Mirror/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2026-01-27 12:50:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:v72.8
Branches Tags
Mirror:master
Mirror:v72.9 Mirror:v72.8 Mirror:v72.7 Mirror:v72.6 Mirror:v72.5 Mirror:v72.4 Mirror:v72.3 Mirror:v72.2 Mirror:v72.1 Mirror:v72 Mirror:v71.4 Mirror:v71.3 Mirror:v71.2 Mirror:v71.1.1 Mirror:v71.1 Mirror:v71 Mirror:v70.6 Mirror:v70.5 Mirror:v70.4 Mirror:v70.3 Mirror:v70 Mirror:v69.9 Mirror:v69.8 Mirror:v69.7 Mirror:v69.6 Mirror:v69.5 Mirror:v69.4 Mirror:v69.3 Mirror:v69.2 Mirror:v69.1 Mirror:v69 Mirror:v68 Mirror:v67 Mirror:v65 Mirror:v66 Mirror:v64
...
compare: Mirror:master
Branches Tags
Mirror:master
Mirror:v72.9 Mirror:v72.8 Mirror:v72.7 Mirror:v72.6 Mirror:v72.5 Mirror:v72.4 Mirror:v72.3 Mirror:v72.2 Mirror:v72.1 Mirror:v72 Mirror:v71.4 Mirror:v71.3 Mirror:v71.2 Mirror:v71.1.1 Mirror:v71.1 Mirror:v71 Mirror:v70.6 Mirror:v70.5 Mirror:v70.4 Mirror:v70.3 Mirror:v70 Mirror:v69.9 Mirror:v69.8 Mirror:v69.7 Mirror:v69.6 Mirror:v69.5 Mirror:v69.4 Mirror:v69.3 Mirror:v69.2 Mirror:v69.1 Mirror:v69 Mirror:v68 Mirror:v67 Mirror:v65 Mirror:v66 Mirror:v64

5 Commits
v72.8 ... master

Author SHA1 Message Date
bol-van
119e243b36 blockcheck: fix missing quic fake escape 2026-01-20 09:36:50 +03:00
bol-van
c849e55ef0 ask_list default value fix 2026-01-16 14:18:06 +03:00
bol-van
ec55c6f551 install_easy: always write FWTYPE 2026-01-16 12:53:55 +03:00
bol-van
6ca597c89c blockcheck: fix suspicious redirection with URI 2026-01-16 12:46:08 +03:00
bol-van
6ac51a4300 nfqws: fix wrong ipfrag help text 2026-01-16 11:01:54 +03:00
9 changed files with 44 additions and 29 deletions
Expand all files Collapse all files

41
blockcheck.sh
View File

@@ -668,7 +668,7 @@ curl_with_dig()
# $2 - domain name # $2 - domain name
# $3 - port # $3 - port
# $4+ - curl params # $4+ - curl params
local dom=$2 port=$3 local dom="$2" port=$3
local sdom suri ip local sdom suri ip
split_by_separator "$dom" / sdom suri split_by_separator "$dom" / sdom suri
@@ -687,12 +687,12 @@ curl_probe()
# $3 - port # $3 - port
# $4 - subst ip # $4 - subst ip
# $5+ - curl params # $5+ - curl params
local ipv=$1 dom=$2 port=$3 subst=$4 local ipv=$1 dom="$2" port=$3 subst=$4
shift; shift; shift; shift shift; shift; shift; shift
if [ -n "$subst" ]; then if [ -n "$subst" ]; then
curl_with_subst_ip $dom $port $subst "$@" curl_with_subst_ip "$dom" $port $subst "$@"
else else
curl_with_dig $ipv $dom $port "$@" curl_with_dig $ipv "$dom" $port "$@"
fi fi
} }
curl_test_http() curl_test_http()
@@ -702,8 +702,8 @@ curl_test_http()
# $3 - subst ip # $3 - subst ip
# $4 - "detail" - detail info # $4 - "detail" - detail info
local code loc hdrt="${HDRTEMP}_${!:-$$}.txt" local code loc hdrt="${HDRTEMP}_${!:-$$}.txt" dom="$(tolower "$2")"
curl_probe $1 $2 $HTTP_PORT "$3" -SsD "$hdrt" -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT "http://$2" -o /dev/null 2>&1 || { curl_probe $1 "$2" $HTTP_PORT "$3" -SsD "$hdrt" -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT "http://$2" -o /dev/null 2>&1 || {
code=$? code=$?
rm -f "$hdrt" rm -f "$hdrt"
return $code return $code
@@ -715,8 +715,9 @@ curl_test_http()
code=$(hdrfile_http_code "$hdrt") code=$(hdrfile_http_code "$hdrt")
[ "$code" = 301 -o "$code" = 302 -o "$code" = 307 -o "$code" = 308 ] && { [ "$code" = 301 -o "$code" = 302 -o "$code" = 307 -o "$code" = 308 ] && {
loc=$(hdrfile_location "$hdrt") loc=$(hdrfile_location "$hdrt")
echo "$loc" | grep -qE "^https?://.*$2(/|$)" || split_by_separator "$dom" / dom
echo "$loc" | grep -vqE '^https?://' || { tolower "$loc" | grep -qE "^https?://.*$dom(/|$)" ||
tolower "$loc" | grep -vqE '^https?://' || {
echo suspicious redirection $code to : $loc echo suspicious redirection $code to : $loc
rm -f "$hdrt" rm -f "$hdrt"
return 254 return 254
@@ -1079,7 +1080,7 @@ ws_curl_test()
# $2 - test function # $2 - test function
# $3 - domain # $3 - domain
# $4,$5,$6, ... - ws params # $4,$5,$6, ... - ws params
local code ws_start=$1 testf=$2 dom=$3 local code ws_start=$1 testf=$2 dom="$3"
[ "$SIMULATE" = 1 ] && { [ "$SIMULATE" = 1 ] && {
n=$(random 0 99) n=$(random 0 99)
@@ -1095,7 +1096,7 @@ ws_curl_test()
shift shift
shift shift
$ws_start "$@" $ws_start "$@"
curl_test $testf $dom curl_test $testf "$dom"
code=$? code=$?
ws_kill ws_kill
return $code return $code
@@ -1108,7 +1109,7 @@ tpws_curl_test()
echo - $1 ipv$IPV $2 : tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"} echo - $1 ipv$IPV $2 : tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT" local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT"
ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"} ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
local testf=$1 dom=$2 strategy code=$? local testf=$1 dom="$2" strategy code=$?
[ "$code" = 0 ] && { [ "$code" = 0 ] && {
shift; shift; shift; shift;
strategy="$@" strategy="$@"
@@ -1122,11 +1123,11 @@ pktws_curl_test()
# $1 - test function # $1 - test function
# $2 - domain # $2 - domain
# $3,$4,$5, ... - nfqws/dvtws params # $3,$4,$5, ... - nfqws/dvtws params
local testf=$1 dom=$2 strategy code local testf=$1 dom="$2" strategy code
shift; shift; shift; shift;
echo - $testf ipv$IPV $dom : $PKTWSD ${WF:+$WF }${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$@${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"} echo - $testf ipv$IPV $dom : $PKTWSD ${WF:+$WF }${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$@${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
ws_curl_test pktws_start $testf $dom ${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }"$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"} ws_curl_test pktws_start $testf "$dom" ${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }"$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
code=$? code=$?
[ "$code" = 0 ] && { [ "$code" = 0 ] && {
@@ -1152,11 +1153,11 @@ xxxws_curl_test_update()
# $2 - test function # $2 - test function
# $3 - domain # $3 - domain
# $4,$5,$6, ... - nfqws/dvtws params # $4,$5,$6, ... - nfqws/dvtws params
local code xxxf=$1 testf=$2 dom=$3 local code xxxf=$1 testf=$2 dom="$3"
shift shift
shift shift
shift shift
$xxxf $testf $dom "$@" $xxxf $testf "$dom" "$@"
code=$? code=$?
[ $code = 0 ] && strategy="${strategy:-$@}" [ $code = 0 ] && strategy="${strategy:-$@}"
return $code return $code
@@ -1317,13 +1318,13 @@ pktws_curl_test_update_vary()
[ "$fake" = "-" ] && continue [ "$fake" = "-" ] && continue
if [ -n "$splits" ]; then if [ -n "$splits" ]; then
for pos in $splits ; do for pos in $splits ; do
pktws_curl_test_update $testf $domain --dpi-desync=$desync "$@" --dpi-desync-split-pos=$pos $fake && { pktws_curl_test_update $testf "$domain" --dpi-desync=$desync "$@" --dpi-desync-split-pos=$pos $fake && {
[ "$SCANLEVEL" = force ] || return 0 [ "$SCANLEVEL" = force ] || return 0
ret=0 ret=0
} }
done done
else else
pktws_curl_test_update $testf $domain --dpi-desync=$desync "$@" $fake && { pktws_curl_test_update $testf "$domain" --dpi-desync=$desync "$@" $fake && {
[ "$SCANLEVEL" = force ] || return 0 [ "$SCANLEVEL" = force ] || return 0
ret=0 ret=0
} }
@@ -1572,7 +1573,7 @@ pktws_check_domain_http3_bypass_()
for fake in '' "--dpi-desync-fake-quic=$ZAPRET_BASE/files/fake/quic_initial_www_google_com.bin"; do for fake in '' "--dpi-desync-fake-quic=$ZAPRET_BASE/files/fake/quic_initial_www_google_com.bin"; do
for rep in '' 2 5 10 20; do for rep in '' 2 5 10 20; do
pktws_curl_test_update $1 $2 --dpi-desync=fake ${fake:+$fake }${rep:+--dpi-desync-repeats=$rep} && [ "$SCANLEVEL" != force ] && { pktws_curl_test_update $1 $2 --dpi-desync=fake ${fake:+"$fake" }${rep:+--dpi-desync-repeats=$rep} && [ "$SCANLEVEL" != force ] && {
[ "$SCANLEVEL" = quick ] && return [ "$SCANLEVEL" = quick ] && return
break break
} }
@@ -1698,7 +1699,7 @@ check_dpi_ip_block()
# $1 - test function # $1 - test function
# $2 - domain # $2 - domain
local blocked_dom=$2 local blocked_dom="$2"
local blocked_ip blocked_ips unblocked_ip local blocked_ip blocked_ips unblocked_ip
echo echo
@@ -2188,7 +2189,7 @@ check_dns_()
if find_working_public_dns ; then if find_working_public_dns ; then
echo comparing system resolver to public DNS : $PUBDNS echo comparing system resolver to public DNS : $PUBDNS
for dom in $DNSCHECK_DOM; do for dom in $DNSCHECK_DOM; do
if check_dns_spoof $dom $PUBDNS ; then if check_dns_spoof "$dom" $PUBDNS ; then
echo $dom : MISMATCH echo $dom : MISMATCH
echo -- system resolver : echo -- system resolver :
cat "$DNSCHECK_DIG1" cat "$DNSCHECK_DIG1"

4
common/base.sh
View File

@@ -109,6 +109,10 @@ split_by_separator()
[ -n "$3" ] && eval $3="\$before" [ -n "$3" ] && eval $3="\$before"
[ -n "$4" ] && eval $4="\$after" [ -n "$4" ] && eval $4="\$after"
} }
tolower()
{
echo "$@" | tr 'A-Z' 'a-z'
}
dir_is_not_empty() dir_is_not_empty()
{ {

4
common/dialog.sh
View File

@@ -36,7 +36,7 @@ ask_list()
# $3 - (optional) default value # $3 - (optional) default value
local M_DEFAULT local M_DEFAULT
eval M_DEFAULT="\$$1" eval M_DEFAULT="\$$1"
local M_ALL=$M_DEFAULT local M_DEFAULT_VAR="$M_DEFAULT"
local M="" m local M="" m
[ -n "$3" ] && { find_str_in_list "$M_DEFAULT" "$2" || M_DEFAULT="$3" ;} [ -n "$3" ] && { find_str_in_list "$M_DEFAULT" "$2" || M_DEFAULT="$3" ;}
@@ -53,5 +53,5 @@ ask_list()
echo selected : $M echo selected : $M
eval $1="\"$M\"" eval $1="\"$M\""
[ "$M" != "$M_DEFAULT" ] [ "$M" != "$M_DEFAULT_VAR" ]
} }

4
common/installer.sh
View File

@@ -827,7 +827,9 @@ select_fwtype()
echo WARNING ! if you need large lists it may be necessary to fall back to iptables+ipset firewall echo WARNING ! if you need large lists it may be necessary to fall back to iptables+ipset firewall
} }
echo select firewall type : echo select firewall type :
ask_list FWTYPE "iptables nftables" "$FWTYPE" && write_config_var FWTYPE ask_list FWTYPE "iptables nftables" "$FWTYPE"
# always write config var to prevent auto discovery every time
write_config_var FWTYPE
} }
dry_run_tpws_() dry_run_tpws_()

5
docs/changes.txt
View File

@@ -595,3 +595,8 @@ mdig: --eagain, --eagain-delay
73.8 73.8
nfqws: fix breaking tcp if ts fooling is enabled but no timestamps present nfqws: fix breaking tcp if ts fooling is enabled but no timestamps present
73.9
blockcheck: fix detection of http redirection if domain/URI specified
install_easy: fix writing of ask_list variables

4
docs/readme.en.md
View File

@@ -207,8 +207,8 @@ nfqws takes the following parameters:
--dpi-desync-fakedsplit-mod=mod[,mod] ; mods can be none,altorder=0|1|2|3 + 0|8|16 --dpi-desync-fakedsplit-mod=mod[,mod] ; mods can be none,altorder=0|1|2|3 + 0|8|16
--dpi-desync-hostfakesplit-midhost=marker+N|marker-N ; additionally split real hostname at specified marker. must be within host..endhost or won't be splitted. --dpi-desync-hostfakesplit-midhost=marker+N|marker-N ; additionally split real hostname at specified marker. must be within host..endhost or won't be splitted.
--dpi-desync-hostfakesplit-mod=mod[,mod] ; can be none, host=<hostname>, altorder=0|1 --dpi-desync-hostfakesplit-mod=mod[,mod] ; can be none, host=<hostname>, altorder=0|1
--dpi-desync-ipfrag-pos-tcp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 8. --dpi-desync-ipfrag-pos-tcp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 32.
--dpi-desync-ipfrag-pos-udp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 32. --dpi-desync-ipfrag-pos-udp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 8.
--dpi-desync-ts-increment=<int|0xHEX> ; ts fooling TSval signed increment. default -600000 --dpi-desync-ts-increment=<int|0xHEX> ; ts fooling TSval signed increment. default -600000
--dpi-desync-badseq-increment=<int|0xHEX> ; badseq fooling seq signed increment. default -10000 --dpi-desync-badseq-increment=<int|0xHEX> ; badseq fooling seq signed increment. default -10000
--dpi-desync-badack-increment=<int|0xHEX> ; badseq fooling ackseq signed increment. default -66000 --dpi-desync-badack-increment=<int|0xHEX> ; badseq fooling ackseq signed increment. default -66000

2
docs/readme.md
View File

@@ -237,6 +237,8 @@ dvtws, собираемый из тех же исходников (см. [док
--dpi-desync-fakedsplit-mod=mod[,mod] ; может быть none, altorder=0|1|2|3 + 0|8|16 --dpi-desync-fakedsplit-mod=mod[,mod] ; может быть none, altorder=0|1|2|3 + 0|8|16
--dpi-desync-hostfakesplit-midhost=marker+N|marker-N ; маркер дополнительного разреза сегмента с оригинальным хостом. должен попадать в пределы хоста. --dpi-desync-hostfakesplit-midhost=marker+N|marker-N ; маркер дополнительного разреза сегмента с оригинальным хостом. должен попадать в пределы хоста.
--dpi-desync-hostfakesplit-mod=mod[,mod] ; может быть none, host=<hostname>, altorder=0|1 --dpi-desync-hostfakesplit-mod=mod[,mod] ; может быть none, host=<hostname>, altorder=0|1
--dpi-desync-ipfrag-pos-tcp=<8..9216> ; позиция ip фрагментации tcp, начиная с транспортного заголовка. должно быть кратно 8, по умолчанию - 32.
--dpi-desync-ipfrag-pos-udp=<8..9216> ; позиция ip фрагментации udp, начиная с транспортного заголовка. должно быть кратно 8, по умолчанию - 8.
--dpi-desync-ts-increment=<int|0xHEX> ; инкремент TSval для ts. по умолчанию -600000 --dpi-desync-ts-increment=<int|0xHEX> ; инкремент TSval для ts. по умолчанию -600000
--dpi-desync-badseq-increment=<int|0xHEX> ; инкремент sequence number для badseq. по умолчанию -10000 --dpi-desync-badseq-increment=<int|0xHEX> ; инкремент sequence number для badseq. по умолчанию -10000
--dpi-desync-badack-increment=<int|0xHEX> ; инкремент ack sequence number для badseq. по умолчанию -66000 --dpi-desync-badack-increment=<int|0xHEX> ; инкремент ack sequence number для badseq. по умолчанию -66000

1
nfq/darkmagic.c
View File

@@ -928,6 +928,7 @@ void proto_skip_ipv6(uint8_t **data, size_t *len, uint8_t *proto_type, uint8_t *
if (proto_type) *proto_type = 0; // put error in advance if (proto_type) *proto_type = 0; // put error in advance
HeaderType = (*data)[6]; // NextHeader field HeaderType = (*data)[6]; // NextHeader field
if (proto_type) *proto_type = HeaderType;
if (last_header_type) *last_header_type = (*data)+6; if (last_header_type) *last_header_type = (*data)+6;
*data += 40; *len -= 40; // skip ipv6 base header *data += 40; *len -= 40; // skip ipv6 base header
while (*len > 0) // need at least one byte for NextHeader field while (*len > 0) // need at least one byte for NextHeader field

2
nfq/nfqws.c
View File

@@ -1883,8 +1883,8 @@ static void exithelp(void)
" --dpi-desync-fakedsplit-mod=mod[,mod]\t\t\t; mods can be none,altorder=0|1|2|3 + 0|8|16\n" " --dpi-desync-fakedsplit-mod=mod[,mod]\t\t\t; mods can be none,altorder=0|1|2|3 + 0|8|16\n"
" --dpi-desync-hostfakesplit-midhost=marker+N|marker-N\t; additionally split real hostname at specified marker. must be within host..endhost or won't be splitted.\n" " --dpi-desync-hostfakesplit-midhost=marker+N|marker-N\t; additionally split real hostname at specified marker. must be within host..endhost or won't be splitted.\n"
" --dpi-desync-hostfakesplit-mod=mod[,mod]\t\t; mods can be none,host=<hostname>,altorder=0|1\n" " --dpi-desync-hostfakesplit-mod=mod[,mod]\t\t; mods can be none,host=<hostname>,altorder=0|1\n"
" --dpi-desync-ipfrag-pos-tcp=<8..%u>\t\t\t; ip frag position starting from the transport header. multiple of 8, default %u.\n"
" --dpi-desync-ipfrag-pos-udp=<8..%u>\t\t\t; ip frag position starting from the transport header. multiple of 8, default %u.\n" " --dpi-desync-ipfrag-pos-udp=<8..%u>\t\t\t; ip frag position starting from the transport header. multiple of 8, default %u.\n"
" --dpi-desync-ipfrag-pos-tcp=<8..%u>\t\t\t; ip frag position starting from the transport header. multiple of 8, default %u.\n"
" --dpi-desync-ts-increment=<int|0xHEX>\t\t\t; ts fooling TSval signed increment. default %d\n" " --dpi-desync-ts-increment=<int|0xHEX>\t\t\t; ts fooling TSval signed increment. default %d\n"
" --dpi-desync-badseq-increment=<int|0xHEX>\t\t; badseq fooling seq signed increment. default %d\n" " --dpi-desync-badseq-increment=<int|0xHEX>\t\t; badseq fooling seq signed increment. default %d\n"
" --dpi-desync-badack-increment=<int|0xHEX>\t\t; badseq fooling ackseq signed increment. default %d\n" " --dpi-desync-badack-increment=<int|0xHEX>\t\t; badseq fooling ackseq signed increment. default %d\n"