drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-21 06:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
637 Commits 1 Branch 20 Tags
Commit Graph

80 Commits

Author SHA1 Message Date
Evgeniy Khramtsov
11a68e521e nfq/darkmagic: unbreak IPv6 on FreeBSD 14 
https://github.com/freebsd/freebsd-src/blob/4da7282a1882/sys/netinet/ip_divert.c#L321
allows only AF_INET in sa, causing runtime issue with IPv6:
[...]
rawsend: sendto_divert: Address family not supported by protocol family
[...]

After hardcoding AF_INET in sa, sin_len check returns EINVAL:
[...]
rawsend: sendto_divert: Invalid argument
[...]

FreeBSD's div_output_outbound() past check still handles AF_INET6,
and --dpi-desync=fake,split works after hardcoding sa AF and len
to get past the check.
 2023-07-16 19:01:16 +00:00
Evgeniy Khramtsov
aed912e702 nfq: switch to PF_DIVERT/SOCK_RAW on FreeBSD 14 
FreeBSD/FreeBSD-src@8624f4347e ("divert: declare PF_DIVERT
domain and stop abusing PF_INET") deprecated IPPROTO_DIVERT
by introducing address family-independent PF_DIVERT.

Use socket(PF_DIVERT, SOCK_RAW, 0) to avoid deprecated behavior,
i.e. FreeBSD/FreeBSD-src@f70a2e2948.
 2023-07-16 18:56:25 +00:00
bol-van
109e3374d4 seccomp: more syscalls filter 2022-12-07 21:00:22 +03:00
bol-van
f6e6c39edf seccomp: fix process_madvise 2022-12-05 14:51:36 +03:00
bol-van
2dc13abb5d seccomp: more filtered syscalls 2022-12-05 14:38:39 +03:00
bol-van
6a05a4f9f4 seccomp: allow to compile with older toolchain 2022-11-24 00:15:07 +03:00
bol-van
87a77c5932 seccomp: fix jump offset 2022-11-23 18:56:10 +03:00
bol-van
619222b86e seecomp : fix x86 __X32_SYSCALL_BIT 2022-11-23 12:11:37 +03:00
bol-van
80a6ba9a8a seccomp optimize 2022-11-23 11:58:06 +03:00
bol-van
53d17aa4e1 seccomp: disable clone2 2022-11-22 18:23:04 +03:00
bol-van
7af2d43d5f tpws,nfqws: seccomp hardening 2022-11-22 17:49:53 +03:00
bol-van
04f8f7774d nfqws: do not complain if IPV6_FREEBIND not available 2022-07-29 08:20:57 +03:00
bol-van
895af0f629 nfqws: allow to decrease udp length 2022-07-27 12:00:36 +03:00
bol-van
403dc1a204 nfqws,tpws: multiple hostlist support, exclude hostlist support 2022-07-26 19:15:28 +03:00
bol-van
e2418531af nfqws: default quic fake to bypass russian TSPU 2022-05-30 14:48:29 +03:00
bol-van
01ec94806d nfqws: fix running on ipv6 disabled system 2022-05-20 11:21:38 +03:00
bol-van
877adbd6f6 nfqws: preserve fwmark. bind-fix 2022-05-15 15:54:35 +03:00
bol-van
7f7badb2af update bins 2022-05-03 12:32:14 +03:00
Reki
7ffa952d01 Use byte-per-byte accesses when accessing possibly unaligned data. 2022-05-03 10:20:42 +03:00
bol-van
ffda684a43 nfqws: fakeknown, udplen desync modes 2022-04-12 15:52:06 +03:00
bol-van
479ba87fc5 nfqws: cosmetics 2022-03-27 10:40:09 +03:00
bol-van
ad5588ebf1 nfqws: cosmetics 2022-03-27 10:15:28 +03:00
bol-van
1111845590 nfqws: QUIC check fixed bit = 1 2022-03-26 21:09:15 +03:00
bol-van
2eec88c2bf nfqws: verify quic auth tag. improve initial packet detection 2022-03-26 21:00:58 +03:00
bol-van
3753349058 nfqws: quic protocol code optimizations 2022-03-26 10:08:10 +03:00
bol-van
f7c0c35670 nfqws: handle QUIC decrypt failed case during desync 2022-03-25 22:34:37 +03:00
bol-van
7df1be9d3e nfqws: prevent out-of-bound access 2022-03-25 20:22:15 +03:00
bol-van
0887fe6f2a nfqws: remove duplicate check 2022-03-25 20:15:09 +03:00
bol-van
64406960aa nfqws: prevent out-of-band access in IsQUICCryptoHello 2022-03-25 20:08:05 +03:00
bol-van
4dc6639b5a nfqws: crypto dos2unix 2022-03-25 19:55:54 +03:00
bol-van
6c31029999 crypto rfc6234 restore license notices 2022-03-25 18:53:18 +03:00
bol-van
dce5b4c6f0 nfqws: QUIC initial dissection support 2022-03-25 16:59:58 +03:00
bol-van
0a5ffc1a54 nfqws: QUIC protocol recognition 2022-03-20 20:46:39 +03:00
bol-van
4aef7a96a4 nfqws: ipfrag1 desync mode 2022-02-05 15:41:46 +03:00
bol-van
b787ed0146 nfqws: cosmetics 2022-02-05 13:39:09 +03:00
bol-van
6151afe727 nfqws: destopt desync mode 2022-02-05 13:36:32 +03:00
bol-van
707e86bd90 nfqws: allow hopbyhop with 2nd phase desync 2022-02-02 15:18:35 +03:00
bol-van
a66aa7777a nfqws: do not drop packet in case of hopbyhop desync and ipv4 2022-02-02 09:39:48 +03:00
bol-van
427f16776c nfqws: hop-by-hop ipv6 fooling and desync 2022-02-01 20:35:52 +03:00
bol-van
b5d55b632c -Wno-logical-op-parentheses 2022-01-23 14:52:04 +03:00
bol-van
6b39411454 nfqws: ipv6 fragment at transport header 2022-01-05 15:34:57 +03:00
bol-van
1221626b1d nfqws: IP_NODEFRAG not working for ipv6 2022-01-03 22:16:11 +03:00
bol-van
78de2c2137 nfqws: move IP_NODEFRAG sockopt 2022-01-03 21:30:42 +03:00
bol-van
94433e3279 nfqws: set IP_NODEFRAG sockopt 2022-01-03 21:14:55 +03:00
Ata Niyazov
7dc0fba0cd
Update nfqws.c 
nfqws.c: fix comments
 2022-01-03 16:23:54 +00:00
bol-van
690d458ec7 nfqws: ipfrag 2022-01-03 12:38:18 +03:00
bol-van
44175a5e2d nfqws: do not do useless work 2022-01-01 21:12:47 +03:00
bol-van
65830eb665 nfqws: udp protocol desync 2022-01-01 20:22:04 +03:00
bol-van
6af82ec97d nfqws: change default badack increment -65000=>-66000 2021-12-28 12:50:04 +03:00
bol-van
aece656a8d nfqws: n|d|s cutoff modes 2021-12-27 16:51:30 +03:00