From b50af9f9d017609a342bbcf7642eebccd808fe9c Mon Sep 17 00:00:00 2001 From: bol-van Date: Wed, 18 Sep 2024 19:27:50 +0300 Subject: [PATCH] support for SUFFIX desync profiles --- common/installer.sh | 2 +- common/list.sh | 8 ++++++++ common/queue.sh | 19 ++++++++++++------- config.default | 18 +++++++++++++----- docs/readme.eng.md | 17 +++++++++++++++-- docs/readme.txt | 15 +++++++++++++-- init.d/openwrt/custom-tpws4http-nfqws4https | 1 + init.d/openwrt/zapret | 6 ++++++ init.d/sysv/custom-tpws4http-nfqws4https | 1 + init.d/sysv/functions | 6 ++++++ install_easy.sh | 2 +- 11 files changed, 77 insertions(+), 18 deletions(-) diff --git a/common/installer.sh b/common/installer.sh index a09c846..ef5c069 100644 --- a/common/installer.sh +++ b/common/installer.sh @@ -54,7 +54,7 @@ edit_vars() local n=1 var v tmp="/tmp/zvars" rm -f "$tmp" while [ 1=1 ]; do - eval var="\$$n" + eval var="\${$n}" [ -n "$var" ] || break eval v="\$$var" echo $var=\"$v\" >>"$tmp" diff --git a/common/list.sh b/common/list.sh index cac5543..200bfca 100644 --- a/common/list.sh +++ b/common/list.sh @@ -45,3 +45,11 @@ filter_apply_hostlist_target() [ -n "$HOSTLIST_EXCLUDE" ] && eval $1="\"\$$1 --hostlist-exclude=$HOSTLIST_EXCLUDE\"" [ "$MODE_FILTER" = "autohostlist" ] && filter_apply_autohostlist_target $1 } + +filter_apply_suffix() +{ + # $1 - var name of tpws or nfqws params + # $2 - suffix value + local v="${2:+ --new $2}" + eval $1="\"\$$1$v\"" +} diff --git a/common/queue.sh b/common/queue.sh index 15badfe..324129f 100644 --- a/common/queue.sh +++ b/common/queue.sh @@ -1,10 +1,15 @@ apply_unspecified_desync_modes() { NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}" + NFQWS_OPT_DESYNC_HTTP_SUFFIX="${NFQWS_OPT_DESYNC_HTTP_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}" NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}" + NFQWS_OPT_DESYNC_HTTPS_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}" NFQWS_OPT_DESYNC_HTTP6="${NFQWS_OPT_DESYNC_HTTP6:-$NFQWS_OPT_DESYNC_HTTP}" + NFQWS_OPT_DESYNC_HTTP6_SUFFIX="${NFQWS_OPT_DESYNC_HTTP6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTP_SUFFIX}" NFQWS_OPT_DESYNC_HTTPS6="${NFQWS_OPT_DESYNC_HTTPS6:-$NFQWS_OPT_DESYNC_HTTPS}" + NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTPS_SUFFIX}" NFQWS_OPT_DESYNC_QUIC6="${NFQWS_OPT_DESYNC_QUIC6:-$NFQWS_OPT_DESYNC_QUIC}" + NFQWS_OPT_DESYNC_QUIC6_SUFFIX="${NFQWS_OPT_DESYNC_QUIC6_SUFFIX:-$NFQWS_OPT_DESYNC_QUIC_SUFFIX}" } get_nfqws_qnums() @@ -18,24 +23,24 @@ get_nfqws_qnums() [ "$DISABLE_IPV4" = "1" ] || { _qn=$QNUM _qns=$_qn - [ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || _qns=$(($QNUM+1)) + [ "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ] || _qns=$(($QNUM+1)) } [ "$DISABLE_IPV6" = "1" ] || { _qn6=$(($QNUM+2)) _qns6=$(($QNUM+3)) [ "$DISABLE_IPV4" = "1" ] || { - if [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then + if [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then _qn6=$_qn; - elif [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then + elif [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then _qn6=$_qns; fi - if [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then + if [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then _qns6=$_qn; - elif [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then + elif [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then _qns6=$_qns; fi } - [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6; + [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" ] && _qns6=$_qn6; } if [ "$MODE_HTTP" = 1 ]; then eval $1=$_qn @@ -65,7 +70,7 @@ get_nfqws_qnums_quic() [ "$DISABLE_IPV6" = "1" ] || { _qn6=$(($QNUM+11)) [ "$DISABLE_IPV4" = "1" ] || { - if [ "$NFQWS_OPT_DESYNC_QUIC" = "$NFQWS_OPT_DESYNC_QUIC6" ]; then + if [ "$NFQWS_OPT_DESYNC_QUIC $NFQWS_OPT_DESYNC_QUIC_SUFFIX" = "$NFQWS_OPT_DESYNC_QUIC6 $NFQWS_OPT_DESYNC_QUIC6_SUFFIX" ]; then _qn6=$_qn; fi } diff --git a/config.default b/config.default index 9ad7086..feda425 100644 --- a/config.default +++ b/config.default @@ -65,15 +65,23 @@ MODE_QUIC=0 MODE_FILTER=none # CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list +# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (syndata,wssize) DESYNC_MARK=0x40000000 DESYNC_MARK_POSTNAT=0x20000000 NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badsum" -#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" -#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum" -#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none" -#NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none" +#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTP="" +#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS="" +#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6" +#NFQWS_OPT_DESYNC_HTTP6="" +#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS6="" +#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6" NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6" -#NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop" +#NFQWS_OPT_DESYNC_QUIC_SUFFIX="" +NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop" +#NFQWS_OPT_DESYNC_QUIC6_SUFFIX="" # CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob" diff --git a/docs/readme.eng.md b/docs/readme.eng.md index da46142..6f11bb8 100644 --- a/docs/readme.eng.md +++ b/docs/readme.eng.md @@ -463,8 +463,8 @@ becomes the possible maximum. If you set `scale_factor` 64:0, it will be very sl On the other hand, the server response must not be large enough for the DPI to find what it is looking for. -Hostlist filter does not affect `--wssize` because it works since the connection initiation when it's not yet possible -to extract the host name. +`--wssize` is not applied in desync profiles with hostlist filter because it works since the connection initiation when it's not yet possible +to extract the host name. But it works with auto hostlist profiles. `--wssize` may slow down sites and/or increase response time. It's desired to use another methods if possible. @@ -963,6 +963,19 @@ It means if only `NFQWS_OPT_DESYNC` is defined all four take its value. If a variable is not defined, the value `NFQWS_OPT_DESYNC` is taken. +Additional low priority desync profile for `MODE_FILTER=hostlist`. +With multiple profile support 0-phase desync methods are no more applied with hostlist ! +To apply they additional profile is required without hostlist filter. +``` +#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6" +#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6" +``` + +Defaults are filled the same ways as with NFQWS_OPT_*. + Separate QUIC options for ip protocol versions : ``` diff --git a/docs/readme.txt b/docs/readme.txt index 4161aeb..af11bc3 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -557,8 +557,8 @@ Scaling factor может только снижаться, увеличение window size итоговый размер окна стал максимально возможным. Если вы сделаете 64:0, будет очень медленно. С другой стороны нельзя допустить, чтобы ответ сервера стал достаточно большим, чтобы DPI нашел там искомое. -На --wssize не влияет фильтр hostlist, поскольку он действует с самого начала соединения, когда еще нельзя -принять решение о попадании в лист. +--wssize не работает в профилях с хостлистами, поскольку он действует с самого начала соединения, когда еще нельзя +принять решение о попадании в лист. Однако, профиль с auto hostlist может содержать --wssize. --wssize может замедлять скорость и/или увеличивать время ответа сайтов, поэтому если есть другие работающие способы обхода DPI, лучше применять их. @@ -1387,6 +1387,17 @@ NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dp Если какая-то из переменных NFQWS_OPT_DESYNC_HTTP6/NFQWS_OPT_DESYNC_HTTPS6 не определена, берется значение NFQWS_OPT_DESYNC_HTTP/NFQWS_OPT_DESYNC_HTTPS. +Дополнительный низкоприоритетный профиль десинхронизации для режимов с MODE_FILTER=hostlist. +После реализации поддержки множественных профилей режимы нулевой фазы десинхронизации больше не применяются с хостлистом ! +Для их применения требуется дополнительный профиль без хостлист фильтра. +#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6" +#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata" +#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6" + +Значения по умолчанию заполняются аналогично NFQWS_OPT_*. + Опции дурения для QUIC : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake" NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop" diff --git a/init.d/openwrt/custom-tpws4http-nfqws4https b/init.d/openwrt/custom-tpws4http-nfqws4https index 5515d09..333e7c3 100644 --- a/init.d/openwrt/custom-tpws4http-nfqws4https +++ b/init.d/openwrt/custom-tpws4http-nfqws4https @@ -16,6 +16,7 @@ zapret_custom_daemons() [ "$MODE_HTTPS" = "1" ] && { opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX" run_daemon 2 $NFQWS "$opt" } } diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret index cc23018..f30b3ef 100755 --- a/init.d/openwrt/zapret +++ b/init.d/openwrt/zapret @@ -135,32 +135,38 @@ start_daemons_procd() [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX" run_daemon 1 "$NFQWS" "$opt" } [ -z "$qns" ] || [ "$qns" = "$qn" ] || { opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX" run_daemon 2 "$NFQWS" "$opt" } [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX" run_daemon 3 "$NFQWS" "$opt" } [ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" run_daemon 4 "$NFQWS" "$opt" } get_nfqws_qnums_quic qn qn6 [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX" run_daemon 10 "$NFQWS" "$opt" } [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || { opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX" run_daemon 11 "$NFQWS" "$opt" } ;; diff --git a/init.d/sysv/custom-tpws4http-nfqws4https b/init.d/sysv/custom-tpws4http-nfqws4https index eb818ab..9689880 100644 --- a/init.d/sysv/custom-tpws4http-nfqws4https +++ b/init.d/sysv/custom-tpws4http-nfqws4https @@ -16,6 +16,7 @@ zapret_custom_daemons() [ "$MODE_HTTPS" = "1" ] && { opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTPS" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX" do_nfqws $1 2 "$opt" } } diff --git a/init.d/sysv/functions b/init.d/sysv/functions index b4ba081..2553d02 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -303,32 +303,38 @@ zapret_do_daemons() [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX" do_nfqws $1 1 "$opt" } [ -z "$qns" ] || [ "$qns" = "$qn" ] || { opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX" do_nfqws $1 2 "$opt" } [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX" do_nfqws $1 3 "$opt" } [ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" do_nfqws $1 4 "$opt" } get_nfqws_qnums_quic qn qn6 [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX" do_nfqws $1 10 "$opt" } [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || { opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6" filter_apply_hostlist_target opt + filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX" do_nfqws $1 11 "$opt" } ;; diff --git a/install_easy.sh b/install_easy.sh index 9b3dc85..dd962e3 100755 --- a/install_easy.sh +++ b/install_easy.sh @@ -115,7 +115,7 @@ select_mode_mode() vars="TPWS_OPT" ;; nfqws) - vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC6" + vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_SUFFIX NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTP_SUFFIX NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTPS_SUFFIX NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTP6_SUFFIX NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_HTTPS6_SUFFIX NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC_SUFFIX NFQWS_OPT_DESYNC_QUIC6 NFQWS_OPT_DESYNC_QUIC6_SUFFIX" ;; esac [ -n "$vars" ] && {