zapret/docs/changes.txt
2023-07-02 18:46:26 +03:00

240 lines
5.3 KiB
Plaintext

v1
Initial release
v2
nfqws : command line options change. now using standard getopt.
nfqws : added options for window size changing and "Host:" case change
ISP support : tested on mns.ru and beeline (corbina)
init scripts : rewritten init scripts for simple choise of ISP
create_ipset : now using 'ipset restore', it works much faster
readme : updated. now using UTF-8 charset.
v3
tpws : added transparent proxy (supports TPROXY and DNAT).
can help when ISP tracks whole HTTP session, not only the beginning
ipset : added zapret-hosts-user.txt which contain user defined host names to be resolved
and added to zapret ip list
ISP support : dom.ru support via TPROXY/DNAT
ISP support : successfully tested sknt.ru on 'domru' configuration
other configs will probably also work, but cannot test
compile : openwrt compile howto
v4
tpws : added ability to insert extra space after http method : "GET /" => "GET /"
ISP support : TKT support
v5
nfqws : ipv6 support in nfqws
v6
ipset : added "get_antizapret.sh"
v7
tpws : added ability to insert "." after Host: name
v8
openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
v9
ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
these IPs must be soxified for both http and https
ISP support : tiera support
ISP support : added DNS filtering to ubuntu and debian scripts
v10
tpws : added split-pos option. split every message at specified position
v11
ipset : scripts optimizations
v12
nfqws : fix wrong tcp checksum calculation if packet length is odd and platform is big-endian
v13
added binaries
v14
change get_antizapret script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv
filter out 192.168.*, 127.*, 10.* from blocked ips
v15
added --hostspell option to nfqws and tpws
ISP support : beeline now catches "host" but other spellings still work
openwrt/LEDE : changed init script to work with procd
tpws, nfqws : minor cosmetic fixes
v16
tpws: split-http-req=method : split inside method name, not after
ISP support : mns.ru changed split pos to 3 (got redirect page with HEAD req : curl -I ej.ru)
v17
ISP support : athome moved from nfqws to tpws because of instability and http request hangs
tpws : added options unixeol,methodeol,hosttab
v18
tpws,nfqws : added hostnospace option
v19
tpws : added hostlist option
v20
added ip2net. ip2net groups ips from iplist into subnets and reduces ipset size twice
v21
added mdig. get_reestr.sh is *real* again
v22
total review of init script logic
dropped support of older debian 7 and ubuntu 12/14 systems
install_bin.sh : auto binaries preparation
docs: readme review. some new topics added, others deleted
docs: VPN setup with policy based routing using wireguard
docs: wireguard modding guide
v23
major init system rewrite
openwrt : separate firewall include /etc/firewall.zapret
install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse
v24
separate config from init scripts
gzip support in ipset/*.sh and tpws
v25
init : move to native systemd units
use links to units, init scripts and firewall includes, no more copying
v26
ipv6 support
tpws : advanced bind options
v27
tpws : major connection code rewrite. originally it was derived from not top quality example , with many bugs and potential problems.
next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state.
v28
tpws : added socks5 support
ipset : major RKN getlist rewrite. added antifilter.network support
v29
nfqws : DPI desync attack
ip exclude system
v30
nfqws : DPI desync attack modes : fake,rst
v31
nfqws : DPI desync attack modes : disorder,disorder2,split,split2.
nfqws : DPI desync fooling mode : badseq. multiple modes supported
v32
tpws : multiple binds
init scripts : run only one instance of tpws in any case
v33
openwrt : flow offloading support
config : MODE refactoring
v34
nfqws : dpi-desync 2 mode combos
nfqws : dpi-desync without parameter no more supported. previously it meant "fake"
nfqws : custom fake http request and tls client hello
v35
limited FreeBSD and OpenBSD support
v36
full FreeBSD and OpenBSD support
v37
limited MacOS support
v38
MacOS easy install
v39
nfqws: conntrack, wssize
v40
init scripts : IFACE_LAN, IFACE_WAN now accept multiple interfaces
init scripts : openwrt uses now OPENWRT_LAN parameter to override incoming interfaces for tpws
v41
install_easy : openrc support
v42
blockcheck.sh
v43
nfqws: UDP desync with conntrack support (any-protocol only for now)
v44
nfqws: ipfrag
v45
nfqws: hop-by-hop ipv6 desync and fooling
v46
big startup script refactoring to support nftables and new openwrt snapshot builds with firewall4
v47
nfqws: QUIC initial decryption
nfqws: udplen, fakeknown dpi desync modes
v48
nfqws, tpws : multiple --hostlist and --hostlist-exclude support
launch system, ipset : no more list merging. all lists are passed separately to nfqws and tpws
nfqws : udplen fooling supports packet shrinking (negative increment value)
v49
QUIC support integrated to the main system and setup