blockcheck: optimize

update changes.txt
2025-04-20 22:12:58 +03:00 · 2025-04-05 18:13:16 +03:00 · 2025-04-05 18:10:46 +03:00 · 2025-04-05 18:10:18 +03:00 · 2025-04-05 16:35:26 +03:00 · 2025-04-05 16:31:22 +03:00
2 changed files with 11 additions and 3 deletions
--- a/blockcheck.sh
+++ b/blockcheck.sh
@ -347,6 +347,7 @@ check_system()

 	UNAME=$(uname)
 	SUBSYS=
+	FIX_SEG=
 	local s

 	# can be passed FWTYPE=iptables to override default nftables preference
@ -354,6 +355,7 @@ check_system()
 		Linux)
 			PKTWS="$NFQWS"
 			PKTWSD=nfqws
+			FIX_SEG='--fix-seg'
 			linux_fwtype
 			[ "$FWTYPE" = iptables -o "$FWTYPE" = nftables ] || {
 				echo firewall type $FWTYPE not supported in $UNAME
@ -1430,6 +1432,11 @@ warn_mss()
 	[ -n "$1" ] && echo 'WARNING ! although mss worked it may not work on all sites and will likely cause significant slowdown. it may only be required for TLS1.2, not TLS1.3'
 	return 0
 }
+fix_seg()
+{
+	# $1 - split-pos
+	[ -n "$FIX_SEG" ] && contains "$1" , && echo "$FIX_SEG"
+}

 tpws_check_domain_http_bypass_()
 {
@ -1455,7 +1462,7 @@ tpws_check_domain_http_bypass_()
 		done
 		for s2 in '' '--hostcase' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
 			for s in $splits_http ; do
-				tpws_curl_test_update $1 $3 --split-pos=$s --fix-seg $s2 && [ "$SCANLEVEL" != force ] && {
+				tpws_curl_test_update $1 $3 --split-pos=$s $(fix_seg $s) $s2 && [ "$SCANLEVEL" != force ] && {
 					[ "$SCANLEVEL" = quick ] && return
 					break
 				}
@ -1470,7 +1477,7 @@ tpws_check_domain_http_bypass_()
 			s3=${mss:+--mss=$mss}
 			for s2 in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
 				for pos in $splits_tls; do
-					tpws_curl_test_update $1 $3 --split-pos=$pos --fix-seg $s2 $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
+					tpws_curl_test_update $1 $3 --split-pos=$pos $(fix_seg $pos) $s2 $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
 						[ "$SCANLEVEL" = quick ] && return
 						need_mss=0
 						break
@ -1478,7 +1485,7 @@ tpws_check_domain_http_bypass_()
 				done
 			done
 			for s in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do
-				for s2 in '--tlsrec=midsld' '--tlsrec=sniext+1 --split-pos=midsld' '--tlsrec=sniext+4 --split-pos=midsld' '--tlsrec=sniext+1 --split-pos=1,midsld --fix-seg' '--tlsrec=sniext+4 --split-pos=1,midsld --fix-seg' ; do
+				for s2 in '--tlsrec=midsld' '--tlsrec=sniext+1 --split-pos=midsld' '--tlsrec=sniext+4 --split-pos=midsld' "--tlsrec=sniext+1 --split-pos=1,midsld $FIX_SEG" "--tlsrec=sniext+4 --split-pos=1,midsld $FIX_SEG" ; do
 					tpws_curl_test_update $1 $3 $s2 $s $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && {
 						[ "$SCANLEVEL" = quick ] && return
 						need_mss=0
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -479,3 +479,4 @@ nfqws: detect STUN message packets
 nfqws: change SNI to specified value tls mod : --dpi-desync-fake-tls-mod sni=<sni>
 nfqws: update default TLS ClientHello fake. firefox 136.0.4 finger, no kyber, SNI=microsoft.com
 init.d: remove 50-discord
+blockcheck: use tpws --fix-seg on linux for multiple splits
Author	SHA1	Message	Date
bol-van	7272b243cb	blockcheck: optimize	2025-04-05 18:13:16 +03:00
bol-van	72d48d957a	update changes.txt	2025-04-05 18:10:46 +03:00
bol-van	f4069d484a	update changes.txt	2025-04-05 18:10:18 +03:00
bol-van	1c82b0a6af	blockcheck: --fix seg only if multiple split pos	2025-04-05 16:35:26 +03:00
bol-van	c08e69aa65	blockcheck: --fix seg only if multiple split pos	2025-04-05 16:31:22 +03:00