mirror of
https://github.com/bol-van/zapret.git
synced 2025-04-20 22:12:58 +03:00
Compare commits
No commits in common. "7272b243cbc2cd8c15cd5775be9f352500cbc7b0" and "8097f08020ab91f1f7c7612770f7ad254a785a54" have entirely different histories.
7272b243cb
...
8097f08020
@ -347,7 +347,6 @@ check_system()
|
|||||||
|
|
||||||
UNAME=$(uname)
|
UNAME=$(uname)
|
||||||
SUBSYS=
|
SUBSYS=
|
||||||
FIX_SEG=
|
|
||||||
local s
|
local s
|
||||||
|
|
||||||
# can be passed FWTYPE=iptables to override default nftables preference
|
# can be passed FWTYPE=iptables to override default nftables preference
|
||||||
@ -355,7 +354,6 @@ check_system()
|
|||||||
Linux)
|
Linux)
|
||||||
PKTWS="$NFQWS"
|
PKTWS="$NFQWS"
|
||||||
PKTWSD=nfqws
|
PKTWSD=nfqws
|
||||||
FIX_SEG='--fix-seg'
|
|
||||||
linux_fwtype
|
linux_fwtype
|
||||||
[ "$FWTYPE" = iptables -o "$FWTYPE" = nftables ] || {
|
[ "$FWTYPE" = iptables -o "$FWTYPE" = nftables ] || {
|
||||||
echo firewall type $FWTYPE not supported in $UNAME
|
echo firewall type $FWTYPE not supported in $UNAME
|
||||||
@ -1432,11 +1430,6 @@ warn_mss()
|
|||||||
[ -n "$1" ] && echo 'WARNING ! although mss worked it may not work on all sites and will likely cause significant slowdown. it may only be required for TLS1.2, not TLS1.3'
|
[ -n "$1" ] && echo 'WARNING ! although mss worked it may not work on all sites and will likely cause significant slowdown. it may only be required for TLS1.2, not TLS1.3'
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
fix_seg()
|
|
||||||
{
|
|
||||||
# $1 - split-pos
|
|
||||||
[ -n "$FIX_SEG" ] && contains "$1" , && echo "$FIX_SEG"
|
|
||||||
}
|
|
||||||
|
|
||||||
tpws_check_domain_http_bypass_()
|
tpws_check_domain_http_bypass_()
|
||||||
{
|
{
|
||||||
@ -1462,7 +1455,7 @@ tpws_check_domain_http_bypass_()
|
|||||||
done
|
done
|
||||||
for s2 in '' '--hostcase' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
for s2 in '' '--hostcase' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
||||||
for s in $splits_http ; do
|
for s in $splits_http ; do
|
||||||
tpws_curl_test_update $1 $3 --split-pos=$s $(fix_seg $s) $s2 && [ "$SCANLEVEL" != force ] && {
|
tpws_curl_test_update $1 $3 --split-pos=$s --fix-seg $s2 && [ "$SCANLEVEL" != force ] && {
|
||||||
[ "$SCANLEVEL" = quick ] && return
|
[ "$SCANLEVEL" = quick ] && return
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
@ -1477,7 +1470,7 @@ tpws_check_domain_http_bypass_()
|
|||||||
s3=${mss:+--mss=$mss}
|
s3=${mss:+--mss=$mss}
|
||||||
for s2 in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
for s2 in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
||||||
for pos in $splits_tls; do
|
for pos in $splits_tls; do
|
||||||
tpws_curl_test_update $1 $3 --split-pos=$pos $(fix_seg $pos) $s2 $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
|
tpws_curl_test_update $1 $3 --split-pos=$pos --fix-seg $s2 $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
|
||||||
[ "$SCANLEVEL" = quick ] && return
|
[ "$SCANLEVEL" = quick ] && return
|
||||||
need_mss=0
|
need_mss=0
|
||||||
break
|
break
|
||||||
@ -1485,7 +1478,7 @@ tpws_check_domain_http_bypass_()
|
|||||||
done
|
done
|
||||||
done
|
done
|
||||||
for s in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
for s in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
|
||||||
for s2 in '--tlsrec=midsld' '--tlsrec=sniext+1 --split-pos=midsld' '--tlsrec=sniext+4 --split-pos=midsld' "--tlsrec=sniext+1 --split-pos=1,midsld $FIX_SEG" "--tlsrec=sniext+4 --split-pos=1,midsld $FIX_SEG" ; do
|
for s2 in '--tlsrec=midsld' '--tlsrec=sniext+1 --split-pos=midsld' '--tlsrec=sniext+4 --split-pos=midsld' '--tlsrec=sniext+1 --split-pos=1,midsld --fix-seg' '--tlsrec=sniext+4 --split-pos=1,midsld --fix-seg' ; do
|
||||||
tpws_curl_test_update $1 $3 $s2 $s $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
|
tpws_curl_test_update $1 $3 $s2 $s $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
|
||||||
[ "$SCANLEVEL" = quick ] && return
|
[ "$SCANLEVEL" = quick ] && return
|
||||||
need_mss=0
|
need_mss=0
|
||||||
|
|||||||
@ -479,4 +479,3 @@ nfqws: detect STUN message packets
|
|||||||
nfqws: change SNI to specified value tls mod : --dpi-desync-fake-tls-mod sni=<sni>
|
nfqws: change SNI to specified value tls mod : --dpi-desync-fake-tls-mod sni=<sni>
|
||||||
nfqws: update default TLS ClientHello fake. firefox 136.0.4 finger, no kyber, SNI=microsoft.com
|
nfqws: update default TLS ClientHello fake. firefox 136.0.4 finger, no kyber, SNI=microsoft.com
|
||||||
init.d: remove 50-discord
|
init.d: remove 50-discord
|
||||||
blockcheck: use tpws --fix-seg on linux for multiple splits
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user