tpws: fix socks-hostname hostlist checks

bol-van · Nov 22, 2024 · 4628493 · 4628493
1 parent 0937855
commit 4628493
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 22 deletions.
diff --git a/tpws/tamper.c b/tpws/tamper.c
@@ -140,11 +140,6 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
 
 	if (bHaveHost)
 		VPRINT("request hostname: %s\n", Host);
-	if (ctrack->b_not_act)
-	{
-		VPRINT("Not acting on this request\n");
-		return;
-	}
 
 	bool bDiscoveredL7 = ctrack->l7proto==UNKNOWN && l7proto!=UNKNOWN;
 	if (bDiscoveredL7)
@@ -169,17 +164,25 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
 		struct desync_profile *dp_prev = ctrack->dp;
 		apply_desync_profile(ctrack, dest);
 		if (ctrack->dp!=dp_prev)
+		{
 			VPRINT("desync profile changed by revealed l7 protocol or hostname !\n");
+			ctrack->b_host_checked = ctrack->b_ah_check = false;
+		}
 	}
 
-	if (bDiscoveredHostname && ctrack->dp->hostlist_auto)
+	if (l7proto!=UNKNOWN && ctrack->dp->hostlist_auto)
 	{
-		bool bHostExcluded;
-		if (!HostlistCheck(ctrack->dp, Host, &bHostExcluded, false))
+		if (bHaveHost && !ctrack->b_host_checked)
+		{
+			bool bHostExcluded;
+			ctrack->b_host_matches = HostlistCheck(ctrack->dp, Host, &bHostExcluded, false);
+			ctrack->b_host_checked = true;
+			if (!ctrack->b_host_matches)
+				ctrack->b_ah_check = !bHostExcluded;
+		}
+		if (!ctrack->b_host_matches)
 		{
-			ctrack->b_ah_check = !bHostExcluded;
 			VPRINT("Not acting on this request\n");
-			ctrack->b_not_act = true;
 			return;
 		}
 	}

diff --git a/tpws/tamper.h b/tpws/tamper.h
@@ -14,8 +14,7 @@ typedef struct
 	// common state
 	t_l7proto l7proto;
 	bool bTamperInCutoff;
-	bool b_ah_check;
-	bool b_not_act;
+	bool b_host_checked,b_host_matches,b_ah_check;
 	char *hostname;
 	struct desync_profile *dp;		// desync profile cache
 } t_ctrack;

diff --git a/tpws/tpws_conn.c b/tpws/tpws_conn.c
@@ -479,6 +479,30 @@ static int connect_remote(const struct sockaddr *remote_addr, int mss)
 	return remote_fd;
 }
 
+static bool connect_remote_conn(tproxy_conn_t *conn)
+{
+	int mss=0;
+
+	apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
+
+	if (conn->track.dp)
+	{
+		mss = conn->track.dp->mss;
+		if (conn->track.dp->hostlist_auto)
+		{
+			if (conn->track.hostname)
+			{
+				bool bHostExcluded;
+				conn->track.b_host_matches = HostlistCheck(conn->track.dp, conn->track.hostname, &bHostExcluded, false);
+				conn->track.b_host_checked = true;
+				if (!conn->track.b_host_matches) conn->track.b_ah_check = !bHostExcluded;
+				if (!conn->track.b_host_matches) mss = 0;
+			}
+		}
+	}
+
+	return (conn->partner->fd = connect_remote((struct sockaddr *)&conn->dest, mss))>=0;
+}
 
 //Free resources occupied by this connection
 static void free_conn(tproxy_conn_t *conn)
@@ -636,9 +660,7 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
 		conn->partner->client = conn->client;
 		conn->partner->dest = conn->dest;
 
-		apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
-
-		if ((conn->partner->fd = connect_remote((struct sockaddr *)&orig_dst, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
+		if (!connect_remote_conn(conn))
 		{
 			DLOG_ERR("Failed to connect\n");
 			free_conn(conn->partner);
@@ -811,14 +833,7 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
 		return false;
 	}
 
-	apply_desync_profile(&conn->track, (struct sockaddr *)&conn->dest);
 
-	if ((remote_fd = connect_remote((struct sockaddr *)&conn->dest, conn->track.dp ? conn->track.dp->mss : 0)) < 0)
-	{
-		DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
-		socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
-		return false;
-	}
 	if (!(conn->partner = new_conn(remote_fd, true)))
 	{
 		close(remote_fd);
@@ -830,6 +845,15 @@ static bool proxy_mode_connect_remote(tproxy_conn_t *conn, struct tailhead *conn
 	conn->partner->efd = conn->efd;
 	conn->partner->client = conn->client;
 	conn->partner->dest = conn->dest;
+
+	if (!connect_remote_conn(conn))
+	{
+		free_conn(conn->partner); conn->partner = NULL;
+		DLOG_ERR("socks failed to connect (1) errno=%d\n", errno);
+		socks_send_rep_errno(conn->socks_ver, conn->fd, errno);
+		return false;
+	}
+
 	if (!epoll_set(conn->partner, EPOLLOUT))
 	{
 		DLOG_ERR("socks epoll_set error %d\n", errno);