diff --git a/zapret2/def-cfg.sh b/zapret2/def-cfg.sh index e24278b..38271a1 100755 --- a/zapret2/def-cfg.sh +++ b/zapret2/def-cfg.sh @@ -161,6 +161,89 @@ function set_cfg_nfqws_strat commit $cfgname EOF fi + if [ "$strat" = "v1_by_Routerich" ]; then + uci batch <<-EOF + set $cfgname.config.NFQWS2_PORTS_TCP='80,443' + set $cfgname.config.NFQWS2_PORTS_UDP='443' + set $cfgname.config.NFQWS2_OPT=" + --comment=Strategy__$strat + + --blob=blob_tls_clienthello_www_google_com:@/opt/zapret2/files/fake/tls_clienthello_www_google_com.bin + --blob=blob_tls_clienthello_vk_com:@/opt/zapret2/files/fake/tls_clienthello_vk_com.bin + --blob=blob_tls_clienthello_gosuslugi_ru:@/opt/zapret2/files/fake/tls_clienthello_gosuslugi_ru.bin + --blob=blob_tls_clienthello_www_max_ru:@/opt/zapret2/files/fake/max.bin + --blob=blob_tls_clienthello_t2_ru:@/opt/zapret2/files/fake/t2.bin + --blob=blob_tls_clienthello_www_4pda_to:@/opt/zapret2/files/fake/4pda.bin + + --filter-tcp=443 + --filter-l3=ipv4 + --filter-l7=tls + --hostlist=/opt/zapret2/ipset/zapret-hosts-google.txt + --out-range=-s34228 + --in-range=-s5556 --lua-desync=circular:fails=2:maxtime=60 + --in-range=x + --payload=tls_client_hello + --lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=-10000:tcp_ack=-66000:badsum:strategy=1 + --lua-desync=fake:blob=blob_tls_clienthello_www_google_com:optional:tcp_seq=-10000:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=ggpht.com:strategy=1 + --lua-desync=multisplit:pos=2,sld:seqovl=620:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=1 + --lua-desync=fake:blob=0x00000000:tcp_ack=-66000:strategy=2 + --lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tls_mod=rnd,dupsid,rndsni,padencap:tcp_ack=-66000:strategy=2 + --lua-desync=multisplit:pos=2,endhost:strategy=2 + --lua-desync=multisplit:pos=1:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:ip_id=zero:strategy=3 + --lua-desync=multisplit:pos=1,sniext+1:seqovl=1:strategy=4 + --lua-desync=multisplit:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=5 + --lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=6 + --lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=6 + --lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=6 + --lua-desync=multidisorder:pos=7,sld+1:strategy=7 + --lua-desync=multidisorder:pos=1,midsld,endhost-1:strategy=8 + --lua-desync=fake:blob=0x00000000:tcp_seq=-10000:tcp_ack=-66000:repeats=2:strategy=9 + --lua-desync=fake:blob=fake_default_tls:tcp_seq=-10000:tcp_ack=-66000:repeats=2:tls_mod=rnd,dupsid,sni=www.google.com:strategy=9 + --lua-desync=multisplit:pos=1,midsld:strategy=9 + --lua-desync=multidisorder:pos=1,midsld:strategy=10 + --lua-desync=multisplit:pos=1,2:seqovl=4:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=11 + --lua-desync=multidisorder:pos=2,5,105,host+5,sld-1,endsld-5,endsld:strategy=12 + --lua-desync=fake:blob=0x0F0F0F0F:badsum:tcp_seq=-10000:tcp_ack=-66000:strategy=13 + --lua-desync=fake:blob=blob_tls_clienthello_www_google_com:badsum:tcp_seq=-10000:tcp_ack=-66000:tls_mod=rnd,dupsid,sni=ggpht.com:strategy=13 + --lua-desync=multisplit:pos=2,sld:seqovl=2108:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=13 + --lua-desync=hostfakesplit:midhost=host-2:host=rzd.ru:tcp_seq=0:tcp_ack=-66000:badsum:strategy=14:final + + --new + --filter-tcp=443 + --filter-l3=ipv4 + --filter-l7=tls + --out-range=-s34228 + --in-range=-s5556 --lua-desync=circular:fails=2:maxtime=60 + --in-range=x + --payload=tls_client_hello + --lua-desync=fake:blob=blob_tls_clienthello_www_max_ru:tcp_ts=-600000:repeats=8:strategy=1 + --lua-desync=multisplit:pos=1:seqovl=654:seqovl_pattern=blob_tls_clienthello_www_max_ru:strategy=1 + --lua-desync=fake:blob=blob_tls_clienthello_t2_ru:tls_mod=rnd,dupsid,sni=m.ok.ru:badsum:tcp_seq=-10000:strategy=2 + --lua-desync=fake:blob=0x0F0F0F0F:tls_mod=none:badsum:tcp_seq=-10000:strategy=2 + --lua-desync=fakeddisorder:pos=10,midsld:pattern=blob_tls_clienthello_vk_com:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:badsum:tcp_seq=-10000:strategy=2 + --lua-desync=fake:blob=fake_default_tls:tcp_seq=10000000:tcp_ack=-66000:repeats=2:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=3 + --lua-desync=multidisorder:pos=1:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=3 + --lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=4 + --lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=4 + --lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=4 + --lua-desync=fake:blob=blob_tls_clienthello_t2_ru:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=m.ok.ru:strategy=5 + --lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=5 + --lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=5 + --lua-desync=multisplit:pos=1:seqovl=582:seqovl_pattern=blob_tls_clienthello_www_4pda_to:strategy=6 + --lua-desync=fake:blob=blob_tls_clienthello_www_max_ru:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid:strategy=7 + --lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=7 + --lua-desync=fakeddisorder:pos=10,midsld:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=7 + --lua-desync=hostfakesplit:midhost=host-2:host=rzd.ru:tcp_seq=0:tcp_ack=-66000:badsum:strategy=8:final + + --new + --filter-udp=443 + --filter-l7=quic + --payload=quic_initial + --lua-desync=fake:blob=fake_default_quic:repeats=6 + " + commit $cfgname + EOF + fi return 0 }