mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-02 22:50:53 +03:00
Compare commits
3 Commits
c179b3e474
...
a888ec2c89
Author | SHA1 | Date | |
---|---|---|---|
|
a888ec2c89 | ||
|
b50af9f9d0 | ||
|
074c8ca913 |
@ -293,7 +293,7 @@ netcat_test()
|
||||
# $2 - port
|
||||
local cmd
|
||||
netcat_setup && {
|
||||
cmd="$NCAT -z -w 1 $1 $2"
|
||||
cmd="$NCAT -z -w 2 $1 $2"
|
||||
echo $cmd
|
||||
$cmd 2>&1
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ edit_vars()
|
||||
local n=1 var v tmp="/tmp/zvars"
|
||||
rm -f "$tmp"
|
||||
while [ 1=1 ]; do
|
||||
eval var="\$$n"
|
||||
eval var="\${$n}"
|
||||
[ -n "$var" ] || break
|
||||
eval v="\$$var"
|
||||
echo $var=\"$v\" >>"$tmp"
|
||||
|
@ -45,3 +45,11 @@ filter_apply_hostlist_target()
|
||||
[ -n "$HOSTLIST_EXCLUDE" ] && eval $1="\"\$$1 --hostlist-exclude=$HOSTLIST_EXCLUDE\""
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && filter_apply_autohostlist_target $1
|
||||
}
|
||||
|
||||
filter_apply_suffix()
|
||||
{
|
||||
# $1 - var name of tpws or nfqws params
|
||||
# $2 - suffix value
|
||||
local v="${2:+ --new $2}"
|
||||
eval $1="\"\$$1$v\""
|
||||
}
|
||||
|
@ -1,10 +1,15 @@
|
||||
apply_unspecified_desync_modes()
|
||||
{
|
||||
NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}"
|
||||
NFQWS_OPT_DESYNC_HTTP_SUFFIX="${NFQWS_OPT_DESYNC_HTTP_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}"
|
||||
NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}"
|
||||
NFQWS_OPT_DESYNC_HTTPS_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}"
|
||||
NFQWS_OPT_DESYNC_HTTP6="${NFQWS_OPT_DESYNC_HTTP6:-$NFQWS_OPT_DESYNC_HTTP}"
|
||||
NFQWS_OPT_DESYNC_HTTP6_SUFFIX="${NFQWS_OPT_DESYNC_HTTP6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTP_SUFFIX}"
|
||||
NFQWS_OPT_DESYNC_HTTPS6="${NFQWS_OPT_DESYNC_HTTPS6:-$NFQWS_OPT_DESYNC_HTTPS}"
|
||||
NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTPS_SUFFIX}"
|
||||
NFQWS_OPT_DESYNC_QUIC6="${NFQWS_OPT_DESYNC_QUIC6:-$NFQWS_OPT_DESYNC_QUIC}"
|
||||
NFQWS_OPT_DESYNC_QUIC6_SUFFIX="${NFQWS_OPT_DESYNC_QUIC6_SUFFIX:-$NFQWS_OPT_DESYNC_QUIC_SUFFIX}"
|
||||
}
|
||||
|
||||
get_nfqws_qnums()
|
||||
@ -18,24 +23,24 @@ get_nfqws_qnums()
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
_qn=$QNUM
|
||||
_qns=$_qn
|
||||
[ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || _qns=$(($QNUM+1))
|
||||
[ "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ] || _qns=$(($QNUM+1))
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
_qn6=$(($QNUM+2))
|
||||
_qns6=$(($QNUM+3))
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
if [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then
|
||||
if [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then
|
||||
_qn6=$_qn;
|
||||
elif [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then
|
||||
elif [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then
|
||||
_qn6=$_qns;
|
||||
fi
|
||||
if [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then
|
||||
if [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then
|
||||
_qns6=$_qn;
|
||||
elif [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then
|
||||
elif [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then
|
||||
_qns6=$_qns;
|
||||
fi
|
||||
}
|
||||
[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
|
||||
[ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" ] && _qns6=$_qn6;
|
||||
}
|
||||
if [ "$MODE_HTTP" = 1 ]; then
|
||||
eval $1=$_qn
|
||||
@ -65,7 +70,7 @@ get_nfqws_qnums_quic()
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
_qn6=$(($QNUM+11))
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
if [ "$NFQWS_OPT_DESYNC_QUIC" = "$NFQWS_OPT_DESYNC_QUIC6" ]; then
|
||||
if [ "$NFQWS_OPT_DESYNC_QUIC $NFQWS_OPT_DESYNC_QUIC_SUFFIX" = "$NFQWS_OPT_DESYNC_QUIC6 $NFQWS_OPT_DESYNC_QUIC6_SUFFIX" ]; then
|
||||
_qn6=$_qn;
|
||||
fi
|
||||
}
|
||||
|
@ -65,15 +65,23 @@ MODE_QUIC=0
|
||||
MODE_FILTER=none
|
||||
|
||||
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
|
||||
# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (syndata,wssize)
|
||||
DESYNC_MARK=0x40000000
|
||||
DESYNC_MARK_POSTNAT=0x20000000
|
||||
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badsum"
|
||||
#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
||||
#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
|
||||
#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
|
||||
#NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
|
||||
#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTP=""
|
||||
#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS=""
|
||||
#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
|
||||
#NFQWS_OPT_DESYNC_HTTP6=""
|
||||
#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS6=""
|
||||
#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
|
||||
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6"
|
||||
#NFQWS_OPT_DESYNC_QUIC_SUFFIX=""
|
||||
#NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
|
||||
#NFQWS_OPT_DESYNC_QUIC6_SUFFIX=""
|
||||
|
||||
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
|
||||
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
|
||||
|
@ -463,8 +463,8 @@ becomes the possible maximum. If you set `scale_factor` 64:0, it will be very sl
|
||||
|
||||
On the other hand, the server response must not be large enough for the DPI to find what it is looking for.
|
||||
|
||||
Hostlist filter does not affect `--wssize` because it works since the connection initiation when it's not yet possible
|
||||
to extract the host name.
|
||||
`--wssize` is not applied in desync profiles with hostlist filter because it works since the connection initiation when it's not yet possible
|
||||
to extract the host name. But it works with auto hostlist profiles.
|
||||
|
||||
`--wssize` may slow down sites and/or increase response time. It's desired to use another methods if possible.
|
||||
|
||||
@ -963,6 +963,19 @@ It means if only `NFQWS_OPT_DESYNC` is defined all four take its value.
|
||||
|
||||
If a variable is not defined, the value `NFQWS_OPT_DESYNC` is taken.
|
||||
|
||||
Additional low priority desync profile for `MODE_FILTER=hostlist`.
|
||||
With multiple profile support 0-phase desync methods are no more applied with hostlist !
|
||||
To apply they additional profile is required without hostlist filter.
|
||||
```
|
||||
#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
|
||||
#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
|
||||
```
|
||||
|
||||
Defaults are filled the same ways as with NFQWS_OPT_*.
|
||||
|
||||
Separate QUIC options for ip protocol versions :
|
||||
|
||||
```
|
||||
|
@ -557,8 +557,8 @@ Scaling factor может только снижаться, увеличение
|
||||
window size итоговый размер окна стал максимально возможным. Если вы сделаете 64:0, будет очень медленно.
|
||||
С другой стороны нельзя допустить, чтобы ответ сервера стал достаточно большим, чтобы DPI нашел там искомое.
|
||||
|
||||
На --wssize не влияет фильтр hostlist, поскольку он действует с самого начала соединения, когда еще нельзя
|
||||
принять решение о попадании в лист.
|
||||
--wssize не работает в профилях с хостлистами, поскольку он действует с самого начала соединения, когда еще нельзя
|
||||
принять решение о попадании в лист. Однако, профиль с auto hostlist может содержать --wssize.
|
||||
--wssize может замедлять скорость и/или увеличивать время ответа сайтов, поэтому если есть другие работающие способы
|
||||
обхода DPI, лучше применять их.
|
||||
|
||||
@ -1387,6 +1387,17 @@ NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dp
|
||||
Если какая-то из переменных NFQWS_OPT_DESYNC_HTTP6/NFQWS_OPT_DESYNC_HTTPS6 не определена,
|
||||
берется значение NFQWS_OPT_DESYNC_HTTP/NFQWS_OPT_DESYNC_HTTPS.
|
||||
|
||||
Дополнительный низкоприоритетный профиль десинхронизации для режимов с MODE_FILTER=hostlist.
|
||||
После реализации поддержки множественных профилей режимы нулевой фазы десинхронизации больше не применяются с хостлистом !
|
||||
Для их применения требуется дополнительный профиль без хостлист фильтра.
|
||||
#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
|
||||
#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
|
||||
#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
|
||||
|
||||
Значения по умолчанию заполняются аналогично NFQWS_OPT_*.
|
||||
|
||||
Опции дурения для QUIC :
|
||||
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
|
||||
NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
|
||||
|
@ -16,6 +16,7 @@ zapret_custom_daemons()
|
||||
[ "$MODE_HTTPS" = "1" ] && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
|
||||
run_daemon 2 $NFQWS "$opt"
|
||||
}
|
||||
}
|
||||
|
@ -135,32 +135,38 @@ start_daemons_procd()
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX"
|
||||
run_daemon 1 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
|
||||
run_daemon 2 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX"
|
||||
run_daemon 3 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX"
|
||||
run_daemon 4 "$NFQWS" "$opt"
|
||||
}
|
||||
get_nfqws_qnums_quic qn qn6
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX"
|
||||
run_daemon 10 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
|
||||
run_daemon 11 "$NFQWS" "$opt"
|
||||
}
|
||||
;;
|
||||
|
@ -16,6 +16,7 @@ zapret_custom_daemons()
|
||||
[ "$MODE_HTTPS" = "1" ] && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
|
||||
do_nfqws $1 2 "$opt"
|
||||
}
|
||||
}
|
||||
|
@ -303,32 +303,38 @@ zapret_do_daemons()
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX"
|
||||
do_nfqws $1 1 "$opt"
|
||||
}
|
||||
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
|
||||
do_nfqws $1 2 "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX"
|
||||
do_nfqws $1 3 "$opt"
|
||||
}
|
||||
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX"
|
||||
do_nfqws $1 4 "$opt"
|
||||
}
|
||||
get_nfqws_qnums_quic qn qn6
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX"
|
||||
do_nfqws $1 10 "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6"
|
||||
filter_apply_hostlist_target opt
|
||||
filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
|
||||
do_nfqws $1 11 "$opt"
|
||||
}
|
||||
;;
|
||||
|
@ -115,7 +115,7 @@ select_mode_mode()
|
||||
vars="TPWS_OPT"
|
||||
;;
|
||||
nfqws)
|
||||
vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC6"
|
||||
vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_SUFFIX NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTP_SUFFIX NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTPS_SUFFIX NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTP6_SUFFIX NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_HTTPS6_SUFFIX NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC_SUFFIX NFQWS_OPT_DESYNC_QUIC6 NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
|
||||
;;
|
||||
esac
|
||||
[ -n "$vars" ] && {
|
||||
|
Loading…
Reference in New Issue
Block a user