diff --git a/blockcheck.sh b/blockcheck.sh index c3e54fc..26efd25 100755 --- a/blockcheck.sh +++ b/blockcheck.sh @@ -1232,14 +1232,19 @@ pktws_check_domain_http_bypass_() [ "$need_split" = 1 ] && { f="method+2 midsld method+2,midsld" - [ "$sec" = 0 ] || f="1 midsld sniext+1 1,midsld" + # relative markers can be anywhere, even in subsequent packets. first packet can be MTU-full. + # make additional split pos "10" to guarantee enough space for seqovl and likely to be before midsld,sniext,... + [ "$sec" = 0 ] || f="10 10,sniext+1 10,midsld" for pos in $f; do pktws_curl_test_update $1 $3 --dpi-desync=multisplit --dpi-desync-split-pos=$pos --dpi-desync-split-seqovl=1 $e && { [ "$SCANLEVEL" = quick ] && return need_wssize=0 } done - [ "$sec" != 0 ] && pktws_curl_test_update $1 $3 --dpi-desync=multisplit --dpi-desync-split-pos=2 --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern="$ZAPRET_BASE/files/fake/tls_clienthello_iana_org.bin" $e && [ "$SCANLEVEL" = quick ] && return + [ "$sec" != 0 ] && pktws_curl_test_update $1 $3 --dpi-desync=multisplit --dpi-desync-split-pos=2 --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern="$ZAPRET_BASE/files/fake/tls_clienthello_iana_org.bin" $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } } [ "$need_disorder" = 1 ] && { if [ "$sec" = 0 ]; then