mirror of
https://github.com/bol-van/zapret.git
synced 2025-01-04 07:20:35 +05:00
blockcheck: tpws checks, more nfqws checks
This commit is contained in:
parent
25221177c9
commit
719a5355b8
130
blockcheck.sh
130
blockcheck.sh
@ -5,7 +5,10 @@ EXEDIR="$(cd "$EXEDIR"; pwd)"
|
|||||||
ZAPRET_BASE="$EXEDIR"
|
ZAPRET_BASE="$EXEDIR"
|
||||||
|
|
||||||
[ -n "$QNUM" ] || QNUM=59780
|
[ -n "$QNUM" ] || QNUM=59780
|
||||||
|
[ -n "$TPPORT" ] || TPPORT=993
|
||||||
|
[ -n "$TPWS_UID" ] || TPWS_UID=1
|
||||||
[ -n "$NFQWS" ] || NFQWS="$ZAPRET_BASE/nfq/nfqws"
|
[ -n "$NFQWS" ] || NFQWS="$ZAPRET_BASE/nfq/nfqws"
|
||||||
|
[ -n "$TPWS" ] || TPWS="$ZAPRET_BASE/tpws/tpws"
|
||||||
[ -n "$MDIG" ] || MDIG="$ZAPRET_BASE/mdig/mdig"
|
[ -n "$MDIG" ] || MDIG="$ZAPRET_BASE/mdig/mdig"
|
||||||
[ -n "$DESYNC_MARK" ] || DESYNC_MARK=0x40000000
|
[ -n "$DESYNC_MARK" ] || DESYNC_MARK=0x40000000
|
||||||
DOMAIN=rutracker.org
|
DOMAIN=rutracker.org
|
||||||
@ -115,8 +118,8 @@ check_prerequisites()
|
|||||||
{
|
{
|
||||||
echo \* checking prerequisites
|
echo \* checking prerequisites
|
||||||
|
|
||||||
[ -x "$NFQWS" ] && [ -x "$MDIG" ] || {
|
[ -x "$NFQWS" ] && [ -x "$TPWS" ] && [ -x "$MDIG" ] || {
|
||||||
echo $NFQWS or $MDIG is not available. run $ZAPRET_BASE/install_bin.sh
|
echo $NFQWS or $MDIG or $TPWS is not available. run $ZAPRET_BASE/install_bin.sh
|
||||||
exitp 6
|
exitp 6
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -183,10 +186,24 @@ nfqws_ipt_unprepare()
|
|||||||
# $1 - port
|
# $1 - port
|
||||||
IPT_DEL POSTROUTING -t mangle -p tcp --dport $1 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK -j NFQUEUE --queue-num $QNUM
|
IPT_DEL POSTROUTING -t mangle -p tcp --dport $1 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK -j NFQUEUE --queue-num $QNUM
|
||||||
}
|
}
|
||||||
|
tpws_ipt_prepare()
|
||||||
|
{
|
||||||
|
# $1 - port
|
||||||
|
IPT OUTPUT -t nat -p tcp --dport $1 -m owner ! --uid-owner $TPWS_UID -j DNAT --to $LOCALHOST_IPT:$TPPORT
|
||||||
|
}
|
||||||
|
tpws_ipt_unprepare()
|
||||||
|
{
|
||||||
|
# $1 - port
|
||||||
|
IPT_DEL OUTPUT -t nat -p tcp --dport $1 -m owner ! --uid-owner $TPWS_UID -j DNAT --to $LOCALHOST_IPT:$TPPORT
|
||||||
|
}
|
||||||
nfqws_start()
|
nfqws_start()
|
||||||
{
|
{
|
||||||
"$NFQWS" --dpi-desync-fwmark=$DESYNC_MARK --qnum=$QNUM "$@" >/dev/null &
|
"$NFQWS" --dpi-desync-fwmark=$DESYNC_MARK --qnum=$QNUM "$@" >/dev/null &
|
||||||
}
|
}
|
||||||
|
tpws_start()
|
||||||
|
{
|
||||||
|
"$TPWS" --uid $TPWS_UID:$TPWS_UID --bind-addr=$LOCALHOST --port=$TPPORT "$@" >/dev/null &
|
||||||
|
}
|
||||||
|
|
||||||
curl_test()
|
curl_test()
|
||||||
{
|
{
|
||||||
@ -204,32 +221,51 @@ curl_test()
|
|||||||
fi
|
fi
|
||||||
return $code
|
return $code
|
||||||
}
|
}
|
||||||
nfqws_curl_test()
|
ws_curl_test()
|
||||||
{
|
{
|
||||||
# $1 - test function
|
# $1 - ws start function
|
||||||
# $2 - domain
|
# $2 - test function
|
||||||
# $3,$4,$5, ... - nfqws params
|
# $3 - domain
|
||||||
local code pid testf=$1 dom=$2
|
# $4,$5,$6, ... - ws params
|
||||||
|
local code pid ws_start=$1 testf=$2 dom=$3
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
echo - checking nfqws "$@"
|
shift
|
||||||
nfqws_start "$@"
|
$ws_start "$@"
|
||||||
pid=$!
|
pid=$!
|
||||||
|
# let some time for tpws to initialize
|
||||||
|
sleep 1
|
||||||
curl_test $testf $dom
|
curl_test $testf $dom
|
||||||
code=$?
|
code=$?
|
||||||
killwait -9 $pid
|
killwait -9 $pid
|
||||||
return $code
|
return $code
|
||||||
}
|
}
|
||||||
check_domain_bypass()
|
tpws_curl_test()
|
||||||
|
{
|
||||||
|
# $1 - test function
|
||||||
|
# $2 - domain
|
||||||
|
# $3,$4,$5, ... - tpws params
|
||||||
|
echo - checking tpws $3 $4 $5 $6 $7 $8 $9
|
||||||
|
ws_curl_test tpws_start "$@"
|
||||||
|
}
|
||||||
|
nfqws_curl_test()
|
||||||
|
{
|
||||||
|
# $1 - test function
|
||||||
|
# $2 - domain
|
||||||
|
# $3,$4,$5, ... - nfqws params
|
||||||
|
echo - checking nfqws $3 $4 $5 $6 $7 $8 $9
|
||||||
|
ws_curl_test nfqws_start "$@"
|
||||||
|
}
|
||||||
|
nfqws_check_domain_bypass()
|
||||||
{
|
{
|
||||||
# $1 - test function
|
# $1 - test function
|
||||||
# $2 - encrypted test : 1/0
|
# $2 - encrypted test : 1/0
|
||||||
# $3 - domain
|
# $3 - domain
|
||||||
|
|
||||||
local pid strategy tests='fake' ttls s sec="$2" found
|
local strategy tests='fake' ttls s sec="$2" found
|
||||||
|
|
||||||
[ "$sec" = 0 ] && {
|
[ "$sec" = 0 ] && {
|
||||||
for s in '--hostcase' '--hostnospace' '--domcase'; do
|
for s in '--hostcase' '--hostspell=hoSt' '--hostnospace' '--domcase'; do
|
||||||
nfqws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
nfqws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -238,18 +274,30 @@ check_domain_bypass()
|
|||||||
if nfqws_curl_test $1 $3 $s; then
|
if nfqws_curl_test $1 $3 $s; then
|
||||||
strategy="${strategy:-$s}"
|
strategy="${strategy:-$s}"
|
||||||
else
|
else
|
||||||
tests="$tests split fake,split"
|
tests="$tests split fake,split2 fake,split"
|
||||||
[ "$sec" = 0 ] && {
|
[ "$sec" = 0 ] && {
|
||||||
s="$s --hostcase"
|
s="$s --hostcase"
|
||||||
nfqws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
nfqws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
||||||
}
|
}
|
||||||
|
for pos in 1 2 4 5 10 50 100; do
|
||||||
|
s="--dpi-desync=split2 --dpi-desync-split-pos=$pos"
|
||||||
|
if nfqws_curl_test $1 $3 $s; then
|
||||||
|
strategy="${strategy:-$s}"
|
||||||
|
break
|
||||||
|
else
|
||||||
|
[ "$sec" = 0 ] && {
|
||||||
|
s="$s --hostcase"
|
||||||
|
nfqws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
s="--dpi-desync=disorder2"
|
s="--dpi-desync=disorder2"
|
||||||
if nfqws_curl_test $1 $3 $s; then
|
if nfqws_curl_test $1 $3 $s; then
|
||||||
strategy="${strategy:-$s}"
|
strategy="${strategy:-$s}"
|
||||||
else
|
else
|
||||||
tests="$tests disorder fake,disorder"
|
tests="$tests disorder fake,disorder2 fake,disorder"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ttls=$(seq -s ' ' $MIN_TTL $MAX_TTL)
|
ttls=$(seq -s ' ' $MIN_TTL $MAX_TTL)
|
||||||
@ -299,6 +347,36 @@ check_domain_bypass()
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
tpws_check_domain_bypass()
|
||||||
|
{
|
||||||
|
# $1 - test function
|
||||||
|
# $2 - encrypted test : 1/0
|
||||||
|
# $3 - domain
|
||||||
|
local s strategy sec="$2"
|
||||||
|
if [ "$sec" = 0 ]; then
|
||||||
|
for s in '--hostcase' '--hostspell=hoSt' '--split-http-req=method' '--split-http-req=method --hostcase' '--split-http-req=host' '--split-http-req=host --hostcase' \
|
||||||
|
'--hostdot' '--hosttab' '--hostnospace' '--methodspace' '--methodeol' '--unixeol' \
|
||||||
|
'--hostpad=1024' '--hostpad=2048' '--hostpad=4096' '--hostpad=8192' '--hostpad=16384'; do
|
||||||
|
tpws_curl_test $1 $3 $s && strategy="${strategy:-$s}"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
for pos in 1 2 3 4 5 10 50 100; do
|
||||||
|
s="--split-pos=$pos"
|
||||||
|
tpws_curl_test $1 $3 $s && {
|
||||||
|
strategy="${strategy:-$s}"
|
||||||
|
break
|
||||||
|
}
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
if [ -n "$strategy" ]; then
|
||||||
|
echo "!!!!! working strategy found : tpws $strategy !!!!!"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
echo 'working strategy not found'
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_domain()
|
check_domain()
|
||||||
{
|
{
|
||||||
@ -314,7 +392,7 @@ check_domain()
|
|||||||
|
|
||||||
# in case was interrupted before
|
# in case was interrupted before
|
||||||
nfqws_ipt_unprepare $2
|
nfqws_ipt_unprepare $2
|
||||||
killall nfqws 2>/dev/null
|
killall nfqws tpws 2>/dev/null
|
||||||
|
|
||||||
echo "- checking without DPI bypass"
|
echo "- checking without DPI bypass"
|
||||||
curl_test $1 $4 && return
|
curl_test $1 $4 && return
|
||||||
@ -323,10 +401,20 @@ check_domain()
|
|||||||
[ $code = $c ] && return
|
[ $code = $c ] && return
|
||||||
done
|
done
|
||||||
|
|
||||||
|
echo preparing tpws redirection
|
||||||
|
tpws_ipt_prepare $2
|
||||||
|
|
||||||
|
tpws_check_domain_bypass $1 $3 $4
|
||||||
|
|
||||||
|
echo clearing tpws redirection
|
||||||
|
tpws_ipt_unprepare $2
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
echo preparing nfqws redirection
|
echo preparing nfqws redirection
|
||||||
nfqws_ipt_prepare $2
|
nfqws_ipt_prepare $2
|
||||||
|
|
||||||
check_domain_bypass $1 $3 $4
|
nfqws_check_domain_bypass $1 $3 $4
|
||||||
|
|
||||||
echo clearing nfqws redirection
|
echo clearing nfqws redirection
|
||||||
nfqws_ipt_unprepare $2
|
nfqws_ipt_unprepare $2
|
||||||
@ -346,7 +434,7 @@ ask_params()
|
|||||||
{
|
{
|
||||||
echo
|
echo
|
||||||
echo NOTE ! this test should be run with zapret or any other bypass software disabled, without VPN
|
echo NOTE ! this test should be run with zapret or any other bypass software disabled, without VPN
|
||||||
echo NOTE ! this test will kill all nfqws processes. if you have already set up zapret you will need to restart it after test is complete.
|
echo NOTE ! this test will kill all nfqws and tpws processes. if you have already set up zapret you will need to restart it after test is complete.
|
||||||
|
|
||||||
$ECHON "test this domain (default: $DOMAIN) : "
|
$ECHON "test this domain (default: $DOMAIN) : "
|
||||||
local dom
|
local dom
|
||||||
@ -361,7 +449,9 @@ ask_params()
|
|||||||
exitp 1
|
exitp 1
|
||||||
}
|
}
|
||||||
IPTABLES=iptables
|
IPTABLES=iptables
|
||||||
[ "$IPV" = 6 ] && IPTABLES=ip6tables
|
LOCALHOST=127.0.0.1
|
||||||
|
LOCALHOST_IPT=127.0.0.1
|
||||||
|
[ "$IPV" = 6 ] && { IPTABLES=ip6tables; LOCALHOST=::1; LOCALHOST_IPT=[::1]; }
|
||||||
|
|
||||||
ENABLE_HTTP=1
|
ENABLE_HTTP=1
|
||||||
ask_yes_no_var ENABLE_HTTP "check http"
|
ask_yes_no_var ENABLE_HTTP "check http"
|
||||||
@ -484,9 +574,11 @@ sigint()
|
|||||||
# make sure we are not in a middle state that impacts connectivity
|
# make sure we are not in a middle state that impacts connectivity
|
||||||
echo
|
echo
|
||||||
echo terminating...
|
echo terminating...
|
||||||
|
tpws_ipt_unprepare 80
|
||||||
|
tpws_ipt_unprepare 443
|
||||||
nfqws_ipt_unprepare 80
|
nfqws_ipt_unprepare 80
|
||||||
nfqws_ipt_unprepare 443
|
nfqws_ipt_unprepare 443
|
||||||
killall nfqws 2>/dev/null
|
killall nfqws tpws 2>/dev/null
|
||||||
exitp 1
|
exitp 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user