From 3b5edb5fc0a83e00279dd0eed78e6136edfe5e9e Mon Sep 17 00:00:00 2001 From: bol-van Date: Mon, 25 Mar 2024 17:45:18 +0300 Subject: [PATCH] blockcheck: deprioritize autottl checks --- blockcheck.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/blockcheck.sh b/blockcheck.sh index bc2ad60..dbfba6b 100755 --- a/blockcheck.sh +++ b/blockcheck.sh @@ -875,16 +875,6 @@ pktws_check_domain_http_bypass_() break } done - ok=0 - for delta in 1 2 3 4 5; do - pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-ttl=1 --dpi-desync-autottl=$delta $e && ok=1 - done - [ "$ok" = 1 ] && - { - echo "WARNING ! although autottl worked it requires testing on multiple domains to find out reliable delta" - echo "WARNING ! if a reliable delta cannot be found it's a good idea not to use autottl" - [ "$SCANLEVEL" = quick ] && return - } f= [ "$UNAME" = "OpenBSD" ] || f="badsum" f="$f badseq datanoack md5sig" @@ -903,6 +893,18 @@ pktws_check_domain_http_bypass_() pktws_curl_test_update_vary $1 $2 $3 $desync $e && [ "$SCANLEVEL" = quick ] && return done } + for desync in $tests; do + ok=0 + for delta in 1 2 3 4 5; do + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-ttl=1 --dpi-desync-autottl=$delta $e && ok=1 + done + [ "$ok" = 1 ] && + { + echo "WARNING ! although autottl worked it requires testing on multiple domains to find out reliable delta" + echo "WARNING ! if a reliable delta cannot be found it's a good idea not to use autottl" + [ "$SCANLEVEL" = quick ] && return + } + done # do not do wssize test for http. it's useless [ "$sec" = 1 ] || break done