Add support Zapret2

Sources: https://github.com/bol-van/zapret2
2026-01-03 15:18:50 +03:00 · 2025-12-18 16:35:13 +03:00
parent 9298388a12
commit 7a4825a708
25 changed files with 325 additions and 546 deletions
--- a/zapret/def-cfg.sh
+++ b/zapret/def-cfg.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright (c) 2024 remittor
+# Copyright (c) 2025 remittor

 function set_cfg_reset_values
 {
@@ -26,18 +26,18 @@ function set_cfg_reset_values
 		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
 		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
 		# nfqws options
-		set $cfgname.config.NFQWS_ENABLE='1'
+		set $cfgname.config.NFQWS2_ENABLE='1'
 		set $cfgname.config.DESYNC_MARK='0x40000000'
 		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
 		set $cfgname.config.FILTER_MARK='$TAB'
-		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-		set $cfgname.config.NFQWS_PORTS_UDP='443'
-		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
-		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
-		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
+		set $cfgname.config.NFQWS2_PORTS_UDP='443'
+		set $cfgname.config.NFQWS2_TCP_PKT_OUT='9'
+		set $cfgname.config.NFQWS2_TCP_PKT_IN='3'
+		set $cfgname.config.NFQWS2_UDP_PKT_OUT='9'
+		set $cfgname.config.NFQWS2_UDP_PKT_IN='0'
+		set $cfgname.config.NFQWS2_PORTS_TCP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS2_PORTS_UDP_KEEPALIVE='0'
 		# save changes
 		commit $cfgname
 	EOF
@@ -50,9 +50,9 @@ function clear_nfqws_strat
 	local TAB="$( echo -n -e '\t' )"
 	uci batch <<-EOF
 		set $cfgname.config.MODE_FILTER='hostlist'
-		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-		set $cfgname.config.NFQWS_PORTS_UDP='443'
-		set $cfgname.config.NFQWS_OPT='$TAB'
+		set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
+		set $cfgname.config.NFQWS2_PORTS_UDP='443'
+		set $cfgname.config.NFQWS2_OPT='$TAB'
 		commit $cfgname
 	EOF
 }
@@ -70,179 +70,31 @@ function set_cfg_nfqws_strat
 	if [ "$strat" = "empty" ]; then
 		clear_nfqws_strat $cfgname
 	fi
-	if [ "$strat" = "v1_by_StressOzz" ]; then
+	if [ "$strat" = "default" ]; then
 		uci batch <<-EOF
-			set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-			set $cfgname.config.NFQWS_PORTS_UDP='443'
-			set $cfgname.config.NFQWS_OPT="
+			set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
+			set $cfgname.config.NFQWS2_PORTS_UDP='443'
+			set $cfgname.config.NFQWS2_OPT="
 				# Strategy $strat
 				
-				--filter-tcp=443 <HOSTLIST>
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--dpi-desync=fake,multidisorder
-				--dpi-desync-split-seqovl=681
-				--dpi-desync-split-pos=1
-				--dpi-desync-fooling=badseq
-				--dpi-desync-badseq-increment=10000000
-				--dpi-desync-repeats=2
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-				--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
+				--filter-tcp=80
+				--filter-l7=http <HOSTLIST>
+				--payload=http_req
+				--lua-desync=fake:blob=fake_default_http:tcp_md5
+				--lua-desync=multisplit:pos=method+2
 				
 				--new
-				--filter-udp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--dpi-desync=fake
-				--dpi-desync-repeats=6
-				--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			"
-			commit $cfgname
-		EOF
-	fi
-	if [ "$strat" = "v2_by_StressOzz" ]; then
-		uci batch <<-EOF
-			set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-			set $cfgname.config.NFQWS_PORTS_UDP='443'
-			set $cfgname.config.NFQWS_OPT="
-				# Strategy $strat
-				
-				--filter-tcp=443 <HOSTLIST>
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude-domains=openwrt.org
-				--dpi-desync=fake,fakeddisorder
-				--dpi-desync-split-pos=10,midsld
-				--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-				--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
-				--dpi-desync-fake-tls=0x0F0F0F0F
-				--dpi-desync-fake-tls-mod=none
-				--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
-				--dpi-desync-split-seqovl=336
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
-				--dpi-desync-fooling=badseq,badsum
-				--dpi-desync-badseq-increment=0
-				
-				--new
-				--filter-udp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--dpi-desync=fake
-				--dpi-desync-repeats=6
-				--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			"
-			commit $cfgname
-		EOF
-	fi
-	if [ "$strat" = "v3_by_StressOzz" ]; then
-		uci batch <<-EOF
-			set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-			set $cfgname.config.NFQWS_PORTS_UDP='443'
-			set $cfgname.config.NFQWS_OPT="
-				# Strategy $strat
-				
-				--filter-tcp=443 <HOSTLIST>
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude-domains=openwrt.org
-				--dpi-desync=fake,fakeddisorder
-				--dpi-desync-split-pos=10,midsld
-				--dpi-desync-fake-tls=/opt/zapret/files/fake/t2.bin
-				--dpi-desync-fake-tls-mod=rnd,dupsid,sni=m.ok.ru
-				--dpi-desync-fake-tls=0x0F0F0F0F
-				--dpi-desync-fake-tls-mod=none
-				--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
-				--dpi-desync-split-seqovl=336
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
-				--dpi-desync-fooling=badseq,badsum
-				--dpi-desync-badseq-increment=0
-				
-				--new
-				--filter-udp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--dpi-desync=fake
-				--dpi-desync-repeats=6
-				--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			"
-			commit $cfgname
-		EOF
-	fi
-	if [ "$strat" = "v4_by_StressOzz" ]; then
-		uci batch <<-EOF
-			set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-			set $cfgname.config.NFQWS_PORTS_UDP='443'
-			set $cfgname.config.NFQWS_OPT="
-				# Strategy $strat
-				
 				--filter-tcp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--hostlist-exclude-domains=openwrt.org
-				--dpi-desync=fake,multisplit
-				--dpi-desync-split-pos=2,sld
-				--dpi-desync-fake-tls=0x0F0F0F0F
-				--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-				--dpi-desync-fake-tls-mod=rnd,dupsid,sni=google.com
-				--dpi-desync-split-seqovl=2108
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-				--dpi-desync-fooling=badseq
-				
-				--new
-				--filter-tcp=443 <HOSTLIST>
-				--hostlist-exclude-domains=openwrt.org
-				--dpi-desync-any-protocol=1
-				--dpi-desync-cutoff=n5
-				--dpi-desync=multisplit
-				--dpi-desync-split-seqovl=582
-				--dpi-desync-split-pos=1
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/4pda.bin
+				--filter-l7=tls <HOSTLIST>
+				--payload=tls_client_hello
+				--lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000
+				--lua-desync=multidisorder:pos=1,midsld
 				
 				--new
 				--filter-udp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--dpi-desync=fake
-				--dpi-desync-repeats=6
-				--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			"
-			commit $cfgname
-		EOF
-	fi
-	if [ "$strat" = "v5_by_StressOzz" ]; then
-		uci batch <<-EOF
-			set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-			set $cfgname.config.NFQWS_PORTS_UDP='443'
-			set $cfgname.config.NFQWS_OPT="
-				# Strategy $strat
-				
-				--filter-tcp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--hostlist-exclude-domains=openwrt.org
-				--ip-id=zero
-				--dpi-desync=multisplit
-				--dpi-desync-split-seqovl=681
-				--dpi-desync-split-pos=1
-				--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-				
-				--new
-				--filter-tcp=443 <HOSTLIST>
-				--hostlist-exclude-domains=openwrt.org
-				--dpi-desync=fake,fakeddisorder
-				--dpi-desync-split-pos=10,midsld
-				--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
-				--dpi-desync-fake-tls-mod=rnd,dupsid
-				--dpi-desync-fake-tls=0x0F0F0F0F
-				--dpi-desync-fake-tls-mod=none
-				--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
-				--dpi-desync-fooling=badseq,badsum
-				--dpi-desync-badseq-increment=0
-				
-				--new
-				--filter-udp=443
-				--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-				--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
-				--dpi-desync=fake
-				--dpi-desync-repeats=6
-				--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
+				--filter-l7=quic <HOSTLIST_NOAUTO>
+				--payload=quic_initial
+				--lua-desync=fake:blob=fake_default_quic:repeats=6
 			"
 			commit $cfgname
 		EOF
@@ -253,7 +105,7 @@ function set_cfg_nfqws_strat
 function set_cfg_default_values
 {
 	local opt_flags=${1:--}
-	local opt_strat=${2:-v2_by_StressOzz}
+	local opt_strat=${2:-default}
 	local cfgname=${3:-$ZAPRET_CFG_NAME}

 	if ! echo "$opt_flags" | grep -q "(skip_base)"; then