diff --git a/docs/bsd.en.md b/docs/bsd.en.md index 21a61bc..d29e728 100644 --- a/docs/bsd.en.md +++ b/docs/bsd.en.md @@ -280,7 +280,7 @@ Autostart `/usr/local/etc/rc.d/zapret.sh`: ``` pfctl -a zapret -f /etc/zapret.anchor pkill ^tpws$ -tpws --daemon --port=988 --enable-pf --bind-addr=127.0.0.1 --bind-iface6=em1 --bind-linklocal=force --split-http-req=method --split-pos=2 +tpws --daemon --port=988 --enable-pf --bind-addr=127.0.0.1 --bind-iface6=em1 --bind-linklocal=force --split-pos=2 ``` After reboot check that anchor is created and referred from the main ruleset: diff --git a/docs/changes.txt b/docs/changes.txt index d0dbed3..489b586 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -372,7 +372,7 @@ nfqws: --dpi-desync-split-http-req, --dpi-desync-split-tls deprecated. compat : nfqws: --dpi-desync=split2|disorder2 deprecated. compat: they are now synonyms for multisplit/multidisorder nfqws: cancel seqovl if MTU is exceeded (linux only). cancel seqovl for disorder if seqovl>=first_part_size. nfqws: fixed splits in multiple TLS segments. -tpws: --split-tls,--split-tls deprecated. compat : these parameters add split point to multisplit. +tpws: --split-http-req,--split-tls deprecated. compat : these parameters add split point to multisplit. tpws: --tlsrec now takes pos markers. compat : old names are converted to pos markers tpws: --tlsrec-pos deprecated. compat : sets absolute pos marker nfqws,tpws: chown autohostlist, autohostlist debug log and debug log files after options parse diff --git a/docs/readme.en.md b/docs/readme.en.md index 2792975..5549a5d 100644 --- a/docs/readme.en.md +++ b/docs/readme.en.md @@ -155,9 +155,10 @@ nfqws takes the following parameters: --dpi-desync-fooling=[,] ; can use multiple comma separated values. modes : none md5sig ts badseq badsum datanoack hopbyhop hopbyhop2 --dpi-desync-repeats= ; send every desync packet N times --dpi-desync-skip-nosni=0|1 ; 1(default)=do not act on ClientHello without SNI (ESNI ?) - --dpi-desync-split-pos=<1..9216> ; data payload split position - --dpi-desync-split-http-req=method|host ; split at specified logical part of plain http request - --dpi-desync-split-tls=sni|sniext ; split at specified logical part of TLS ClientHello + --dpi-desync-split-pos=N|-N|marker+N|marker-N ; comma separated list of split positions + ; markers: method,host,endhost,sld,endsld,midsld,sniext + ; full list is only used by multisplit and multidisorder + ; fakedsplit/fakeddisorder use first l7-protocol-compatible parameter if present, first abs value otherwise --dpi-desync-split-seqovl=N|-N|marker+N|marker-N ; use sequence overlap before first sent original split segment --dpi-desync-split-seqovl-pattern=|0xHEX ; pattern for the fake part of overlap --dpi-desync-ipfrag-pos-tcp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 8.