mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 20:20:53 +03:00
Compare commits
5 Commits
5b8a38e30e
...
5304a82dcd
| Author | SHA1 | Date | |
|---|---|---|---|
|
5304a82dcd | ||
|
|
2686b25324 | ||
|
|
1b6735549f | ||
|
|
8ec43269c0 | ||
|
|
512cf55e30 |
@ -1265,9 +1265,12 @@ ask_params()
|
||||
read dom
|
||||
[ -n "$dom" ] && DOMAINS="$dom"
|
||||
|
||||
printf "ip protocol version(s) - 4, 6 or 46 for both (default: 4) : "
|
||||
local IPVS_def=4
|
||||
# yandex public dns
|
||||
pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46
|
||||
printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
|
||||
read IPVS
|
||||
[ -n "$IPVS" ] || IPVS=4
|
||||
[ -n "$IPVS" ] || IPVS=$IPVS_def
|
||||
[ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || {
|
||||
echo 'invalid ip version(s). should be 4, 6 or 46.'
|
||||
exitp 1
|
||||
@ -1287,13 +1290,11 @@ ask_params()
|
||||
ENABLE_HTTPS_TLS13=0
|
||||
echo
|
||||
if [ -n "$TLS13" ]; then
|
||||
echo "TLS 1.3 is the new standard for encrypted communications over TCP"
|
||||
echo "its the most important feature for DPI bypass is encrypted TLS ServerHello"
|
||||
echo "more and more sites enable TLS 1.3 but still there're many sites with only TLS 1.2 support"
|
||||
echo "with TLS 1.3 more DPI bypass strategies can work but they may not apply to all sites"
|
||||
echo "if a strategy works with TLS 1.2 it will also work with TLS 1.3"
|
||||
echo "if nothing works with TLS 1.2 this test may find TLS1.3 only strategies"
|
||||
echo "make sure that $DOMAINS support TLS 1.3 otherwise all test will return an error"
|
||||
echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
|
||||
echo "This can allow more bypass strategies to work."
|
||||
echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
|
||||
echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
|
||||
echo "TLS 1.3 only strategy is better than nothing."
|
||||
ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
|
||||
else
|
||||
echo "installed curl version does not support TLS 1.3 . tests disabled."
|
||||
@ -1346,23 +1347,63 @@ ask_params()
|
||||
|
||||
|
||||
|
||||
ping_with_fix()
|
||||
{
|
||||
local ret
|
||||
$PING $2 $1 >/dev/null 2>/dev/null
|
||||
ret=$?
|
||||
# can be because of unsupported -4 option
|
||||
if [ "$ret" = 2 -o "$ret" = 64 ]; then
|
||||
ping $2 $1 >/dev/null
|
||||
else
|
||||
return $ret
|
||||
fi
|
||||
}
|
||||
|
||||
pingtest()
|
||||
{
|
||||
# $1 - ip version : 4 or 6
|
||||
# $2 - domain or ip
|
||||
|
||||
# ping command can vary a lot. some implementations have -4/-6 options. others don.t
|
||||
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail
|
||||
|
||||
local PING=ping ret
|
||||
if [ "$1" = 6 ]; then
|
||||
if exists ping6; then
|
||||
PING=ping6
|
||||
else
|
||||
PING="ping -6"
|
||||
fi
|
||||
else
|
||||
if [ "$UNAME" = Darwin -o "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then
|
||||
# ping by default pings ipv4, ping6 only pings ipv6
|
||||
# in FreeBSD -4/-6 options are supported, in others not
|
||||
PING=ping
|
||||
else
|
||||
# this can be linux or cygwin
|
||||
# in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option)
|
||||
PING="ping -4"
|
||||
fi
|
||||
fi
|
||||
case "$UNAME" in
|
||||
Darwin)
|
||||
$PING -c 1 -t 1 $2 >/dev/null 2>/dev/null
|
||||
# WARNING ! macos ping6 command does not have timeout option. ping6 will fail. but without timeout is not an option.
|
||||
;;
|
||||
OpenBSD)
|
||||
ping -c 1 -w 1 $1 >/dev/null
|
||||
$PING -c 1 -w 1 $2 >/dev/null
|
||||
;;
|
||||
CYGWIN)
|
||||
if starts_with "$(which ping)" /cygdrive; then
|
||||
# cygwin does not have own PING by default. use windows PING.
|
||||
ping -n 1 -w 1000 $1 >/dev/null
|
||||
# cygwin does not have own ping by default. use windows PING.
|
||||
$PING -n 1 -w 1000 $2 >/dev/null
|
||||
else
|
||||
# they have installed cygwin ping
|
||||
ping -c 1 -W 1 $1 >/dev/null
|
||||
ping_with_fix $2 '-c 1 -w 1'
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
ping -c 1 -W 1 $1 >/dev/null
|
||||
ping_with_fix $2 '-c 1 -W 1'
|
||||
;;
|
||||
esac
|
||||
}
|
||||
@ -1375,7 +1416,7 @@ find_working_public_dns()
|
||||
{
|
||||
local dns
|
||||
for dns in $DNSCHECK_DNS; do
|
||||
pingtest $dns && dnstest $dns && {
|
||||
pingtest 4 $dns && dnstest $dns && {
|
||||
PUBDNS=$dns
|
||||
return 0
|
||||
}
|
||||
@ -1388,7 +1429,11 @@ lookup4()
|
||||
# $2 - DNS
|
||||
case "$LOOKUP" in
|
||||
nslookup)
|
||||
if is_linked_to_busybox nslookup; then
|
||||
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
|
||||
else
|
||||
nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'
|
||||
fi
|
||||
;;
|
||||
host)
|
||||
host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'
|
||||
|
||||
@ -75,8 +75,8 @@ You must choose to install `curl`. To compile from sources install `gcc-core`,`m
|
||||
It's possible to build x86 32-bit version but this version is not shipped. You have to build it yourself.
|
||||
32-bit `windivert` can be downloaded from it's developer github. Required version is 2.2.2.
|
||||
There's no `arm64` signed `windivert` driver and no `cygwin`.
|
||||
Theorecitally it would be possible to compile `windivert` kernel driver with test signature and run it on a arm64 system with disabled driver signature checks.
|
||||
User-mode part can be run under x64 emulation. But it was not tested.
|
||||
But it's possible to use unsigned driver version in test mode and user mode components with x64 emulation.
|
||||
x64 emulation requires `windows 11` and not supported in `windows 10`.
|
||||
|
||||
### blockcheck
|
||||
|
||||
@ -88,6 +88,7 @@ First run once `install_bin.sh` then `blockcheck.sh`.
|
||||
Backslashes in windows paths shoud be doubled. Or use cygwin path notation.
|
||||
```
|
||||
cd "C:\\Users\\vasya"
|
||||
cd "C:/Users/vasya"
|
||||
cd "/cygdrive/c/Users/vasya"
|
||||
```
|
||||
`Cygwin` is required only for `blockcheck.sh`. Standalone `winws` can be run without it.
|
||||
@ -102,3 +103,30 @@ Edit `task_create.cmd` and write your `winws` parameters to `%WINWS1%` variable.
|
||||
clone the code in all cmd files to support multiple tasks `winws1,winws2,winws3,...`.
|
||||
|
||||
Tasks can also be controlled from GUI `taskschd.msc`.
|
||||
|
||||
Also you can use windows services the same way with `service_*.cmd`.
|
||||
|
||||
|
||||
### zapret-win-bundle
|
||||
|
||||
To make your life easier there's ready to use [bundle](https://github.com/bol-van/zapret-win-bundle) with `cygwin`,`blockcheck` and `winws`.
|
||||
|
||||
* `/zapret-winws` - standalone version of `winws` for everyday use. does not require any other folders.
|
||||
* `/zapret-winws/_CMD_ADMIN.cmd` - open `cmd` as administrator in the current folder
|
||||
* `/blockcheck/blockcheck.cmd` - run `blockcheck` with logging to `blockcheck/blockcheck.log`
|
||||
* `/cygwin/cygwin.cmd` - run `cygwin` shell as current user
|
||||
* `/cygwin/cygwin-admin.cmd` - run `cygwin` shell as administrator
|
||||
|
||||
There're aliases in cygwin shell for `winws`,`blockcheck`,`ip2net`,`mdig`. No need to mess with paths.
|
||||
It's possible to send signals to `winws` using standard unix utilites : `pidof,kill,killall,pgrep,pkill`.
|
||||
`Cygwin` shares common process list per `cygwin1.dll` copy. If you run a `winws` from `zapret-winws`
|
||||
you won't be able to `kill` it because this folder contain its own copy of `cygwin1.dll`.
|
||||
|
||||
It's possible to use `cygwin` shell to make `winws` debug log. Use `tee` command like this :
|
||||
|
||||
```
|
||||
winws --debug --wf-tcp=80,443 | tee winws.log
|
||||
unix2dos winws.log
|
||||
```
|
||||
|
||||
`winws.log` will be in `cygwin/home/<username>`. `unix2dos` helps with `windows 7` notepad. It's not necessary in `Windows 10` and later.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user