Use newlines for current options information

README.md

@@ -86,6 +86,13 @@ And for x86_64:
 Use `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.  
 Modify them according to your own needs.
 
+# Known issues
+
+* Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install [KB3033929](https://www.microsoft.com/en-us/download/details.aspx?id=46078), or better, update the whole system using Windows Update.
+* Some SSL/TLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https://github.com/ValdikSS/GoodbyeDPI/issues/4), [#64](https://github.com/ValdikSS/GoodbyeDPI/issues/64).
+* ESET Antivirus is incompatible with WinDivert driver [#91](https://github.com/ValdikSS/GoodbyeDPI/issues/91). This is most probably antivirus bug, not WinDivert.
+
+
 # Similar projects
 
 [zapret](https://github.com/bol-van/zapret) by @bol-van (for Linux).

src/goodbyedpi.c

@@ -21,6 +21,8 @@
 // My mingw installation does not load inet_pton definition for some reason
 WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pAddr);
 
+#define GOODBYEDPI_VERSION "v0.1.5"
+
 #define die() do { sleep(20); exit(EXIT_FAILURE); } while (0)
 
 #define MAX_FILTERS 4
@@ -59,7 +61,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
 /* #IPID# is a template to find&replace */
 #define IPID_TEMPLATE "#IPID#"
 #define FILTER_STRING_TEMPLATE \
-        "(tcp and " \
+        "(tcp and !impostor and !loopback and " \
         "((inbound and (" \
          "(" \
           "(" \
@@ -75,6 +77,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
          "(" DIVERT_NO_LOCALNETSv4_DST " or " DIVERT_NO_LOCALNETSv6_DST "))" \
         "))"
 #define FILTER_PASSIVE_STRING_TEMPLATE "inbound and ip and tcp and " \
+        "!impostor and !loopback and " \
         "((ip.Id <= 0xF and ip.Id >= 0x0) " IPID_TEMPLATE ") and " \
         "(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and " \
         DIVERT_NO_LOCALNETSv4_SRC
@@ -131,8 +134,10 @@ static char *filter_string = NULL;
 static char *filter_passive_string = NULL;
 
 static void add_filter_str(int proto, int port) {
-    const char *udp = " or (udp and (udp.SrcPort == %d or udp.DstPort == %d))";
+    const char *udp = " or (udp and !impostor and !loopback and " \
-    const char *tcp = " or (tcp and (tcp.SrcPort == %d or tcp.DstPort == %d))";
+                      "(udp.SrcPort == %d or udp.DstPort == %d))";
+    const char *tcp = " or (tcp and !impostor and !loopback and " \
+                      "(tcp.SrcPort == %d or tcp.DstPort == %d))";
 
     char *current_filter = filter_string;
     int new_filter_size = strlen(current_filter) +
@@ -393,7 +398,8 @@ int main(int argc, char *argv[]) {
         filter_passive_string = strdup(FILTER_PASSIVE_STRING_TEMPLATE);
 
     printf(
-        "GoodbyeDPI: Passive DPI blocker and Active DPI circumvention utility\n"
+        "GoodbyeDPI " GOODBYEDPI_VERSION
+        ": Passive DPI blocker and Active DPI circumvention utility\n"
         "https://github.com/ValdikSS/GoodbyeDPI\n\n"
     );
 
@@ -599,11 +605,10 @@ int main(int argc, char *argv[]) {
     if (!https_fragment_size)
         https_fragment_size = 2;
 
-    printf("Block passive: %d, Fragment HTTP: %d, Fragment persistent HTTP: %d, "
+    printf("Block passive: %d\nFragment HTTP: %d\nFragment persistent HTTP: %d\n"
-           "Fragment HTTPS: %d, "
+           "Fragment HTTPS: %d\nhoSt: %d\nHost no space: %d\nAdditional space: %d\n"
-           "hoSt: %d, Host no space: %d, Additional space: %d, Mix Host: %d, "
+           "Mix Host: %d\nHTTP AllPorts: %d\nHTTP Persistent Nowait: %d\n"
-           "HTTP AllPorts: %d, HTTP Persistent Nowait: %d, DNS redirect: %d, "
+           "DNS redirect: %d\nDNSv6 redirect: %d\n",
-           "DNSv6 redirect: %d\n",
            do_passivedpi, (do_fragment_http ? http_fragment_size : 0),
            (do_fragment_http_persistent ? http_fragment_size : 0),
            (do_fragment_https ? https_fragment_size : 0),