From 12be0533e581a344d283afe931d68c2ce1b8d118 Mon Sep 17 00:00:00 2001 From: remittor Date: Thu, 10 Oct 2024 11:32:30 +0300 Subject: [PATCH] Initial commit --- LICENSE | 21 ++++++ luci-app-zapret/Makefile | 4 ++ zapret/Makefile | 125 +++++++++++++++++++++++++++++++++ zapret/config | 144 +++++++++++++++++++++++++++++++++++++++ zapret/youtube.txt | 1 + zapret/zapret.config | 2 + 6 files changed, 297 insertions(+) create mode 100644 LICENSE create mode 100644 luci-app-zapret/Makefile create mode 100644 zapret/Makefile create mode 100644 zapret/config create mode 100644 zapret/youtube.txt create mode 100644 zapret/zapret.config diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6f8f4cc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016-2024 bol-van + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/luci-app-zapret/Makefile b/luci-app-zapret/Makefile new file mode 100644 index 0000000..54c1719 --- /dev/null +++ b/luci-app-zapret/Makefile @@ -0,0 +1,4 @@ +# +# Copyright (с) 2024 remittor +# + diff --git a/zapret/Makefile b/zapret/Makefile new file mode 100644 index 0000000..b7b02fc --- /dev/null +++ b/zapret/Makefile @@ -0,0 +1,125 @@ +# +# Copyright () 2024 remittor +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=zapret +PKG_VERSION:=1.63 +PKG_RELEASE:=20241008 + +PKG_MAINTAINER:=bol-van +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=opt/zapret/docs/LICENSE.txt + +PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=2cd6db3ba5ac2fa1494bed1c1903bc3531c76bc5 +PKG_SOURCE_DATE:=2024-10-08 + +#PKG_SOURCE:=zapret-master.tar.gz +#PKG_HASH:=skip + +#PKG_BUILD_DEPENDS:=secilc/host policycoreutils/host + +include $(INCLUDE_DIR)/package.mk + +#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS) +#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS) + +MAKE_PATH:=nfq + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + TITLE:=$(PKG_NAME) + SUBMENU:=Zapret + URL:=https://github.com/bol-van/zapret + DEPENDS:= +nftables +curl +gzip +coreutils +coreutils-sort +coreutils-sleep + DEPENDS+= +kmod-nft-nat +kmod-nft-offload +kmod-nft-queue + DEPENDS+= +libnetfilter-queue +libcap +zlib + #DEPENDS+= +zapret-nfqws + #DEPENDS+= +zapret-ip2set + #DEPENDS+= +zapret-mdig + #DEPENDS+= +zapret-tpws +endef + +define Build/Prepare + $(Build/Prepare/Default) + rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws +endef + +define Package/$(PKG_NAME)/conffiles +/etc/config/zapret +/opt/zapret/config +/opt/zapret/youtube.txt +endef + +#define Build/Configure +#endef + +#define Build/Compile +#endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/opt/zapret + $(INSTALL_DIR) $(1)/opt/zapret/$(MAKE_PATH) + $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws $(1)/opt/zapret/$(MAKE_PATH)/ + $(INSTALL_DIR) $(1)/opt/zapret/common + $(CP) $(PKG_BUILD_DIR)/common/* $(1)/opt/zapret/common/ + $(INSTALL_DIR) $(1)/opt/zapret/docs + $(CP) $(PKG_BUILD_DIR)/docs/* $(1)/opt/zapret/docs/ + $(INSTALL_DIR) $(1)/opt/zapret/files + $(CP) $(PKG_BUILD_DIR)/files/* $(1)/opt/zapret/files/ + $(INSTALL_DIR) $(1)/opt/zapret/ipset + $(CP) $(PKG_BUILD_DIR)/ipset/* $(1)/opt/zapret/ipset/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck.sh $(1)/opt/zapret/blockcheck.sh + $(INSTALL_BIN) $(PKG_BUILD_DIR)/config.default $(1)/opt/zapret/config.default + $(INSTALL_DIR) $(1)/opt/zapret/tmp + $(INSTALL_DIR) $(1)/opt/zapret/init.d/openwrt + $(CP) $(PKG_BUILD_DIR)/init.d/openwrt/* $(1)/opt/zapret/init.d/openwrt/ + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./zapret.config $(1)/etc/config/zapret + $(INSTALL_CONF) ./config $(1)/opt/zapret/config + $(INSTALL_CONF) ./youtube.txt $(1)/opt/zapret/youtube.txt +endef + +define Package/$(PKG_NAME)/postinst +#!/bin/sh +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + /etc/init.d/zapret enable + /etc/init.d/zapret stop_fw + /etc/init.d/zapret stop_daemons + /etc/init.d/zapret start + [ -x /sbin/fw4 ] && fw4 -q restart || fw3 -q restart +fi +exit 0 +endef + +define Package/$(PKG_NAME)/prerm +#!/bin/sh +# check if we are on real system +if [ -n "$${IPKG_INSTROOT}" ]; then + EXEDIR=/opt/zapret + ZAPRET_BASE=/opt/zapret + ZAPRET_CONFIG=/opt/zapret/config + OPENWRT_FW_INCLUDE=/etc/firewall.zapret + . "$ZAPRET_CONFIG" + . "$ZAPRET_BASE/common/base.sh" + . "$ZAPRET_BASE/common/fwtype.sh" + . "$ZAPRET_BASE/common/installer.sh" + /etc/init.d/zapret disable + /etc/init.d/zapret stop + remove_openwrt_firewall + nft_del_table + restart_openwrt_firewall +fi +exit 0 +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/zapret/config b/zapret/config new file mode 100644 index 0000000..fd2c889 --- /dev/null +++ b/zapret/config @@ -0,0 +1,144 @@ +# this file is included from init scripts +# change values here + +# can help in case /tmp has not enough space +#TMPDIR=/opt/zapret/tmp + +# override firewall type : iptables,nftables,ipfw +FWTYPE=nftables + +# options for ipsets +# maximum number of elements in sets. also used for nft sets +SET_MAXELEM=522288 + +# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough +# too large hashsize will waste lots of RAM +IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM" + +# dynamically generate additional ip. $1 = ipset/nfset/table name +#IPSET_HOOK="/etc/zapret.ipset.hook" + +# options for ip2net. "-4" or "-6" auto added by ipset create script +IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" +IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" + +# options for auto hostlist +AUTOHOSTLIST_RETRANS_THRESHOLD=3 +AUTOHOSTLIST_FAIL_THRESHOLD=3 +AUTOHOSTLIST_FAIL_TIME=60 +# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log +AUTOHOSTLIST_DEBUGLOG=0 + +# number of parallel threads for domain list resolves +MDIG_THREADS=30 + +# ipset/*.sh can compress large lists +GZIP_LISTS=0 + +# command to reload ip/host lists after update +# comment or leave empty for auto backend selection : ipset or ipfw if present +# on BSD systems with PF no auto reloading happens. you must provide your own command +# set to "-" to disable reload +#LISTS_RELOAD="pfctl -f /etc/pf.conf" + +# override ports +#HTTP_PORTS=80-81,85 +#HTTPS_PORTS=443,500-501 +#QUIC_PORTS=443,444 + +# CHOOSE OPERATION MODE +# MODE : nfqws,tpws,tpws-socks,filter,custom +# nfqws : nfqws for dpi desync +# tpws : tpws transparent mode +# tpws-socks : tpws socks mode +# filter : no daemon, just create ipset or download hostlist +# custom : custom mode. should modify custom init script and add your own code +MODE=nfqws + +MODE_HTTP=1 +MODE_HTTP_KEEPALIVE=0 +MODE_HTTPS=1 +MODE_QUIC=1 + +# none,ipset,hostlist,autohostlist +MODE_FILTER=autohostlist + +# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list +DESYNC_MARK=0x40000000 +DESYNC_MARK_POSTNAT=0x20000000 + + +NFQWS_OPT_DESYNC="--hostlist=/opt/zapret/youtube.txt --dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin" + +NFQWS_OPT_DESYNC_SUFFIX="" + +NFQWS_OPT_DESYNC_HTTP="" + +NFQWS_OPT_DESYNC_HTTP_SUFFIX="" + +NFQWS_OPT_DESYNC_HTTPS="" + +NFQWS_OPT_DESYNC_HTTPS_SUFFIX="" + +NFQWS_OPT_DESYNC_HTTP6="" + +NFQWS_OPT_DESYNC_HTTP6_SUFFIX="" + +NFQWS_OPT_DESYNC_HTTPS6="" + +NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="" + +NFQWS_OPT_DESYNC_QUIC="--hostlist=/opt/zapret/youtube.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_google_com.bin" + +NFQWS_OPT_DESYNC_QUIC_SUFFIX="" + +NFQWS_OPT_DESYNC_QUIC6="" + +NFQWS_OPT_DESYNC_QUIC6_SUFFIX="" + + +# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list +# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (mss) +TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob" +#TPWS_OPT_SUFFIX="--mss 88" + +# FlowOffload mode : donttouch,none,software,hardware +FLOWOFFLOAD=none + +# openwrt: specify networks to be treated as LAN. default is "lan" +#OPENWRT_LAN="lan lan2 lan3" + +# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route +#OPENWRT_WAN4="wan vpn" +#OPENWRT_WAN6="wan6 vpn6" + +# for routers based on desktop linux and macos. has no effect in openwrt. +# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES +# or leave them commented if its not router +# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2" +# if IFACE_WAN6 is not defined it take the value of IFACE_WAN +#IFACE_LAN=eth0 +#IFACE_WAN=eth1 +#IFACE_WAN6="ipsec0 wireguard0 he_net" + +# should start/stop command of init scripts apply firewall rules ? +# not applicable to openwrt with firewall3+iptables +INIT_APPLY_FW=1 + +# firewall apply hooks +#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up" +#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up" +#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down" +#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down" + +# do not work with ipv4 +DISABLE_IPV4=0 + +# do not work with ipv6 +DISABLE_IPV6=1 + +# select which init script will be used to get ip or host list +# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh +# comment if not required +#GETLIST=get_antizapret_domains.sh +#GETLIST=get_antifilter_ipsmart.sh diff --git a/zapret/youtube.txt b/zapret/youtube.txt new file mode 100644 index 0000000..4258f9b --- /dev/null +++ b/zapret/youtube.txt @@ -0,0 +1 @@ +googlevideo.com diff --git a/zapret/zapret.config b/zapret/zapret.config new file mode 100644 index 0000000..9879968 --- /dev/null +++ b/zapret/zapret.config @@ -0,0 +1,2 @@ +config zapret + option startup '0'