drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

blockcheck: split-pos=1 breaks some dpi's in russia

Browse Source
This commit is contained in:
bol-van 2024-02-08 16:05:43 +03:00
parent 507a5d8681
commit 368b207484
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
blockcheck.sh
View File

@ -552,6 +552,14 @@ report_strategy()
return 1 return 1
fi fi
} }
test_has_split()
{
contains "$1" split || contains "$1" disorder
}
warn_md5sig()
{
echo 'WARNING ! although md5sig fooling worked it will not work on all sites. it typically works only on linux servers.'
}
pktws_check_domain_bypass() pktws_check_domain_bypass()
{ {
# $1 - test function # $1 - test function
@ -583,10 +591,15 @@ pktws_check_domain_bypass()
fi fi
done done
} }
[ "$ok" = 1 ] || tests="$tests split fake,split2 fake,split" [ "$ok" = 1 -a "$FORCE" != 1 ] || tests="$tests split fake,split2 fake,split"
pktws_curl_test_update $1 $3 --dpi-desync=disorder2 pktws_curl_test_update $1 $3 --dpi-desync=disorder2
[ "$?" != 0 -o "$FORCE" = 1 ] && tests="$tests disorder fake,disorder2 fake,disorder" ret=$?
[ "$ret" != 0 -o "$FORCE" = 1 ] && {
pktws_curl_test_update $1 $3 --dpi-desync=disorder2 --dpi-desync-split-pos=1
ret=$?
}
[ "$ret" != 0 -o "$FORCE" = 1 ] && tests="$tests disorder fake,disorder2 fake,disorder"
ttls=$(seq -s ' ' $MIN_TTL $MAX_TTL) ttls=$(seq -s ' ' $MIN_TTL $MAX_TTL)
for e in '' '--wssize 1:6'; do for e in '' '--wssize 1:6'; do
@ -600,12 +613,13 @@ pktws_check_domain_bypass()
s="--dpi-desync=$desync" s="--dpi-desync=$desync"
for ttl in $ttls; do for ttl in $ttls; do
pktws_curl_test_update $1 $3 $s --dpi-desync-ttl=$ttl $e && break pktws_curl_test_update $1 $3 $s --dpi-desync-ttl=$ttl $e && break
test_has_split $desync && pktws_curl_test_update $1 $3 $s --dpi-desync-split-pos=1 --dpi-desync-ttl=$ttl $e && break
done done
f="badsum badseq md5sig" f="badsum badseq md5sig"
[ "$IPV" = 6 ] && f="$f hopbyhop hopbyhop2" [ "$IPV" = 6 ] && f="$f hopbyhop hopbyhop2"
for fooling in $f; do for fooling in $f; do
pktws_curl_test_update $1 $3 $s --dpi-desync-fooling=$fooling $e && [ "$fooling" = "md5sig" ] && pktws_curl_test_update $1 $3 $s --dpi-desync-fooling=$fooling $e && [ "$fooling" = "md5sig" ] && warn_md5sig
echo 'WARNING ! although md5sig fooling worked it will not work on all sites. it typically works only on linux servers.' test_has_split $desync && pktws_curl_test_update $1 $3 $s --dpi-desync-split-pos=1 --dpi-desync-fooling=$fooling $e && [ "$fooling" = "md5sig" ] && warn_md5sig
done done
done done
[ "$IPV" = 6 ] && { [ "$IPV" = 6 ] && {
@ -613,6 +627,7 @@ pktws_check_domain_bypass()
[ -n "$IP6_DEFRAG_DISABLE" ] && f="$f ipfrag1 ipfrag1,split2 ipfrag1,disorder2" [ -n "$IP6_DEFRAG_DISABLE" ] && f="$f ipfrag1 ipfrag1,split2 ipfrag1,disorder2"
for desync in $f; do for desync in $f; do
pktws_curl_test_update $1 $3 --dpi-desync=$desync $e pktws_curl_test_update $1 $3 --dpi-desync=$desync $e
test_has_split $desync && pktws_curl_test_update $1 $3 --dpi-desync-split-pos=1 --dpi-desync=$desync $e
done done
} }
# do not do wssize test for http. it's useless # do not do wssize test for http. it's useless
@ -695,7 +710,7 @@ check_domain()
if [ "$SUBSYS" = "pfSense" ] ; then if [ "$SUBSYS" = "pfSense" ] ; then
echo "tpws tests are not possible on pfSense" echo "tpws tests are not possible on pfSense"
report_append "ipv${IPV} $4 $1 : automated tpws tests are not possible on pfSense. check docs/bsd.txt" report_append "ipv${IPV} $4 $1 : automated tpws tests are not possible on pfSense. check docs/bsd.txt"
else elif [ "$SKIP_TPWS" != 1 ]; then
echo preparing tpws redirection echo preparing tpws redirection
tpws_ipt_prepare $2 tpws_ipt_prepare $2