Add FILTER_MARK support

luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js

@@ -167,6 +167,11 @@ return view.extend({
         //o.description = _("nfqws option for DPI desync attack");
         o.rmempty     = false;
         o.datatype    = 'string';
+
+        o = s.taboption(tabname, form.Value, 'FILTER_MARK', _('FILTER_MARK'));
+        o.rmempty     = false;
+        o.validate = function(section_id, value) { return true; };
+        o.write = function(section_id, value) { return form.Value.prototype.write.call(this, section_id, (value == null || value.trim() == '') ? "\t" : value.trim()); };
         
         o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_TCP', _('NFQWS_PORTS_TCP'));
         o.rmempty     = false;

zapret/config.default

@@ -56,6 +56,13 @@ DESYNC_MARK=0x40000000
 DESYNC_MARK_POSTNAT=0x20000000
 
 
+# do not pass outgoing traffic to tpws/nfqws not marked with this bit
+# this setting allows to write your own rules to limit traffic that should be fooled
+# for example based on source IP or incoming interface name
+# no filter if not defined
+FILTER_MARK=""
+
+
 TPWS_SOCKS_ENABLE=0
 # tpws socks listens on this port on localhost and LAN interfaces
 TPPORT_SOCKS=987

zapret/def-cfg.sh

@@ -29,6 +29,7 @@ function set_cfg_default_values
 		set $cfgname.config.NFQWS_ENABLE='1'
 		set $cfgname.config.DESYNC_MARK='0x40000000'
 		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
+		set $cfgname.config.FILTER_MARK='$TAB'
 		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
 		set $cfgname.config.NFQWS_PORTS_UDP='443'
 		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'

zapret/sync_config.sh

@@ -95,6 +95,7 @@ sync_param AUTOHOSTLIST_DEBUGLOG
 sync_param NFQWS_ENABLE
 sync_param DESYNC_MARK
 sync_param DESYNC_MARK_POSTNAT
+sync_param FILTER_MARK str
 sync_param NFQWS_PORTS_TCP str
 sync_param NFQWS_PORTS_UDP str
 sync_param NFQWS_TCP_PKT_OUT str