From 4e065a1f3f4c475c7ac422210d3b33430681475a Mon Sep 17 00:00:00 2001
From: Yong Bin <yongb@usi.ch>
Date: Thu, 14 Dec 2023 21:08:19 +0000
Subject: [PATCH] message_decoder: handle empty server_name

---
 init_pi.sh                           |  3 +--
 proxy/CMakeLists.txt                 |  4 ++--
 proxy/hood_proxy.conf                |  2 +-
 proxy/install_dependencies_debian.sh |  6 +++---
 proxy/src/tls_message_decoder.cpp    |  4 ++++
 scripts/02-hood-dispatcher           | 20 +-------------------
 scripts/rc.local                     | 17 +++++++++++++++++
 7 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/init_pi.sh b/init_pi.sh
index 667a296..985d0c8 100644
--- a/init_pi.sh
+++ b/init_pi.sh
@@ -16,11 +16,10 @@ EOF
 fi
 cp -Rf $script_dir/../v/home/x/.mozilla ~/
 
+exit
 sudo sed -i "s/dtoverlay=vc4-kms-v3d/dtoverlay=vc4-fkms-v3d/g" /boot/firmware/config.txt
 sudo sed -i "s/.*udp dport {6.*//g" /etc/NetworkManager/dispatcher.d/02-hood-dispatcher
 
-exit
-
 sudo tee /etc/modprobe.d/bin-y-blacklist.conf <<EOF
 blacklist bluetooth
 EOF
diff --git a/proxy/CMakeLists.txt b/proxy/CMakeLists.txt
index 0f2966b..e26e09d 100644
--- a/proxy/CMakeLists.txt
+++ b/proxy/CMakeLists.txt
@@ -3,9 +3,9 @@ project (hood_proxy)
 
 
 set(Boost_NO_WARN_NEW_VERSIONS 1)
-set(BOOST_ROOT "${CMAKE_CURRENT_SOURCE_DIR}/libs/${CMAKE_HOST_SYSTEM_NAME}/boost_1_83_0-install")
+set(BOOST_ROOT "${CMAKE_CURRENT_SOURCE_DIR}/libs/${CMAKE_HOST_SYSTEM_NAME}/boost_1_84_0-install")
 set(Boost_USE_STATIC_LIBS ON)
-find_package( Boost 1.83 COMPONENTS program_options system log REQUIRED )
+find_package( Boost 1.84 COMPONENTS program_options system log REQUIRED )
 include_directories (SYSTEM ${Boost_INCLUDE_DIR})
 
 set(CMAKE_CXX_STANDARD 20)
diff --git a/proxy/hood_proxy.conf b/proxy/hood_proxy.conf
index 70c0781..dda0152 100644
--- a/proxy/hood_proxy.conf
+++ b/proxy/hood_proxy.conf
@@ -1,7 +1,7 @@
 listen-address=0.0.0.0
 listen-port=53
 tls-proxy-port=443
-tls-proxy-address=127.0.0.1
+tls-proxy-address=0.0.0.0
 
 # Remote servers
 # See: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers
diff --git a/proxy/install_dependencies_debian.sh b/proxy/install_dependencies_debian.sh
index a77d16f..16938b0 100644
--- a/proxy/install_dependencies_debian.sh
+++ b/proxy/install_dependencies_debian.sh
@@ -16,7 +16,7 @@ export TAR_OPTIONS=--no-same-owner
 # -- Get boost includes --------------------------------------------------------
 # ==============================================================================
 
-BOOST_VERSION="1.83.0"
+BOOST_VERSION="1.84.0"
 BOOST_FILE_NAME=$(echo boost_$BOOST_VERSION|tr '.' '_')
 
 if [ -d "${BOOST_FILE_NAME}-install" ] ; then
@@ -28,8 +28,8 @@ else
       curl -L -O -C - "https://boostorg.jfrog.io/artifactory/main/release/${BOOST_VERSION}/source/${BOOST_FILE_NAME}.tar.gz"
     fi
     echo "Extracting boost."
-    tar -xvmf boost_1_83_0.tar.gz --exclude "libs" --exclude "doc" --exclude "example" --exclude "test"
-    tar -xvmf boost_1_83_0.tar.gz --exclude "test" --exclude "example" --exclude "doc" boost_1_83_0/libs/
+    tar -xvmf $BOOST_FILE_NAME.tar.gz --exclude "libs" --exclude "doc" --exclude "example" --exclude "test"
+    tar -xvmf $BOOST_FILE_NAME.tar.gz --exclude "test" --exclude "example" --exclude "doc" ${BOOST_FILE_NAME}/libs/
     mkdir -p $(uname -s)/${BOOST_FILE_NAME}-install/include
     mv ${BOOST_FILE_NAME} ${BOOST_FILE_NAME}-source
   fi
diff --git a/proxy/src/tls_message_decoder.cpp b/proxy/src/tls_message_decoder.cpp
index d978627..f7bfb58 100644
--- a/proxy/src/tls_message_decoder.cpp
+++ b/proxy/src/tls_message_decoder.cpp
@@ -268,6 +268,10 @@ inline MessageDecoder::ResultType MessageDecoder::DecodeExtensions(
       return ResultType::bad;
     }
     if (extension.type == protocol::extension::Type::server_name) {
+      if (length == 0) {
+        extension.content.emplace<extension::ServerName>();
+        return ResultType::good;
+      }
       if (end_of_extension < offset + sizeof(protocol::extension::ServerName)) {
         LOG_DEBUG();
         return ResultType::bad;
diff --git a/scripts/02-hood-dispatcher b/scripts/02-hood-dispatcher
index d6b3e30..fbd0795 100644
--- a/scripts/02-hood-dispatcher
+++ b/scripts/02-hood-dispatcher
@@ -35,7 +35,7 @@ function proxy_access_on(){
   nft insert rule ip filter input index 5 iif $1 ip daddr $interface_address udp dport {53} accept
   nft insert rule ip filter input index 5 iif $1 udp sport {68} udp dport {67} log prefix \"[HOOD A]\" flags all accept
   nft insert rule ip filter output index 5 oif $1 udp sport {67} udp dport {68} log prefix \"[HOOD A]\" flags all accept
-  nohup /usr/sbin/dnsmasq --pid-file=/tmp/hood/dnsmasq-$1.pid --conf-file=/dev/null --no-hosts --no-resolv --keep-in-foreground --interface=$1 --clear-on-reload --strict-order --listen-address=$interface_address --bind-dynamic --no-poll --address=/#/$interface_address --cache-size=0  --dhcp-range=$interface_address,10.0.${counter}.255,255.255.255.0,400w --dhcp-authoritative --dhcp-leasefile=/tmp/hood/dnsmasq-$1.lease --dhcp-option=option:dns-server,$interface_address > /tmp/hood/dnsmasq-$1.log &2>1  &
+  nohup /usr/sbin/dnsmasq --pid-file=/tmp/hood/dnsmasq-$1.pid --conf-file=/dev/null --no-hosts --no-resolv --keep-in-foreground --interface=$1 --except-interface=lo --clear-on-reload --strict-order --listen-address=$interface_address --bind-interfaces --no-poll --address=/#/$interface_address --cache-size=0  --dhcp-range=$interface_address,10.0.${counter}.255,255.255.255.0,400w --dhcp-authoritative --dhcp-leasefile=/tmp/hood/dnsmasq-$1.lease --dhcp-option=option:dns-server,$interface_address > /tmp/hood/dnsmasq-$1.log &2>1  &
   disown
 }
 
@@ -131,24 +131,6 @@ function http_timesync(){
 
 if [ "$2" = "before-network-service" ]; then
   initial_firewall_rules
-
-  hostname_format=$(($RANDOM % 6))
-  if [[ $hostname_format == 0 ]]; then
-    hostname="WIN-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 11`
-  elif [[ $hostname_format == 1 ]]; then
-    hostname="LAPTOP-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 8`
-  elif [[ $hostname_format == 2 ]]; then
-    hostname="DESKTOP-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 7`
-  elif [[ $hostname_format == 3 ]]; then
-    hostname="iPad"
-  elif [[ $hostname_format == 4 ]]; then
-    hostname="iPhone"
-  elif [[ $hostname_format == 5 ]]; then
-    hostname="Apple Watch"
-  fi
-
-  hostnamectl set-hostname $hostname
-
 elif [ "$2" = "pre-up" ]; then
   #ifconfig $1 link random
   wan_port=0
diff --git a/scripts/rc.local b/scripts/rc.local
index ff494ce..7de4c15 100644
--- a/scripts/rc.local
+++ b/scripts/rc.local
@@ -3,6 +3,23 @@
 #echo '1-1' > /sys/class/backlight/
 #ls /sys/class/backlight/ > /var/tmp/test
 
+hostname_format=$(($RANDOM % 6))
+if [[ $hostname_format == 0 ]]; then
+  hostname="WIN-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 11`
+elif [[ $hostname_format == 1 ]]; then
+  hostname="LAPTOP-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 8`
+elif [[ $hostname_format == 2 ]]; then
+  hostname="DESKTOP-"`cat /dev/random | tr -dc "A-Z0-9"|head -c 7`
+elif [[ $hostname_format == 3 ]]; then
+  hostname="iPad"
+elif [[ $hostname_format == 4 ]]; then
+  hostname="iPhone"
+elif [[ $hostname_format == 5 ]]; then
+  hostname="Apple Watch"
+fi
+
+hostnamectl set-hostname $hostname
+
 if test -f /var/lib/hood/flags/harden_only; then
   exit 0
 fi