feat: Add hop count estimation

Author: MikeWang000000

include/globvar.h

@@ -31,6 +31,7 @@ struct fh_context {
     /* -6 */ int use_ipv6;
     /* -d */ int daemon;
     /* -f */ int skipfw;
+    /* -g */ int nohopest;
     /* -h */ const char *hostname;
     /* -i */ const char *iface;
     /* -k */ int killproc;

include/ipv4pkt.h

@@ -25,8 +25,8 @@
 #include <netinet/tcp.h>
 
 int fh_pkt4_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
-                  struct sockaddr *daddr, struct tcphdr **tcph_ptr,
-                  int *tcp_payload_len);
+                  struct sockaddr *daddr, uint8_t *ttl,
+                  struct tcphdr **tcph_ptr, int *tcp_payload_len);
 
 int fh_pkt4_make(char *buffer, size_t buffer_size, struct sockaddr *saddr,
                  struct sockaddr *daddr, uint16_t sport_be, uint16_t dport_be,

include/ipv6pkt.h

@@ -25,8 +25,8 @@
 #include <netinet/tcp.h>
 
 int fh_pkt6_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
-                  struct sockaddr *daddr, struct tcphdr **tcph_ptr,
-                  int *tcp_payload_len);
+                  struct sockaddr *daddr, uint8_t *ttl,
+                  struct tcphdr **tcph_ptr, int *tcp_payload_len);
 
 int fh_pkt6_make(char *buffer, size_t buffer_size, struct sockaddr *saddr,
                  struct sockaddr *daddr, uint16_t sport_be, uint16_t dport_be,

src/globvar.c

@@ -30,6 +30,7 @@ struct fh_context g_ctx = {.exit = 0,
                            /* -6 */ .use_ipv6 = 0,
                            /* -d */ .daemon = 0,
                            /* -f */ .skipfw = 0,
+                           /* -g */ .nohopest = 0,
                            /* -h */ .hostname = NULL,
                            /* -i */ .iface = NULL,
                            /* -k */ .killproc = 0,

src/ipv4pkt.c

@@ -34,8 +34,8 @@
 #include "logging.h"
 
 int fh_pkt4_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
-                  struct sockaddr *daddr, struct tcphdr **tcph_ptr,
-                  int *tcp_payload_len)
+                  struct sockaddr *daddr, uint8_t *ttl,
+                  struct tcphdr **tcph_ptr, int *tcp_payload_len)
 {
     struct iphdr *iph;
     struct tcphdr *tcph;
@@ -83,6 +83,7 @@ int fh_pkt4_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
     daddr_in->sin_family = AF_INET;
     daddr_in->sin_addr.s_addr = iph->daddr;
 
+    *ttl = iph->ttl;
     *tcph_ptr = tcph;
     *tcp_payload_len = pkt_len - iph_len - tcph_len;
 

src/ipv6pkt.c

@@ -34,8 +34,8 @@
 #include "logging.h"
 
 int fh_pkt6_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
-                  struct sockaddr *daddr, struct tcphdr **tcph_ptr,
-                  int *tcp_payload_len)
+                  struct sockaddr *daddr, uint8_t *ttl,
+                  struct tcphdr **tcph_ptr, int *tcp_payload_len)
 {
     struct ip6_hdr *ip6h;
     struct tcphdr *tcph;
@@ -79,6 +79,7 @@ int fh_pkt6_parse(void *pkt_data, int pkt_len, struct sockaddr *saddr,
     daddr_in6->sin6_family = AF_INET6;
     memcpy(&daddr_in6->sin6_addr, &ip6h->ip6_dst, sizeof(struct in6_addr));
 
+    *ttl = ip6h->ip6_hlim;
     *tcph_ptr = tcph;
     *tcp_payload_len = pkt_len - ip6h_len - tcph_len;
 

src/mainfun.c

@@ -54,6 +54,7 @@ static void print_usage(const char *name)
             "  -6                 enable IPv6\n"
             "  -d                 run as a daemon\n"
             "  -f                 skip firewall rules\n"
+            "  -g                 disable hop count estimation\n"
             "  -h <hostname>      hostname for obfuscation (required)\n"
             "  -i <interface>     network interface name (required)\n"
             "  -k                 kill the running process\n"

src/rawsend.c

@@ -36,6 +36,17 @@
 
 static int sockfd = -1;
 
+static int hop_estimate(uint8_t ttl)
+{
+    if (ttl <= 64) {
+        return 64 - ttl;
+    } else if (ttl <= 128) {
+        return 128 - ttl;
+    } else {
+        return 255 - ttl;
+    }
+}
+
 static void ipaddr_to_str(struct sockaddr *addr, char ipstr[INET6_ADDRSTRLEN])
 {
     static const char invalid[] = "INVALID";
@@ -220,7 +231,8 @@ int fh_rawsend_handle(struct sockaddr_ll *sll, uint8_t *pkt_data, int pkt_len)
 {
     uint32_t ack_new;
     uint16_t ethertype;
-    int res, i, tcp_payload_len;
+    int res, i, tcp_payload_len, hop;
+    uint8_t src_ttl;
     struct tcphdr *tcph;
     char src_ip[INET6_ADDRSTRLEN], dst_ip[INET6_ADDRSTRLEN];
     struct sockaddr_storage saddr_store, daddr_store;
@@ -231,14 +243,14 @@ int fh_rawsend_handle(struct sockaddr_ll *sll, uint8_t *pkt_data, int pkt_len)
 
     ethertype = ntohs(sll->sll_protocol);
     if (g_ctx.use_ipv4 && ethertype == ETHERTYPE_IP) {
-        res = fh_pkt4_parse(pkt_data, pkt_len, saddr, daddr, &tcph,
+        res = fh_pkt4_parse(pkt_data, pkt_len, saddr, daddr, &src_ttl, &tcph,
                             &tcp_payload_len);
         if (res < 0) {
             E(T(fh_pkt4_parse));
             return -1;
         }
     } else if (g_ctx.use_ipv6 && ethertype == ETHERTYPE_IPV6) {
-        res = fh_pkt6_parse(pkt_data, pkt_len, saddr, daddr, &tcph,
+        res = fh_pkt6_parse(pkt_data, pkt_len, saddr, daddr, &src_ttl, &tcph,
                             &tcp_payload_len);
         if (res < 0) {
             E(T(fh_pkt6_parse));
@@ -254,6 +266,15 @@ int fh_rawsend_handle(struct sockaddr_ll *sll, uint8_t *pkt_data, int pkt_len)
         ipaddr_to_str(daddr, dst_ip);
     }
 
+    if (!g_ctx.nohopest) {
+        hop = hop_estimate(src_ttl);
+        if (hop <= g_ctx.ttl) {
+            E_INFO("%s:%u ===LOCAL(?)===> %s:%u", src_ip, ntohs(tcph->source),
+                   dst_ip, ntohs(tcph->dest));
+            return 0;
+        }
+    }
+
     if (tcp_payload_len > 0) {
         E_INFO("%s:%u ===PAYLOAD(?)===> %s:%u", src_ip, ntohs(tcph->source),
                dst_ip, ntohs(tcph->dest));