mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-29 21:40:52 +03:00
Compare commits
5 Commits
f22dcb2487
...
c964677913
Author | SHA1 | Date | |
---|---|---|---|
|
c964677913 | ||
|
e0f8ff06b9 | ||
|
34e632a1f8 | ||
|
4adeb9499b | ||
|
149a7ed927 |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
126
blockcheck.sh
126
blockcheck.sh
@ -441,58 +441,62 @@ check_prerequisites()
|
||||
}
|
||||
|
||||
local prog progs='curl'
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
case "$FWTYPE" in
|
||||
iptables)
|
||||
progs="$progs iptables ip6tables"
|
||||
ipt_has_nfq || {
|
||||
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
||||
[ "$SKIP_PKTWS" = 1 ] || {
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
case "$FWTYPE" in
|
||||
iptables)
|
||||
ipt_has_nfq || {
|
||||
echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
progs="$progs iptables ip6tables"
|
||||
;;
|
||||
nftables)
|
||||
nft_has_nfq || {
|
||||
echo nftables queue support is not available. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
progs="$progs nft"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
FreeBSD)
|
||||
freebsd_modules_loaded ipfw ipdivert || {
|
||||
echo ipfw or ipdivert kernel module not loaded
|
||||
exitp 6
|
||||
}
|
||||
;;
|
||||
nftables)
|
||||
nft_has_nfq || {
|
||||
echo nftables queue support is not available. pls install modules.
|
||||
exitp 6
|
||||
}
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
FreeBSD)
|
||||
progs="$progs ipfw"
|
||||
freebsd_modules_loaded ipfw ipdivert || {
|
||||
echo ipfw or ipdivert kernel module not loaded
|
||||
exitp 6
|
||||
}
|
||||
[ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && {
|
||||
echo ipfw is disabled. use : ipfw enable firewall
|
||||
exitp 6
|
||||
}
|
||||
pf_is_avail && {
|
||||
pf_save
|
||||
[ "$SUBSYS" = "pfSense" ] && {
|
||||
# pfsense's ipfw may not work without these workarounds
|
||||
sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
pfctl -qd
|
||||
pfctl -qe
|
||||
pf_restore
|
||||
}
|
||||
}
|
||||
;;
|
||||
OpenBSD|Darwin)
|
||||
progs="$progs pfctl"
|
||||
pf_is_avail || {
|
||||
echo pf is not available
|
||||
exitp 6
|
||||
}
|
||||
# no divert sockets in MacOS
|
||||
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
||||
pf_save
|
||||
;;
|
||||
[ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && {
|
||||
echo ipfw is disabled. use : ipfw enable firewall
|
||||
exitp 6
|
||||
}
|
||||
pf_is_avail && {
|
||||
pf_save
|
||||
[ "$SUBSYS" = "pfSense" ] && {
|
||||
# pfsense's ipfw may not work without these workarounds
|
||||
sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null
|
||||
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null
|
||||
pfctl -qd
|
||||
pfctl -qe
|
||||
pf_restore
|
||||
}
|
||||
}
|
||||
progs="$progs ipfw"
|
||||
;;
|
||||
OpenBSD|Darwin)
|
||||
pf_is_avail || {
|
||||
echo pf is not available
|
||||
exitp 6
|
||||
}
|
||||
pf_save
|
||||
progs="$progs pfctl"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
case "$UNAME" in
|
||||
CYGWIN)
|
||||
SKIP_TPWS=1
|
||||
;;
|
||||
@ -915,7 +919,9 @@ pktws_start()
|
||||
}
|
||||
tpws_start()
|
||||
{
|
||||
"$TPWS" --uid $TPWS_UID:$TPWS_GID --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
||||
local uid
|
||||
[ -n "$HAVE_ROOT" ] && uid="--uid $TPWS_UID:$TPWS_GID"
|
||||
"$TPWS" $uid --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null &
|
||||
PID=$!
|
||||
# give some time to initialize
|
||||
minsleep
|
||||
@ -1004,17 +1010,17 @@ tpws_curl_test()
|
||||
# $1 - test function
|
||||
# $2 - domain
|
||||
# $3,$4,$5, ... - tpws params
|
||||
echo - checking tpws $3 $4 $5 $6 $7 $8 $9 $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||
echo - checking tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
||||
local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT"
|
||||
ws_curl_test tpws_start "$@" $TPWS_EXTRA "$TPWS_EXTRA_1" "$TPWS_EXTRA_2" "$TPWS_EXTRA_3" "$TPWS_EXTRA_4" "$TPWS_EXTRA_5" "$TPWS_EXTRA_6" "$TPWS_EXTRA_7" "$TPWS_EXTRA_8" "$TPWS_EXTRA_9"
|
||||
ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}
|
||||
}
|
||||
pktws_curl_test()
|
||||
{
|
||||
# $1 - test function
|
||||
# $2 - domain
|
||||
# $3,$4,$5, ... - nfqws/dvtws params
|
||||
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9 $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||
ws_curl_test pktws_start "$@" $PKTWS_EXTRA "$PKTWS_EXTRA_1" "$PKTWS_EXTRA_2" "$PKTWS_EXTRA_3" "$PKTWS_EXTRA_4" "$PKTWS_EXTRA_5" "$PKTWS_EXTRA_6" "$PKTWS_EXTRA_7" "$PKTWS_EXTRA_8" "$PKTWS_EXTRA_9"
|
||||
echo - checking $PKTWSD ${WF:+$WF }$3 $4 $5 $6 $7 $8 $9${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
||||
ws_curl_test pktws_start "$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}
|
||||
}
|
||||
xxxws_curl_test_update()
|
||||
{
|
||||
@ -1272,7 +1278,7 @@ pktws_check_domain_http_bypass()
|
||||
|
||||
local strategy
|
||||
pktws_check_domain_http_bypass_ "$@"
|
||||
strategy="${strategy:+$strategy $PKTWS_EXTRA $PKTWS_EXTRA_1 $PKTWS_EXTRA_2 $PKTWS_EXTRA_3 $PKTWS_EXTRA_4 $PKTWS_EXTRA_5 $PKTWS_EXTRA_6 $PKTWS_EXTRA_7 $PKTWS_EXTRA_8 $PKTWS_EXTRA_9}"
|
||||
strategy="${strategy:+$strategy${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}}"
|
||||
report_strategy $1 $3 $PKTWSD
|
||||
}
|
||||
|
||||
@ -1387,7 +1393,7 @@ tpws_check_domain_http_bypass()
|
||||
|
||||
local strategy
|
||||
tpws_check_domain_http_bypass_ "$@"
|
||||
strategy="${strategy:+$strategy $TPWS_EXTRA $TPWS_EXTRA_1 $TPWS_EXTRA_2 $TPWS_EXTRA_3 $TPWS_EXTRA_4 $TPWS_EXTRA_5 $TPWS_EXTRA_6 $TPWS_EXTRA_7 $TPWS_EXTRA_8 $TPWS_EXTRA_9}"
|
||||
strategy="${strategy:+$strategy${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}}"
|
||||
report_strategy $1 $3 tpws
|
||||
}
|
||||
|
||||
@ -1704,7 +1710,7 @@ ask_params()
|
||||
SCANLEVEL=${SCANLEVEL:-standard}
|
||||
ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
|
||||
# disable tpws checks by default in quick mode
|
||||
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" ] && SKIP_TPWS=1
|
||||
[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1
|
||||
|
||||
echo
|
||||
|
||||
@ -1942,7 +1948,9 @@ fsleep_setup
|
||||
fix_sbin_path
|
||||
check_system
|
||||
check_already
|
||||
[ "$UNAME" = CYGWIN ] || require_root
|
||||
# no divert sockets in MacOS
|
||||
[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1
|
||||
[ "$UNAME" != CYGWIN -a "$SKIP_PKTWS" != 1 ] && require_root
|
||||
check_prerequisites
|
||||
trap sigint_cleanup INT
|
||||
check_dns
|
||||
|
@ -1,13 +1,28 @@
|
||||
require_root()
|
||||
{
|
||||
local exe
|
||||
local exe preserve_env
|
||||
echo \* checking privileges
|
||||
[ $(id -u) -ne "0" ] && {
|
||||
echo root is required
|
||||
exe="$EXEDIR/$(basename "$0")"
|
||||
exists sudo && exec sudo sh "$exe"
|
||||
exists su && exec su root -c "sh \"$exe\""
|
||||
exists sudo && {
|
||||
echo elevating with sudo
|
||||
exec sudo -E sh "$exe"
|
||||
}
|
||||
exists su && {
|
||||
echo elevating with su
|
||||
case "$UNAME" in
|
||||
Linux)
|
||||
preserve_env="--preserve-environment"
|
||||
;;
|
||||
FreeBSD|OpenBSD|Darwin)
|
||||
preserve_env="-m"
|
||||
;;
|
||||
esac
|
||||
exec su $preserve_env root -c "sh \"$exe\""
|
||||
}
|
||||
echo su or sudo not found
|
||||
exitp 2
|
||||
}
|
||||
HAVE_ROOT=1
|
||||
}
|
||||
|
@ -352,3 +352,5 @@ nfqws,tpws: hostlist/ipset auto reload on file change. no more HUP.
|
||||
nfqws,tpws: --filter-tcp, --filter-udp take comma separated port range list
|
||||
config: <HOSTLIST_NOAUTO> marker
|
||||
binaries: remove zapret-winws. add win32.
|
||||
blockcheck, install_easy.sh: preserve user environment variables during elevation
|
||||
blockcheck: do not require root if SKIP_PKTWS=1
|
||||
|
@ -1282,7 +1282,7 @@ standard дает возможность провести исследовани
|
||||
force дает максимум проверок даже в случаях, когда ресурс работает без обхода или с более простыми стратегиями.
|
||||
|
||||
Есть ряд других параметров, которые не будут спрашиваться в диалоге, но которые можно переопределить через
|
||||
переменные. Переопределение работает только из рутового шелла. При повышении привилегий через su/sudo переменные теряются.
|
||||
переменные.
|
||||
|
||||
DOMAINS - список тестируемых доменов через пробел
|
||||
CURL_MAX_TIME - время таймаута curl в секундах
|
||||
|
@ -128,7 +128,7 @@ standard_mode_daemons()
|
||||
run_tpws_socks 2 "$opt"
|
||||
}
|
||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options 1 "$NFQWS_OPT" && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 3 "$NFQWS" "$opt"
|
||||
}
|
||||
|
@ -296,7 +296,7 @@ standard_mode_daemons()
|
||||
do_tpws_socks $1 2 "$opt"
|
||||
}
|
||||
[ "$NFQWS_ENABLE" = 1 ] && check_bad_ws_options $1 "$NFQWS_OPT" && {
|
||||
opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT"
|
||||
opt="--qnum=$QNUM $NFQWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 3 "$opt"
|
||||
}
|
||||
|
@ -849,7 +849,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
||||
size_t fake_size;
|
||||
char host[256];
|
||||
bool bHaveHost=false;
|
||||
uint8_t *p, *phost;
|
||||
uint8_t *p, *phost=NULL;
|
||||
const uint8_t *rdata_payload = data_payload;
|
||||
size_t rlen_payload = len_payload;
|
||||
size_t split_pos;
|
||||
@ -1097,7 +1097,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
|
||||
}
|
||||
|
||||
ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
|
||||
|
||||
if ((l7proto == HTTP) && (dp->hostcase || dp->hostnospace || dp->domcase) && HttpFindHost(&phost,data_payload,len_payload))
|
||||
{
|
||||
if (dp->hostcase)
|
||||
|
Loading…
Reference in New Issue
Block a user