SamNet-dev/paqctl
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add configurable TCP flags for GFK backend (#21)

Browse Source 
Add GFK_TCP_FLAGS setting to allow customizing TCP flags used in
violated TCP packets. This addresses cases where different flag
combinations (e.g. 'S', 'RA') may work better for certain networks.

Changes:
- Add tcp_flags parameter to vio_server.py and vio_client.py
- Add GFK_TCP_FLAGS to settings save/load with validation
- Add TCP flags menu option in change config for both server/client
- Default remains 'AP' for backwards compatibility

Validation: Only uppercase TCP flags allowed (F,S,R,P,A,U,E,C)
This commit is contained in:
SamNet-dev
2026-02-04 19:17:44 -06:00
parent 4b14413623
commit e1cf7a9d3b
3 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gfk/client/vio_client.py
View File

@@ -13,6 +13,7 @@ vio_tcp_client_port = parameters.vio_tcp_client_port
vio_udp_client_port = parameters.vio_udp_client_port vio_udp_client_port = parameters.vio_udp_client_port
quic_local_ip = parameters.quic_local_ip quic_local_ip = parameters.quic_local_ip
quic_client_port = parameters.quic_client_port quic_client_port = parameters.quic_client_port
tcp_flags = getattr(parameters, 'tcp_flags', 'AP')
# Windows-specific: get local IP and gateway MAC for Ethernet frames # Windows-specific: get local IP and gateway MAC for Ethernet frames
my_ip = getattr(parameters, 'my_ip', None) my_ip = getattr(parameters, 'my_ip', None)
@@ -73,11 +74,11 @@ async def forward_vio_to_quic(qu1, transport):
# Build base packet based on OS # Build base packet based on OS
if is_windows and gateway_mac and my_ip and local_mac: if is_windows and gateway_mac and my_ip and local_mac:
logger.info(f"Windows mode: using Ethernet frames (gw_mac={gateway_mac}, my_ip={my_ip})") logger.info(f"Windows mode: using Ethernet frames (gw_mac={gateway_mac}, my_ip={my_ip})")
basepkt = Ether(dst=gateway_mac, src=local_mac) / IP(src=my_ip, dst=vps_ip) / TCP(sport=vio_tcp_client_port, dport=vio_tcp_server_port, seq=0, flags="AP", ack=0, options=tcp_options) / Raw(load=b"") basepkt = Ether(dst=gateway_mac, src=local_mac) / IP(src=my_ip, dst=vps_ip) / TCP(sport=vio_tcp_client_port, dport=vio_tcp_server_port, seq=0, flags=tcp_flags, ack=0, options=tcp_options) / Raw(load=b"")
skt = conf.L2socket(iface=conf.iface) skt = conf.L2socket(iface=conf.iface)
else: else:
logger.info(f"Linux mode: using L3 socket") logger.info(f"Linux mode: using L3 socket")
basepkt = IP(dst=vps_ip) / TCP(sport=vio_tcp_client_port, dport=vio_tcp_server_port, seq=0, flags="AP", ack=0, options=tcp_options) / Raw(load=b"") basepkt = IP(dst=vps_ip) / TCP(sport=vio_tcp_client_port, dport=vio_tcp_server_port, seq=0, flags=tcp_flags, ack=0, options=tcp_options) / Raw(load=b"")
skt = conf.L3socket() skt = conf.L3socket()

3
gfk/server/vio_server.py
View File

@@ -18,6 +18,7 @@ vio_tcp_server_port = parameters.vio_tcp_server_port
vio_udp_server_port = parameters.vio_udp_server_port vio_udp_server_port = parameters.vio_udp_server_port
quic_local_ip = parameters.quic_local_ip quic_local_ip = parameters.quic_local_ip
quic_server_port = parameters.quic_server_port quic_server_port = parameters.quic_server_port
tcp_flags = getattr(parameters, 'tcp_flags', 'AP')
@@ -89,7 +90,7 @@ async def forward_vio_to_quic(qu1, transport):
basepkt = IP() / TCP(sport=vio_tcp_server_port, seq=1, flags="AP", ack=0, options=tcp_options) / Raw(load=b"") basepkt = IP() / TCP(sport=vio_tcp_server_port, seq=1, flags=tcp_flags, ack=0, options=tcp_options) / Raw(load=b"")
skt = conf.L3socket() skt = conf.L3socket()

27
paqctl.sh
View File

@@ -976,6 +976,7 @@ GFK_AUTH_CODE="${_safe_auth}"
GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}" GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}"
MICROSOCKS_PORT="${MICROSOCKS_PORT:-}" MICROSOCKS_PORT="${MICROSOCKS_PORT:-}"
GFK_SERVER_IP="${GFK_SERVER_IP:-}" GFK_SERVER_IP="${GFK_SERVER_IP:-}"
GFK_TCP_FLAGS="${GFK_TCP_FLAGS:-AP}"
TELEGRAM_BOT_TOKEN="${_tg_token}" TELEGRAM_BOT_TOKEN="${_tg_token}"
TELEGRAM_CHAT_ID="${_tg_chat}" TELEGRAM_CHAT_ID="${_tg_chat}"
TELEGRAM_INTERVAL=${_tg_interval} TELEGRAM_INTERVAL=${_tg_interval}
@@ -1536,6 +1537,8 @@ quic_max_stream_data = 1073741824
quic_auth_code = "${safe_auth_code}" quic_auth_code = "${safe_auth_code}"
quic_cert_filepath = ("${safe_gfk_dir}/cert.pem", "${safe_gfk_dir}/key.pem") quic_cert_filepath = ("${safe_gfk_dir}/cert.pem", "${safe_gfk_dir}/key.pem")
tcp_flags = "${GFK_TCP_FLAGS:-AP}"
PYEOF PYEOF
) )
if ! mv "$_tmp" "$GFK_DIR/parameters.py"; then if ! mv "$_tmp" "$GFK_DIR/parameters.py"; then
@@ -1957,6 +1960,7 @@ _load_settings() {
GFK_PORT_MAPPINGS) GFK_PORT_MAPPINGS="$value" ;; GFK_PORT_MAPPINGS) GFK_PORT_MAPPINGS="$value" ;;
MICROSOCKS_PORT) [[ "$value" =~ ^[0-9]*$ ]] && MICROSOCKS_PORT="$value" ;; MICROSOCKS_PORT) [[ "$value" =~ ^[0-9]*$ ]] && MICROSOCKS_PORT="$value" ;;
GFK_SERVER_IP) GFK_SERVER_IP="$value" ;; GFK_SERVER_IP) GFK_SERVER_IP="$value" ;;
GFK_TCP_FLAGS) [[ "$value" =~ ^[FSRPAUEC]+$ ]] && GFK_TCP_FLAGS="$value" ;;
TELEGRAM_BOT_TOKEN) TELEGRAM_BOT_TOKEN="$value" ;; TELEGRAM_BOT_TOKEN) TELEGRAM_BOT_TOKEN="$value" ;;
TELEGRAM_CHAT_ID) TELEGRAM_CHAT_ID="$value" ;; TELEGRAM_CHAT_ID) TELEGRAM_CHAT_ID="$value" ;;
TELEGRAM_INTERVAL) [[ "$value" =~ ^[0-9]+$ ]] && TELEGRAM_INTERVAL="$value" ;; TELEGRAM_INTERVAL) [[ "$value" =~ ^[0-9]+$ ]] && TELEGRAM_INTERVAL="$value" ;;
@@ -1997,6 +2001,7 @@ GFK_AUTH_CODE=${GFK_AUTH_CODE:-}
GFK_PORT_MAPPINGS=${GFK_PORT_MAPPINGS:-} GFK_PORT_MAPPINGS=${GFK_PORT_MAPPINGS:-}
MICROSOCKS_PORT=${MICROSOCKS_PORT:-} MICROSOCKS_PORT=${MICROSOCKS_PORT:-}
GFK_SERVER_IP=${GFK_SERVER_IP:-} GFK_SERVER_IP=${GFK_SERVER_IP:-}
GFK_TCP_FLAGS=${GFK_TCP_FLAGS:-AP}
# Ensure root # Ensure root
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
@@ -2101,6 +2106,7 @@ GFK_AUTH_CODE="${_safe_auth}"
GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}" GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}"
MICROSOCKS_PORT="${MICROSOCKS_PORT:-}" MICROSOCKS_PORT="${MICROSOCKS_PORT:-}"
GFK_SERVER_IP="${GFK_SERVER_IP:-}" GFK_SERVER_IP="${GFK_SERVER_IP:-}"
GFK_TCP_FLAGS="${GFK_TCP_FLAGS:-AP}"
TELEGRAM_BOT_TOKEN="${_tg_token}" TELEGRAM_BOT_TOKEN="${_tg_token}"
TELEGRAM_CHAT_ID="${_tg_chat}" TELEGRAM_CHAT_ID="${_tg_chat}"
TELEGRAM_INTERVAL=${_tg_interval} TELEGRAM_INTERVAL=${_tg_interval}
@@ -2357,6 +2363,7 @@ quic_max_data = 1073741824
quic_max_stream_data = 1073741824 quic_max_stream_data = 1073741824
quic_auth_code = "${safe_auth}" quic_auth_code = "${safe_auth}"
quic_cert_filepath = ("${safe_dir}/cert.pem", "${safe_dir}/key.pem") quic_cert_filepath = ("${safe_dir}/cert.pem", "${safe_dir}/key.pem")
tcp_flags = "${GFK_TCP_FLAGS:-AP}"
PYEOF PYEOF
) )
mv "$_tmp" "$GFK_DIR/parameters.py" || { rm -f "$_tmp"; return 1; } mv "$_tmp" "$GFK_DIR/parameters.py" || { rm -f "$_tmp"; return 1; }
@@ -3959,6 +3966,15 @@ _change_config_gfk() {
echo -e "${BOLD}Port mappings${NC} [${GFK_PORT_MAPPINGS:-14000:443}]:" echo -e "${BOLD}Port mappings${NC} [${GFK_PORT_MAPPINGS:-14000:443}]:"
read -p " Mappings: " input < /dev/tty || true read -p " Mappings: " input < /dev/tty || true
[ -n "$input" ] && GFK_PORT_MAPPINGS="$input" [ -n "$input" ] && GFK_PORT_MAPPINGS="$input"
echo -e "${BOLD}Outgoing TCP flags${NC} [${GFK_TCP_FLAGS:-AP}]:"
echo -e " ${DIM}Controls TCP flags on outgoing violated packets (default: AP)${NC}"
echo -e " ${DIM}Valid flags: S(SYN) A(ACK) P(PSH) R(RST) F(FIN) U(URG)${NC}"
read -p " Flags: " input < /dev/tty || true
if [ -n "$input" ] && ! [[ "$input" =~ ^[FSRPAUEC]+$ ]]; then
log_error "Invalid flags. Use uppercase letters only: F, S, R, P, A, U, E, C"; return 1
fi
[ -n "$input" ] && GFK_TCP_FLAGS="$input"
else else
echo -e "${BOLD}Server IP${NC} [${GFK_SERVER_IP}]:" echo -e "${BOLD}Server IP${NC} [${GFK_SERVER_IP}]:"
read -p " IP: " input < /dev/tty || true read -p " IP: " input < /dev/tty || true
@@ -4003,6 +4019,15 @@ _change_config_gfk() {
read -p " Mappings: " input < /dev/tty || true read -p " Mappings: " input < /dev/tty || true
[ -n "$input" ] && GFK_PORT_MAPPINGS="$input" [ -n "$input" ] && GFK_PORT_MAPPINGS="$input"
echo -e "${BOLD}Outgoing TCP flags${NC} [${GFK_TCP_FLAGS:-AP}]:"
echo -e " ${DIM}Controls TCP flags on outgoing violated packets (default: AP)${NC}"
echo -e " ${DIM}Valid flags: S(SYN) A(ACK) P(PSH) R(RST) F(FIN) U(URG)${NC}"
read -p " Flags: " input < /dev/tty || true
if [ -n "$input" ] && ! [[ "$input" =~ ^[FSRPAUEC]+$ ]]; then
log_error "Invalid flags. Use uppercase letters only: F, S, R, P, A, U, E, C"; return 1
fi
[ -n "$input" ] && GFK_TCP_FLAGS="$input"
echo -e "${BOLD}SOCKS5 port${NC} [${MICROSOCKS_PORT:-1080}]:" echo -e "${BOLD}SOCKS5 port${NC} [${MICROSOCKS_PORT:-1080}]:"
read -p " Port: " input < /dev/tty || true read -p " Port: " input < /dev/tty || true
if [ -n "$input" ] && ! _validate_port "$input"; then if [ -n "$input" ] && ! _validate_port "$input"; then
@@ -4261,6 +4286,7 @@ GFK_AUTH_CODE="${GFK_AUTH_CODE:-}"
GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}" GFK_PORT_MAPPINGS="${GFK_PORT_MAPPINGS:-}"
MICROSOCKS_PORT="${MICROSOCKS_PORT:-}" MICROSOCKS_PORT="${MICROSOCKS_PORT:-}"
GFK_SERVER_IP="${GFK_SERVER_IP:-}" GFK_SERVER_IP="${GFK_SERVER_IP:-}"
GFK_TCP_FLAGS="${GFK_TCP_FLAGS:-AP}"
TELEGRAM_BOT_TOKEN="${_tg_token}" TELEGRAM_BOT_TOKEN="${_tg_token}"
TELEGRAM_CHAT_ID="${_tg_chat}" TELEGRAM_CHAT_ID="${_tg_chat}"
TELEGRAM_INTERVAL=${_tg_interval} TELEGRAM_INTERVAL=${_tg_interval}
@@ -6360,6 +6386,7 @@ _load_settings() {
GFK_PORT_MAPPINGS) GFK_PORT_MAPPINGS="$value" ;; GFK_PORT_MAPPINGS) GFK_PORT_MAPPINGS="$value" ;;
MICROSOCKS_PORT) [[ "$value" =~ ^[0-9]*$ ]] && MICROSOCKS_PORT="$value" ;; MICROSOCKS_PORT) [[ "$value" =~ ^[0-9]*$ ]] && MICROSOCKS_PORT="$value" ;;
GFK_SERVER_IP) GFK_SERVER_IP="$value" ;; GFK_SERVER_IP) GFK_SERVER_IP="$value" ;;
GFK_TCP_FLAGS) [[ "$value" =~ ^[FSRPAUEC]+$ ]] && GFK_TCP_FLAGS="$value" ;;
TELEGRAM_BOT_TOKEN) TELEGRAM_BOT_TOKEN="$value" ;; TELEGRAM_BOT_TOKEN) TELEGRAM_BOT_TOKEN="$value" ;;
TELEGRAM_CHAT_ID) TELEGRAM_CHAT_ID="$value" ;; TELEGRAM_CHAT_ID) TELEGRAM_CHAT_ID="$value" ;;
TELEGRAM_INTERVAL) [[ "$value" =~ ^[0-9]+$ ]] && TELEGRAM_INTERVAL="$value" ;; TELEGRAM_INTERVAL) [[ "$value" =~ ^[0-9]+$ ]] && TELEGRAM_INTERVAL="$value" ;;