diff --git a/config b/config index ce753d9..a69ed30 100644 --- a/config +++ b/config @@ -40,7 +40,9 @@ MODE_FILTER=none # CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list DESYNC_MARK=0x40000000 -NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum --dpi-desync-fwmark=$DESYNC_MARK" +NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" +#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" +#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" # CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3" diff --git a/docs/readme.eng.txt b/docs/readme.eng.txt index c11434d..d84db85 100644 --- a/docs/readme.eng.txt +++ b/docs/readme.eng.txt @@ -492,6 +492,13 @@ nfqws options for DPI desync attack: DESYNC_MARK=0x40000000 NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum --dpi-desync-fwmark=$DESYNC_MARK" +Separate nfqws options for http and https : + +NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" +NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" + +If a variable is not defined, the value NFQWS_OPT_DESYNC is taken. + flow offloading control (openwrt only) donttouch : disable system flow offloading setting if selected mode is incompatible with it, dont touch it otherwise and dont configure selective flow offloading none : always disable system flow offloading setting and dont configure selective flow offloading diff --git a/docs/readme.txt b/docs/readme.txt index 35a24aa..8c18f8f 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -720,7 +720,14 @@ TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3" Опции nfqws для атаки десинхронизации DPI : DESYNC_MARK=0x40000000 -NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum --dpi-desync-fwmark=$DESYNC_MARK" +NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" + +Задание раздельных опций nfqws для http и https : + +NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" +NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" + +Если какая-то из переменных не определена, берется значение NFQWS_OPT_DESYNC. Настройка системы управления выборочным traffic offload (только openwrt) donttouch : выборочное управление отключено, используется системная настройка, простой инсталятор выключает системную настройку, если она не совместима с выбранным режимом diff --git a/init.d/openwrt/custom-2nfqws b/init.d/openwrt/custom-2nfqws deleted file mode 100644 index f184ae3..0000000 --- a/init.d/openwrt/custom-2nfqws +++ /dev/null @@ -1,44 +0,0 @@ -# this custom script demonstrates how to use 2 copies of nfqws -# it preserves config settings : MODE_HTTP, MODE_HTTP_KEEPALIVE, MODE_HTTPS, MODE_FILTER, NFQWS_OPT_DESYNC -# NFQWS_OPT_DESYNC - parameters for http -# NFQWS_OPT_DESYNC2 - parameters for https. you should add this variable to config file, its absent there - -QNUM2=$(($QNUM+1)) - -zapret_custom_daemons() -{ - local opt - - [ "$MODE_HTTP" = "1" ] && { - opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC" - filter_apply_hostlist_target opt - run_daemon 1 $NFQWS "$opt" - } - - [ "$MODE_HTTPS" = "1" ] && { - opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC2 --qnum=$QNUM2" - filter_apply_hostlist_target opt - run_daemon 2 $NFQWS "$opt" - } -} -zapret_custom_firewall() -{ - local f4 f6 - local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4" - local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK" - - [ "$MODE_HTTP" = "1" ] && { - f4="--dport 80" - [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM - } - - [ "$MODE_HTTPS" = "1" ] && { - f4="--dport 443 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM2 - } -} diff --git a/init.d/openwrt/custom-tpws4http-nfqws4https b/init.d/openwrt/custom-tpws4http-nfqws4https index 3c043e8..438fe66 100644 --- a/init.d/openwrt/custom-tpws4http-nfqws4https +++ b/init.d/openwrt/custom-tpws4http-nfqws4https @@ -6,13 +6,13 @@ zapret_custom_daemons() local opt [ "$MODE_HTTP" = "1" ] && { - opt="$TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT" filter_apply_hostlist_target opt run_tpws 1 "$opt" } [ "$MODE_HTTPS" = "1" ] && { - opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC" + opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC" filter_apply_hostlist_target opt run_daemon 2 $NFQWS "$opt" } diff --git a/init.d/openwrt/custom.default b/init.d/openwrt/custom.default deleted file mode 100644 index 2136b74..0000000 --- a/init.d/openwrt/custom.default +++ /dev/null @@ -1,20 +0,0 @@ -# this script contain your special code to launch daemons and configure firewall -# use helpers from "functions" file and "zapret" init script -# in case of upgrade keep this file only, do not modify others - -zapret_custom_daemons() -{ - # PLACEHOLDER - echo !!! NEED ATTENTION !!! - echo Start daemon\(s\) - echo Study how other sections work - - run_daemon 1 /bin/sleep 20 -} -zapret_custom_firewall() -{ - # PLACEHOLDER - echo !!! NEED ATTENTION !!! - echo Configure iptables for required actions - echo Study how other sections work -} diff --git a/init.d/openwrt/functions b/init.d/openwrt/functions index 6449644..e7b9f1e 100644 --- a/init.d/openwrt/functions +++ b/init.d/openwrt/functions @@ -20,6 +20,9 @@ CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/openwrt/custom" IPSET_EXCLUDE="-m set ! --match-set nozapret" IPSET_EXCLUDE6="-m set ! --match-set nozapret6" +NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}" +NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}" + exists() { which "$1" >/dev/null 2>/dev/null @@ -307,7 +310,8 @@ is_flow_offload_avail() list_nfqws_rules() { # $1 = '' for ipv4, '6' for ipv6 - ip$1tables -S POSTROUTING -t mangle | grep "NFQUEUE --queue-num $QNUM --queue-bypass" | sed -re 's/^-A POSTROUTING (.*) -j NFQUEUE.*$/\1/' -e "s/-m mark ! --mark $DESYNC_MARK\/$DESYNC_MARK//" + ip$1tables -S POSTROUTING -t mangle | grep -E "NFQUEUE --queue-num $QNUM --queue-bypass|NFQUEUE --queue-num $(($QNUM+1)) --queue-bypass" | \ + sed -re 's/^-A POSTROUTING (.*) -j NFQUEUE.*$/\1/' -e "s/-m mark ! --mark $DESYNC_MARK\/$DESYNC_MARK//" } reverse_nfqws_rule() { @@ -374,6 +378,7 @@ zapret_apply_firewall() local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4" local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK" local f4 f6 + local qn # always create ipsets. ip_exclude ipset is required create_ipset no-update @@ -394,9 +399,16 @@ zapret_apply_firewall() if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then echo both http and https are disabled. not applying redirection. else - if [ "$MODE_HTTP_KEEPALIVE" = "1" ]; then + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then + filter_apply_port_target f4 + f4="$f4 $first_packet_only" + f6=$f4 + filter_apply_ipset_target f4 f6 + fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM + else if [ "$MODE_HTTP" = "1" ]; then f4="--dport 80" + [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" f6=$f4 filter_apply_ipset_target f4 f6 fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM @@ -405,14 +417,10 @@ zapret_apply_firewall() f4="--dport 443 $first_packet_only" f6=$f4 filter_apply_ipset_target f4 f6 - fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM + qn=$QNUM + [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || qn=$(($QNUM+1)) + fw_nfqws_post "$f4 $desync" "$f6 $desync" $qn fi - else - filter_apply_port_target f4 - f4="$f4 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM fi fi ;; diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret index 31019f8..9c7096b 100755 --- a/init.d/openwrt/zapret +++ b/init.d/openwrt/zapret @@ -21,14 +21,14 @@ PIDDIR=/var/run NFQWS_USER=daemon NFQWS="$ZAPRET_BASE/nfq/nfqws" -NFQWS_OPT_BASE="--qnum=$QNUM --user=$NFQWS_USER" +NFQWS_OPT_BASE="--user=$NFQWS_USER --dpi-desync-fwmark=$DESYNC_MARK" TPWS="$ZAPRET_BASE/tpws/tpws" TPWS_LOCALHOST4=127.0.0.127 HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts-user.txt" -TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT" +TPWS_OPT_BASE="--user=$TPWS_USER" TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4" TPWS_OPT_BASE6="--bind-addr=::1" TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30" @@ -99,20 +99,25 @@ start_service() { case "${MODE}" in tpws) - opt="$TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT" filter_apply_hostlist_target opt run_tpws 1 "$opt" ;; tpws-socks) - opt="$TPWS_OPT_BASE --socks $TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT_BASE --socks $TPWS_OPT" tpws_apply_socks_binds opt filter_apply_hostlist_target opt run_daemon 1 "$TPWS" "$opt" ;; nfqws) - opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC" + opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt run_daemon 1 "$NFQWS" "$opt" + [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || { + opt="--qnum=$(($QNUM+1)) $NFQWS_OPT_BASE2 $NFQWS_OPT_DESYNC_HTTPS" + filter_apply_hostlist_target opt + run_daemon 2 "$NFQWS" "$opt" + } ;; custom) existf zapret_custom_daemons && zapret_custom_daemons $1 diff --git a/init.d/sysv/custom-2nfqws b/init.d/sysv/custom-2nfqws deleted file mode 100644 index c7fd0b8..0000000 --- a/init.d/sysv/custom-2nfqws +++ /dev/null @@ -1,44 +0,0 @@ -# this custom script demonstrates how to use 2 copies of nfqws -# it preserves config settings : MODE_HTTP, MODE_HTTP_KEEPALIVE, MODE_HTTPS, MODE_FILTER, NFQWS_OPT_DESYNC -# NFQWS_OPT_DESYNC - parameters for http -# NFQWS_OPT_DESYNC2 - parameters for https. you should add this variable to config file, its absent there - -QNUM2=$(($QNUM+1)) - -zapret_custom_daemons() -{ - local opt - - [ "$MODE_HTTP" = "1" ] && { - opt="$NFQWS_OPT_DESYNC" - filter_apply_hostlist_target opt - do_nfqws $1 1 "$opt" - } - - [ "$MODE_HTTPS" = "1" ] && { - opt="$NFQWS_OPT_DESYNC2 --qnum=$QNUM2" - filter_apply_hostlist_target opt - do_nfqws $1 2 "$opt" - } -} -zapret_custom_firewall() -{ - local f4 f6 - local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4" - local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK" - - [ "$MODE_HTTP" = "1" ] && { - f4="--dport 80" - [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM - } - - [ "$MODE_HTTPS" = "1" ] && { - f4="--dport 443 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM2 - } -} diff --git a/init.d/sysv/custom-tpws4http-nfqws4https b/init.d/sysv/custom-tpws4http-nfqws4https index 1667b33..e08a039 100644 --- a/init.d/sysv/custom-tpws4http-nfqws4https +++ b/init.d/sysv/custom-tpws4http-nfqws4https @@ -6,13 +6,13 @@ zapret_custom_daemons() local opt [ "$MODE_HTTP" = "1" ] && { - opt="$TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT" filter_apply_hostlist_target opt do_tpws $1 1 "$opt" } [ "$MODE_HTTPS" = "1" ] && { - opt="$NFQWS_OPT_DESYNC" + opt="--qnum=$QNUM $NFQWS_OPT_DESYNC" filter_apply_hostlist_target opt do_nfqws $1 2 "$opt" } diff --git a/init.d/sysv/functions b/init.d/sysv/functions index 5722398..f88b5ab 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -12,7 +12,9 @@ WS_USER=tpws [ -n "$QNUM" ] || QNUM=200 NFQWS="$ZAPRET_BASE/nfq/nfqws" -NFQWS_OPT_BASE="--qnum=$QNUM --user=$WS_USER" +NFQWS_OPT_BASE="--user=$WS_USER --dpi-desync-fwmark=$DESYNC_MARK" +NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}" +NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}" [ -n "$TPPORT" ] || TPPORT=988 TPWS="$ZAPRET_BASE/tpws/tpws" @@ -21,7 +23,7 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts-user.txt" -TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT" +TPWS_OPT_BASE="--user=$WS_USER" TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4" TPWS_OPT_BASE6="--bind-addr=::1" TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30" @@ -29,6 +31,7 @@ TPWS_WAIT_SOCKS6="$TPWS_WAIT --bind-wait-ip-linklocal=30" # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3" + [ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN" [ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN" [ -n "$IFACE_LAN" ] && IPT_ILAN="-i $IFACE_LAN" @@ -214,7 +217,7 @@ fw_tpws4() # $3 - tpws port [ "$DISABLE_IPV4" = "1" ] || { [ "$1" = 1 ] && prepare_tpws_fw4 - print_op $1 "$2" "tpws" + print_op $1 "$2" "tpws (port $3)" [ -n "$IFACE_LAN" ] && { ipt_add_del $1 PREROUTING -t nat $IPT_ILAN -p tcp $2 $IPSET_EXCLUDE dst -j DNAT --to $TPWS_LOCALHOST4:$3 } @@ -227,7 +230,7 @@ fw_tpws6() # $2 - iptable filter for ipv6 # $3 - tpws port [ "$DISABLE_IPV6" = "1" ] || { - print_op $1 "$2" "tpws" 6 + print_op $1 "$2" "tpws (port $3)" 6 [ -n "$IFACE_LAN" ] && { dnat6_target [ "$DNAT6_TARGET" != "-" ] && ipt6_add_del $1 PREROUTING -t nat $IPT_ILAN -p tcp $2 $IPSET_EXCLUDE6 dst -j DNAT --to [$DNAT6_TARGET]:$3 @@ -252,7 +255,7 @@ fw_nfqws_pre4() # $2 - iptable filter for ipv4 # $3 - queue number [ "$DISABLE_IPV4" = "1" ] || { - print_op $1 "$2" "nfqws prerouting" + print_op $1 "$2" "nfqws prerouting (qnum $3)" ipt_add_del $1 PREROUTING -t mangle $IPT_IWAN -p tcp $2 $IPSET_EXCLUDE src -j NFQUEUE --queue-num $3 --queue-bypass } } @@ -262,7 +265,7 @@ fw_nfqws_pre6() # $2 - iptable filter for ipv6 # $3 - queue number [ "$DISABLE_IPV6" = "1" ] || { - print_op $1 "$2" "nfqws prerouting" 6 + print_op $1 "$2" "nfqws prerouting (qnum $3)" 6 ipt6_add_del $1 PREROUTING -t mangle $IPT_IWAN -p tcp $2 $IPSET_EXCLUDE6 src -j NFQUEUE --queue-num $3 --queue-bypass } } @@ -281,7 +284,7 @@ fw_nfqws_post4() # $2 - iptable filter for ipv4 # $3 - queue number [ "$DISABLE_IPV4" = "1" ] || { - print_op $1 "$2" "nfqws postrouting" + print_op $1 "$2" "nfqws postrouting (qnum $3)" ipt_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 $IPSET_EXCLUDE dst -j NFQUEUE --queue-num $3 --queue-bypass } } @@ -291,7 +294,7 @@ fw_nfqws_post6() # $2 - iptable filter for ipv6 # $3 - queue number [ "$DISABLE_IPV6" = "1" ] || { - print_op $1 "$2" "nfqws postrouting" 6 + print_op $1 "$2" "nfqws postrouting (qnum $3)" 6 ipt6_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 $IPSET_EXCLUDE6 dst -j NFQUEUE --queue-num $3 --queue-bypass } } @@ -458,6 +461,7 @@ zapret_do_firewall() local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4" local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK" local f4 f6 + local qn # always create ipsets. ip_exclude ipset is required [ "$1" != "1" ] || create_ipset no-update @@ -478,9 +482,16 @@ zapret_do_firewall() if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then echo both http and https are disabled. not applying redirection. else - if [ "$MODE_HTTP_KEEPALIVE" = "1" ]; then + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then + filter_apply_port_target f4 + f4="$f4 $first_packet_only" + f6=$f4 + filter_apply_ipset_target f4 f6 + fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM + else if [ "$MODE_HTTP" = "1" ]; then f4="--dport 80" + [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" f6=$f4 filter_apply_ipset_target f4 f6 fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM @@ -489,14 +500,10 @@ zapret_do_firewall() f4="--dport 443 $first_packet_only" f6=$f4 filter_apply_ipset_target f4 f6 - fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM + qn=$QNUM + [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || qn=$(($QNUM+1)) + fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $qn fi - else - filter_apply_port_target f4 - f4="$f4 $first_packet_only" - f6=$f4 - filter_apply_ipset_target f4 f6 - fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM fi fi ;; @@ -523,20 +530,25 @@ zapret_do_daemons() case "${MODE}" in tpws) - opt="$TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT" filter_apply_hostlist_target opt do_tpws $1 1 "$opt" ;; tpws-socks) - opt="$TPWS_OPT_BASE --socks $TPWS_OPT" + opt="--port=$TPPORT $TPWS_OPT_BASE --socks $TPWS_OPT" tpws_apply_socks_binds opt filter_apply_hostlist_target opt do_daemon $1 1 "$TPWS" "$opt" ;; nfqws) - opt="$NFQWS_OPT_DESYNC" + opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt do_nfqws $1 1 "$opt" + [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || { + opt="--qnum=$(($QNUM+1)) $NFQWS_OPT_DESYNC_HTTPS" + filter_apply_hostlist_target opt + do_nfqws $1 2 "$opt" + } ;; custom) existf zapret_custom_daemons && zapret_custom_daemons $1 diff --git a/install_easy.sh b/install_easy.sh index ea99e93..2adb7e3 100755 --- a/install_easy.sh +++ b/install_easy.sh @@ -306,8 +306,10 @@ select_mode_mode() ;; nfqws) echo - echo nfqws options : $NFQWS_OPT_DESYNC - echo to change : edit NFQWS_OPT_DESYNC in $ZAPRET_CONFIG + echo "nfqws options (default) : $NFQWS_OPT_DESYNC" + echo "nfqws options (http) : $NFQWS_OPT_DESYNC_HTTP" + echo "nfqws options (https) : $NFQWS_OPT_DESYNC_HTTPS" + echo to change : edit NFQWS_OPT_DESYNC, NFQWS_OPT_DESYNC_HTTP, NFQWS_OPT_DESYNC_HTTPS in $ZAPRET_CONFIG ;; esac }