mirror of
https://github.com/remittor/zapret-openwrt.git
synced 2025-12-17 21:18:21 +03:00
273 lines
8.9 KiB
Bash
Executable File
273 lines
8.9 KiB
Bash
Executable File
#!/bin/sh
|
|
# Copyright (c) 2024 remittor
|
|
|
|
function set_cfg_reset_values
|
|
{
|
|
local cfgname=${1:-$ZAPRET_CFG_NAME}
|
|
local TAB="$( echo -n -e '\t' )"
|
|
uci batch <<-EOF
|
|
set $cfgname.config.run_on_boot='0'
|
|
# settings for zapret service
|
|
set $cfgname.config.FWTYPE='nftables'
|
|
set $cfgname.config.POSTNAT='1'
|
|
set $cfgname.config.FLOWOFFLOAD='none'
|
|
set $cfgname.config.INIT_APPLY_FW='1'
|
|
set $cfgname.config.DISABLE_IPV4='0'
|
|
set $cfgname.config.DISABLE_IPV6='1'
|
|
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
|
|
set $cfgname.config.MODE_FILTER='hostlist'
|
|
set $cfgname.config.DISABLE_CUSTOM='1'
|
|
set $cfgname.config.WS_USER='daemon'
|
|
set $cfgname.config.DAEMON_LOG_ENABLE='0'
|
|
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
|
|
# autohostlist options
|
|
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
|
|
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
|
|
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
|
|
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
|
|
# nfqws options
|
|
set $cfgname.config.NFQWS_ENABLE='1'
|
|
set $cfgname.config.DESYNC_MARK='0x40000000'
|
|
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
|
|
set $cfgname.config.FILTER_MARK='$TAB'
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
|
|
set $cfgname.config.NFQWS_TCP_PKT_IN='3'
|
|
set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
|
|
set $cfgname.config.NFQWS_UDP_PKT_IN='0'
|
|
set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
|
|
set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
|
|
# save changes
|
|
commit $cfgname
|
|
EOF
|
|
return 0
|
|
}
|
|
|
|
function clear_nfqws_strat
|
|
{
|
|
local cfgname=${1:-$ZAPRET_CFG_NAME}
|
|
local TAB="$( echo -n -e '\t' )"
|
|
uci batch <<-EOF
|
|
set $cfgname.config.MODE_FILTER='hostlist'
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT='$TAB'
|
|
commit $cfgname
|
|
EOF
|
|
}
|
|
|
|
function set_cfg_nfqws_strat
|
|
{
|
|
local strat=${1:--}
|
|
local cfgname=${2:-$ZAPRET_CFG_NAME}
|
|
local TAB="$( echo -n -e '\t' )"
|
|
|
|
uci batch <<-EOF
|
|
set $cfgname.config.MODE_FILTER='hostlist'
|
|
commit $cfgname
|
|
EOF
|
|
if [ "$strat" = "empty" ]; then
|
|
clear_nfqws_strat $cfgname
|
|
fi
|
|
if [ "$strat" = "v1_by_StressOzz" ]; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT="
|
|
# Strategy $strat
|
|
|
|
--filter-tcp=443 <HOSTLIST>
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--dpi-desync=fake,multidisorder
|
|
--dpi-desync-split-seqovl=681
|
|
--dpi-desync-split-pos=1
|
|
--dpi-desync-fooling=badseq
|
|
--dpi-desync-badseq-increment=10000000
|
|
--dpi-desync-repeats=2
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
|
|
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
|
|
|
|
--new
|
|
--filter-udp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--dpi-desync=fake
|
|
--dpi-desync-repeats=6
|
|
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
|
|
"
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
if [ "$strat" = "v2_by_StressOzz" ]; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT="
|
|
# Strategy $strat
|
|
|
|
--filter-tcp=443 <HOSTLIST>
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--dpi-desync=fake,fakeddisorder
|
|
--dpi-desync-split-pos=10,midsld
|
|
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
|
|
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
|
|
--dpi-desync-fake-tls=0x0F0F0F0F
|
|
--dpi-desync-fake-tls-mod=none
|
|
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
|
|
--dpi-desync-split-seqovl=336
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
|
|
--dpi-desync-fooling=badseq,badsum
|
|
--dpi-desync-badseq-increment=0
|
|
|
|
--new
|
|
--filter-udp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--dpi-desync=fake
|
|
--dpi-desync-repeats=6
|
|
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
|
|
"
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
if [ "$strat" = "v3_by_StressOzz" ]; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT="
|
|
# Strategy $strat
|
|
|
|
--filter-tcp=443 <HOSTLIST>
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--dpi-desync=fake,fakeddisorder
|
|
--dpi-desync-split-pos=10,midsld
|
|
--dpi-desync-fake-tls=/opt/zapret/files/fake/t2.bin
|
|
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=m.ok.ru
|
|
--dpi-desync-fake-tls=0x0F0F0F0F
|
|
--dpi-desync-fake-tls-mod=none
|
|
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
|
|
--dpi-desync-split-seqovl=336
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
|
|
--dpi-desync-fooling=badseq,badsum
|
|
--dpi-desync-badseq-increment=0
|
|
|
|
--new
|
|
--filter-udp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--dpi-desync=fake
|
|
--dpi-desync-repeats=6
|
|
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
|
|
"
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
if [ "$strat" = "v4_by_StressOzz" ]; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT="
|
|
# Strategy $strat
|
|
|
|
--filter-tcp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--dpi-desync=fake,multisplit
|
|
--dpi-desync-split-pos=2,sld
|
|
--dpi-desync-fake-tls=0x0F0F0F0F
|
|
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
|
|
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=google.com
|
|
--dpi-desync-split-seqovl=2108
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
|
|
--dpi-desync-fooling=badseq
|
|
|
|
--new
|
|
--filter-tcp=443 <HOSTLIST>
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--dpi-desync-any-protocol=1
|
|
--dpi-desync-cutoff=n5
|
|
--dpi-desync=multisplit
|
|
--dpi-desync-split-seqovl=582
|
|
--dpi-desync-split-pos=1
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/4pda.bin
|
|
|
|
--new
|
|
--filter-udp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--dpi-desync=fake
|
|
--dpi-desync-repeats=6
|
|
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
|
|
"
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
if [ "$strat" = "v5_by_StressOzz" ]; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
|
|
set $cfgname.config.NFQWS_PORTS_UDP='443'
|
|
set $cfgname.config.NFQWS_OPT="
|
|
# Strategy $strat
|
|
|
|
--filter-tcp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--ip-id=zero
|
|
--dpi-desync=multisplit
|
|
--dpi-desync-split-seqovl=681
|
|
--dpi-desync-split-pos=1
|
|
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
|
|
|
|
--new
|
|
--filter-tcp=443 <HOSTLIST>
|
|
--hostlist-exclude-domains=openwrt.org
|
|
--dpi-desync=fake,fakeddisorder
|
|
--dpi-desync-split-pos=10,midsld
|
|
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
|
|
--dpi-desync-fake-tls-mod=rnd,dupsid
|
|
--dpi-desync-fake-tls=0x0F0F0F0F
|
|
--dpi-desync-fake-tls-mod=none
|
|
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
|
|
--dpi-desync-fooling=badseq,badsum
|
|
--dpi-desync-badseq-increment=0
|
|
|
|
--new
|
|
--filter-udp=443
|
|
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
|
|
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
|
|
--dpi-desync=fake
|
|
--dpi-desync-repeats=6
|
|
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
|
|
"
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
function set_cfg_default_values
|
|
{
|
|
local opt_flags=${1:--}
|
|
local opt_strat=${2:-v2_by_StressOzz}
|
|
local cfgname=${3:-$ZAPRET_CFG_NAME}
|
|
|
|
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
|
|
set_cfg_reset_values $cfgname
|
|
fi
|
|
if [ "$opt_strat" != "-" ]; then
|
|
set_cfg_nfqws_strat "$opt_strat" $cfgname
|
|
fi
|
|
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
|
|
uci batch <<-EOF
|
|
set $cfgname.config.MODE_FILTER='autohostlist'
|
|
commit $cfgname
|
|
EOF
|
|
fi
|
|
return 0
|
|
}
|