Compare commits

..

5 Commits

Author SHA1 Message Date
bol-van
5304a82dcd windows.eng.md update info 2024-05-13 14:46:00 +03:00
bol-van
2686b25324 windows.eng.md update info 2024-05-13 14:43:16 +03:00
bol-van
1b6735549f blockcheck: support more nslookup and ping variants 2024-05-13 10:23:58 +03:00
bol-van
8ec43269c0 blockcheck: support more nslookup and ping variants 2024-05-13 09:56:31 +03:00
bol-van
512cf55e30 blockcheck: test ipv6 by default if available 2024-05-13 09:03:25 +03:00
2 changed files with 92 additions and 19 deletions

View File

@ -1265,9 +1265,12 @@ ask_params()
read dom read dom
[ -n "$dom" ] && DOMAINS="$dom" [ -n "$dom" ] && DOMAINS="$dom"
printf "ip protocol version(s) - 4, 6 or 46 for both (default: 4) : " local IPVS_def=4
# yandex public dns
pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46
printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
read IPVS read IPVS
[ -n "$IPVS" ] || IPVS=4 [ -n "$IPVS" ] || IPVS=$IPVS_def
[ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || { [ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || {
echo 'invalid ip version(s). should be 4, 6 or 46.' echo 'invalid ip version(s). should be 4, 6 or 46.'
exitp 1 exitp 1
@ -1287,13 +1290,11 @@ ask_params()
ENABLE_HTTPS_TLS13=0 ENABLE_HTTPS_TLS13=0
echo echo
if [ -n "$TLS13" ]; then if [ -n "$TLS13" ]; then
echo "TLS 1.3 is the new standard for encrypted communications over TCP" echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
echo "its the most important feature for DPI bypass is encrypted TLS ServerHello" echo "This can allow more bypass strategies to work."
echo "more and more sites enable TLS 1.3 but still there're many sites with only TLS 1.2 support" echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
echo "with TLS 1.3 more DPI bypass strategies can work but they may not apply to all sites" echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
echo "if a strategy works with TLS 1.2 it will also work with TLS 1.3" echo "TLS 1.3 only strategy is better than nothing."
echo "if nothing works with TLS 1.2 this test may find TLS1.3 only strategies"
echo "make sure that $DOMAINS support TLS 1.3 otherwise all test will return an error"
ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3" ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
else else
echo "installed curl version does not support TLS 1.3 . tests disabled." echo "installed curl version does not support TLS 1.3 . tests disabled."
@ -1346,23 +1347,63 @@ ask_params()
ping_with_fix()
{
local ret
$PING $2 $1 >/dev/null 2>/dev/null
ret=$?
# can be because of unsupported -4 option
if [ "$ret" = 2 -o "$ret" = 64 ]; then
ping $2 $1 >/dev/null
else
return $ret
fi
}
pingtest() pingtest()
{ {
# $1 - ip version : 4 or 6
# $2 - domain or ip
# ping command can vary a lot. some implementations have -4/-6 options. others don.t
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail
local PING=ping ret
if [ "$1" = 6 ]; then
if exists ping6; then
PING=ping6
else
PING="ping -6"
fi
else
if [ "$UNAME" = Darwin -o "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then
# ping by default pings ipv4, ping6 only pings ipv6
# in FreeBSD -4/-6 options are supported, in others not
PING=ping
else
# this can be linux or cygwin
# in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option)
PING="ping -4"
fi
fi
case "$UNAME" in case "$UNAME" in
Darwin)
$PING -c 1 -t 1 $2 >/dev/null 2>/dev/null
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail. but without timeout is not an option.
;;
OpenBSD) OpenBSD)
ping -c 1 -w 1 $1 >/dev/null $PING -c 1 -w 1 $2 >/dev/null
;; ;;
CYGWIN) CYGWIN)
if starts_with "$(which ping)" /cygdrive; then if starts_with "$(which ping)" /cygdrive; then
# cygwin does not have own PING by default. use windows PING. # cygwin does not have own ping by default. use windows PING.
ping -n 1 -w 1000 $1 >/dev/null $PING -n 1 -w 1000 $2 >/dev/null
else else
# they have installed cygwin ping ping_with_fix $2 '-c 1 -w 1'
ping -c 1 -W 1 $1 >/dev/null
fi fi
;; ;;
*) *)
ping -c 1 -W 1 $1 >/dev/null ping_with_fix $2 '-c 1 -W 1'
;; ;;
esac esac
} }
@ -1375,7 +1416,7 @@ find_working_public_dns()
{ {
local dns local dns
for dns in $DNSCHECK_DNS; do for dns in $DNSCHECK_DNS; do
pingtest $dns && dnstest $dns && { pingtest 4 $dns && dnstest $dns && {
PUBDNS=$dns PUBDNS=$dns
return 0 return 0
} }
@ -1388,7 +1429,11 @@ lookup4()
# $2 - DNS # $2 - DNS
case "$LOOKUP" in case "$LOOKUP" in
nslookup) nslookup)
if is_linked_to_busybox nslookup; then
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
else
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p' nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
fi
;; ;;
host) host)
host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'

View File

@ -75,8 +75,8 @@ You must choose to install `curl`. To compile from sources install `gcc-core`,`m
It's possible to build x86 32-bit version but this version is not shipped. You have to build it yourself. It's possible to build x86 32-bit version but this version is not shipped. You have to build it yourself.
32-bit `windivert` can be downloaded from it's developer github. Required version is 2.2.2. 32-bit `windivert` can be downloaded from it's developer github. Required version is 2.2.2.
There's no `arm64` signed `windivert` driver and no `cygwin`. There's no `arm64` signed `windivert` driver and no `cygwin`.
Theorecitally it would be possible to compile `windivert` kernel driver with test signature and run it on a arm64 system with disabled driver signature checks. But it's possible to use unsigned driver version in test mode and user mode components with x64 emulation.
User-mode part can be run under x64 emulation. But it was not tested. x64 emulation requires `windows 11` and not supported in `windows 10`.
### blockcheck ### blockcheck
@ -88,6 +88,7 @@ First run once `install_bin.sh` then `blockcheck.sh`.
Backslashes in windows paths shoud be doubled. Or use cygwin path notation. Backslashes in windows paths shoud be doubled. Or use cygwin path notation.
``` ```
cd "C:\\Users\\vasya" cd "C:\\Users\\vasya"
cd "C:/Users/vasya"
cd "/cygdrive/c/Users/vasya" cd "/cygdrive/c/Users/vasya"
``` ```
`Cygwin` is required only for `blockcheck.sh`. Standalone `winws` can be run without it. `Cygwin` is required only for `blockcheck.sh`. Standalone `winws` can be run without it.
@ -102,3 +103,30 @@ Edit `task_create.cmd` and write your `winws` parameters to `%WINWS1%` variable.
clone the code in all cmd files to support multiple tasks `winws1,winws2,winws3,...`. clone the code in all cmd files to support multiple tasks `winws1,winws2,winws3,...`.
Tasks can also be controlled from GUI `taskschd.msc`. Tasks can also be controlled from GUI `taskschd.msc`.
Also you can use windows services the same way with `service_*.cmd`.
### zapret-win-bundle
To make your life easier there's ready to use [bundle](https://github.com/bol-van/zapret-win-bundle) with `cygwin`,`blockcheck` and `winws`.
* `/zapret-winws` - standalone version of `winws` for everyday use. does not require any other folders.
* `/zapret-winws/_CMD_ADMIN.cmd` - open `cmd` as administrator in the current folder
* `/blockcheck/blockcheck.cmd` - run `blockcheck` with logging to `blockcheck/blockcheck.log`
* `/cygwin/cygwin.cmd` - run `cygwin` shell as current user
* `/cygwin/cygwin-admin.cmd` - run `cygwin` shell as administrator
There're aliases in cygwin shell for `winws`,`blockcheck`,`ip2net`,`mdig`. No need to mess with paths.
It's possible to send signals to `winws` using standard unix utilites : `pidof,kill,killall,pgrep,pkill`.
`Cygwin` shares common process list per `cygwin1.dll` copy. If you run a `winws` from `zapret-winws`
you won't be able to `kill` it because this folder contain its own copy of `cygwin1.dll`.
It's possible to use `cygwin` shell to make `winws` debug log. Use `tee` command like this :
```
winws --debug --wf-tcp=80,443 | tee winws.log
unix2dos winws.log
```
`winws.log` will be in `cygwin/home/<username>`. `unix2dos` helps with `windows 7` notepad. It's not necessary in `Windows 10` and later.