Add Fake Packet maximum TTL limit to Auto TTL mode

This patchset adds maximum TTL size of the fake packet to be sent,
to further  improve compatibility with asymmertic routing and
non-standard TTL value set on servers.
This commit is contained in:
ValdikSS 2021-12-29 02:01:51 +03:00
parent 8911e459d8
commit 46c4f36de8
4 changed files with 37 additions and 15 deletions

View File

@ -36,10 +36,11 @@ Usage: goodbyedpi.exe [OPTION...]
This option can be supplied multiple times. This option can be supplied multiple times.
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value. --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care. DANGEROUS! May break websites in unexpected ways. Use with care.
--auto-ttl [a1-a2] activate Fake Request Mode, automatically detect TTL and decrease --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease
it based on a distance. If the distance is shorter than a2, TTL is decreased it based on a distance. If the distance is shorter than a2, TTL is decreased
by a2. If it's longer, (a1; a2) scale is used with the distance as a weight. by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.
Default (if set): --auto-ttl 1-4, also sets --min-ttl 3. If the resulting TTL is more than m(ax), set it to m.
Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3.
--min-ttl <value> minimum TTL distance (128/64 - TTL) for which to send Fake Request --min-ttl <value> minimum TTL distance (128/64 - TTL) for which to send Fake Request
in --set-ttl and --auto-ttl modes. in --set-ttl and --auto-ttl modes.
--wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum. --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.

View File

@ -110,14 +110,15 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
TCP_HANDLE_OUTGOING_TTL_PARSE_PACKET_IF() { \ TCP_HANDLE_OUTGOING_TTL_PARSE_PACKET_IF() { \
if (do_auto_ttl) { \ if (do_auto_ttl) { \
/* If Auto TTL mode */ \ /* If Auto TTL mode */ \
ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, auto_ttl_1, auto_ttl_2, ttl_min_nhops); \ ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, auto_ttl_1, auto_ttl_2, \
ttl_min_nhops, auto_ttl_max); \
if (do_tcp_verb) { \ if (do_tcp_verb) { \
printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \ printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \
} \ } \
} \ } \
else if (ttl_min_nhops) { \ else if (ttl_min_nhops) { \
/* If not Auto TTL mode but --min-ttl is set */ \ /* If not Auto TTL mode but --min-ttl is set */ \
if (tcp_get_auto_ttl(tcp_conn_info.ttl, 0, 0, ttl_min_nhops)) { \ if (tcp_get_auto_ttl(tcp_conn_info.ttl, 0, 0, ttl_min_nhops, 0)) { \
/* Send only if nhops > min_ttl */ \ /* Send only if nhops > min_ttl */ \
should_send_fake = 0; \ should_send_fake = 0; \
} \ } \
@ -552,6 +553,7 @@ int main(int argc, char *argv[]) {
BYTE ttl_min_nhops = 0; BYTE ttl_min_nhops = 0;
BYTE auto_ttl_1 = 0; BYTE auto_ttl_1 = 0;
BYTE auto_ttl_2 = 0; BYTE auto_ttl_2 = 0;
BYTE auto_ttl_max = 0;
uint32_t dnsv4_addr = 0; uint32_t dnsv4_addr = 0;
struct in6_addr dnsv6_addr = {0}; struct in6_addr dnsv6_addr = {0};
struct in6_addr dns_temp_addr = {0}; struct in6_addr dns_temp_addr = {0};
@ -604,7 +606,7 @@ int main(int argc, char *argv[]) {
http_fragment_size = https_fragment_size = 2; http_fragment_size = https_fragment_size = 2;
do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1;
do_fake_packet = 1; do_fake_packet = 1;
do_auto_ttl = 4; do_auto_ttl = 1;
} }
while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) { while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) {
@ -636,7 +638,7 @@ int main(int argc, char *argv[]) {
http_fragment_size = https_fragment_size = 2; http_fragment_size = https_fragment_size = 2;
do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1;
do_fake_packet = 1; do_fake_packet = 1;
do_auto_ttl = 4; do_auto_ttl = 1;
break; break;
case '6': case '6':
do_fragment_http = do_fragment_https = 1; do_fragment_http = do_fragment_https = 1;
@ -796,6 +798,12 @@ int main(int argc, char *argv[]) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
auto_ttl_2 = atoub(autottl_current, "Set Auto TTL parameter error!"); auto_ttl_2 = atoub(autottl_current, "Set Auto TTL parameter error!");
autottl_current = strtok(NULL, "-");
if (!autottl_current) {
puts("Set Auto TTL parameter error!");
exit(EXIT_FAILURE);
}
auto_ttl_max = atoub(autottl_current, "Set Auto TTL parameter error!");
} }
else { else {
// single digit parser // single digit parser
@ -847,11 +855,13 @@ int main(int argc, char *argv[]) {
" supplied text file (HTTP Host/TLS SNI).\n" " supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n" " This option can be supplied multiple times.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n" " --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care.\n" " DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
" --auto-ttl [a1-a2] activate Fake Request Mode, automatically detect TTL and decrease\n" " --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease\n"
" it based on a distance. If the distance is shorter than a2, TTL is decreased\n" " it based on a distance. If the distance is shorter than a2, TTL is decreased\n"
" by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.\n" " by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.\n"
" Default (if set): --auto-ttl 1-4, also sets --min-ttl 3.\n" " If the resulting TTL is more than m(ax), set it to m.\n"
" Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
" --min-ttl <value> minimum TTL distance (128/64 - TTL) for which to send Fake Request\n" " --min-ttl <value> minimum TTL distance (128/64 - TTL) for which to send Fake Request\n"
" in --set-ttl and --auto-ttl modes.\n" " in --set-ttl and --auto-ttl modes.\n"
" --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.\n" " --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.\n"
@ -887,8 +897,12 @@ int main(int argc, char *argv[]) {
auto_ttl_1 = 1; auto_ttl_1 = 1;
if (!auto_ttl_2) if (!auto_ttl_2)
auto_ttl_2 = 4; auto_ttl_2 = 4;
if (do_auto_ttl && !ttl_min_nhops) if (do_auto_ttl) {
ttl_min_nhops = 3; if (!ttl_min_nhops)
ttl_min_nhops = 3;
if (!auto_ttl_max)
auto_ttl_max = 10;
}
printf("Block passive: %d\n" /* 1 */ printf("Block passive: %d\n" /* 1 */
"Fragment HTTP: %u\n" /* 2 */ "Fragment HTTP: %u\n" /* 2 */
@ -904,7 +918,7 @@ int main(int argc, char *argv[]) {
"HTTP Persistent Nowait: %d\n" /* 12 */ "HTTP Persistent Nowait: %d\n" /* 12 */
"DNS redirect: %d\n" /* 13 */ "DNS redirect: %d\n" /* 13 */
"DNSv6 redirect: %d\n" /* 14 */ "DNSv6 redirect: %d\n" /* 14 */
"Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu, min distance: %hu)\n" /* 15 */ "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 15 */
"Fake requests, wrong checksum: %d\n" /* 16 */ "Fake requests, wrong checksum: %d\n" /* 16 */
"Fake requests, wrong SEQ/ACK: %d\n", /* 17 */ "Fake requests, wrong SEQ/ACK: %d\n", /* 17 */
do_passivedpi, /* 1 */ do_passivedpi, /* 1 */
@ -922,7 +936,8 @@ int main(int argc, char *argv[]) {
do_dnsv4_redirect, /* 13 */ do_dnsv4_redirect, /* 13 */
do_dnsv6_redirect, /* 14 */ do_dnsv6_redirect, /* 14 */
ttl_of_fake_packet ? "fixed" : (do_auto_ttl ? "auto" : "disabled"), /* 15 */ ttl_of_fake_packet ? "fixed" : (do_auto_ttl ? "auto" : "disabled"), /* 15 */
ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0, ttl_min_nhops, ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0,
do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
do_wrong_chksum, /* 16 */ do_wrong_chksum, /* 16 */
do_wrong_seq /* 17 */ do_wrong_seq /* 17 */
); );

View File

@ -220,7 +220,8 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
} }
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops) { const uint8_t autottl2, const uint8_t minhops,
const uint8_t maxttl) {
uint8_t nhops = 0; uint8_t nhops = 0;
uint8_t ttl_of_fake_packet = 0; uint8_t ttl_of_fake_packet = 0;
@ -243,5 +244,9 @@ int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10)); ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
} }
if (maxttl && ttl_of_fake_packet > maxttl) {
ttl_of_fake_packet = maxttl;
}
return ttl_of_fake_packet; return ttl_of_fake_packet;
} }

View File

@ -22,5 +22,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
uint8_t is_ipv6); uint8_t is_ipv6);
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops); const uint8_t autottl2, const uint8_t minhops,
const uint8_t maxttl);
#endif #endif