Update readme

Some websites (or more precisely, TLS terminators/balancers) can't
handle segmented TLS ClientHello packet properly, requiring the whole
ClientHello in a single segment, otherwise the connection gets dropped.

However they still operate with a proper TCP stack.
Cheat on them: send the latter segment first (with TCP SEQ "in the future"),
the former segment second (with "current" SEQ), allowing OS TCP
stack to combine it in a single TCP read().

This fixes long-standing number of TCP fragmentation issues:
Fixes #4, #158, #224, #59, #192 and many others.

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+end_of_line = lf

.github/ISSUE_TEMPLATE/bug-report----------------------.md

@@ -0,0 +1,45 @@
+---
+name: Bug report / сообщение об ошибке
+about: Report software issue / сообщить об ошибке в программе
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--
+WARNING! Please pay some attention!
+GoodbyeDPI does not guarantee to work on your ISP on 100% or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it.
+Please report software bugs, such as: website incompatibility (if the website works without GoodbyeDPI but breaks with GoobyeDPI enabled), antivirus incompatibility, DNS redirection problems, incorrect packet handling, and other software issues.
+Please make sure to check other opened and closed issues, it could be your question or issue has been already discussed.
+
+ВНИМАНИЕ! Пожалуйста, прочтите!
+GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу вообще. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
+Сообщайте только об ошибках в программе, таких как: некорректная работа с веб-сайтами (когда веб-сайт работает без GoodbyeDPI, но ломается с GoodbyeDPI), несовместимость с антивирусами, проблемы с перенаправлением DNS, некорректная обработка пакетов, и другие проблемы.
+Также посмотрите другие открытые и закрытые баги. Возможно, ваш вопрос или проблема уже обсуждались.
+-->
+
+**Describe the bug / Опишите проблему**
+A clear and concise description of what the bug is. If the issue about software incompatibility, include your operating system version and software name/version.
+Подробно опишите, в чём заключается проблема. Если проблема касается совместимости с другими программами, укажите версию вашей операционной системы, имя и версию программы.
+
+**To Reproduce / Шаги воспроизведения проблемы**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior / ожидаемое поведение программы**
+A clear and concise description of what you expected to happen.
+Подробно опишите, как вы ожидаете, чтобы программа работала.
+
+**Actual behavior / текущее поведение программы**
+A clear and concise description of what you expected to happen.
+Подробно опишите, что происходит с программой на текущий момент.
+
+**Screenshots / Скриншоты**
+If applicable, add screenshots to help explain your problem.
+Если необходимо, добавьте скриншоты, объясняющие проблему.
+
+**Additional context / дополнительная информация**

.github/ISSUE_TEMPLATE/feature-request------------------------------------.md

@@ -0,0 +1,12 @@
+---
+name: Feature request / предложить новую функциональность
+about: Suggest an idea or function for this project / предложить новую идею или функциональность
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Description / Описание**
+A clear and concise description of your suggestion.
+Детальное описание вашего предложения.

Makefile

@@ -1,33 +0,0 @@
-CPREFIX = x86_64-w64-mingw32
-WINDIVERTHEADERS = ../../include
-WINDIVERTLIBS = ../binary
-
-TARGET = goodbyedpi.exe
-LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
-CC = $(CPREFIX)-gcc
-CCWINDRES = $(CPREFIX)-windres
-CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
-         -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-
-.PHONY: default all clean
-
-default: manifest $(TARGET)
-all: default
-
-OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c)) goodbyedpi-rc.o
-HEADERS = $(wildcard *.h)
-
-%.o: %.c $(HEADERS)
-	$(CC) $(CFLAGS) -c $< -o $@
-
-manifest:
-	$(CCWINDRES) goodbyedpi-rc.rc goodbyedpi-rc.o
-
-.PRECIOUS: $(TARGET) $(OBJECTS)
-
-$(TARGET): $(OBJECTS)
-	$(CC) $(OBJECTS) -Wall $(LIBS) -s -o $@
-
-clean:
-	-rm -f *.o
-	-rm -f $(TARGET)

README.md

@@ -16,19 +16,43 @@ Usage: goodbyedpi.exe [OPTION...]
  -p          block passive DPI
  -r          replace Host with hoSt
  -s          remove space between host header and its value
+ -m          mix Host header case (test.com -> tEsT.cOm)
  -f [value]  set HTTP fragmentation to value
+ -k [value]  enable HTTP persistent (keep-alive) fragmentation and set it to value
+ -n          do not wait for first segment ACK when -k is enabled
  -e [value]  set HTTPS fragmentation to value
  -a          additional space between Method and Request-URI (enables -s, may break sites)
+ -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)
+ --port        [value]    additional TCP port to perform fragmentation on (and HTTP tricks with -w)
+ --ip-id       [value]    handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).
+                          This option can be supplied multiple times.
+ --dns-addr    [value]    redirect UDP DNS requests to the supplied IP address (experimental)
+ --dns-port    [value]    redirect UDP DNS requests to the supplied port (53 by default)
+ --dnsv6-addr  [value]    redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
+ --dnsv6-port  [value]    redirect UDPv6 DNS requests to the supplied port (53 by default)
+ --dns-verb               print verbose DNS redirection messages
+ --blacklist   [txtfile]  perform HTTP tricks only to host names and subdomains from
+                          supplied text file. This option can be supplied multiple times.
+ --set-ttl     [value]    activate Fake Request Mode and send it with supplied TTL value.
+                          DANGEROUS! May break websites in unexpected ways. Use with care.
+ --wrong-chksum           activate Fake Request Mode and send it with incorrect TCP checksum.
+                          May not work in a VM or with some routers, but is safer than set-ttl.
+ --native-frag            fragment (split) the packets by sending them in smaller packets, without
+                          shrinking the Window Size. Works faster (does not slow down the connection)
+                          and better.
+ --reverse-frag           fragment (split) the packets just as --native-frag, but send them in the
+                          reversed order. Works with the websites which could not handle segmented
+                          HTTPS TLS ClientHello (because they receive the TCP flow "combined").
 
- -1          -p -r -s -f 2 -e 2 (most compatible mode, default)
+ -1          -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)
- -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)
+ -2          -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)
- -3          -p -r -s -e 40 (even better speed)
+ -3          -p -r -s -e 40 (better speed for HTTP and HTTPS)
  -4          -p -r -s (best speed)
 ```
 
-Try to run `goodbyedpi.exe -1 -a` first. If you can open blocked websites it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI.
+To check if your ISP's DPI could be circumvented, run `3_all_dnsredir_hardcore.cmd` first. This is the most hardcore mode which will show if this program is suitable for your ISP and DPI vendor at all. If you can open blocked websites with this mode, it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI.
 
-Try `-1` to see if it works too.
+Try `goodbyedpi -1` to see if it works too.
 
 Then try `goodbyedpi.exe -2`. It should be faster for HTTPS sites. Mode `-3` speed ups HTTP websites.
 
@@ -38,18 +62,21 @@ Use `goodbyedpi.exe -4` if it works for your ISP's DPI. This is the fastest mode
 
 ### Passive DPI
 
-Most Passive DPI send HTTP 302 Redirect if you try to access blocked website over HTTP and TCP Reset in case of HTTPS, faster than destination website. Packets sent by DPI have always have IP Identification field equal to `0x0000` or `0x0001`, as seen with Russian providers. These packets, if they redirect you to another website (censorship page), are blocked by GoodbyeDPI.
+Most Passive DPI send HTTP 302 Redirect if you try to access blocked website over HTTP and TCP Reset in case of HTTPS, faster than destination website. Packets sent by DPI usually have IP Identification field equal to `0x0000` or `0x0001`, as seen with Russian providers. These packets, if they redirect you to another website (censorship page), are blocked by GoodbyeDPI.
 
 ### Active DPI
 
-Active DPI is more tricky to fool. Currently the software uses 4 methods to circumvent Active DPI:
+Active DPI is more tricky to fool. Currently the software uses 7 methods to circumvent Active DPI:
 
 * TCP-level fragmentation for first data packet
+* TCP-level fragmentation for persistent (keep-alive) HTTP sessions
 * Replacing `Host` header with `hoSt`
 * Removing space between header name and value in `Host` header
 * Adding additional space between HTTP Method (GET, POST etc) and URI
+* Mixing case of Host header value
+* Sending fake HTTP/HTTPS packets with low Time-To-Live value or incorrect checksum to fool DPI and prevent delivering them to the destination
 
-These methods should not break any website as are fully compatible with TCP and HTTP standards, yet it's sufficient to prevent DPI data classification and to circumvent censorship. Additional space may break some websites, although it's acceptable by HTTP/1.1 specification (see 19.3 Tolerant Applications).
+These methods should not break any website as they're fully compatible with TCP and HTTP standards, yet it's sufficient to prevent DPI data classification and to circumvent censorship. Additional space may break some websites, although it's acceptable by HTTP/1.1 specification (see 19.3 Tolerant Applications).
 
 The program loads WinDivert driver which uses Windows Filtering Platform to set filters and redirect packets to the userspace. It's running as long as console window is visible and terminates when you close the window.
 
@@ -59,15 +86,31 @@ This project can be build using **GNU Make** and [**mingw**](https://mingw-w64.o
 
 To build x86 exe run:
 
-`make CPREFIX=i686-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`
+`make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/x86`
 
 And for x86_64:
 
-`make CPREFIX=x86_64-w64-mingw32 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`
+`make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=/path/to/windivert/include WINDIVERTLIBS=/path/to/windivert/amd64`
+
+# How to install as Windows Service
+
+Use `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.  
+Modify them according to your own needs.
+
+# Known issues
+
+* Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install KB3033929 [x86](https://www.microsoft.com/en-us/download/details.aspx?id=46078)/[x64](https://www.microsoft.com/en-us/download/details.aspx?id=46148), or better, update the whole system using Windows Update.
+* ~~Some SSL/TLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https://github.com/ValdikSS/GoodbyeDPI/issues/4), [#64](https://github.com/ValdikSS/GoodbyeDPI/issues/64).~~ Fragmentation issues are fixed in v0.1.7.
+* ~~ESET Antivirus is incompatible with WinDivert driver [#91](https://github.com/ValdikSS/GoodbyeDPI/issues/91). This is most probably antivirus bug, not WinDivert.~~
+
 
 # Similar projects
 
-[zapret](https://github.com/bol-van/zapret) by @bol-van (for Linux).
+- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for Linux).
+- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows).
+- **[DPITunnel](https://github.com/zhenyolka/DPITunnel)** by @zhenyolka (for Android).
+- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux).
+- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android).
 
 # Kudos
 

goodbyedpi.c

@@ -1,380 +0,0 @@
-/*
- * GoodbyeDPI — Passive DPI blocker and Active DPI circumvention utility.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <unistd.h>
-#include <string.h>
-#include <winsock2.h>
-#include "windivert.h"
-
-#define die() do { printf("Something went wrong!\n" \
-    "Make sure you're running this program with administrator privileges\n"); \
-    sleep(10); exit(EXIT_FAILURE); } while (0)
-
-#define MAX_FILTERS 4
-#define MAX_PACKET_SIZE 1516
-#define IPV4_HDR_LEN 20
-#define TCP_HDR_LEN 20
-#define IPV4_TOTALLEN_OFFSET 2
-#define TCP_WINDOWSIZE_OFFSET 14
-    
-static HANDLE filters[MAX_FILTERS];
-static int filter_num = 0;
-static const char *http10_redirect_302 = "HTTP/1.0 302 ";
-static const char *http11_redirect_302 = "HTTP/1.1 302 ";
-static const char *http_host_find = "\r\nHost: ";
-static const char *http_host_replace = "\r\nhoSt: ";
-static const char *http_useragent_find = "\r\nUser-Agent: ";
-static const char *location_http = "\r\nLocation: http://";
-static const char *http_methods[] = {
-    "GET ",
-    "HEAD ",
-    "POST ",
-    "PUT ",
-    "DELETE ",
-    "CONNECT ",
-    "OPTIONS ",
-    "TRACE ",
-    "PATCH ",
-    "PROPFIND ",
-    "PROPPATCH ",
-    "MKCOL ",
-    "COPY ",
-    "MOVE ",
-    "LOCK ",
-    "UNLOCK ",
-};
-
-static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
-    // naive implementation
-    if (nlen > hlen) return 0;
-    int i;
-    for (i=0; i<hlen-nlen+1; i++) {
-        if (memcmp(haystack+i,needle,nlen)==0) {
-            return (char*)(haystack+i);
-        }
-    }
-    return NULL;
-}
-
-static HANDLE init(char *filter, UINT64 flags) {
-    filter = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, 0, flags);
-    if (filter != INVALID_HANDLE_VALUE)
-        return filter;
-    return NULL;
-}
-
-static int deinit(HANDLE handle) {
-    if (handle) {
-        WinDivertClose(handle);
-        return 1;
-    }
-    return 0;
-}
-
-static void deinit_all() {
-    for (int i = 0; i < filter_num; i++) {
-        deinit(filters[i]);
-    }
-}
-
-static void sigint_handler(int sig) {
-    deinit_all();
-    exit(EXIT_SUCCESS);
-}
-
-static int is_passivedpi_redirect(const char *pktdata, int pktlen) {
-    /* First check if this is HTTP 302 redirect */
-    if (memcmp(pktdata, http11_redirect_302, strlen(http11_redirect_302)) == 0 ||
-        memcmp(pktdata, http10_redirect_302, strlen(http10_redirect_302)) == 0)
-    {
-        /* Then check if this is a redirect to new http site */
-        if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http))) {
-            return 1;
-        }
-    }
-    return 0;
-}
-
-/* Finds Host header with \r\n before it */
-static PVOID find_host_header(const char *pktdata, int pktlen) {
-    return dumb_memmem(pktdata, pktlen,
-                http_host_find, strlen(http_host_find));
-}
-
-/* Finds User-Agent header with \r\n before it */
-static PVOID find_useragent_header(const char *pktdata, int pktlen) {
-    return dumb_memmem(pktdata, pktlen,
-                http_useragent_find, strlen(http_useragent_find));
-}
-
-static void change_window_size(const char *pkt, int size) {
-    *(uint16_t*)(pkt + IPV4_HDR_LEN + TCP_WINDOWSIZE_OFFSET) = htons(size);
-}
-
-/* HTTP method end without trailing space */
-static PVOID find_http_method_end(const char *pkt) {
-    int i;
-    for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
-        if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
-            return (char*)pkt+strlen(http_methods[i]) - 1;
-        }
-    }
-    return NULL;
-}
-
-int main(int argc, char *argv[]) {
-    static const char fragment_size_message[] =
-                "Fragment size should be in range [0 - 65535]\n";
-    int i, should_reinject = 0;
-    int opt;
-    HANDLE w_filter = NULL;
-    WINDIVERT_ADDRESS addr;
-    char packet[MAX_PACKET_SIZE];
-    PVOID packet_data;
-    UINT packetLen;
-    UINT packet_dataLen;
-    PWINDIVERT_IPHDR ppIpHdr;
-    PWINDIVERT_TCPHDR ppTcpHdr;
-
-    int do_passivedpi = 0, do_fragment_http = 0,
-        do_fragment_https = 0, do_host = 0,
-        do_host_removespace = 0, do_additional_space = 0;
-    int http_fragment_size = 2;
-    int https_fragment_size = 2;
-    char *data_addr, *data_addr_rn, *host_addr, *useragent_addr, *method_addr;
-    int data_len, host_len;
-
-    printf("GoodbyeDPI: Passive DPI blocker and Active DPI circumvention utility\n");
-
-    if (argc == 1) {
-        /* enable mode -1 by default */
-        do_passivedpi = do_host = do_host_removespace \
-            = do_fragment_http = do_fragment_https = 1;
-    }
-
-    while ((opt = getopt(argc, argv, "1234prsaf:e:")) != -1) {
-        switch (opt) {
-            case '1':
-                do_passivedpi = do_host = do_host_removespace \
-                = do_fragment_http = do_fragment_https = 1;
-                break;
-            case '2':
-                do_passivedpi = do_host = do_host_removespace \
-                = do_fragment_http = do_fragment_https = 1;
-                https_fragment_size = 40;
-                break;
-            case '3':
-                do_passivedpi = do_host = do_host_removespace \
-                = do_fragment_https = 1;
-                https_fragment_size = 40;
-            case '4':
-                do_passivedpi = do_host = do_host_removespace = 1;
-                break;
-            case 'p':
-                do_passivedpi = 1;
-                break;
-            case 'r':
-                do_host = 1;
-                break;
-            case 's':
-                do_host_removespace = 1;
-                break;
-            case 'a':
-                do_additional_space = 1;
-                do_host_removespace = 1;
-                break;
-            case 'f':
-                do_fragment_http = 1;
-                http_fragment_size = atoi(optarg);
-                if (http_fragment_size <= 0 || http_fragment_size > 65535) {
-                    printf(fragment_size_message);
-                    exit(EXIT_FAILURE);
-                }
-                break;
-            case 'e':
-                do_fragment_https = 1;
-                https_fragment_size = atoi(optarg);
-                if (https_fragment_size <= 0 || https_fragment_size > 65535) {
-                    printf(fragment_size_message);
-                    exit(EXIT_FAILURE);
-                }
-                break;
-            default:
-                printf("Usage: goodbyedpi.exe [OPTION...]\n"
-                " -p          block passive DPI\n"
-                " -r          replace Host with hoSt\n"
-                " -s          remove space between host header and its value\n"
-                " -a          additional space between Method and Request-URI (enables -s, may break sites)\n"
-                " -f [value]  set HTTP fragmentation to value\n"
-                " -e [value]  set HTTPS fragmentation to value\n"
-                "\n"
-                " -1          -p -r -s -f 2 -e 2 (most compatible mode, default)\n"
-                " -2          -p -r -s -f 2 -e 40 (better speed yet still compatible)\n"
-                " -3          -p -r -s -e 40 (even better speed)\n"
-                " -4          -p -r -s (best speed)\n");
-                exit(EXIT_FAILURE);
-        }
-    }
-
-    printf("Block passive: %d, Fragment HTTP: %d, Fragment HTTPS: %d, "
-           "hoSt: %d, Host no space: %d, Additional space: %d\n",
-           do_passivedpi, (do_fragment_http ? http_fragment_size : 0),
-           (do_fragment_https ? https_fragment_size : 0),
-           do_host, do_host_removespace, do_additional_space);
-
-    printf("\nOpening filter\n");
-    filter_num = 0;
-
-    if (do_passivedpi) {
-        /* Filter for inbound RST packets with ID = 0 or 1 */
-        filters[filter_num] = init("inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and "
-                        "(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst",
-                        WINDIVERT_FLAG_DROP);
-        filter_num++;
-    }
-
-    /* 
-     * Filter for inbound HTTP redirection packets and
-     * active DPI circumvention
-     */
-    filters[filter_num] = init("(inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) "
-                      "or (inbound and (tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn) "
-                      "or (outbound and (tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack)",
-                      0);
-
-    w_filter = filters[filter_num];
-    filter_num++;
-
-    for (i = 0; i < filter_num; i++) {
-        if (filters[i] == NULL)
-            die();
-    }
-
-    printf("Filter activated!\n");
-    signal(SIGINT, sigint_handler);
-
-    while (1) {
-        if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) {
-            //printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
-            //       packetLen);
-            should_reinject = 1;
-
-            if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
-                NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
-                //printf("Got parsed packet, len=%d!\n", packet_dataLen);
-                /* Got a packet WITH DATA */
-
-                /* Handle INBOUND packet with data and find HTTP REDIRECT in there */
-                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) {
-                    /* If INBOUND packet with DATA (tcp.Ack) */
-
-                    /* Drop packets from filter with HTTP 30x Redirect */
-                    if (do_passivedpi && is_passivedpi_redirect(packet_data, packet_dataLen)) {
-                        //printf("Dropping HTTP Redirect packet!\n");
-                        should_reinject = 0;
-                    }
-                }
-                /* Handle OUTBOUND packet, search for Host header */
-                else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND && 
-                        packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
-                        find_http_method_end(packet_data) &&
-                        (do_host || do_host_removespace)) {
-
-                    data_addr = find_host_header(packet_data, packet_dataLen);
-                    if (data_addr) {
-
-                        if (do_host) {
-                            /* Replace "Host: " with "hoSt: " */
-                            memcpy(data_addr, http_host_replace, strlen(http_host_replace));
-                            //printf("Replaced Host header!\n");
-                        }
-
-                        if (do_additional_space && do_host_removespace) {
-                            /* End of "Host:" without trailing space */
-                            host_addr = data_addr + strlen(http_host_find) - 1;
-                            method_addr = find_http_method_end(packet_data);
-
-                            if (method_addr) {
-                                memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
-                            }
-                        }
-                        else if (do_host_removespace) {
-                            host_addr = data_addr + strlen(http_host_find);
-
-                            data_addr_rn = dumb_memmem(host_addr,
-                                                       packet_dataLen - ((PVOID)host_addr - packet_data),
-                                                       "\r\n", 2);
-                            if (data_addr_rn) {
-                                /* We move Host header value by one byte to the left and then
-                                 * "insert" stolen space to the end of User-Agent value because
-                                 * some web servers are not tolerant to additional space in the
-                                 * end of Host header.
-                                 *
-                                 * Nothing is done if User-Agent header is missing.
-                                 */
-                                host_len = data_addr_rn - host_addr;
-                                useragent_addr = find_useragent_header(packet_data, packet_dataLen);
-                                if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) {
-                                    /* Performing action only if User-Agent header goes after Host */
-
-                                    useragent_addr += strlen(http_useragent_find);
-                                    /* useragent_addr is in the beginning of User-Agent value */
-
-                                    data_len = packet_dataLen - ((PVOID)useragent_addr - packet_data);
-                                    data_addr_rn = dumb_memmem(useragent_addr,
-                                                               data_len, "\r\n", 2);
-                                    /* data_addr_rn is in the end of User-Agent value */
-
-                                    if (data_addr_rn) {
-                                        data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
-
-                                        /* Move one byte to the left from "Host:"
-                                         * to the end of User-Agen
-                                         */
-                                        memmove(host_addr - 1, host_addr, data_len);
-                                        /* Put space in the end of User-Agent header */
-                                        *(char*)(data_addr_rn - 1) = ' ';
-                                        //printf("Replaced Host header!\n");
-                                    }
-                                }
-                            }
-                        }
-
-                        WinDivertHelperCalcChecksums(packet, packetLen, 0);
-                    }
-                }
-            }
-            /* Else if we got TCP packet without data */
-            else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
-                NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
-                /* If we got SYN+ACK packet */
-                if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && 
-                    ppTcpHdr->Syn == 1) {
-                    //printf("Changing Window Size!\n");
-                    if (do_fragment_http && ppTcpHdr->DstPort == htons(80)) {
-                        change_window_size(packet, http_fragment_size);
-                        WinDivertHelperCalcChecksums(packet, packetLen, 0);
-                    }
-                    else if (do_fragment_https && ppTcpHdr->DstPort != htons(80)) {
-                        change_window_size(packet, https_fragment_size);
-                        WinDivertHelperCalcChecksums(packet, packetLen, 0);
-                    }
-                }
-            }
-
-            if (should_reinject) {
-                //printf("Re-injecting!\n");
-                WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
-            }
-        }
-        else {
-            // error, ignore
-            printf("Error receiving packet!\n");
-            break;
-        }
-    }
-}

src/Makefile

@@ -0,0 +1,50 @@
+ifndef MSYSTEM
+	CPREFIX = x86_64-w64-mingw32-
+endif
+
+WINDIVERTHEADERS = ../../../include
+WINDIVERTLIBS = ../../binary
+MINGWLIB = /usr/x86_64-w64-mingw32/lib/
+
+TARGET = goodbyedpi.exe
+# Linking SSP does not work for some reason, the executable doesn't start.
+#LIBS = -L$(WINDIVERTLIBS) -Wl,-Bstatic -lssp -Wl,-Bdynamic -lWinDivert -lws2_32
+LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32
+CC = $(CPREFIX)gcc
+CCWINDRES = $(CPREFIX)windres
+CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
+         -O2 -D_FORTIFY_SOURCE=2 \
+         -Wall -Wextra -Wpedantic -Wformat=2 -Wshadow -Wstrict-aliasing=1 -Werror=format-security \
+         -Wfloat-equal -Wcast-align -Wsign-conversion \
+         #-fstack-protector-strong
+LDFLAGS = -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
+-Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base
+
+ifdef BIT64
+	LDFLAGS += -Wl,--high-entropy-va -Wl,--pic-executable,-e,mainCRTStartup
+else
+	LDFLAGS += -Wl,--pic-executable,-e,_mainCRTStartup
+endif
+
+.PHONY: default all clean
+
+default: manifest $(TARGET)
+all: default
+
+OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c utils/*.c)) goodbyedpi-rc.o
+HEADERS = $(wildcard *.h utils/*.h)
+
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c $< -o $@
+
+manifest:
+	$(CCWINDRES) goodbyedpi-rc.rc goodbyedpi-rc.o
+
+.PRECIOUS: $(TARGET) $(OBJECTS)
+
+$(TARGET): $(OBJECTS)
+	$(CC) $(OBJECTS) $(LDFLAGS) $(LIBS) -s -o $@
+
+clean:
+	-rm -f *.o utils/*.o
+	-rm -f $(TARGET)

src/blackwhitelist.c

@@ -0,0 +1,110 @@
+/*
+ * Blacklist for GoodbyeDPI HTTP DPI circumvention tricks
+ *
+ * This is a simple domain hash table.
+ * Domain records are added from a text file, where every
+ * domain is separated with a new line.
+ */
+#include <windows.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "utils/uthash.h"
+#include "utils/getline.h"
+
+typedef struct blackwhitelist_record {
+    const char *host;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} blackwhitelist_record_t;
+
+static blackwhitelist_record_t *blackwhitelist = NULL;
+
+static int check_get_hostname(const char *host) {
+    blackwhitelist_record_t *tmp_record = NULL;
+    if (!blackwhitelist) return FALSE;
+
+    HASH_FIND_STR(blackwhitelist, host, tmp_record);
+    if (tmp_record) {
+        debug("check_get_hostname found host\n");
+        return TRUE;
+    }
+    debug("check_get_hostname host not found\n");
+    return FALSE;
+}
+
+static int add_hostname(const char *host) {
+    if (!host)
+        return FALSE;
+
+    int host_len = strlen(host);
+
+    blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
+    char *host_c = malloc(host_len + 1);
+
+    if (!check_get_hostname(host)) {
+        strncpy(host_c, host, host_len);
+        host_c[host_len] = '\0';
+        tmp_record->host = host_c;
+        HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host,
+                        strlen(tmp_record->host), tmp_record);
+        debug("Added host %s\n", host_c);
+        return TRUE;
+    }
+    debug("Not added host %s\n", host);
+    free(tmp_record);
+    free(host_c);
+    return FALSE;
+}
+
+int blackwhitelist_load_list(const char *filename) {
+    char *line = malloc(HOST_MAXLEN + 1);
+    size_t linelen = HOST_MAXLEN + 1;
+    int cnt = 0;
+    ssize_t read;
+
+    FILE *fp = fopen(filename, "r");
+    if (!fp) return FALSE;
+
+    while ((read = getline(&line, &linelen, fp)) != -1) {
+        /* works with both \n and \r\n */
+        line[strcspn(line, "\r\n")] = '\0';
+        if (strlen(line) > HOST_MAXLEN) {
+            printf("WARNING: host %s exceeds maximum host length and has not been added\n",
+                line);
+            continue;
+        }
+        if (strlen(line) < 4)
+            continue;
+        if (add_hostname(line))
+            cnt++;
+    }
+    free(line);
+    if (!blackwhitelist) return FALSE;
+    printf("Loaded %d hosts from file %s\n", cnt, filename);
+    fclose(fp);
+    return TRUE;
+}
+
+int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
+    char current_host[HOST_MAXLEN + 1];
+    char *tokenized_host = NULL;
+
+    if (host_len > HOST_MAXLEN) return FALSE;
+    if (host_addr && host_len) {
+        memcpy(current_host, host_addr, host_len);
+        current_host[host_len] = '\0';
+    }
+
+    if (check_get_hostname(current_host))
+            return TRUE;
+
+    tokenized_host = strchr(current_host, '.');
+    while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
+        /* Search hostname only if there is next token */
+        if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
+            return TRUE;
+        tokenized_host = strchr(tokenized_host + 1, '.');
+    }
+
+    debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
+    return FALSE;
+}

src/blackwhitelist.h

@@ -0,0 +1,2 @@
+int blackwhitelist_load_list(const char *filename);
+int blackwhitelist_check_hostname(const char *host_addr, size_t host_len);

src/dnsredir.c

@@ -0,0 +1,244 @@
+/*
+ * DNS UDP Connection Tracker for GoodbyeDPI
+ *
+ * This is a simple connection tracker for DNS UDP data.
+ * It's not a proper one. The caveats as follows:
+ *    * Uses only source IP address and port as a hash key;
+ *    * One-shot only. Removes conntrack record as soon as gets the reply;
+ *    * Does not properly parse DNS request and response, only checks some bytes;
+ *
+ * But anyway, it works fine for DNS.
+ */
+
+#include <windows.h>
+#include <time.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "dnsredir.h"
+#include "utils/uthash.h"
+
+/* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + srcport[2]) */
+#define UDP_CONNRECORD_KEY_LEN 19
+
+#define DNS_CLEANUP_INTERVAL_SEC 30
+
+/* HACK!
+ * uthash uses strlen() for HASH_FIND_STR.
+ * We have null bytes in our key, so we can't use strlen()
+ * And since it's always UDP_CONNRECORD_KEY_LEN bytes long,
+ * we don't need to use any string function to determine length.
+ */
+#undef uthash_strlen
+#define uthash_strlen(s) UDP_CONNRECORD_KEY_LEN
+
+typedef struct udp_connrecord {
+    /* key ('4' for IPv4 or '6' for IPv6 + srcip[16] + srcport[2]) */
+    char key[UDP_CONNRECORD_KEY_LEN];
+    time_t time;         /* time when this record was added */
+    uint32_t dstip[4];
+    uint16_t dstport;
+    UT_hash_handle hh;   /* makes this structure hashable */
+} udp_connrecord_t;
+
+static time_t last_cleanup = 0;
+static udp_connrecord_t *conntrack = NULL;
+
+void flush_dns_cache() {
+    BOOL WINAPI (*DnsFlushResolverCache)();
+
+    HMODULE dnsapi = LoadLibrary("dnsapi.dll");
+    if (dnsapi == NULL)
+    {
+        printf("Can't load dnsapi.dll to flush DNS cache!\n");
+        exit(EXIT_FAILURE);
+    }
+
+    DnsFlushResolverCache = (void*)GetProcAddress(dnsapi, "DnsFlushResolverCache");
+    if (DnsFlushResolverCache == NULL || !DnsFlushResolverCache())
+        printf("Can't flush DNS cache!");
+    FreeLibrary(dnsapi);
+}
+
+inline static void fill_key_data(char *key, const uint8_t is_ipv6, const uint32_t srcip[4],
+                          const uint16_t srcport)
+{
+    if (is_ipv6) {
+        *(uint8_t*)(key) = '6';
+        ipv6_copy_addr((uint32_t*)(key + sizeof(uint8_t)), srcip);
+    }
+    else {
+        *(uint8_t*)(key) = '4';
+        ipv4_copy_addr((uint32_t*)(key + sizeof(uint8_t)), srcip);
+    }
+
+    *(uint16_t*)(key + sizeof(uint8_t) + sizeof(uint32_t) * 4) = srcport;
+}
+
+inline static void fill_data_from_key(uint8_t *is_ipv6, uint32_t srcip[4], uint16_t *srcport,
+                                      const char *key)
+{
+    if (key[0] == '6') {
+        *is_ipv6 = 1;
+        ipv6_copy_addr(srcip, (uint32_t*)(key + sizeof(uint8_t)));
+    }
+    else {
+        *is_ipv6 = 0;
+        ipv4_copy_addr(srcip, (uint32_t*)(key + sizeof(uint8_t)));
+    }
+    *srcport = *(uint16_t*)(key + sizeof(uint8_t) + sizeof(uint32_t) * 4);
+}
+
+inline static void construct_key(const uint32_t srcip[4], const uint16_t srcport,
+                                 char *key, const uint8_t is_ipv6)
+{
+    debug("Construct key enter\n");
+    if (key) {
+        debug("Constructing key\n");
+        fill_key_data(key, is_ipv6, srcip, srcport);
+    }
+    debug("Construct key end\n");
+}
+
+inline static void deconstruct_key(const char *key, const udp_connrecord_t *connrecord,
+                                   conntrack_info_t *conn_info)
+{
+    debug("Deconstruct key enter\n");
+    if (key && conn_info) {
+        debug("Deconstructing key\n");
+        fill_data_from_key(&conn_info->is_ipv6, conn_info->srcip,
+                           &conn_info->srcport, key);
+
+        if (conn_info->is_ipv6)
+            ipv6_copy_addr(conn_info->dstip, connrecord->dstip);
+        else
+            ipv4_copy_addr(conn_info->dstip, connrecord->dstip);
+
+        conn_info->dstport = connrecord->dstport;
+    }
+    debug("Deconstruct key end\n");
+}
+
+static int check_get_udp_conntrack_key(const char *key, udp_connrecord_t **connrecord) {
+    udp_connrecord_t *tmp_connrecord = NULL;
+    if (!conntrack) return FALSE;
+
+    HASH_FIND_STR(conntrack, key, tmp_connrecord);
+    if (tmp_connrecord) {
+        if (connrecord)
+            *connrecord = tmp_connrecord;
+        debug("check_get_udp_conntrack_key found key\n");
+        return TRUE;
+    }
+    debug("check_get_udp_conntrack_key key not found\n");
+    return FALSE;
+}
+
+static int add_udp_conntrack(const uint32_t srcip[4], const uint16_t srcport,
+                             const uint32_t dstip[4], const uint16_t dstport,
+                             const uint8_t is_ipv6
+                            )
+{
+    if (!(srcip && srcport && dstip && dstport))
+        return FALSE;
+
+    udp_connrecord_t *tmp_connrecord = malloc(sizeof(udp_connrecord_t));
+    construct_key(srcip, srcport, tmp_connrecord->key, is_ipv6);
+
+    if (!check_get_udp_conntrack_key(tmp_connrecord->key, NULL)) {
+        tmp_connrecord->time = time(NULL);
+
+        if (is_ipv6) {
+            ipv6_copy_addr(tmp_connrecord->dstip, dstip);
+        }
+        else {
+            ipv4_copy_addr(tmp_connrecord->dstip, dstip);
+        }
+        tmp_connrecord->dstport = dstport;
+        HASH_ADD_STR(conntrack, key, tmp_connrecord);
+        debug("Added UDP conntrack\n");
+        return TRUE;
+    }
+    debug("Not added UDP conntrack\n");
+    free(tmp_connrecord);
+    return FALSE;
+}
+
+static void dns_cleanup() {
+    udp_connrecord_t *tmp_connrecord, *tmp_connrecord2 = NULL;
+
+    if (last_cleanup == 0) {
+        last_cleanup = time(NULL);
+        return;
+    }
+
+    if (difftime(time(NULL), last_cleanup) >= DNS_CLEANUP_INTERVAL_SEC) {
+        last_cleanup = time(NULL);
+
+        HASH_ITER(hh, conntrack, tmp_connrecord, tmp_connrecord2) {
+            if (difftime(last_cleanup, tmp_connrecord->time) >= DNS_CLEANUP_INTERVAL_SEC) {
+                HASH_DEL(conntrack, tmp_connrecord);
+                free(tmp_connrecord);
+            }
+        }
+    }
+}
+
+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing) {
+    if (packet_dataLen < 16) return FALSE;
+
+    if (outgoing && (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
+        (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
+        return TRUE;
+    }
+    else if (!outgoing &&
+        (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xF800) == 0x8000) {
+        return TRUE;
+    }
+    return FALSE;
+}
+
+int dns_handle_outgoing(const uint32_t srcip[4], const uint16_t srcport,
+                        const uint32_t dstip[4], const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        const uint8_t is_ipv6)
+{
+    if (packet_dataLen < 16)
+        return FALSE;
+
+    dns_cleanup();
+
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 1)) {
+        /* Looks like DNS request */
+        debug("trying to add srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+        return add_udp_conntrack(srcip, srcport, dstip, dstport, is_ipv6);
+    }
+    debug("____dns_handle_outgoing FALSE: srcport = %hu, dstport = %hu\n", ntohs(srcport), ntohs(dstport));
+    return FALSE;
+}
+
+int dns_handle_incoming(const uint32_t srcip[4], const uint16_t srcport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info, const uint8_t is_ipv6)
+{
+    char key[UDP_CONNRECORD_KEY_LEN];
+    udp_connrecord_t *tmp_connrecord = NULL;
+
+    if (packet_dataLen < 16 || !conn_info)
+        return FALSE;
+
+    dns_cleanup();
+
+    if (dns_is_dns_packet(packet_data, packet_dataLen, 0)) {
+        /* Looks like DNS response */
+        construct_key(srcip, srcport, key, is_ipv6);
+        if (check_get_udp_conntrack_key(key, &tmp_connrecord) && tmp_connrecord) {
+            /* Connection exists in conntrack, moving on */
+            deconstruct_key(key, tmp_connrecord, conn_info);
+            HASH_DEL(conntrack, tmp_connrecord);
+            free(tmp_connrecord);
+            return TRUE;
+        }
+    }
+    debug("____dns_handle_incoming FALSE: srcport = %hu\n", ntohs(srcport));
+    return FALSE;
+}

src/dnsredir.h

@@ -0,0 +1,36 @@
+#include <stdint.h>
+
+typedef struct conntrack_info {
+    uint8_t  is_ipv6;
+    uint32_t srcip[4];
+    uint16_t srcport;
+    uint32_t dstip[4];
+    uint16_t dstport;
+} conntrack_info_t;
+
+inline static void ipv4_copy_addr(uint32_t dst[4], const uint32_t src[4]) {
+    dst[0] = src[0];
+    dst[1] = 0;
+    dst[2] = 0;
+    dst[3] = 0;
+}
+
+inline static void ipv6_copy_addr(uint32_t dst[4], const uint32_t src[4]) {
+    dst[0] = src[0];
+    dst[1] = src[1];
+    dst[2] = src[2];
+    dst[3] = src[3];
+}
+
+int dns_handle_incoming(const uint32_t srcip[4], const uint16_t srcport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        conntrack_info_t *conn_info, const uint8_t is_ipv6);
+
+int dns_handle_outgoing(const uint32_t srcip[4], const uint16_t srcport,
+                        const uint32_t dstip[4], const uint16_t dstport,
+                        const char *packet_data, const UINT packet_dataLen,
+                        const uint8_t is_ipv6
+                       );
+
+void flush_dns_cache();
+int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing);

src/fakepackets.c

@@ -0,0 +1,166 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <in6addr.h>
+#include <ws2tcpip.h>
+#include "windivert.h"
+#include "goodbyedpi.h"
+
+static const char fake_http_request[] = "GET / HTTP/1.1\r\nHost: www.w3.org\r\n"
+                                        "User-Agent: curl/7.65.3\r\nAccept: */*\r\n"
+                                        "Accept-Encoding: deflate, gzip, br\r\n\r\n";
+static const unsigned char fake_https_request[] = {
+    0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x9a, 0x8f, 0xa7, 0x6a, 0x5d,
+    0x57, 0xf3, 0x62, 0x19, 0xbe, 0x46, 0x82, 0x45, 0xe2, 0x59, 0x5c, 0xb4, 0x48, 0x31, 0x12, 0x15,
+    0x14, 0x79, 0x2c, 0xaa, 0xcd, 0xea, 0xda, 0xf0, 0xe1, 0xfd, 0xbb, 0x20, 0xf4, 0x83, 0x2a, 0x94,
+    0xf1, 0x48, 0x3b, 0x9d, 0xb6, 0x74, 0xba, 0x3c, 0x81, 0x63, 0xbc, 0x18, 0xcc, 0x14, 0x45, 0x57,
+    0x6c, 0x80, 0xf9, 0x25, 0xcf, 0x9c, 0x86, 0x60, 0x50, 0x31, 0x2e, 0xe9, 0x00, 0x22, 0x13, 0x01,
+    0x13, 0x03, 0x13, 0x02, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x2c, 0xc0, 0x30,
+    0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f, 0x00, 0x35,
+    0x01, 0x00, 0x01, 0x91, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x0d, 0x00, 0x00, 0x0a, 0x77, 0x77, 0x77,
+    0x2e, 0x77, 0x33, 0x2e, 0x6f, 0x72, 0x67, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00,
+    0x00, 0x0a, 0x00, 0x0e, 0x00, 0x0c, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, 0x00,
+    0x01, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e,
+    0x00, 0x0c, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x00, 0x05,
+    0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x1d, 0x00,
+    0x20, 0xb0, 0xe4, 0xda, 0x34, 0xb4, 0x29, 0x8d, 0xd3, 0x5c, 0x70, 0xd3, 0xbe, 0xe8, 0xa7, 0x2a,
+    0x6b, 0xe4, 0x11, 0x19, 0x8b, 0x18, 0x9d, 0x83, 0x9a, 0x49, 0x7c, 0x83, 0x7f, 0xa9, 0x03, 0x8c,
+    0x3c, 0x00, 0x17, 0x00, 0x41, 0x04, 0x4c, 0x04, 0xa4, 0x71, 0x4c, 0x49, 0x75, 0x55, 0xd1, 0x18,
+    0x1e, 0x22, 0x62, 0x19, 0x53, 0x00, 0xde, 0x74, 0x2f, 0xb3, 0xde, 0x13, 0x54, 0xe6, 0x78, 0x07,
+    0x94, 0x55, 0x0e, 0xb2, 0x6c, 0xb0, 0x03, 0xee, 0x79, 0xa9, 0x96, 0x1e, 0x0e, 0x98, 0x17, 0x78,
+    0x24, 0x44, 0x0c, 0x88, 0x80, 0x06, 0x8b, 0xd4, 0x80, 0xbf, 0x67, 0x7c, 0x37, 0x6a, 0x5b, 0x46,
+    0x4c, 0xa7, 0x98, 0x6f, 0xb9, 0x22, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
+    0x02, 0x03, 0x01, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08,
+    0x04, 0x08, 0x05, 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x03, 0x02, 0x01, 0x00,
+    0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x1c, 0x00, 0x02, 0x40, 0x01, 0x00, 0x15, 0x00, 0x96, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static int send_fake_data(const HANDLE w_filter,
+                          const PWINDIVERT_ADDRESS addr,
+                          const char *pkt,
+                          const UINT packetLen,
+                          const BOOL is_ipv6,
+                          const BOOL is_https,
+                          const BYTE set_ttl,
+                          const BYTE set_checksum
+                         ) {
+    char packet_fake[MAX_PACKET_SIZE];
+    WINDIVERT_ADDRESS addr_new;
+    PVOID packet_data;
+    UINT packet_dataLen;
+    UINT packetLen_new;
+    PWINDIVERT_IPHDR ppIpHdr;
+    PWINDIVERT_IPV6HDR ppIpV6Hdr;
+    PWINDIVERT_TCPHDR ppTcpHdr;
+    char *fake_request_data = is_https ? fake_https_request : fake_http_request;
+    UINT fake_request_size = is_https ? sizeof(fake_https_request) : sizeof(fake_http_request) - 1;
+
+    memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
+    memcpy(packet_fake, pkt, packetLen);
+
+    if (!is_ipv6) {
+        // IPv4 TCP Data packet
+        if (!WinDivertHelperParsePacket(packet_fake, packetLen, &ppIpHdr,
+            NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen))
+            return 1;
+    }
+    else {
+        // IPv6 TCP Data packet
+        if (!WinDivertHelperParsePacket(packet_fake, packetLen, NULL,
+            &ppIpV6Hdr, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen))
+            return 1;
+    }
+
+    if (packetLen + fake_request_size + 1 > MAX_PACKET_SIZE)
+        return 2;
+
+    memcpy(packet_data, fake_request_data, fake_request_size);
+    packetLen_new = packetLen - packet_dataLen + fake_request_size;
+
+    if (!is_ipv6) {
+        ppIpHdr->Length = htons(
+            ntohs(ppIpHdr->Length) -
+            packet_dataLen + fake_request_size
+        );
+
+        if (set_ttl)
+            ppIpHdr->TTL = set_ttl;
+    }
+    else {
+        ppIpV6Hdr->Length = htons(
+            ntohs(ppIpV6Hdr->Length) -
+            packet_dataLen + fake_request_size
+        );
+
+        if (set_ttl)
+            ppIpV6Hdr->HopLimit = set_ttl;
+    }
+
+    // Recalculate the checksum
+    addr_new.PseudoTCPChecksum = 0;
+    WinDivertHelperCalcChecksums(packet_fake, packetLen_new, &addr_new, NULL);
+
+    if (set_checksum) {
+        // ...and damage it
+        ppTcpHdr->Checksum = htons(ntohs(ppTcpHdr->Checksum) - 1);
+    }
+    //printf("Pseudo checksum: %d\n", addr_new.PseudoTCPChecksum);
+
+    WinDivertSend(
+        w_filter, packet_fake,
+        packetLen_new,
+        &addr_new, NULL
+    );
+    debug("Fake packet: OK");
+
+    return 0;
+}
+
+int send_fake_http_request(const HANDLE w_filter,
+                                  const PWINDIVERT_ADDRESS addr,
+                                  const char *pkt,
+                                  const UINT packetLen,
+                                  const BOOL is_ipv6,
+                                  const BYTE set_ttl,
+                                  const BYTE set_checksum
+                                 ) {
+    return send_fake_data(w_filter,
+                          addr,
+                          pkt,
+                          packetLen,
+                          is_ipv6,
+                          FALSE,
+                          set_ttl,
+                          set_checksum
+           );
+}
+
+int send_fake_https_request(const HANDLE w_filter,
+                                   const PWINDIVERT_ADDRESS addr,
+                                   const char *pkt,
+                                   const UINT packetLen,
+                                   const BOOL is_ipv6,
+                                   const BYTE set_ttl,
+                                   const BYTE set_checksum
+                                 ) {
+    return send_fake_data(w_filter,
+                          addr,
+                          pkt,
+                          packetLen,
+                          is_ipv6,
+                          TRUE,
+                          set_ttl,
+                          set_checksum
+           );
+}

src/fakepackets.h

@@ -0,0 +1,16 @@
+int send_fake_http_request(const HANDLE w_filter,
+                                  const PWINDIVERT_ADDRESS addr,
+                                  const char *pkt,
+                                  const UINT packetLen,
+                                  const BOOL is_ipv6,
+                                  const BYTE set_ttl,
+                                  const BYTE set_checksum
+                                 );
+int send_fake_https_request(const HANDLE w_filter,
+                                   const PWINDIVERT_ADDRESS addr,
+                                   const char *pkt,
+                                   const UINT packetLen,
+                                   const BOOL is_ipv6,
+                                   const BYTE set_ttl,
+                                   const BYTE set_checksum
+                                 );

src/goodbyedpi.exe.manifest

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-    <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="GoodbyeDPI" type="win32"/> 
+    <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="GoodbyeDPI" type="win32"/>
-    <description>Divert</description> 
+    <description>GoodbyeDPI</description>
     <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
         <security>
             <requestedPrivileges>
@@ -9,4 +9,4 @@
             </requestedPrivileges>
         </security>
     </trustInfo>
-</assembly> 
+</assembly>

src/goodbyedpi.h

@@ -0,0 +1,11 @@
+#define HOST_MAXLEN 253
+#define MAX_PACKET_SIZE 9016
+
+#ifndef DEBUG
+#define debug(...) do {} while (0)
+#else
+#define debug(...) printf(__VA_ARGS__)
+#endif
+
+int main(int argc, char *argv[]);
+void deinit_all();

src/service.c

@@ -0,0 +1,96 @@
+#include <windows.h>
+#include <stdio.h>
+#include "goodbyedpi.h"
+#include "service.h"
+
+#define SERVICE_NAME "GoodbyeDPI"
+
+static SERVICE_STATUS ServiceStatus;
+static SERVICE_STATUS_HANDLE hStatus;
+static int service_argc = 0;
+static char **service_argv = NULL;
+
+int service_register(int argc, char *argv[])
+{
+    int i, ret;
+    SERVICE_TABLE_ENTRY ServiceTable[] = {
+        {SERVICE_NAME, (LPSERVICE_MAIN_FUNCTION)service_main},
+        {NULL, NULL}
+    };
+    /*
+     * Save argc & argv as service_main is called with different
+     * arguments, which are passed from "start" command, not
+     * from the program command line.
+     * We don't need this behaviour.
+     *
+     * Note that if StartServiceCtrlDispatcher() succeedes
+     * it does not return until the service is stopped,
+     * so we should copy all arguments first and then
+     * handle the failure.
+     */
+    if (!service_argc && !service_argv) {
+        service_argc = argc;
+        service_argv = malloc(sizeof(void*) * argc);
+        for (i = 0; i < argc; i++) {
+            service_argv[i] = strdup(argv[i]);
+        }
+    }
+
+    ret = StartServiceCtrlDispatcher(ServiceTable);
+
+    if (service_argc && service_argv) {
+        for (i = 0; i < service_argc; i++) {
+            free(service_argv[i]);
+        }
+        free(service_argv);
+    }
+
+    return ret;
+}
+
+void service_main(int argc __attribute__((unused)),
+                  char *argv[] __attribute__((unused)))
+{
+    ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; 
+    ServiceStatus.dwCurrentState = SERVICE_RUNNING;
+    ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
+    ServiceStatus.dwWin32ExitCode = 0;
+    ServiceStatus.dwServiceSpecificExitCode = 0;
+    ServiceStatus.dwCheckPoint = 1;
+    ServiceStatus.dwWaitHint = 0;
+
+    hStatus = RegisterServiceCtrlHandler(
+        SERVICE_NAME,
+        (LPHANDLER_FUNCTION)service_controlhandler);
+    if (hStatus == (SERVICE_STATUS_HANDLE)0)
+    {
+        // Registering Control Handler failed
+        return;
+    }
+
+    SetServiceStatus(hStatus, &ServiceStatus);
+
+    // Calling main with saved argc & argv
+    ServiceStatus.dwWin32ExitCode = main(service_argc, service_argv);
+    ServiceStatus.dwCurrentState  = SERVICE_STOPPED;
+    SetServiceStatus(hStatus, &ServiceStatus);
+    return;
+}
+
+// Control handler function
+void service_controlhandler(DWORD request)
+{
+    switch(request)
+    {
+        case SERVICE_CONTROL_STOP:
+        case SERVICE_CONTROL_SHUTDOWN:
+            deinit_all();
+            ServiceStatus.dwWin32ExitCode = 0;
+            ServiceStatus.dwCurrentState  = SERVICE_STOPPED;
+        default:
+            break;
+    }
+    // Report current status
+    SetServiceStatus(hStatus, &ServiceStatus);
+    return;
+}

src/service.h

@@ -0,0 +1,3 @@
+int service_register();
+void service_main(int argc, char *argv[]);
+void service_controlhandler(DWORD request);

src/utils/getline.c

@@ -0,0 +1,92 @@
+/*	$NetBSD: getdelim.c,v 1.2 2015/12/25 20:12:46 joerg Exp $	*/
+/*	NetBSD-src: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp 	*/
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "getline.h"
+
+#if !HAVE_GETDELIM
+
+ssize_t
+getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp)
+{
+	char *ptr, *eptr;
+
+
+	if (*buf == NULL || *bufsiz == 0) {
+		*bufsiz = BUFSIZ;
+		if ((*buf = malloc(*bufsiz)) == NULL)
+			return -1;
+	}
+
+	for (ptr = *buf, eptr = *buf + *bufsiz;;) {
+		int c = fgetc(fp);
+		if (c == -1) {
+			if (feof(fp)) {
+				ssize_t diff = (ssize_t)(ptr - *buf);
+				if (diff != 0) {
+					*ptr = '\0';
+					return diff;
+				}
+			}
+			return -1;
+		}
+		*ptr++ = c;
+		if (c == delimiter) {
+			*ptr = '\0';
+			return ptr - *buf;
+		}
+		if (ptr + 2 >= eptr) {
+			char *nbuf;
+			size_t nbufsiz = *bufsiz * 2;
+			ssize_t d = ptr - *buf;
+			if ((nbuf = realloc(*buf, nbufsiz)) == NULL)
+				return -1;
+			*buf = nbuf;
+			*bufsiz = nbufsiz;
+			eptr = nbuf + nbufsiz;
+			ptr = nbuf + d;
+		}
+	}
+}
+
+#endif
+
+#if !HAVE_GETLINE
+
+ssize_t
+getline(char **buf, size_t *bufsiz, FILE *fp)
+{
+	return getdelim(buf, bufsiz, '\n', fp);
+}
+
+#endif

src/utils/getline.h

@@ -0,0 +1,7 @@
+#if !HAVE_GETDELIM
+ssize_t	getdelim(char **, size_t *, int, FILE *);
+#endif
+
+#if !HAVE_GETLINE
+ssize_t	getline(char **, size_t *, FILE *);
+#endif

src/utils/repl_str.c

@@ -0,0 +1,90 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stddef.h>
+
+#if (__STDC_VERSION__ >= 199901L)
+#include <stdint.h>
+#endif
+
+char *repl_str(const char *str, const char *from, const char *to) {
+
+	/* Adjust each of the below values to suit your needs. */
+
+	/* Increment positions cache size initially by this number. */
+	size_t cache_sz_inc = 16;
+	/* Thereafter, each time capacity needs to be increased,
+	 * multiply the increment by this factor. */
+	const size_t cache_sz_inc_factor = 3;
+	/* But never increment capacity by more than this number. */
+	const size_t cache_sz_inc_max = 1048576;
+
+	char *pret, *ret = NULL;
+	const char *pstr2, *pstr = str;
+	size_t i, count = 0;
+	#if (__STDC_VERSION__ >= 199901L)
+	uintptr_t *pos_cache_tmp, *pos_cache = NULL;
+	#else
+	ptrdiff_t *pos_cache_tmp, *pos_cache = NULL;
+	#endif
+	size_t cache_sz = 0;
+	size_t cpylen, orglen, retlen, tolen, fromlen = strlen(from);
+
+	/* Find all matches and cache their positions. */
+	while ((pstr2 = strstr(pstr, from)) != NULL) {
+		count++;
+
+		/* Increase the cache size when necessary. */
+		if (cache_sz < count) {
+			cache_sz += cache_sz_inc;
+			pos_cache_tmp = realloc(pos_cache, sizeof(*pos_cache) * cache_sz);
+			if (pos_cache_tmp == NULL) {
+				goto end_repl_str;
+			} else pos_cache = pos_cache_tmp;
+			cache_sz_inc *= cache_sz_inc_factor;
+			if (cache_sz_inc > cache_sz_inc_max) {
+				cache_sz_inc = cache_sz_inc_max;
+			}
+		}
+
+		pos_cache[count-1] = pstr2 - str;
+		pstr = pstr2 + fromlen;
+	}
+
+	orglen = pstr - str + strlen(pstr);
+
+	/* Allocate memory for the post-replacement string. */
+	if (count > 0) {
+		tolen = strlen(to);
+		retlen = orglen + (tolen - fromlen) * count;
+	} else	retlen = orglen;
+	ret = malloc(retlen + 1);
+	if (ret == NULL) {
+		goto end_repl_str;
+	}
+
+	if (count == 0) {
+		/* If no matches, then just duplicate the string. */
+		strcpy(ret, str);
+	} else {
+		/* Otherwise, duplicate the string whilst performing
+		 * the replacements using the position cache. */
+		pret = ret;
+		memcpy(pret, str, pos_cache[0]);
+		pret += pos_cache[0];
+		for (i = 0; i < count; i++) {
+			memcpy(pret, to, tolen);
+			pret += tolen;
+			pstr = str + pos_cache[i] + fromlen;
+			cpylen = (i == count-1 ? orglen : pos_cache[i+1]) - pos_cache[i] - fromlen;
+			memcpy(pret, pstr, cpylen);
+			pret += cpylen;
+		}
+		ret[retlen] = '\0';
+	}
+
+end_repl_str:
+	/* Free the cache and return the post-replacement string,
+	 * which will be NULL in the event of an error. */
+	free(pos_cache);
+	return ret;
+}

src/utils/repl_str.h

@@ -0,0 +1 @@
+char *repl_str(const char *str, const char *from, const char *to);