drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-30 19:02:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
zapret/docs/changes.md
conc3rned b15ca040df .txt -> .md, existing Markdown fixes
2024-09-17 17:12:49 +03:00

316 lines
7.3 KiB
Markdown
Raw Blame History

# v1
Initial release
# v2
* `nfqws`: command line options change. now using standard getopt.
* `nfqws`: added options for window size changing and `Host:` case change
* ISP support: tested on mns.ru and beeline (corbina)
* init scripts: rewritten init scripts for simple choice of ISP
* create_ipset: now using `ipset restore`, it works much faster
* `readme`: updated. now using UTF-8 charset.
# v3
* ``tpws``:
* added transparent proxy (supports TPROXY and DNAT).
* can help when ISP tracks whole HTTP session, not only the beginning
* ipset:
* added `zapret-hosts-user.txt` which contain user defined host names to be resolved
* and added to zapret ip list
* ISP support: dom.ru support via TPROXY/DNAT
* ISP support:
* successfully tested sknt.ru on 'domru' configuration
* other configs will probably also work, but cannot test
* compile: OpenWrt compile how-to
# v4
* `tpws`: added ability to insert extra space after HTTP method: `GET /` => `GET /`
* ISP support: TKT support
# v5
* `nfqws`: IPv6 support in `nfqws`
# v6
* `ipset`: added `get_antizapret.sh`
# v7
* `tpws`: added ability to insert "." after `Host: name`
# v8
* OpenWrt init: removed `hotplug.d/firewall` because of race conditions. now only use `/etc/firewall.user`
# v9
* `ipban`:
* added ipban ipset. place domains banned by ip to `zapret-hosts-user-ipban.txt`
* these IPs must be soxified for both HTTP and HTTPS
* ISP support: tiera support
* ISP support: added DNS filtering to Ubuntu and Debian scripts
# v10
* `tpws`: added `split-pos` option. split every message at specified position
# v11
* `ipset`: scripts optimizations
# v12
* `nfqws`: fix wrong TCP checksum calculation if packet length is odd and platform is big-endian
# v13
* added binaries
# v14
* change `get_antizapret` script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv
* filter out 192.168.*, 127.*, 10.* from blocked ips
# v15
* added `--hostspell` option to `nfqws` and `tpws`
* ISP support: beeline now catches "host" but other spellings still work
* OpenWrt/LEDE: changed init script to work with procd
* `tpws`, `nfqws`: minor cosmetic fixes
# v16
* `tpws`: `split-http-req=method`: split inside method name, not after
* ISP support: mns.ru changed split pos to 3 (got redirect page with HEAD req: `curl -I ej.ru`)
# v17
* ISP support: athome moved from `nfqws` to `tpws` because of instability and HTTP request hangs
* `tpws`: added options `unixeol`,`methodeol`,`hosttab`
# v18
* `tpws`,`nfqws`: added `hostnospace` option
# v19
* `tpws`: added `hostlist` option
# v20
* added `ip2net`. `ip2net` groups ips from iplist into subnets and reduces ipset size twice
# v21
* added `mdig`. `get_reestr.sh` is *real* again
# v22
* total review of init script logic
* dropped support of older Debian 7 and Ubuntu 12/14 systems
* `install_bin.sh`: auto binaries preparation
* `docs`: `readme` review. some new topics added, others deleted
* `docs`: VPN setup with policy based routing using WireGuard
* `docs`: WireGuard modding guide
# v23
* major init system rewrite
* OpenWrt: separate firewall include `/etc/firewall.zapret`
* `install_easy.sh`: easy setup on OpenWrt, Debian, Ubuntu, CentOS, Fedora, openSUSE
# v24
* separate config from init scripts
* gzip support in `ipset/*.sh` and `tpws`
# v25
* init: move to native systemd units
* use links to units, init scripts and firewall includes, no more copying
# v26
* IPv6 support
* `tpws`: advanced bind options
# v27
* `tpws`: major connection code rewrite. originally it was derived from not top quality example, with many bugs and potential problems.
* next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state.
# v28
* `tpws`: added socks5 support
* `ipset`: major RKN getlist rewrite. added https://antifilter.network support
# v29
* `nfqws`: DPI desync attack
* ip exclude system
# v30
* `nfqws`: DPI desync attack modes: `fake`, `rst`
# v31
* `nfqws`: DPI desync attack modes: `disorder`, `disorder2`, `split`, `split2`.
* `nfqws`: DPI desync fooling mode: `badseq`. multiple modes supported
# v32
* `tpws`: multiple binds
* init scripts: run only one instance of `tpws` in any case
# v33
* OpenWrt: flow offloading support
* `config`: `MODE` refactoring
# v34
* `nfqws`: `dpi-desync` 2 mode combos
* `nfqws`: `dpi-desync` without parameter no more supported. previously it meant `fake`
* `nfqws`: custom fake HTTP request and TLS ClientHello
# v35
* limited FreeBSD and OpenBSD support
# v36
* full FreeBSD and OpenBSD support
# v37
* limited macOS support
# v38
* macOS easy install
# v39
* `nfqws`: `conntrack`, `wssize`
# v40
* init scripts: `IFACE_LAN`, `IFACE_WAN` now accept multiple interfaces
* init scripts: OpenWrt uses now `OPENWRT_LAN` parameter to override incoming interfaces for `tpws`
# v41
* `install_easy`: openrc support
# v42
* `blockcheck.sh`
# v43
* `nfqws`: UDP desync with conntrack support (any-protocol only for now)
# v44
* `nfqws`: `ipfrag`
# v45
* `nfqws`: `hop-by-hop` - IPv6 desync and fooling
# v46
* big startup script refactoring to support `nftables` and new OpenWrt snapshot builds with `firewall4`
# v47
* `nfqws`: QUIC initial decryption
* `nfqws`: `udplen`, `fakeknown` dpi desync modes
# v48
* `nfqws`, `tpws`: multiple `--hostlist` and `--hostlist-exclude` support
* launch system, `ipset`: no more list merging. all lists are passed separately to `nfqws` and `tpws`
* `nfqws`: `udplen` fooling supports packet shrinking (negative increment value)
# v49
* QUIC support integrated to the main system and setup
# v50
* DHT protocol support.
* DPI desync mode `tamper` for DHT.
* HEX string support in addition to binary files.
# v51
* `tpws`: `--tlsrec` attack.
# v52
* `autohostlist` mode
# v53
* `nfqws`: TCP session reassemble for TLS ClientHello
# v54
* `tpws`: out of band send when splitting (`--oob`)
* `nfqws`: `autottl`
* `nfqws`: `datanoack` fooling
* nftables: use POSTNAT path for TCP redirections to allow NAT-breaking strategies. use additional mark bit DESYNC_MARK_POSTNAT.
# v55
* `tpws`:
* incompatible `oob` parameter change. it doesn't take oob byte anymore. instead it takes optional protocol filter - HTTP or TLS.
* the same is done with `disorder`. oob byte can be specified in parameter `--oob-data`.
* `blockcheck`: quick mode, strategy order optimizations, QUIC protocol support
* `nfqws`: `syndata` desync mode
# v56
* `tpws`: `mss` fooling
* `tpws`: multi thread resolver. eliminates blocks related to hostname resolve.
# v57
* `tpws`: `--nosplice` option
* `nfqws`: postnat fixes
* `nfqws`: `--dpi-desync-start` option
* `nfqws`: packet delay for kyber TLS and QUIC
* `nfqws`: `--dpi-desync-retrans` obsolete
* `nfqws`: `--qnum` is mandatory, no more default queue 0
# v58
* `winws`
# v59
* `tpws`: `--split-tls`
* `tpws`: `--tlsrec=sniext`
* `nfqws`: `--dpi-desync-split-http-req`, `--dpi-desync-split-tls`. multi segment TLS support for split.
* `blockcheck`: `mdig` DNS cache
# v60
* `blockcheck`: port block test, partial ip block test
* `nfqws`: `seqovl` `split`/`disorder` modes
# v61
* C code cleanups
* `dvtws`: do not use raw sockets. use divert.
* `nfqws`,`tpws`: detect TLS 1.2 ClientHello from very old libraries with SSL 3.0 version in record layer
* `nfqws`,``tpws``: debug log to file and syslog
* ``tpws``: `--connect-bind-addr` option
* ``tpws``: log local endpoint (including source port number) for remote leg
Reference in New Issue View Git Blame Copy Permalink