(LDFLAGS) $(LDFLAGS_CYGWIN)
|
||||
cygwin: cygwin64
|
||||
|
||||
clean:
|
||||
|
||||
@@ -50,7 +50,6 @@ void qsort_ssize_t(ssize_t *array, int ct)
|
||||
qsort(array, ct, sizeof(*array), cmp_ssize_t);
|
||||
}
|
||||
|
||||
|
||||
int str_index(const char **strs, int count, const char *str)
|
||||
{
|
||||
for (int i = 0; i < count; i++)
|
||||
|
||||
@@ -12,6 +12,9 @@
|
||||
#include <fcntl.h>
|
||||
|
||||
#define UNARY_PLUS(v) (v>0 ? "+" : "")
|
||||
//#define MIN(v1,v2) ((v1)<(v2) ? (v1) : (v2))
|
||||
//#define MAX(v1,v2) ((v1)<(v2) ? (v2) : (v1))
|
||||
|
||||
|
||||
// this saves memory. sockaddr_storage is larger than required. it can be 128 bytes. sockaddr_in6 is 28 bytes.
|
||||
typedef union
|
||||
|
||||
11
nfq2/lua.c
11
nfq2/lua.c
@@ -3350,7 +3350,6 @@ static int luacall_tls_mod(lua_State *L)
|
||||
int argc=lua_gettop(L);
|
||||
|
||||
size_t fake_tls_len;
|
||||
bool bRes;
|
||||
const uint8_t *fake_tls = (uint8_t*)lua_reqlstring(L,1,&fake_tls_len);
|
||||
const char *modlist = lua_reqstring(L,2);
|
||||
|
||||
@@ -3370,8 +3369,10 @@ static int luacall_tls_mod(lua_State *L)
|
||||
uint8_t *newtls = lua_newuserdata(L, maxlen);
|
||||
|
||||
memcpy(newtls, fake_tls, newlen);
|
||||
bRes = TLSMod(&mod, payload, payload_len, newtls, &newlen, maxlen);
|
||||
lua_pushlstring(L,(char*)newtls,newlen);
|
||||
if (TLSMod(&mod, payload, payload_len, newtls, &newlen, maxlen))
|
||||
lua_pushlstring(L,(char*)newtls,newlen);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
|
||||
lua_remove(L,-2);
|
||||
}
|
||||
@@ -3379,11 +3380,9 @@ static int luacall_tls_mod(lua_State *L)
|
||||
{
|
||||
// no mod. push it back
|
||||
lua_pushlstring(L,(char*)fake_tls,fake_tls_len);
|
||||
bRes = true;
|
||||
}
|
||||
lua_pushboolean(L, bRes);
|
||||
|
||||
LUA_STACK_GUARD_RETURN(L,2)
|
||||
LUA_STACK_GUARD_RETURN(L,1)
|
||||
}
|
||||
|
||||
struct userdata_zs
|
||||
|
||||
@@ -649,9 +649,11 @@ bool TLSAdvanceToHostInSNI(const uint8_t **ext, size_t *elen, size_t *slen)
|
||||
// u8 data+2 - server name type. 0=host_name
|
||||
// u16 data+3 - server name length
|
||||
if (*elen < 5 || (*ext)[2] != 0) return false;
|
||||
uint16_t nll = pntoh16(*ext);
|
||||
*slen = pntoh16(*ext + 3);
|
||||
if (nll<(*slen+3) || *slen > *elen-5) return false;
|
||||
*ext += 5; *elen -= 5;
|
||||
return *slen <= *elen;
|
||||
return true;
|
||||
}
|
||||
static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, size_t len_host)
|
||||
{
|
||||
@@ -1252,6 +1254,13 @@ static int cmp_range64(const void * a, const void * b)
|
||||
{
|
||||
return (((struct range64*)a)->offset < ((struct range64*)b)->offset) ? -1 : (((struct range64*)a)->offset > ((struct range64*)b)->offset) ? 1 : 0;
|
||||
}
|
||||
/*
|
||||
static bool intersected_u64(uint64_t l1, uint64_t r1, uint64_t l2, uint64_t r2)
|
||||
{
|
||||
return l1 <= r2 && l2 <= r1;
|
||||
}
|
||||
*/
|
||||
|
||||
bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,size_t *defrag_len, bool *bFull)
|
||||
{
|
||||
// Crypto frame can be split into multiple chunks
|
||||
@@ -1265,7 +1274,7 @@ bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,siz
|
||||
uint64_t offset,sz,szmax=0,zeropos=0,pos=0;
|
||||
bool found=false;
|
||||
struct range64 ranges[MAX_DEFRAG_PIECES];
|
||||
int i,range=0;
|
||||
int i,j,range=0;
|
||||
|
||||
while(pos<clean_len)
|
||||
{
|
||||
@@ -1287,24 +1296,54 @@ bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,siz
|
||||
if ((pos+sz)>clean_len) return false;
|
||||
|
||||
if ((offset+sz)>defrag_data_len) return false; // defrag buf overflow
|
||||
|
||||
// remove exact duplicates early to save cpu
|
||||
for(i=0;i<range;i++)
|
||||
if (ranges[i].offset==offset && ranges[i].len==sz)
|
||||
goto skip_range;
|
||||
|
||||
if (zeropos < offset)
|
||||
// make sure no uninitialized gaps exist in case of not full fragment coverage
|
||||
memset(defrag_data+zeropos,0,offset-zeropos);
|
||||
if ((offset+sz) > zeropos)
|
||||
zeropos=offset+sz;
|
||||
memcpy(defrag_data+offset,clean+pos,sz);
|
||||
if ((offset+sz) > szmax) szmax = offset+sz;
|
||||
|
||||
found=true;
|
||||
pos+=sz;
|
||||
|
||||
if ((offset+sz) > szmax) szmax = offset+sz;
|
||||
memcpy(defrag_data+offset,clean+pos,sz);
|
||||
ranges[range].offset = offset;
|
||||
ranges[range].len = sz;
|
||||
range++;
|
||||
skip_range:
|
||||
pos+=sz;
|
||||
}
|
||||
}
|
||||
if (found)
|
||||
{
|
||||
qsort(ranges, range, sizeof(*ranges), cmp_range64);
|
||||
|
||||
// for(i=0 ; i<range ; i++)
|
||||
// printf("range1 %llu-%llu\n",ranges[i].offset,ranges[i].offset+ranges[i].len);
|
||||
|
||||
if (range>0)
|
||||
{
|
||||
for (j=0,i=1; i < range; i++)
|
||||
{
|
||||
uint64_t current_end = ranges[j].offset + ranges[j].len;
|
||||
uint64_t next_start = ranges[i].offset;
|
||||
uint64_t next_end = ranges[i].offset + ranges[i].len;
|
||||
|
||||
if (next_start <= current_end)
|
||||
ranges[j].len = MAX(next_end,current_end) - ranges[j].offset;
|
||||
else
|
||||
ranges[++j] = ranges[i];
|
||||
}
|
||||
range = j+1;
|
||||
}
|
||||
|
||||
// for(i=0 ; i<range ; i++)
|
||||
// printf("range2 %llu-%llu\n",ranges[i].offset,ranges[i].offset+ranges[i].len);
|
||||
|
||||
defrag[0] = 6;
|
||||
defrag[1] = 0; // offset
|
||||
// 2..9 - length 64 bit
|
||||
@@ -1313,21 +1352,7 @@ bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,siz
|
||||
defrag[2] |= 0xC0; // 64 bit value
|
||||
*defrag_len = (size_t)(szmax+10);
|
||||
|
||||
qsort(ranges, range, sizeof(*ranges), cmp_range64);
|
||||
|
||||
//for(i=0 ; i<range ; i++)
|
||||
// printf("RANGE %zu len %zu\n",ranges[i].offset,ranges[i].len);
|
||||
|
||||
for(i=0,offset=0,*bFull=true ; i<range ; i++)
|
||||
{
|
||||
if (ranges[i].offset!=offset)
|
||||
{
|
||||
*bFull = false;
|
||||
break;
|
||||
}
|
||||
offset += ranges[i].len;
|
||||
}
|
||||
|
||||
*bFull = range==1 && !ranges[0].offset;
|
||||
//printf("bFull=%u\n",*bFull);
|
||||
}
|
||||
return found;
|
||||
@@ -1350,6 +1375,8 @@ bool IsQUICInitial(const uint8_t *data, size_t len)
|
||||
if (data[offset] > QUIC_MAX_CID_LENGTH) return false;
|
||||
offset += 1 + data[offset];
|
||||
|
||||
if (offset>=len) return false;
|
||||
|
||||
// SCID
|
||||
if (data[offset] > QUIC_MAX_CID_LENGTH) return false;
|
||||
offset += 1 + data[offset];
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user