Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OICQAnalyzer #42

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add OICQAnalyzer #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
94686f9
Add OICQAnalyzer
HynoR Jan 31, 2024
5f12e68
change version to param
HynoR Feb 1, 2024
c55aaa5
change version to param
HynoR Feb 1, 2024
f7498b2
optimized
HynoR Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.ja.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ workers:
- name: block CN geoip
action: block
expr: geoip(string(ip.dst), "cn")

- name: block qq number 1145141919 communication
action: block
expr: oicq != nil && oicq.number == 1145141919
```

#### サポートされるアクション
Expand Down
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,10 @@ to [Expr Language Definition](https://expr-lang.org/docs/language-definition).
- name: block CN geoip
action: block
expr: geoip(string(ip.dst), "cn")

- name: block qq number 1145141919 communication
action: block
expr: oicq != nil && oicq.number == 1145141919
```

#### Supported actions
Expand Down
4 changes: 4 additions & 0 deletions README.zh.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ workers:
- name: block CN geoip
action: block
expr: geoip(string(ip.dst), "cn")

- name: block qq number 1145141919 communication
action: block
expr: oicq != nil && oicq.number == 1145141919
```

#### 支持的 action
Expand Down
77 changes: 77 additions & 0 deletions analyzer/udp/oicq.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
package udp

import (
"encoding/binary"
"github.com/apernet/OpenGFW/analyzer"
)

const (
OICQPacketStartFlag = 0x02
OICQPacketEndFlag = 0x03
)

// OICQAnalyzer OICQ is an IM Software protocol, Usually used by QQ
var _ analyzer.UDPAnalyzer = (*OICQAnalyzer)(nil)

type OICQAnalyzer struct{}

func (a *OICQAnalyzer) Name() string {
return "oicq"
}

func (a *OICQAnalyzer) Limit() int {
return 0
}

func (a *OICQAnalyzer) NewUDP(info analyzer.UDPInfo, logger analyzer.Logger) analyzer.UDPStream {
return &OICQStream{logger: logger}
}

type OICQStream struct {
logger analyzer.Logger
}

func (s *OICQStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done bool) {
m := parseOICQMessage(data)
if m == nil {
return nil, true
}
return &analyzer.PropUpdate{
Type: analyzer.PropUpdateReplace,
M: m,
}, true
}

func (s *OICQStream) Close(limited bool) *analyzer.PropUpdate {
return nil
}

func parseOICQMessage(data []byte) analyzer.PropMap {
/* preInfo struct
SFlag: 0x02 EFlag: 0x03
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
|SFlag| Version | Command | Sequence | Number |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
| ................Data................(Dynamic Len)|EFlag|
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
*/
// At least 12 bytes
if len(data) < 12 {
return nil
}
if data[0] != OICQPacketStartFlag || data[len(data)-1] != OICQPacketEndFlag { // OICQ Packet Start With 0x02
return nil
}
data = data[1:] // Remove Start Flag
m := analyzer.PropMap{
"version": binary.BigEndian.Uint16(data[0:2]), // OICQ Version (2 bytes)
"command": binary.BigEndian.Uint16(data[2:4]), // OICQ Command (2 bytes)
"seq": binary.BigEndian.Uint16(data[4:6]), // OICQ Sequence (2 bytes)
"number": binary.BigEndian.Uint32(data[6:10]), // OICQ Number, Mostly QQ Number (4 bytes)
}
if m["number"] == 0 || m["command"] == 0 {
return nil
}
// Valid OICQ packet with Number field
return m
}
1 change: 1 addition & 0 deletions cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ var analyzers = []analyzer.Analyzer{
&tcp.TLSAnalyzer{},
&tcp.TrojanAnalyzer{},
&udp.DNSAnalyzer{},
&udp.OICQAnalyzer{},
&udp.WireGuardAnalyzer{},
}

Expand Down