Remove --ip-opt

2025-06-30 02:31:15 +00:00 · 2025-02-24 17:26:13 +03:00 · 2025-02-24 17:26:13 +03:00 · 0872c4044a
commit 0872c4044a
parent a6acea0ded
3 changed files with 27 additions and 84 deletions
--- a/desync.c
+++ b/desync.c
@ -51,17 +51,6 @@ int setttl(int fd, int ttl)


 #ifdef __linux__
-static int get_family(const struct sockaddr_in6 *dst)
-{
-    static const char map[12] = "\0\0\0\0\0\0\0\0\0\0\xff\xff";
-    if (dst->sin6_family == AF_INET6 
-            && !memcmp(&dst->sin6_addr, map, sizeof(map))) {
-        return AF_INET;
-    }
-    return dst->sin6_family;
-}
-
-
 static int drop_sack(int fd)
 {
    struct sock_filter code[] = {
@ -136,26 +125,37 @@ static struct packet get_tcp_fake(const char *buffer, size_t n,


 #ifdef __linux__
-static ssize_t send_fake(int sfd, const char *buffer,
-        long pos, const struct desync_params *opt, struct packet pkt)
+static int set_md5sig(int sfd, unsigned short key_len)
 {
-    struct sockaddr_in6 addr;
-    socklen_t addr_size = sizeof(addr);
+    struct tcp_md5sig md5 = {
+        .tcpm_keylen = key_len
+    };
+    socklen_t addr_size = sizeof(md5.tcpm_addr);
    
-    if (opt->md5sig || opt->ip_options) {
    if (getpeername(sfd, 
-                (struct sockaddr *)&addr, &addr_size) < 0) {
+            (struct sockaddr *)&md5.tcpm_addr, &addr_size) < 0) {
        uniperror("getpeername");
        return -1;
    }
+    if (setsockopt(sfd, IPPROTO_TCP,
+            TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) {
+        uniperror("setsockopt TCP_MD5SIG");
+        return -1;
    }
+    return 0;
+}
+
+
+static ssize_t send_fake(int sfd, const char *buffer,
+        long pos, const struct desync_params *opt, struct packet pkt)
+{
    int fds[2];
    if (pipe(fds) < 0) {
        uniperror("pipe");
        return -1;
    }
    char *p = 0;
-    ssize_t len = -1;
+    ssize_t ret = -1;
    
    while (1) {
        p = mmap(0, pos, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
@ -169,27 +169,12 @@ static ssize_t send_fake(int sfd, const char *buffer,
        if (setttl(sfd, opt->ttl ? opt->ttl : DEFAULT_TTL) < 0) {
            break;
        }
-        if (opt->md5sig) {
-            struct tcp_md5sig md5 = {
-                .tcpm_keylen = 5
-            };
-            memcpy(&md5.tcpm_addr, &addr, addr_size);
-            
-            if (setsockopt(sfd, IPPROTO_TCP,
-                    TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) {
-                uniperror("setsockopt TCP_MD5SIG");
-                break;
-            }
-        }
-        if (opt->ip_options && get_family(&addr) == AF_INET 
-            && setsockopt(sfd, IPPROTO_IP, IP_OPTIONS,
-                opt->ip_options, opt->ip_options_len) < 0) {
-            uniperror("setsockopt IP_OPTIONS");
+        if (opt->md5sig && set_md5sig(sfd, 5)) {
            break;
        }
        struct iovec vec = { .iov_base = p, .iov_len = pos };
        
-        len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT);
+        ssize_t len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT);
        if (len < 0) {
            uniperror("vmsplice");
            break;
@ -204,30 +189,16 @@ static ssize_t send_fake(int sfd, const char *buffer,
        if (setttl(sfd, params.def_ttl) < 0) {
            break;
        }
-        if (opt->ip_options && get_family(&addr) == AF_INET 
-            && setsockopt(sfd, IPPROTO_IP,
-                IP_OPTIONS, opt->ip_options, 0) < 0) {
-            uniperror("setsockopt IP_OPTIONS");
+        if (opt->md5sig && set_md5sig(sfd, 0)) {
            break;
        }
-        if (opt->md5sig) {
-            struct tcp_md5sig md5 = {
-                .tcpm_keylen = 0
-            };
-            memcpy(&md5.tcpm_addr, &addr, addr_size);
-            
-            if (setsockopt(sfd, IPPROTO_TCP,
-                    TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) {
-                uniperror("setsockopt TCP_MD5SIG");
-                break;
-            }
-        }
+        ret = len;
        break;
    }
    if (p) munmap(p, pos);
    close(fds[0]);
    close(fds[1]);
-    return len;
+    return ret;
 }
 #endif

--- a/main.c
+++ b/main.c
@ -31,8 +31,6 @@ ASSERT(sizeof(struct in_addr) == 4)
 ASSERT(sizeof(struct in6_addr) == 16)


-char ip_option[1] = "\0";
-
 struct packet fake_tls = { 
    sizeof(tls_data), tls_data 
 },
@ -106,7 +104,6 @@ static const char help_text[] = {
    #ifdef FAKE_SUPPORT
    "    -f, --fake <pos_t>        Split and send fake packet\n"
    #ifdef __linux__
-    "    -k, --ip-opt[=f|:str]     IP options of fake packets\n"
    "    -S, --md5sig              Add MD5 Signature option for fake packets\n"
    #endif
    "    -n, --tls-sni <str>       Change SNI in fake ClientHello\n"
@ -165,7 +162,6 @@ const struct option options[] = {
    #ifdef FAKE_SUPPORT
    {"fake",          1, 0, 'f'},
    #ifdef __linux__
-    {"ip-opt",        2, 0, 'k'},
    {"md5sig",        0, 0, 'S'},
    #endif
    {"tls-sni",       1, 0, 'n'},
@ -582,10 +578,6 @@ void clear_params(void)
    if (params.dp) {
        for (int i = 0; i < params.dp_count; i++) {
            struct desync_params s = params.dp[i];
-            if (s.ip_options != ip_option) {
-                free(s.ip_options);
-                s.ip_options = ip_option;
-            }
            if (s.parts != 0) {
                free(s.parts);
                s.parts = 0;
@ -919,22 +911,6 @@ int main(int argc, char **argv)
                dp->ttl = val;
            break;
            
-        case 'k':
-            if (dp->ip_options) {
-                continue;
-            }
-            if (optarg)
-                dp->ip_options = ftob(optarg, &dp->ip_options_len);
-            else {
-                dp->ip_options = ip_option;
-                dp->ip_options_len = sizeof(ip_option);
-            }
-            if (!dp->ip_options) {
-                uniperror("read/parse");
-                invalid = 1;
-            }
-            break;
-            
        case 'S':
            dp->md5sig = 1;
            break;
--- a/params.h
+++ b/params.h
@ -71,8 +71,6 @@ struct packet {

 struct desync_params {
    int ttl;
-    char *ip_options;
-    ssize_t ip_options_len;
    bool md5sig;
    struct packet fake_data;
    int udp_fake_count;
@ -136,8 +134,6 @@ extern struct packet fake_tls;
 extern struct packet fake_http;
 extern struct packet fake_udp;

-extern char ip_option[1];
-
 #define ASSERT(exp) \
    char t[(exp) ? 1 : -1];
 #endif