Commit 8026d11f authored by bol-van's avatar bol-van
Browse files

blockcheck: test ts fooling, silently enable timestamps in windows

parent 2f77cec8

blockcheck.sh

+4 −1
Original line number Diff line number Diff line
@@ -396,6 +396,8 @@ check_system() 
			PKTWS="$WINWS"

			PKTWSD=winws

			FWTYPE=windivert

			# ts fooling requires timestamps. they are disabled by default in windows.

			netsh interface tcp set global timestamps=enabled >/dev/null

			;;

		*)

			echo $UNAME not supported
@@ -1195,6 +1197,7 @@ warn_fool() 
				echo "WARNING ! fakedsplit/fakeddisorder with md5sig fooling and low split position causes MTU overflow with multi-segment TLS (kyber)"

			;;

		datanoack) echo 'WARNING ! although datanoack fooling worked it may break NAT and may only work with external IP. Additionally it may require nftables to work correctly.' ;;

		ts) echo 'WARNING ! although ts fooling worked it will not work without timestamps being enabled in the client OS. In windows timestamps are DISABLED by default.'

	esac

}

pktws_curl_test_update_vary()
@@ -1321,7 +1324,7 @@ pktws_check_domain_http_bypass_() 
			}

			f=

			[ "$UNAME" = "OpenBSD" ] || f="badsum"

			f="$f badseq datanoack md5sig"

			f="$f badseq datanoack ts md5sig"

			[ "$IPV" = 6 ] && f="$f hopbyhop hopbyhop2"

			for fooling in $f; do

				ok=0

docs/changes.txt

+3 −0
Original line number Diff line number Diff line
@@ -531,3 +531,6 @@ v71.3 


init.d: FILTER_MARK

nfqws: ts fooling

blockcheck: test ts fooling

blockcheck: silently enable tcp timestamps in windows