nfqws: --ip-id (643c254f) · Commits · git-mirror / Zapret

docs/changes.txt

+4 −0

Original line number	Diff line number	Diff line
		@@ -555,3 +555,7 @@ nfqws: optimize ipv4 ip_id. apply ip_id on all OS the same way.
		blockcheck: print PRETTY_NAME and some OPENWRT_xxx from /etc/os-release
		blockcheck: new strategies
		blockcheck: curl test simulation : SIMULATE=1

		v72.1

		nfqws: --ip-id=seq\|seqgroup\|rnd\|zero

nfq/desync.c

+93 −41

File changed.

Preview size limit exceeded, changes collapsed.

nfq/nfqws.c

+20 −2

Original line number	Diff line number	Diff line
		@@ -1792,6 +1792,7 @@ static void exithelp(void)
		" --hostnospace\t\t\t\t\t\t; remove space after Host: and add it to User-Agent: to preserve packet size\n"
		" --domcase\t\t\t\t\t\t; mix domain case : Host: TeSt.cOm\n"
		" --methodeol\t\t\t\t\t\t; add '\\n' before method and remove space from Host:\n"
		" --ip-id=zero\|seq\|seqgroup\|rnd\t\t\t\t; ipv4 ip_id assignment scheme\n"
		" --dpi-desync=[<mode0>,]<mode>[,<mode2>]\t\t; try to desync dpi state. modes :\n"
		"\t\t\t\t\t\t\t; synack syndata fake fakeknown rst rstack hopbyhop destopt ipfrag1\n"
		"\t\t\t\t\t\t\t; multisplit multidisorder fakedsplit fakeddisorder hostfakesplit ipfrag2 udplen tamper\n"
		@@ -1959,6 +1960,7 @@ enum opt_indices {
		IDX_HOSTNOSPACE,
		IDX_DOMCASE,
		IDX_METHODEOL,
		IDX_IP_ID,
		IDX_DPI_DESYNC,
		#ifdef __linux__
		IDX_DPI_DESYNC_FWMARK,
		@@ -2091,6 +2093,7 @@ static const struct option long_options[] = {
		[IDX_HOSTNOSPACE] = {"hostnospace", no_argument, 0, 0},
		[IDX_DOMCASE] = {"domcase", no_argument, 0, 0},
		[IDX_METHODEOL] = {"methodeol", no_argument, 0, 0},
		[IDX_IP_ID] = {"ip-id", required_argument, 0, 0},
		[IDX_DPI_DESYNC] = {"dpi-desync", required_argument, 0, 0},
		#ifdef __linux__
		[IDX_DPI_DESYNC_FWMARK] = {"dpi-desync-fwmark", required_argument, 0, 0},
		@@ -2486,6 +2489,21 @@ int main(int argc, char **argv)
		}
		dp->methodeol = true;
		break;
		case IDX_IP_ID:
		if (!strcmp(optarg,"zero"))
		dp->ip_id_mode = IPID_ZERO;
		else if (!strcmp(optarg,"seq"))
		dp->ip_id_mode = IPID_SEQ;
		else if (!strcmp(optarg,"seqgroup"))
		dp->ip_id_mode = IPID_SEQ_GROUP;
		else if (!strcmp(optarg,"rnd"))
		dp->ip_id_mode = IPID_RND;
		else
		{
		DLOG_ERR("invalid ip_id mode : %s\n",optarg);
		exit_clean(1);
		}
		break;
		case IDX_DPI_DESYNC:
		{
		char mode = optarg, mode2, *mode3;
		@@ -2707,8 +2725,8 @@ int main(int argc, char **argv)
		exit_clean(1);
		}
		dp->split_count += ct;
		}
		break;
		}
		case IDX_DPI_DESYNC_SPLIT_HTTP_REQ:
		// obsolete arg
		DLOG_CONDUP("WARNING ! --dpi-desync-split-http-req is deprecated. use --dpi-desync-split-pos with markers.\n", MAX_SPLITS);
		@@ -3323,7 +3341,7 @@ int main(int argc, char **argv)
		if (dp->orig_mod_ttl6 == 0xFF) dp->orig_mod_ttl6 = dp->orig_mod_ttl;
		if (!dp->fsplit_pattern)
		{
		if (dp->fsplit_pattern=calloc(64,1))
		if ((dp->fsplit_pattern=calloc(64,1)))
		dp->fsplit_pattern_size=64;
		else
		{

nfq/params.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -97,6 +97,7 @@ struct tcp_mod
		};

		typedef enum {SS_NONE=0,SS_SYN,SS_SYNACK,SS_ACKSYN} t_synack_split;
		typedef enum {IPID_SEQ=0,IPID_SEQ_GROUP,IPID_RND,IPID_ZERO} t_ip_id_mode;

		struct desync_profile
		{
		@@ -109,6 +110,8 @@ struct desync_profile

		t_synack_split synack_split;

		t_ip_id_mode ip_id_mode;

		bool hostcase, hostnospace, domcase, methodeol;
		char hostspell[4];
		enum dpi_desync_mode desync_mode0,desync_mode,desync_mode2;