support for SUFFIX desync profiles

2024-09-22 09:42:51 +05:00 · 2024-09-18 19:27:50 +03:00 · 2024-09-18 19:27:50 +03:00 · b50af9f9d0
commit b50af9f9d0
parent 074c8ca913
11 changed files with 77 additions and 18 deletions
--- a/common/installer.sh
+++ b/common/installer.sh
@ -54,7 +54,7 @@ edit_vars()
 	local n=1 var v tmp="/tmp/zvars"
 	rm -f "$tmp"
 	while [ 1=1 ]; do
-		eval var="\$$n"
+		eval var="\${$n}"
 		[ -n "$var" ] || break
 		eval v="\$$var"
 		echo $var=\"$v\" >>"$tmp"
--- a/common/list.sh
+++ b/common/list.sh
@ -45,3 +45,11 @@ filter_apply_hostlist_target()
 	[ -n "$HOSTLIST_EXCLUDE" ] && eval $1="\"\$$1 --hostlist-exclude=$HOSTLIST_EXCLUDE\""
 	[ "$MODE_FILTER" = "autohostlist" ] && filter_apply_autohostlist_target $1
 }
+
+filter_apply_suffix()
+{
+	# $1 - var name of tpws or nfqws params
+	# $2 - suffix value
+	local v="${2:+ --new $2}"
+	eval $1="\"\$$1$v\""
+}
--- a/common/queue.sh
+++ b/common/queue.sh
@ -1,10 +1,15 @@
 apply_unspecified_desync_modes()
 {
 	NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}"
+	NFQWS_OPT_DESYNC_HTTP_SUFFIX="${NFQWS_OPT_DESYNC_HTTP_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}"
 	NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}"
+	NFQWS_OPT_DESYNC_HTTPS_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS_SUFFIX:-$NFQWS_OPT_DESYNC_SUFFIX}"
 	NFQWS_OPT_DESYNC_HTTP6="${NFQWS_OPT_DESYNC_HTTP6:-$NFQWS_OPT_DESYNC_HTTP}"
+	NFQWS_OPT_DESYNC_HTTP6_SUFFIX="${NFQWS_OPT_DESYNC_HTTP6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTP_SUFFIX}"
 	NFQWS_OPT_DESYNC_HTTPS6="${NFQWS_OPT_DESYNC_HTTPS6:-$NFQWS_OPT_DESYNC_HTTPS}"
+	NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="${NFQWS_OPT_DESYNC_HTTPS6_SUFFIX:-$NFQWS_OPT_DESYNC_HTTPS_SUFFIX}"
 	NFQWS_OPT_DESYNC_QUIC6="${NFQWS_OPT_DESYNC_QUIC6:-$NFQWS_OPT_DESYNC_QUIC}"
+	NFQWS_OPT_DESYNC_QUIC6_SUFFIX="${NFQWS_OPT_DESYNC_QUIC6_SUFFIX:-$NFQWS_OPT_DESYNC_QUIC_SUFFIX}"
 }

 get_nfqws_qnums()
@ -18,24 +23,24 @@ get_nfqws_qnums()
 	[ "$DISABLE_IPV4" = "1" ] || {
 		_qn=$QNUM
 		_qns=$_qn
-		[ "$NFQWS_OPT_DESYNC_HTTP" = "$NFQWS_OPT_DESYNC_HTTPS" ] || _qns=$(($QNUM+1))
+		[ "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ] || _qns=$(($QNUM+1))
 	}
 	[ "$DISABLE_IPV6" = "1" ] || {
 		_qn6=$(($QNUM+2))
 		_qns6=$(($QNUM+3))
 		[ "$DISABLE_IPV4" = "1" ] || {
-			if [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then
+			if [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then
 				_qn6=$_qn;
-			elif [ "$NFQWS_OPT_DESYNC_HTTP6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then
+			elif [ "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then
 				_qn6=$_qns;
 			fi
-			if [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP" ]; then
+			if [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP $NFQWS_OPT_DESYNC_HTTP_SUFFIX" ]; then
 				_qns6=$_qn;
-			elif [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTPS" ]; then
+			elif [ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTPS $NFQWS_OPT_DESYNC_HTTPS_SUFFIX" ]; then
 				_qns6=$_qns;
 			fi
 		}
-		[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
+		[ "$NFQWS_OPT_DESYNC_HTTPS6 $NFQWS_OPT_DESYNC_HTTPS6_SUFFIX" = "$NFQWS_OPT_DESYNC_HTTP6 $NFQWS_OPT_DESYNC_HTTP6_SUFFIX" ] && _qns6=$_qn6;
 	}
 	if [ "$MODE_HTTP" = 1 ]; then
 		eval $1=$_qn
@ -65,7 +70,7 @@ get_nfqws_qnums_quic()
 	[ "$DISABLE_IPV6" = "1" ] || {
 		_qn6=$(($QNUM+11))
 		[ "$DISABLE_IPV4" = "1" ] || {
-			if [ "$NFQWS_OPT_DESYNC_QUIC" = "$NFQWS_OPT_DESYNC_QUIC6" ]; then
+			if [ "$NFQWS_OPT_DESYNC_QUIC $NFQWS_OPT_DESYNC_QUIC_SUFFIX" = "$NFQWS_OPT_DESYNC_QUIC6 $NFQWS_OPT_DESYNC_QUIC6_SUFFIX" ]; then
 				_qn6=$_qn;
 			fi
 		}
--- a/config.default
+++ b/config.default
@ -65,15 +65,23 @@ MODE_QUIC=0
 MODE_FILTER=none

 # CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
+# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (syndata,wssize)
 DESYNC_MARK=0x40000000
 DESYNC_MARK_POSTNAT=0x20000000
 NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badsum"
-#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
-#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
-#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
-#NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
+#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTP=""
+#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS=""
+#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
+#NFQWS_OPT_DESYNC_HTTP6=""
+#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS6=""
+#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
 NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6"
-#NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
+#NFQWS_OPT_DESYNC_QUIC_SUFFIX=""
+NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
+#NFQWS_OPT_DESYNC_QUIC6_SUFFIX=""

 # CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
 TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
--- a/docs/readme.eng.md
+++ b/docs/readme.eng.md
@ -463,8 +463,8 @@ becomes the possible maximum. If you set `scale_factor` 64:0, it will be very sl

 On the other hand, the server response must not be large enough for the DPI to find what it is looking for.

-Hostlist filter does not affect `--wssize` because it works since the connection initiation when it's not yet possible
-to extract the host name.
+`--wssize` is not applied in desync profiles with hostlist filter because it works since the connection initiation when it's not yet possible
+to extract the host name. But it works with auto hostlist profiles.

 `--wssize` may slow down sites and/or increase response time. It's desired to use another methods if possible.

@ -963,6 +963,19 @@ It means if only `NFQWS_OPT_DESYNC` is defined all four take its value.

 If a variable is not defined, the value `NFQWS_OPT_DESYNC` is taken.

+Additional low priority desync profile for `MODE_FILTER=hostlist`.
+With multiple profile support 0-phase desync methods are no more applied with hostlist !
+To apply they additional profile is required without hostlist filter.
+```
+#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
+#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
+```
+
+Defaults are filled the same ways as with NFQWS_OPT_*.
+
 Separate QUIC options for ip protocol versions :

 ```
--- a/docs/readme.txt
+++ b/docs/readme.txt
@ -557,8 +557,8 @@ Scaling factor может только снижаться, увеличение
 window size итоговый размер окна стал максимально возможным. Если вы сделаете 64:0, будет очень медленно.
 С другой стороны нельзя допустить, чтобы ответ сервера стал достаточно большим, чтобы DPI нашел там искомое.

-На --wssize не влияет фильтр hostlist, поскольку он действует с самого начала соединения, когда еще нельзя
-принять решение о попадании в лист.
+--wssize не работает в профилях с хостлистами, поскольку он действует с самого начала соединения, когда еще нельзя
+принять решение о попадании в лист. Однако, профиль с auto hostlist может содержать --wssize.
 --wssize может замедлять скорость и/или увеличивать время ответа сайтов, поэтому если есть другие работающие способы
 обхода DPI, лучше применять их.

@ -1387,6 +1387,17 @@ NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dp
 Если какая-то из переменных NFQWS_OPT_DESYNC_HTTP6/NFQWS_OPT_DESYNC_HTTPS6 не определена,
 берется значение NFQWS_OPT_DESYNC_HTTP/NFQWS_OPT_DESYNC_HTTPS.

+Дополнительный низкоприоритетный профиль десинхронизации для режимов с MODE_FILTER=hostlist.
+После реализации поддержки множественных профилей режимы нулевой фазы десинхронизации больше не применяются с хостлистом !
+Для их применения требуется дополнительный профиль без хостлист фильтра.
+#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
+#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
+#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
+
+Значения по умолчанию заполняются аналогично NFQWS_OPT_*.
+
 Опции дурения для QUIC :
 NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
--- a/init.d/openwrt/custom-tpws4http-nfqws4https
+++ b/init.d/openwrt/custom-tpws4http-nfqws4https
@ -16,6 +16,7 @@ zapret_custom_daemons()
 	[ "$MODE_HTTPS" = "1" ] && {
 		opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
 		filter_apply_hostlist_target opt
+		filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 		run_daemon 2 $NFQWS "$opt"
 	}
 }
--- a/init.d/openwrt/zapret
+++ b/init.d/openwrt/zapret
@ -135,32 +135,38 @@ start_daemons_procd()
 			[ -z "$qn" ] || {
 				opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX"
 				run_daemon 1 "$NFQWS" "$opt"
 			}
 			[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
 				opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 				run_daemon 2 "$NFQWS" "$opt"
 			}
 			[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
 				opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX"
 				run_daemon 3 "$NFQWS" "$opt"
 			}
 			[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
 				opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX"
 				run_daemon 4 "$NFQWS" "$opt"
 			}
 			get_nfqws_qnums_quic qn qn6
 			[ -z "$qn" ] || {
 				opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX"
 				run_daemon 10 "$NFQWS" "$opt"
 			}
 			[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || {
 				opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
 				run_daemon 11 "$NFQWS" "$opt"
 			}
 			;;
--- a/init.d/sysv/custom-tpws4http-nfqws4https
+++ b/init.d/sysv/custom-tpws4http-nfqws4https
@ -16,6 +16,7 @@ zapret_custom_daemons()
 	[ "$MODE_HTTPS" = "1" ] && {
 		opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTPS"
 		filter_apply_hostlist_target opt
+		filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 		do_nfqws $1 2 "$opt"
 	}
 }
--- a/init.d/sysv/functions
+++ b/init.d/sysv/functions
@ -303,32 +303,38 @@ zapret_do_daemons()
 			[ -z "$qn" ] || {
 				opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP_SUFFIX"
 				do_nfqws $1 1 "$opt"
 			}
 			[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
 				opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 				do_nfqws $1 2 "$opt"
 			}
 			[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
 				opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTP6_SUFFIX"
 				do_nfqws $1 3 "$opt"
 			}
 			[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
 				opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS6_SUFFIX"
 				do_nfqws $1 4 "$opt"
 			}
 			get_nfqws_qnums_quic qn qn6
 			[ -z "$qn" ] || {
 				opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC_SUFFIX"
 				do_nfqws $1 10 "$opt"
 			}
 			[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || {
 				opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC6"
 				filter_apply_hostlist_target opt
+				filter_apply_suffix opt "$NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
 				do_nfqws $1 11 "$opt"
 			}
 			;;
--- a/install_easy.sh
+++ b/install_easy.sh
@ -115,7 +115,7 @@ select_mode_mode()
 			vars="TPWS_OPT"
 			;;
 		nfqws)
-			vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC6"
+			vars="NFQWS_OPT_DESYNC NFQWS_OPT_DESYNC_SUFFIX NFQWS_OPT_DESYNC_HTTP NFQWS_OPT_DESYNC_HTTP_SUFFIX NFQWS_OPT_DESYNC_HTTPS NFQWS_OPT_DESYNC_HTTPS_SUFFIX NFQWS_OPT_DESYNC_HTTP6 NFQWS_OPT_DESYNC_HTTP6_SUFFIX NFQWS_OPT_DESYNC_HTTPS6 NFQWS_OPT_DESYNC_HTTPS6_SUFFIX NFQWS_OPT_DESYNC_QUIC NFQWS_OPT_DESYNC_QUIC_SUFFIX NFQWS_OPT_DESYNC_QUIC6 NFQWS_OPT_DESYNC_QUIC6_SUFFIX"
 			;;
 	esac
 	[ -n "$vars" ] && {