windows.eng.md update info

blockcheck: support more nslookup and ping variants
2024-11-26 20:20:53 +03:00 · 2024-05-13 14:46:00 +03:00 · 2024-05-13 14:43:16 +03:00 · 2024-05-13 10:23:58 +03:00 · 2024-05-13 09:56:31 +03:00 · 2024-05-13 09:03:25 +03:00
2 changed files with 92 additions and 19 deletions
--- a/blockcheck.sh
+++ b/blockcheck.sh
@ -1265,9 +1265,12 @@ ask_params()
 	read dom
 	[ -n "$dom" ] && DOMAINS="$dom"
-	printf "ip protocol version(s) - 4, 6 or 46 for both (default: 4) : "
+	local IPVS_def=4
 	# yandex public dns
 	pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46
 	printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
 	read IPVS
-	[ -n "$IPVS" ] || IPVS=4
+	[ -n "$IPVS" ] || IPVS=$IPVS_def
 	[ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || {
 		echo 'invalid ip version(s). should be 4, 6 or 46.'
 		exitp 1
@ -1287,13 +1290,11 @@ ask_params()
 	ENABLE_HTTPS_TLS13=0
 	echo
 	if [ -n "$TLS13" ]; then
-		echo "TLS 1.3 is the new standard for encrypted communications over TCP"
+		echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
-		echo "its the most important feature for DPI bypass is encrypted TLS ServerHello"
+		echo "This can allow more bypass strategies to work."
-		echo "more and more sites enable TLS 1.3 but still there're many sites with only TLS 1.2 support"
+		echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
-		echo "with TLS 1.3 more DPI bypass strategies can work but they may not apply to all sites"
+		echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
-		echo "if a strategy works with TLS 1.2 it will also work with TLS 1.3"
+		echo "TLS 1.3 only strategy is better than nothing."
 		echo "if nothing works with TLS 1.2 this test may find TLS1.3 only strategies"
 		echo "make sure that $DOMAINS support TLS 1.3 otherwise all test will return an error"
 		ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
 	else
 		echo "installed curl version does not support TLS 1.3 . tests disabled."
@ -1346,23 +1347,63 @@ ask_params()
 ping_with_fix()
 {
 	local ret
 	$PING $2 $1 >/dev/null 2>/dev/null
 	ret=$?
 	# can be because of unsupported -4 option
 	if [ "$ret" = 2 -o "$ret" = 64 ]; then
 		ping $2 $1 >/dev/null
 	else
 		return $ret
 	fi
 }
 pingtest()
 {
 	# $1 - ip version : 4 or 6
 	# $2 - domain or ip
 	# ping command can vary a lot. some implementations have -4/-6 options. others don.t
 	# WARNING ! macos ping6 command does not have timeout option. ping6 will fail
 	local PING=ping ret
 	if [ "$1" = 6 ]; then
 		if exists ping6; then
 			PING=ping6
 		else
 			PING="ping -6"
 		fi
 	else
 		if [ "$UNAME" = Darwin -o "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then
 			# ping by default pings ipv4, ping6 only pings ipv6
 			# in FreeBSD -4/-6 options are supported, in others not
 			PING=ping
 		else
 			# this can be linux or cygwin
 			# in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option)
 			PING="ping -4"
 		fi
 	fi
 	case "$UNAME" in
 		Darwin)
 			$PING -c 1 -t 1 $2 >/dev/null 2>/dev/null
 			# WARNING ! macos ping6 command does not have timeout option. ping6 will fail. but without timeout is not an option.
 			;;
 		OpenBSD)
-			ping -c 1 -w 1 $1 >/dev/null
+			$PING -c 1 -w 1 $2 >/dev/null
 			;;
 		CYGWIN)
 			if starts_with "$(which ping)" /cygdrive; then
-				# cygwin does not have own PING by default. use windows PING.
+				# cygwin does not have own ping by default. use windows PING.
-				ping -n 1 -w 1000 $1 >/dev/null
+				$PING -n 1 -w 1000 $2 >/dev/null
 			else
-				# they have installed cygwin ping
+				ping_with_fix $2 '-c 1 -w 1'
 				ping -c 1 -W 1 $1 >/dev/null
 			fi
 			;;
 		*)
-			ping -c 1 -W 1 $1 >/dev/null
+			ping_with_fix $2 '-c 1 -W 1'
 			;;
 	esac
 }
@ -1375,7 +1416,7 @@ find_working_public_dns()
 {
 	local dns
 	for dns in $DNSCHECK_DNS; do
-		pingtest $dns && dnstest $dns && {
+		pingtest 4 $dns && dnstest $dns && {
 			PUBDNS=$dns
 			return 0
 		}
@ -1388,7 +1429,11 @@ lookup4()
 	# $2 - DNS
 	case "$LOOKUP" in
 		nslookup)
-			nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
+			if is_linked_to_busybox nslookup; then
 				nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
 			else
 				nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
 			fi
 			;;
 		host)
 			host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'
--- a/docs/windows.eng.md
+++ b/docs/windows.eng.md
@ -75,8 +75,8 @@ You must choose to install `curl`. To compile from sources install `gcc-core`,`m
 It's possible to build x86 32-bit version but this version is not shipped. You have to build it yourself.
 32-bit `windivert` can be downloaded from it's developer github. Required version is 2.2.2.
 There's no `arm64` signed `windivert` driver and no `cygwin`.
-Theorecitally it would be possible to compile `windivert` kernel driver with test signature and run it on a arm64 system with disabled driver signature checks.
+But it's possible to use unsigned driver version in test mode and user mode components with x64 emulation.
-User-mode part can be run under x64 emulation. But it was not tested.
+x64 emulation requires `windows 11` and not supported in `windows 10`.
 ### blockcheck
@ -88,6 +88,7 @@ First run once `install_bin.sh` then `blockcheck.sh`.
 Backslashes in windows paths shoud be doubled. Or use cygwin path notation.
 ```
 cd "C:\\Users\\vasya"
 cd "C:/Users/vasya"
 cd "/cygdrive/c/Users/vasya"
 ```
 `Cygwin` is required only for `blockcheck.sh`. Standalone `winws` can be run without it.
@ -102,3 +103,30 @@ Edit `task_create.cmd` and write your `winws` parameters to `%WINWS1%` variable.
 clone the code in all cmd files to support multiple tasks `winws1,winws2,winws3,...`.
 Tasks can also be controlled from GUI `taskschd.msc`.
 Also you can use windows services the same way with `service_*.cmd`.
 ### zapret-win-bundle
 To make your life easier there's ready to use [bundle](https://github.com/bol-van/zapret-win-bundle) with `cygwin`,`blockcheck` and `winws`.
 * `/zapret-winws` - standalone version of `winws` for everyday use. does not require any other folders.
 * `/zapret-winws/_CMD_ADMIN.cmd` - open `cmd` as administrator in the current folder
 * `/blockcheck/blockcheck.cmd` - run `blockcheck` with logging to `blockcheck/blockcheck.log`
 * `/cygwin/cygwin.cmd` - run `cygwin` shell as current user
 * `/cygwin/cygwin-admin.cmd` - run `cygwin` shell as administrator
 There're aliases in cygwin shell for `winws`,`blockcheck`,`ip2net`,`mdig`. No need to mess with paths.
 It's possible to send signals to `winws` using standard unix utilites : `pidof,kill,killall,pgrep,pkill`.
 `Cygwin` shares common process list per `cygwin1.dll` copy. If you run a `winws` from `zapret-winws`
 you won't be able to `kill` it because this folder contain its own copy of `cygwin1.dll`.
 It's possible to use `cygwin` shell to make `winws` debug log. Use `tee` command like this :
 ```
 winws --debug --wf-tcp=80,443 | tee winws.log
 unix2dos winws.log
 ```
 `winws.log` will be in `cygwin/home/<username>`. `unix2dos` helps with `windows 7` notepad. It's not necessary in `Windows 10` and later.
Author	SHA1	Message	Date
bol-van	5304a82dcd	windows.eng.md update info	2024-05-13 14:46:00 +03:00
bol-van	2686b25324	windows.eng.md update info	2024-05-13 14:43:16 +03:00
bol-van	1b6735549f	blockcheck: support more nslookup and ping variants	2024-05-13 10:23:58 +03:00
bol-van	8ec43269c0	blockcheck: support more nslookup and ping variants	2024-05-13 09:56:31 +03:00
bol-van	512cf55e30	blockcheck: test ipv6 by default if available	2024-05-13 09:03:25 +03:00