mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 12:10:53 +03:00
Compare commits
No commits in common. "c964677913eaffc125c8779d885129fd446b9ff3" and "f22dcb24877ec9fe6be63ce3cf64d5433a3061b3" have entirely different histories.
c964677913
...
f22dcb2487
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
128
blockcheck.sh
128
blockcheck.sh
@ -441,62 +441,58 @@ check_prerequisites()
|
||||
}
|
||||
|
||||
local prog progs='curl'
|
||||
[ "$SKIP_PKTWS" = 1 ] || {
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
case "$FWTYPE" in
|
||||
iptables)
|
||||
ipt_has_nfq || {
|
||||
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
progs="$progs iptables ip6tables"
|
||||
;;
|
||||
nftables)
|
||||
nft_has_nfq || {
|
||||
echo nftables queue support is not available. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
progs="$progs nft"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
FreeBSD)
|
||||
freebsd_modules_loaded ipfw ipdivert || {
|
||||
echo ipfw or ipdivert kernel module not loaded
|
||||
exitp 6
|
||||
}
|
||||
[ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && {
|
||||
echo ipfw is disabled. use : ipfw enable firewall
|
||||
exitp 6
|
||||
}
|
||||
pf_is_avail && {
|
||||
pf_save
|
||||
[ "$SUBSYS" = "pfSense" ] && {
|
||||
# pfsense's ipfw may not work without these workarounds
|
||||
sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
pfctl -qd
|
||||
pfctl -qe
|
||||
pf_restore
|
||||
}
|
||||
}
|
||||
progs="$progs ipfw"
|
||||
;;
|
||||
OpenBSD|Darwin)
|
||||
pf_is_avail || {
|
||||
echo pf is not available
|
||||
exitp 6
|
||||
}
|
||||
pf_save
|
||||
progs="$progs pfctl"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
case "$FWTYPE" in
|
||||
iptables)
|
||||
progs="$progs iptables ip6tables"
|
||||
ipt_has_nfq || {
|
||||
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
;;
|
||||
nftables)
|
||||
nft_has_nfq || {
|
||||
echo nftables queue support is not available. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
FreeBSD)
|
||||
progs="$progs ipfw"
|
||||
freebsd_modules_loaded ipfw ipdivert || {
|
||||
echo ipfw or ipdivert kernel module not loaded
|
||||
exitp 6
|
||||
}
|
||||
[ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && {
|
||||
echo ipfw is disabled. use : ipfw enable firewall
|
||||
exitp 6
|
||||
}
|
||||
pf_is_avail && {
|
||||
pf_save
|
||||
[ "$SUBSYS" = "pfSense" ] && {
|
||||
# pfsense's ipfw may not work without these workarounds
|
||||
sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
pfctl -qd
|
||||
pfctl -qe
|
||||
pf_restore
|
||||
}
|
||||
}
|
||||
;;
|
||||
OpenBSD|Darwin)
|
||||
progs="$progs pfctl"
|
||||
pf_is_avail || {
|
||||
echo pf is not available
|
||||
exitp 6
|
||||
}
|
||||
# no divert sockets in MacOS
|
||||
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
||||
pf_save
|
||||
;;
|
||||
CYGWIN)
|
||||
SKIP_TPWS=1
|
||||
;;
|
||||
@ -919,9 +915,7 @@ pktws_start()
|
||||
}
|
||||
tpws_start()
|
||||
{
|
||||
local uid
|
||||
[ -n "$HAVE_ROOT" ] && uid="--uid $TPWS_UID:$TPWS_GID"
|
||||
"$TPWS" $uid --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
||||
"$TPWS" --uid $TPWS_UID:$TPWS_GID --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
||||
PID=$!
|
||||
# give some time to initialize
|
||||
minsleep
|
||||
@ -1010,17 +1004,17 @@ tpws_curl_test()
|
||||
# $1 - test function
|
||||
# $2 - domain
|
||||
# $3,$4,$5, ... - tpws params
|
||||
echo - checking tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
||||
echo - checking tpws $3 $4 $5 $6 $7 $8 $9 $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||
local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT"
|
||||
ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
||||
ws_curl_test tpws_start "$@" $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||
}
|
||||
pktws_curl_test()
|
||||
{
|
||||
# $1 - test function
|
||||
# $2 - domain
|
||||
# $3,$4,$5, ... - nfqws/dvtws params
|
||||
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
||||
ws_curl_test pktws_start "$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
||||
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9 $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||
ws_curl_test pktws_start "$@" $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||
}
|
||||
xxxws_curl_test_update()
|
||||
{
|
||||
@ -1278,7 +1272,7 @@ pktws_check_domain_http_bypass()
|
||||
|
||||
local strategy
|
||||
pktws_check_domain_http_bypass_ "$@"
|
||||
strategy="${strategy:+$strategy${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}}"
|
||||
strategy="${strategy:+$strategy $PKTWS_EXTRA $PKTWS_EXTRA_1 $PKTWS_EXTRA_2 $PKTWS_EXTRA_3 $PKTWS_EXTRA_4 $PKTWS_EXTRA_5 $PKTWS_EXTRA_6 $PKTWS_EXTRA_7 $PKTWS_EXTRA_8 $PKTWS_EXTRA_9}"
|
||||
report_strategy $1 $3 $PKTWSD
|
||||
}
|
||||
|
||||
@ -1393,7 +1387,7 @@ tpws_check_domain_http_bypass()
|
||||
|
||||
local strategy
|
||||
tpws_check_domain_http_bypass_ "$@"
|
||||
strategy="${strategy:+$strategy${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}}"
|
||||
strategy="${strategy:+$strategy $TPWS_EXTRA $TPWS_EXTRA_1 $TPWS_EXTRA_2 $TPWS_EXTRA_3 $TPWS_EXTRA_4 $TPWS_EXTRA_5 $TPWS_EXTRA_6 $TPWS_EXTRA_7 $TPWS_EXTRA_8 $TPWS_EXTRA_9}"
|
||||
report_strategy $1 $3 tpws
|
||||
}
|
||||
|
||||
@ -1710,7 +1704,7 @@ ask_params()
|
||||
SCANLEVEL=${SCANLEVEL:-standard}
|
||||
ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
|
||||
# disable tpws checks by default in quick mode
|
||||
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1
|
||||
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" ] && SKIP_TPWS=1
|
||||
|
||||
echo
|
||||
|
||||
@ -1948,9 +1942,7 @@ fsleep_setup
|
||||
fix_sbin_path
|
||||
check_system
|
||||
check_already
|
||||
# no divert sockets in MacOS
|
||||
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
||||
[ "$UNAME" != CYGWIN -a "$SKIP_PKTWS" != 1 ] && require_root
|
||||
[ "$UNAME" = CYGWIN ] || require_root
|
||||
check_prerequisites
|
||||
trap sigint_cleanup INT
|
||||
check_dns
|
||||
|
@ -1,28 +1,13 @@
|
||||
require_root()
|
||||
{
|
||||
local exe preserve_env
|
||||
local exe
|
||||
echo \* checking privileges
|
||||
[ $(id -u) -ne "0" ] && {
|
||||
echo root is required
|
||||
exe="$EXEDIR/$(basename "$0")"
|
||||
exists sudo && {
|
||||
echo elevating with sudo
|
||||
exec sudo -E sh "$exe"
|
||||
}
|
||||
exists su && {
|
||||
echo elevating with su
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
preserve_env="--preserve-environment"
|
||||
;;
|
||||
FreeBSD|OpenBSD|Darwin)
|
||||
preserve_env="-m"
|
||||
;;
|
||||
esac
|
||||
exec su $preserve_env root -c "sh \"$exe\""
|
||||
}
|
||||
exists sudo && exec sudo sh "$exe"
|
||||
exists su && exec su root -c "sh \"$exe\""
|
||||
echo su or sudo not found
|
||||
exitp 2
|
||||
}
|
||||
HAVE_ROOT=1
|
||||
}
|
||||
|
@ -352,5 +352,3 @@ nfqws,tpws: hostlist/ipset auto reload on file change. no more HUP.
|
||||
nfqws,tpws: --filter-tcp, --filter-udp take comma separated port range list
|
||||
config: <HOSTLIST_NOAUTO> marker
|
||||
binaries: remove zapret-winws. add win32.
|
||||
blockcheck, install_easy.sh: preserve user environment variables during elevation
|
||||
blockcheck: do not require root if SKIP_PKTWS=1
|
||||
|
@ -1282,7 +1282,7 @@ standard дает возможность провести исследовани
|
||||
force дает максимум проверок даже в случаях, когда ресурс работает без обхода или с более простыми стратегиями.
|
||||
|
||||
Есть ряд других параметров, которые не будут спрашиваться в диалоге, но которые можно переопределить через
|
||||
переменные.
|
||||
переменные. Переопределение работает только из рутового шелла. При повышении привилегий через su/sudo переменные теряются.
|
||||
|
||||
DOMAINS - список тестируемых доменов через пробел
|
||||
CURL_MAX_TIME - время таймаута curl в секундах
|
||||
|
@ -128,7 +128,7 @@ standard_mode_daemons()
|
||||
run_tpws_socks 2 "$opt"
|
||||
}
|
||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options 1 "$NFQWS_OPT" && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 3 "$NFQWS" "$opt"
|
||||
}
|
||||
|
@ -296,7 +296,7 @@ standard_mode_daemons()
|
||||
do_tpws_socks $1 2 "$opt"
|
||||
}
|
||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options $1 "$NFQWS_OPT" && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 3 "$opt"
|
||||
}
|
||||
|
@ -849,7 +849,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
||||
size_t fake_size;
|
||||
char host[256];
|
||||
bool bHaveHost=false;
|
||||
uint8_t *p, *phost=NULL;
|
||||
uint8_t *p, *phost;
|
||||
const uint8_t *rdata_payload = data_payload;
|
||||
size_t rlen_payload = len_payload;
|
||||
size_t split_pos;
|
||||
@ -1097,6 +1097,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
||||
}
|
||||
|
||||
ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
|
||||
|
||||
if ((l7proto == HTTP) && (dp->hostcase || dp->hostnospace || dp->domcase) && HttpFindHost(&phost,data_payload,len_payload))
|
||||
{
|
||||
if (dp->hostcase)
|
||||
|
Loading…
Reference in New Issue
Block a user