Compare commits

..

No commits in common. "5304a82dcd2c2e14e0e472cc14ebab55a7fca469" and "5b8a38e30e37c9ace0e22c2c10a92a826f1b25fc" have entirely different histories.

2 changed files with 19 additions and 92 deletions

View File

@ -1265,12 +1265,9 @@ ask_params()
read dom
[ -n "$dom" ] && DOMAINS="$dom"
local IPVS_def=4
# yandex public dns
pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46
printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
printf "ip protocol version(s) - 4, 6 or 46 for both (default: 4) : "
read IPVS
[ -n "$IPVS" ] || IPVS=$IPVS_def
[ -n "$IPVS" ] || IPVS=4
[ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || {
echo 'invalid ip version(s). should be 4, 6 or 46.'
exitp 1
@ -1290,11 +1287,13 @@ ask_params()
ENABLE_HTTPS_TLS13=0
echo
if [ -n "$TLS13" ]; then
echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
echo "This can allow more bypass strategies to work."
echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
echo "TLS 1.3 only strategy is better than nothing."
echo "TLS 1.3 is the new standard for encrypted communications over TCP"
echo "its the most important feature for DPI bypass is encrypted TLS ServerHello"
echo "more and more sites enable TLS 1.3 but still there're many sites with only TLS 1.2 support"
echo "with TLS 1.3 more DPI bypass strategies can work but they may not apply to all sites"
echo "if a strategy works with TLS 1.2 it will also work with TLS 1.3"
echo "if nothing works with TLS 1.2 this test may find TLS1.3 only strategies"
echo "make sure that $DOMAINS support TLS 1.3 otherwise all test will return an error"
ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
else
echo "installed curl version does not support TLS 1.3 . tests disabled."
@ -1347,63 +1346,23 @@ ask_params()
ping_with_fix()
{
local ret
$PING $2 $1 >/dev/null 2>/dev/null
ret=$?
# can be because of unsupported -4 option
if [ "$ret" = 2 -o "$ret" = 64 ]; then
ping $2 $1 >/dev/null
else
return $ret
fi
}
pingtest()
{
# $1 - ip version : 4 or 6
# $2 - domain or ip
# ping command can vary a lot. some implementations have -4/-6 options. others don.t
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail
local PING=ping ret
if [ "$1" = 6 ]; then
if exists ping6; then
PING=ping6
else
PING="ping -6"
fi
else
if [ "$UNAME" = Darwin -o "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then
# ping by default pings ipv4, ping6 only pings ipv6
# in FreeBSD -4/-6 options are supported, in others not
PING=ping
else
# this can be linux or cygwin
# in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option)
PING="ping -4"
fi
fi
case "$UNAME" in
Darwin)
$PING -c 1 -t 1 $2 >/dev/null 2>/dev/null
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail. but without timeout is not an option.
;;
OpenBSD)
$PING -c 1 -w 1 $2 >/dev/null
ping -c 1 -w 1 $1 >/dev/null
;;
CYGWIN)
if starts_with "$(which ping)" /cygdrive; then
# cygwin does not have own ping by default. use windows PING.
$PING -n 1 -w 1000 $2 >/dev/null
# cygwin does not have own PING by default. use windows PING.
ping -n 1 -w 1000 $1 >/dev/null
else
ping_with_fix $2 '-c 1 -w 1'
# they have installed cygwin ping
ping -c 1 -W 1 $1 >/dev/null
fi
;;
*)
ping_with_fix $2 '-c 1 -W 1'
ping -c 1 -W 1 $1 >/dev/null
;;
esac
}
@ -1416,7 +1375,7 @@ find_working_public_dns()
{
local dns
for dns in $DNSCHECK_DNS; do
pingtest 4 $dns && dnstest $dns && {
pingtest $dns && dnstest $dns && {
PUBDNS=$dns
return 0
}
@ -1429,11 +1388,7 @@ lookup4()
# $2 - DNS
case "$LOOKUP" in
nslookup)
if is_linked_to_busybox nslookup; then
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
else
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
fi
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
;;
host)
host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'

View File

@ -75,8 +75,8 @@ You must choose to install `curl`. To compile from sources install `gcc-core`,`m
It's possible to build x86 32-bit version but this version is not shipped. You have to build it yourself.
32-bit `windivert` can be downloaded from it's developer github. Required version is 2.2.2.
There's no `arm64` signed `windivert` driver and no `cygwin`.
But it's possible to use unsigned driver version in test mode and user mode components with x64 emulation.
x64 emulation requires `windows 11` and not supported in `windows 10`.
Theorecitally it would be possible to compile `windivert` kernel driver with test signature and run it on a arm64 system with disabled driver signature checks.
User-mode part can be run under x64 emulation. But it was not tested.
### blockcheck
@ -88,7 +88,6 @@ First run once `install_bin.sh` then `blockcheck.sh`.
Backslashes in windows paths shoud be doubled. Or use cygwin path notation.
```
cd "C:\\Users\\vasya"
cd "C:/Users/vasya"
cd "/cygdrive/c/Users/vasya"
```
`Cygwin` is required only for `blockcheck.sh`. Standalone `winws` can be run without it.
@ -103,30 +102,3 @@ Edit `task_create.cmd` and write your `winws` parameters to `%WINWS1%` variable.
clone the code in all cmd files to support multiple tasks `winws1,winws2,winws3,...`.
Tasks can also be controlled from GUI `taskschd.msc`.
Also you can use windows services the same way with `service_*.cmd`.
### zapret-win-bundle
To make your life easier there's ready to use [bundle](https://github.com/bol-van/zapret-win-bundle) with `cygwin`,`blockcheck` and `winws`.
* `/zapret-winws` - standalone version of `winws` for everyday use. does not require any other folders.
* `/zapret-winws/_CMD_ADMIN.cmd` - open `cmd` as administrator in the current folder
* `/blockcheck/blockcheck.cmd` - run `blockcheck` with logging to `blockcheck/blockcheck.log`
* `/cygwin/cygwin.cmd` - run `cygwin` shell as current user
* `/cygwin/cygwin-admin.cmd` - run `cygwin` shell as administrator
There're aliases in cygwin shell for `winws`,`blockcheck`,`ip2net`,`mdig`. No need to mess with paths.
It's possible to send signals to `winws` using standard unix utilites : `pidof,kill,killall,pgrep,pkill`.
`Cygwin` shares common process list per `cygwin1.dll` copy. If you run a `winws` from `zapret-winws`
you won't be able to `kill` it because this folder contain its own copy of `cygwin1.dll`.
It's possible to use `cygwin` shell to make `winws` debug log. Use `tee` command like this :
```
winws --debug --wf-tcp=80,443 | tee winws.log
unix2dos winws.log
```
`winws.log` will be in `cygwin/home/<username>`. `unix2dos` helps with `windows 7` notepad. It's not necessary in `Windows 10` and later.