mirror of
https://github.com/bol-van/zapret.git
synced 2025-05-24 22:32:58 +03:00
separate desync options for http and https
This commit is contained in:
bol-van
@@ -1,44 +0,0 @@
|
||||
# this custom script demonstrates how to use 2 copies of nfqws
|
||||
# it preserves config settings : MODE_HTTP, MODE_HTTP_KEEPALIVE, MODE_HTTPS, MODE_FILTER, NFQWS_OPT_DESYNC
|
||||
# NFQWS_OPT_DESYNC - parameters for http
|
||||
# NFQWS_OPT_DESYNC2 - parameters for https. you should add this variable to config file, its absent there
|
||||
|
||||
QNUM2=$(($QNUM+1))
|
||||
|
||||
zapret_custom_daemons()
|
||||
{
|
||||
local opt
|
||||
|
||||
[ "$MODE_HTTP" = "1" ] && {
|
||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 $NFQWS "$opt"
|
||||
}
|
||||
|
||||
[ "$MODE_HTTPS" = "1" ] && {
|
||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC2 --qnum=$QNUM2"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 2 $NFQWS "$opt"
|
||||
}
|
||||
}
|
||||
zapret_custom_firewall()
|
||||
{
|
||||
local f4 f6
|
||||
local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
|
||||
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
||||
|
||||
[ "$MODE_HTTP" = "1" ] && {
|
||||
f4="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
|
||||
}
|
||||
|
||||
[ "$MODE_HTTPS" = "1" ] && {
|
||||
f4="--dport 443 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM2
|
||||
}
|
||||
}
|
||||
@@ -6,13 +6,13 @@ zapret_custom_daemons()
|
||||
local opt
|
||||
|
||||
[ "$MODE_HTTP" = "1" ] && {
|
||||
opt="$TPWS_OPT"
|
||||
opt="--port=$TPPORT $TPWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
run_tpws 1 "$opt"
|
||||
}
|
||||
|
||||
[ "$MODE_HTTPS" = "1" ] && {
|
||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 2 $NFQWS "$opt"
|
||||
}
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
# this script contain your special code to launch daemons and configure firewall
|
||||
# use helpers from "functions" file and "zapret" init script
|
||||
# in case of upgrade keep this file only, do not modify others
|
||||
|
||||
zapret_custom_daemons()
|
||||
{
|
||||
# PLACEHOLDER
|
||||
echo !!! NEED ATTENTION !!!
|
||||
echo Start daemon\(s\)
|
||||
echo Study how other sections work
|
||||
|
||||
run_daemon 1 /bin/sleep 20
|
||||
}
|
||||
zapret_custom_firewall()
|
||||
{
|
||||
# PLACEHOLDER
|
||||
echo !!! NEED ATTENTION !!!
|
||||
echo Configure iptables for required actions
|
||||
echo Study how other sections work
|
||||
}
|
||||
@@ -20,6 +20,9 @@ CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/openwrt/custom"
|
||||
IPSET_EXCLUDE="-m set ! --match-set nozapret"
|
||||
IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
|
||||
|
||||
NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}"
|
||||
NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}"
|
||||
|
||||
exists()
|
||||
{
|
||||
which "$1" >/dev/null 2>/dev/null
|
||||
@@ -307,7 +310,8 @@ is_flow_offload_avail()
|
||||
list_nfqws_rules()
|
||||
{
|
||||
# $1 = '' for ipv4, '6' for ipv6
|
||||
ip$1tables -S POSTROUTING -t mangle | grep "NFQUEUE --queue-num $QNUM --queue-bypass" | sed -re 's/^-A POSTROUTING (.*) -j NFQUEUE.*$/\1/' -e "s/-m mark ! --mark $DESYNC_MARK\/$DESYNC_MARK//"
|
||||
ip$1tables -S POSTROUTING -t mangle | grep -E "NFQUEUE --queue-num $QNUM --queue-bypass|NFQUEUE --queue-num $(($QNUM+1)) --queue-bypass" | \
|
||||
sed -re 's/^-A POSTROUTING (.*) -j NFQUEUE.*$/\1/' -e "s/-m mark ! --mark $DESYNC_MARK\/$DESYNC_MARK//"
|
||||
}
|
||||
reverse_nfqws_rule()
|
||||
{
|
||||
@@ -374,6 +378,7 @@ zapret_apply_firewall()
|
||||
local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
|
||||
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
||||
local f4 f6
|
||||
local qn
|
||||
|
||||
# always create ipsets. ip_exclude ipset is required
|
||||
create_ipset no-update
|
||||
@@ -394,9 +399,16 @@ zapret_apply_firewall()
|
||||
if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
|
||||
echo both http and https are disabled. not applying redirection.
|
||||
else
|
||||
if [ "$MODE_HTTP_KEEPALIVE" = "1" ]; then
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then
|
||||
filter_apply_port_target f4
|
||||
f4="$f4 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
|
||||
else
|
||||
if [ "$MODE_HTTP" = "1" ]; then
|
||||
f4="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
|
||||
@@ -405,14 +417,10 @@ zapret_apply_firewall()
|
||||
f4="--dport 443 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
|
||||
qn=$QNUM
|
||||
[ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || qn=$(($QNUM+1))
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $qn
|
||||
fi
|
||||
else
|
||||
filter_apply_port_target f4
|
||||
f4="$f4 $first_packet_only"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
||||
@@ -21,14 +21,14 @@ PIDDIR=/var/run
|
||||
|
||||
NFQWS_USER=daemon
|
||||
NFQWS="$ZAPRET_BASE/nfq/nfqws"
|
||||
NFQWS_OPT_BASE="--qnum=$QNUM --user=$NFQWS_USER"
|
||||
NFQWS_OPT_BASE="--user=$NFQWS_USER --dpi-desync-fwmark=$DESYNC_MARK"
|
||||
|
||||
TPWS="$ZAPRET_BASE/tpws/tpws"
|
||||
TPWS_LOCALHOST4=127.0.0.127
|
||||
HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
|
||||
[ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt"
|
||||
[ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts-user.txt"
|
||||
TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT"
|
||||
TPWS_OPT_BASE="--user=$TPWS_USER"
|
||||
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
||||
TPWS_OPT_BASE6="--bind-addr=::1"
|
||||
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
|
||||
@@ -99,20 +99,25 @@ start_service() {
|
||||
|
||||
case "${MODE}" in
|
||||
tpws)
|
||||
opt="$TPWS_OPT"
|
||||
opt="--port=$TPPORT $TPWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
run_tpws 1 "$opt"
|
||||
;;
|
||||
tpws-socks)
|
||||
opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||
opt="--port=$TPPORT $TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||
tpws_apply_socks_binds opt
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 "$TPWS" "$opt"
|
||||
;;
|
||||
nfqws)
|
||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 "$NFQWS" "$opt"
|
||||
[ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || {
|
||||
opt="--qnum=$(($QNUM+1)) $NFQWS_OPT_BASE2 $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 2 "$NFQWS" "$opt"
|
||||
}
|
||||
;;
|
||||
custom)
|
||||
existf zapret_custom_daemons && zapret_custom_daemons $1
|
||||
|
||||
Reference in New Issue
Block a user