mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 20:20:53 +03:00
Compare commits
No commits in common. "c964677913eaffc125c8779d885129fd446b9ff3" and "f22dcb24877ec9fe6be63ce3cf64d5433a3061b3" have entirely different histories.
c964677913
...
f22dcb2487
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -441,27 +441,26 @@ check_prerequisites()
|
|||||||
}
|
}
|
||||||
|
|
||||||
local prog progs='curl'
|
local prog progs='curl'
|
||||||
[ "$SKIP_PKTWS" = 1 ] || {
|
|
||||||
case "$UNAME" in
|
case "$UNAME" in
|
||||||
Linux)
|
Linux)
|
||||||
case "$FWTYPE" in
|
case "$FWTYPE" in
|
||||||
iptables)
|
iptables)
|
||||||
|
progs="$progs iptables ip6tables"
|
||||||
ipt_has_nfq || {
|
ipt_has_nfq || {
|
||||||
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
||||||
exitp 6
|
exitp 6
|
||||||
}
|
}
|
||||||
progs="$progs iptables ip6tables"
|
|
||||||
;;
|
;;
|
||||||
nftables)
|
nftables)
|
||||||
nft_has_nfq || {
|
nft_has_nfq || {
|
||||||
echo nftables queue support is not available. pls install modules.
|
echo nftables queue support is not available. pls install modules.
|
||||||
exitp 6
|
exitp 6
|
||||||
}
|
}
|
||||||
progs="$progs nft"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
FreeBSD)
|
FreeBSD)
|
||||||
|
progs="$progs ipfw"
|
||||||
freebsd_modules_loaded ipfw ipdivert || {
|
freebsd_modules_loaded ipfw ipdivert || {
|
||||||
echo ipfw or ipdivert kernel module not loaded
|
echo ipfw or ipdivert kernel module not loaded
|
||||||
exitp 6
|
exitp 6
|
||||||
@ -483,20 +482,17 @@ check_prerequisites()
|
|||||||
pf_restore
|
pf_restore
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
progs="$progs ipfw"
|
|
||||||
;;
|
;;
|
||||||
OpenBSD|Darwin)
|
OpenBSD|Darwin)
|
||||||
|
progs="$progs pfctl"
|
||||||
pf_is_avail || {
|
pf_is_avail || {
|
||||||
echo pf is not available
|
echo pf is not available
|
||||||
exitp 6
|
exitp 6
|
||||||
}
|
}
|
||||||
|
# no divert sockets in MacOS
|
||||||
|
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
||||||
pf_save
|
pf_save
|
||||||
progs="$progs pfctl"
|
|
||||||
;;
|
;;
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
case "$UNAME" in
|
|
||||||
CYGWIN)
|
CYGWIN)
|
||||||
SKIP_TPWS=1
|
SKIP_TPWS=1
|
||||||
;;
|
;;
|
||||||
@ -919,9 +915,7 @@ pktws_start()
|
|||||||
}
|
}
|
||||||
tpws_start()
|
tpws_start()
|
||||||
{
|
{
|
||||||
local uid
|
"$TPWS" --uid $TPWS_UID:$TPWS_GID --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
||||||
[ -n "$HAVE_ROOT" ] && uid="--uid $TPWS_UID:$TPWS_GID"
|
|
||||||
"$TPWS" $uid --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
|
||||||
PID=$!
|
PID=$!
|
||||||
# give some time to initialize
|
# give some time to initialize
|
||||||
minsleep
|
minsleep
|
||||||
@ -1010,17 +1004,17 @@ tpws_curl_test()
|
|||||||
# $1 - test function
|
# $1 - test function
|
||||||
# $2 - domain
|
# $2 - domain
|
||||||
# $3,$4,$5, ... - tpws params
|
# $3,$4,$5, ... - tpws params
|
||||||
echo - checking tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
echo - checking tpws $3 $4 $5 $6 $7 $8 $9 $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||||
local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT"
|
local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT"
|
||||||
ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
ws_curl_test tpws_start "$@" $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||||
}
|
}
|
||||||
pktws_curl_test()
|
pktws_curl_test()
|
||||||
{
|
{
|
||||||
# $1 - test function
|
# $1 - test function
|
||||||
# $2 - domain
|
# $2 - domain
|
||||||
# $3,$4,$5, ... - nfqws/dvtws params
|
# $3,$4,$5, ... - nfqws/dvtws params
|
||||||
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9 $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||||
ws_curl_test pktws_start "$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
ws_curl_test pktws_start "$@" $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||||
}
|
}
|
||||||
xxxws_curl_test_update()
|
xxxws_curl_test_update()
|
||||||
{
|
{
|
||||||
@ -1278,7 +1272,7 @@ pktws_check_domain_http_bypass()
|
|||||||
|
|
||||||
local strategy
|
local strategy
|
||||||
pktws_check_domain_http_bypass_ "$@"
|
pktws_check_domain_http_bypass_ "$@"
|
||||||
strategy="${strategy:+$strategy${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}}"
|
strategy="${strategy:+$strategy $PKTWS_EXTRA $PKTWS_EXTRA_1 $PKTWS_EXTRA_2 $PKTWS_EXTRA_3 $PKTWS_EXTRA_4 $PKTWS_EXTRA_5 $PKTWS_EXTRA_6 $PKTWS_EXTRA_7 $PKTWS_EXTRA_8 $PKTWS_EXTRA_9}"
|
||||||
report_strategy $1 $3 $PKTWSD
|
report_strategy $1 $3 $PKTWSD
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1393,7 +1387,7 @@ tpws_check_domain_http_bypass()
|
|||||||
|
|
||||||
local strategy
|
local strategy
|
||||||
tpws_check_domain_http_bypass_ "$@"
|
tpws_check_domain_http_bypass_ "$@"
|
||||||
strategy="${strategy:+$strategy${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}}"
|
strategy="${strategy:+$strategy $TPWS_EXTRA $TPWS_EXTRA_1 $TPWS_EXTRA_2 $TPWS_EXTRA_3 $TPWS_EXTRA_4 $TPWS_EXTRA_5 $TPWS_EXTRA_6 $TPWS_EXTRA_7 $TPWS_EXTRA_8 $TPWS_EXTRA_9}"
|
||||||
report_strategy $1 $3 tpws
|
report_strategy $1 $3 tpws
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1710,7 +1704,7 @@ ask_params()
|
|||||||
SCANLEVEL=${SCANLEVEL:-standard}
|
SCANLEVEL=${SCANLEVEL:-standard}
|
||||||
ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
|
ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
|
||||||
# disable tpws checks by default in quick mode
|
# disable tpws checks by default in quick mode
|
||||||
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1
|
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" ] && SKIP_TPWS=1
|
||||||
|
|
||||||
echo
|
echo
|
||||||
|
|
||||||
@ -1948,9 +1942,7 @@ fsleep_setup
|
|||||||
fix_sbin_path
|
fix_sbin_path
|
||||||
check_system
|
check_system
|
||||||
check_already
|
check_already
|
||||||
# no divert sockets in MacOS
|
[ "$UNAME" = CYGWIN ] || require_root
|
||||||
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
|
||||||
[ "$UNAME" != CYGWIN -a "$SKIP_PKTWS" != 1 ] && require_root
|
|
||||||
check_prerequisites
|
check_prerequisites
|
||||||
trap sigint_cleanup INT
|
trap sigint_cleanup INT
|
||||||
check_dns
|
check_dns
|
||||||
|
@ -1,28 +1,13 @@
|
|||||||
require_root()
|
require_root()
|
||||||
{
|
{
|
||||||
local exe preserve_env
|
local exe
|
||||||
echo \* checking privileges
|
echo \* checking privileges
|
||||||
[ $(id -u) -ne "0" ] && {
|
[ $(id -u) -ne "0" ] && {
|
||||||
echo root is required
|
echo root is required
|
||||||
exe="$EXEDIR/$(basename "$0")"
|
exe="$EXEDIR/$(basename "$0")"
|
||||||
exists sudo && {
|
exists sudo && exec sudo sh "$exe"
|
||||||
echo elevating with sudo
|
exists su && exec su root -c "sh \"$exe\""
|
||||||
exec sudo -E sh "$exe"
|
|
||||||
}
|
|
||||||
exists su && {
|
|
||||||
echo elevating with su
|
|
||||||
case "$UNAME" in
|
|
||||||
Linux)
|
|
||||||
preserve_env="--preserve-environment"
|
|
||||||
;;
|
|
||||||
FreeBSD|OpenBSD|Darwin)
|
|
||||||
preserve_env="-m"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exec su $preserve_env root -c "sh \"$exe\""
|
|
||||||
}
|
|
||||||
echo su or sudo not found
|
echo su or sudo not found
|
||||||
exitp 2
|
exitp 2
|
||||||
}
|
}
|
||||||
HAVE_ROOT=1
|
|
||||||
}
|
}
|
||||||
|
@ -352,5 +352,3 @@ nfqws,tpws: hostlist/ipset auto reload on file change. no more HUP.
|
|||||||
nfqws,tpws: --filter-tcp, --filter-udp take comma separated port range list
|
nfqws,tpws: --filter-tcp, --filter-udp take comma separated port range list
|
||||||
config: <HOSTLIST_NOAUTO> marker
|
config: <HOSTLIST_NOAUTO> marker
|
||||||
binaries: remove zapret-winws. add win32.
|
binaries: remove zapret-winws. add win32.
|
||||||
blockcheck, install_easy.sh: preserve user environment variables during elevation
|
|
||||||
blockcheck: do not require root if SKIP_PKTWS=1
|
|
||||||
|
@ -1282,7 +1282,7 @@ standard дает возможность провести исследовани
|
|||||||
force дает максимум проверок даже в случаях, когда ресурс работает без обхода или с более простыми стратегиями.
|
force дает максимум проверок даже в случаях, когда ресурс работает без обхода или с более простыми стратегиями.
|
||||||
|
|
||||||
Есть ряд других параметров, которые не будут спрашиваться в диалоге, но которые можно переопределить через
|
Есть ряд других параметров, которые не будут спрашиваться в диалоге, но которые можно переопределить через
|
||||||
переменные.
|
переменные. Переопределение работает только из рутового шелла. При повышении привилегий через su/sudo переменные теряются.
|
||||||
|
|
||||||
DOMAINS - список тестируемых доменов через пробел
|
DOMAINS - список тестируемых доменов через пробел
|
||||||
CURL_MAX_TIME - время таймаута curl в секундах
|
CURL_MAX_TIME - время таймаута curl в секундах
|
||||||
|
@ -128,7 +128,7 @@ standard_mode_daemons()
|
|||||||
run_tpws_socks 2 "$opt"
|
run_tpws_socks 2 "$opt"
|
||||||
}
|
}
|
||||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options 1 "$NFQWS_OPT" && {
|
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options 1 "$NFQWS_OPT" && {
|
||||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
opt="--qnum=$QNUM $NFQWS_OPT"
|
||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
run_daemon 3 "$NFQWS" "$opt"
|
run_daemon 3 "$NFQWS" "$opt"
|
||||||
}
|
}
|
||||||
|
@ -296,7 +296,7 @@ standard_mode_daemons()
|
|||||||
do_tpws_socks $1 2 "$opt"
|
do_tpws_socks $1 2 "$opt"
|
||||||
}
|
}
|
||||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options $1 "$NFQWS_OPT" && {
|
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options $1 "$NFQWS_OPT" && {
|
||||||
opt="--qnum=$QNUM $NFQWS_OPT"
|
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
do_nfqws $1 3 "$opt"
|
do_nfqws $1 3 "$opt"
|
||||||
}
|
}
|
||||||
|
@ -849,7 +849,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
size_t fake_size;
|
size_t fake_size;
|
||||||
char host[256];
|
char host[256];
|
||||||
bool bHaveHost=false;
|
bool bHaveHost=false;
|
||||||
uint8_t *p, *phost=NULL;
|
uint8_t *p, *phost;
|
||||||
const uint8_t *rdata_payload = data_payload;
|
const uint8_t *rdata_payload = data_payload;
|
||||||
size_t rlen_payload = len_payload;
|
size_t rlen_payload = len_payload;
|
||||||
size_t split_pos;
|
size_t split_pos;
|
||||||
@ -1097,6 +1097,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
|||||||
}
|
}
|
||||||
|
|
||||||
ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
|
ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
|
||||||
|
|
||||||
if ((l7proto == HTTP) && (dp->hostcase || dp->hostnospace || dp->domcase) && HttpFindHost(&phost,data_payload,len_payload))
|
if ((l7proto == HTTP) && (dp->hostcase || dp->hostnospace || dp->domcase) && HttpFindHost(&phost,data_payload,len_payload))
|
||||||
{
|
{
|
||||||
if (dp->hostcase)
|
if (dp->hostcase)
|
||||||
|
Loading…
Reference in New Issue
Block a user