--fake-resend option: repeat sending each fake packet number of times

This option is similar to fake-from-hex, but generates number of
packets with random payload.

.github/ISSUE_TEMPLATE/bug.yml

@@ -5,7 +5,24 @@ body:
   - type: markdown
     attributes:
       value: |
-        **USE THIS FORM ONLY FOR BUGS**
+        ### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
+        ### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
+        ### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
+        
         GoodbyeDPI does not guarantee to work with your ISP for every blocked website or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it here.
 
         Please only report software bugs, such as:
@@ -18,7 +35,7 @@ body:
         Please make sure to check other opened and closed issues, it could be your bug has been reported already.
         For questions, or if in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
 
-        **ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ**
+        ### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда!
         GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу с каждым заблокированным сайтом. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
 
         Пожалуйста, сообщайте только об ошибках в программе, таких как:

.github/ISSUE_TEMPLATE/feature.yml

@@ -5,8 +5,15 @@ body:
   - type: markdown
     attributes:
       value: |
-        If you think of a great function or circumvention method which is missing from the program, go ahead and suggest it here.
+        If you think of a great function or circumvention method which is missing from the program, go ahead and suggest it here. But first make sure to search exiting tickets.
-        Если вы придумали новую функцию или метод обхода, которого еще нет в программе, напишите о нем подробнее здесь.
+        Если вы придумали новую функцию или метод обхода, которого еще нет в программе, напишите о нем подробнее здесь. Но сначала убедитесь с помощью поиска, что такого запроса еще не было.
+  - type: checkboxes
+    id: ensure
+    attributes:
+      label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
+      options:
+        - label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
+          required: true
   - type: textarea
     id: description
     attributes:

.github/workflows/build.yml

@@ -4,6 +4,9 @@ on:
   push:
     paths:
       - 'src/**'
+  pull_request:
+    paths:
+      - 'src/**'
   workflow_dispatch:
 
 env:

README.md

@@ -64,6 +64,13 @@ Usage: goodbyedpi.exe [OPTION...]
  --reverse-frag           fragment (split) the packets just as --native-frag, but send them in the
                           reversed order. Works with the websites which could not handle segmented
                           HTTPS TLS ClientHello (because they receive the TCP flow "combined").
+ --fake-from-hex <value>  Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).
+                          This option can be supplied multiple times, in this case each fake packet
+                          would be sent on every request in the command line argument order.
+ --fake-gen <value>       Generate random-filled fake packets for Fake Request Mode, value of them
+                          (up to 30).
+ --fake-resend <value>    Send each fake packet value number of times.
+                          Default: 1 (send each packet once).
  --max-payload [value]    packets with TCP payload data more than [value] won't be processed.
                           Use this option to reduce CPU usage by skipping huge amount of data
                           (like file transfers) in already established sessions.
@@ -94,7 +101,7 @@ To check if your ISP's DPI could be circumvented, first make sure that your prov
 
 Then run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.
 
-If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resover running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
+If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
 
 Check the .cmd scripts and modify it according to your preference and network conditions.
 
@@ -141,21 +148,23 @@ Modify them according to your own needs.
 # Known issues
 
 * Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install KB3033929 [x86](https://www.microsoft.com/en-us/download/details.aspx?id=46078)/[x64](https://www.microsoft.com/en-us/download/details.aspx?id=46148), or better, update the whole system using Windows Update.
+* Intel/Qualcomm Killer network cards: `Advanced Stream Detect` in Killer Control Center is incompabitle with GoodbyeDPI, [disable it](https://github.com/ValdikSS/GoodbyeDPI/issues/541#issuecomment-2296038239).
 * ~~Some SSL/TLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https://github.com/ValdikSS/GoodbyeDPI/issues/4), [#64](https://github.com/ValdikSS/GoodbyeDPI/issues/64).~~ Fragmentation issues are fixed in v0.1.7.
 * ~~ESET Antivirus is incompatible with WinDivert driver [#91](https://github.com/ValdikSS/GoodbyeDPI/issues/91). This is most probably antivirus bug, not WinDivert.~~
 
 
 # Similar projects
 
-- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for Linux)
+- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for MacOS, Linux and Windows)
 - **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)
-- **[DPI Tunnel CLI](https://github.com/zhenyolka/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
+- **[DPI Tunnel CLI](https://github.com/nomoresat/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
-- **[DPI Tunnel for Android](https://github.com/zhenyolka/DPITunnel-android)** by @zhenyolka (for Android)
+- **[DPI Tunnel for Android](https://github.com/nomoresat/DPITunnel-android)** by @zhenyolka (for Android)
 - **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux)
 - **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android)
 - **[SpoofDPI](https://github.com/xvzc/SpoofDPI)** by @xvzc (for macOS and Linux)
 - **[GhosTCP](https://github.com/macronut/ghostcp)** by @macronut (for Windows)
 - **[ByeDPI](https://github.com/hufrea/byedpi)** for Linux/Windows + **[ByeDPIAndroid](https://github.com/dovecoteescapee/ByeDPIAndroid/)** for Android (no root)
+- **[youtubeUnblock](https://github.com/Waujito/youtubeUnblock/)** by @Waujito (for OpenWRT/Entware routers and Linux)
 
 # Kudos
 

src/Makefile

@@ -27,7 +27,7 @@ CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
          -Wfloat-equal -Wcast-align -Wsign-conversion \
          #-fstack-protector-strong
 LDFLAGS = -fstack-protector -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
--Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base
+-Wl,--disable-auto-image-base
 
 ifdef BIT64
 	LDFLAGS += -Wl,--high-entropy-va -Wl,--pic-executable,-e,mainCRTStartup

src/blackwhitelist.c

@@ -70,8 +70,8 @@ int blackwhitelist_load_list(const char *filename) {
                 line);
             continue;
         }
-        if (strlen(line) < 3) {
+        if (strlen(line) < 2) {
-            printf("WARNING: host %s is less than 3 bytes, skipping\n", line);
+            printf("WARNING: host %s is less than 2 characters, skipping\n", line);
             continue;
         }
         if (add_hostname(line))
@@ -99,8 +99,7 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
 
     tokenized_host = strchr(current_host, '.');
     while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
-        /* Search hostname only if there is next token */
+        if (check_get_hostname(tokenized_host + 1))
-        if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
             return TRUE;
         tokenized_host = strchr(tokenized_host + 1, '.');
     }

src/fakepackets.c

@@ -1,5 +1,7 @@
 #include <stdio.h>
+#define _CRT_RAND_S
 #include <stdlib.h>
+#include <stdbool.h>
 #include <ctype.h>
 #include <unistd.h>
 #include <in6addr.h>
@@ -7,6 +9,15 @@
 #include "windivert.h"
 #include "goodbyedpi.h"
 
+struct fake_t {
+    const unsigned char* data;
+    size_t size;
+};
+
+static struct fake_t *fakes[30] = {0};
+int fakes_count = 0;
+int fakes_resend = 1;
+
 static const unsigned char fake_http_request[] = "GET / HTTP/1.1\r\nHost: www.w3.org\r\n"
                                                  "User-Agent: curl/7.65.3\r\nAccept: */*\r\n"
                                                  "Accept-Encoding: deflate, gzip, br\r\n\r\n";
@@ -54,7 +65,8 @@ static int send_fake_data(const HANDLE w_filter,
                           const BOOL is_https,
                           const BYTE set_ttl,
                           const BYTE set_checksum,
-                          const BYTE set_seq
+                          const BYTE set_seq,
+                          const struct fake_t *fake_data
                          ) {
     char packet_fake[MAX_PACKET_SIZE];
     WINDIVERT_ADDRESS addr_new;
@@ -66,6 +78,10 @@ static int send_fake_data(const HANDLE w_filter,
     PWINDIVERT_TCPHDR ppTcpHdr;
     unsigned const char *fake_request_data = is_https ? fake_https_request : fake_http_request;
     UINT fake_request_size = is_https ? sizeof(fake_https_request) : sizeof(fake_http_request) - 1;
+    if (fake_data) {
+        fake_request_data = fake_data->data;
+        fake_request_size = fake_data->size;
+    }
 
     memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
     memcpy(packet_fake, pkt, packetLen);
@@ -148,22 +164,26 @@ static int send_fake_request(const HANDLE w_filter,
                                   const BOOL is_https,
                                   const BYTE set_ttl,
                                   const BYTE set_checksum,
-                                  const BYTE set_seq
+                                  const BYTE set_seq,
+                                  const struct fake_t *fake_data
                                  ) {
     if (set_ttl) {
         send_fake_data(w_filter, addr, pkt, packetLen,
                           is_ipv6, is_https,
-                          set_ttl, FALSE, FALSE);
+                          set_ttl, FALSE, FALSE,
+                          fake_data);
     }
     if (set_checksum) {
         send_fake_data(w_filter, addr, pkt, packetLen,
                           is_ipv6, is_https,
-                          FALSE, set_checksum, FALSE);
+                          FALSE, set_checksum, FALSE,
+                          fake_data);
     }
     if (set_seq) {
         send_fake_data(w_filter, addr, pkt, packetLen,
                           is_ipv6, is_https,
-                          FALSE, FALSE, set_seq);
+                          FALSE, FALSE, set_seq,
+                          fake_data);
     }
     return 0;
 }
@@ -177,9 +197,18 @@ int send_fake_http_request(const HANDLE w_filter,
                                   const BYTE set_checksum,
                                   const BYTE set_seq
                                  ) {
-    return send_fake_request(w_filter, addr, pkt, packetLen,
+    int ret = 0;
-                          is_ipv6, FALSE,
+    for (int i=0; i<fakes_count || i == 0; i++) {
-                          set_ttl, set_checksum, set_seq);
+        for (int j=0; j<fakes_resend; j++)
+            if (send_fake_request(w_filter, addr, pkt, packetLen,
+                            is_ipv6, FALSE,
+                            set_ttl, set_checksum, set_seq,
+                            fakes[i]))
+            {
+                ret++;
+            }
+    }
+    return ret;
 }
 
 int send_fake_https_request(const HANDLE w_filter,
@@ -191,7 +220,94 @@ int send_fake_https_request(const HANDLE w_filter,
                                    const BYTE set_checksum,
                                    const BYTE set_seq
                                  ) {
-    return send_fake_request(w_filter, addr, pkt, packetLen,
+    int ret = 0;
+    for (int i=0; i<fakes_count || i == 0; i++) {
+        for (int j=0; j<fakes_resend; j++)
+            if (send_fake_request(w_filter, addr, pkt, packetLen,
                           is_ipv6, TRUE,
-                          set_ttl, set_checksum, set_seq);
+                          set_ttl, set_checksum, set_seq,
+                          fakes[i]))
+            {
+                ret++;
+            }
+    }
+    return ret;
+}
+
+static int fake_add(const unsigned char *data, size_t size) {
+    struct fake_t *fake = malloc(sizeof(struct fake_t));
+    fake->size = size;
+    fake->data = data;
+
+    for (size_t k = 0; k <= sizeof(fakes) / sizeof(*fakes); k++) {
+        if (!fakes[k]) {
+            fakes[k] = fake;
+            fakes_count++;
+            return 0;
+        }
+    }
+    return 3;
+}
+
+int fake_load_from_hex(const char *data) {
+    size_t len = strlen(data);
+    if (len < 2 || len % 2 || len > 1420)
+        return 1;
+
+    unsigned char *finaldata = calloc((len + 2) / 2, 1);
+
+    for (size_t i = 0; i<len - 1; i+=2) {
+        char num1 = data[i];
+        char num2 = data[i+1];
+        debug("Current num1: %X, num2: %X\n", num1, num2);
+        unsigned char finalchar = 0;
+        char curchar = num1;
+
+        for (int j=0; j<=1; j++) {
+            if (curchar >= '0' && curchar <= '9')
+                curchar -= '0';
+            else if (curchar >= 'a' && curchar <= 'f')
+                curchar -= 'a' - 0xA;
+            else if (curchar >= 'A' && curchar <= 'F')
+                curchar -= 'A' - 0xA;
+            else
+                return 2; // incorrect character, not a hex data
+
+            if (!j) {
+                num1 = curchar;
+                curchar = num2;
+                continue;
+            }
+            num2 = curchar;
+        }
+        debug("Processed num1: %X, num2: %X\n", num1, num2);
+        finalchar = (num1 << 4) | num2;
+        debug("Final char: %X\n", finalchar);
+        finaldata[i/2] = finalchar;
+    }
+
+    return fake_add(finaldata, len / 2);
+}
+
+int fake_load_random(unsigned int count, unsigned int maxsize) {
+    if (count < 1 || count > sizeof(fakes) / sizeof(*fakes))
+        return 1;
+
+    unsigned int random = 0;
+
+    for (unsigned int i=0; i<count; i++) {
+        unsigned int len = 0;
+        if (rand_s(&len))
+            return 1;
+        len = 8 + (len % maxsize);
+
+        unsigned char *data = calloc(len, 1);
+        for (unsigned int j=0; j<len; j++) {
+            rand_s(&random);
+            data[j] = random % 0xFF;
+        }
+        if (fake_add(data, len))
+            return 2;
+    }
+    return 0;
 }

src/fakepackets.h

@@ -1,3 +1,5 @@
+extern int fakes_count;
+extern int fakes_resend;
 int send_fake_http_request(const HANDLE w_filter,
                                   const PWINDIVERT_ADDRESS addr,
                                   const char *pkt,

src/goodbyedpi.c

@@ -4,6 +4,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdbool.h>
 #include <ctype.h>
 #include <signal.h>
 #include <unistd.h>
@@ -23,7 +24,7 @@
 // My mingw installation does not load inet_pton definition for some reason
 WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pAddr);
 
-#define GOODBYEDPI_VERSION "v0.2.2"
+#define GOODBYEDPI_VERSION "v0.2.3"
 
 #define die() do { sleep(20); exit(EXIT_FAILURE); } while (0)
 
@@ -83,7 +84,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
         "and udp.Payload[0] >= 0xC0 and udp.Payload32[1b] == 0x01"
 #define FILTER_PASSIVE_STRING_TEMPLATE "inbound and ip and tcp and " \
         "!impostor and !loopback and " \
-        "((ip.Id <= 0xF and ip.Id >= 0x0) " IPID_TEMPLATE ") and " \
+        "(true " IPID_TEMPLATE ") and " \
         "(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and " \
         DIVERT_NO_LOCALNETSv4_SRC
 
@@ -134,6 +135,18 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
              ttl_of_fake_packet, do_wrong_chksum, do_wrong_seq); \
 } while (0)
 
+enum ERROR_CODE{
+    ERROR_DEFAULT = 1,
+    ERROR_PORT_BOUNDS,
+    ERROR_DNS_V4_ADDR,
+    ERROR_DNS_V6_ADDR,
+    ERROR_DNS_V4_PORT,
+    ERROR_DNS_V6_PORT,
+    ERROR_BLACKLIST_LOAD,
+    ERROR_AUTOTTL,
+    ERROR_ATOUSI,
+    ERROR_AUTOB
+};
 
 static int running_from_service = 0;
 static int exiting = 0;
@@ -175,6 +188,10 @@ static struct option long_options[] = {
     {"native-frag", no_argument,       0,  '*' },
     {"reverse-frag",no_argument,       0,  '(' },
     {"max-payload", optional_argument, 0,  '|' },
+    {"fake-from-hex", required_argument, 0,  'u' },
+    {"fake-gen",    required_argument, 0,  'j' },
+    {"fake-resend", required_argument, 0,  't' },
+    {"debug-exit",  optional_argument, 0,  'x' },
     {0,             0,                 0,   0  }
 };
 
@@ -270,7 +287,7 @@ unsigned short int atousi(const char *str, const char *msg) {
 
     if(res > limitValue) {
         puts(msg);
-        exit(EXIT_FAILURE);
+        exit(ERROR_ATOUSI);
     }
     return (unsigned short int)res;
 }
@@ -283,7 +300,7 @@ BYTE atoub(const char *str, const char *msg) {
 
     if(res > limitValue) {
         puts(msg);
-        exit(EXIT_FAILURE);
+        exit(ERROR_AUTOB);
     }
     return (BYTE)res;
 }
@@ -300,10 +317,27 @@ static HANDLE init(char *filter, UINT64 flags) {
                   FORMAT_MESSAGE_IGNORE_INSERTS,
                   NULL, errorcode, MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
                   (LPTSTR)&errormessage, 0, NULL);
-    printf("Error opening filter: %s", errormessage);
+    printf("Error opening filter: %d %s\n", errorcode, errormessage);
     LocalFree(errormessage);
-    if (errorcode == 577)
+    if (errorcode == 2)
-        printf("Windows Server 2016 systems must have secure boot disabled to be "
+        printf("The driver files WinDivert32.sys or WinDivert64.sys were not found.\n");
+    else if (errorcode == 654)
+        printf("An incompatible version of the WinDivert driver is currently loaded.\n"
+               "Please unload it with the following commands ran as administrator:\n\n"
+               "sc stop windivert\n"
+               "sc delete windivert\n"
+               "sc stop windivert14"
+               "sc delete windivert14\n");
+    else if (errorcode == 1275)
+        printf("This error occurs for various reasons, including:\n"
+               "the WinDivert driver is blocked by security software; or\n"
+               "you are using a virtualization environment that does not support drivers.\n");
+    else if (errorcode == 1753)
+        printf("This error occurs when the Base Filtering Engine service has been disabled.\n"
+               "Enable Base Filtering Engine service.\n");
+    else if (errorcode == 577)
+        printf("Could not load driver due to invalid digital signature.\n"
+               "Windows Server 2016 systems must have secure boot disabled to be \n"
                "able to load WinDivert driver.\n"
                "Windows 7 systems must be up-to-date or at least have KB3033929 installed.\n"
                "https://www.microsoft.com/en-us/download/details.aspx?id=46078\n\n"
@@ -548,6 +582,7 @@ int main(int argc, char *argv[]) {
         ipv4_tcp, ipv4_tcp_data, ipv4_udp_data,
         ipv6_tcp, ipv6_tcp_data, ipv6_udp_data
     } packet_type;
+    bool debug_exit = false;
     int i, should_reinject, should_recalc_checksum = 0;
     int sni_ok = 0;
     int opt;
@@ -751,7 +786,7 @@ int main(int argc, char *argv[]) {
                 i = atoi(optarg);
                 if (i <= 0 || i > 65535) {
                     printf("Port parameter error!\n");
-                    exit(EXIT_FAILURE);
+                    exit(ERROR_PORT_BOUNDS);
                 }
                 if (i != 80 && i != 443)
                     add_filter_str(IPPROTO_TCP, i);
@@ -770,14 +805,14 @@ int main(int argc, char *argv[]) {
                     do_dnsv4_redirect = 1;
                     if (inet_pton(AF_INET, optarg, &dnsv4_addr) != 1) {
                         puts("DNS address parameter error!");
-                        exit(EXIT_FAILURE);
+                        exit(ERROR_DNS_V4_ADDR);
                     }
                     add_filter_str(IPPROTO_UDP, 53);
                     flush_dns_cache();
                     break;
                 }
                 puts("DNS address parameter error!");
-                exit(EXIT_FAILURE);
+                exit(ERROR_DNS_V4_ADDR);
                 break;
             case '!': // --dnsv6-addr
                 if ((inet_pton(AF_INET6, optarg, dns_temp_addr.s6_addr) == 1) &&
@@ -786,21 +821,21 @@ int main(int argc, char *argv[]) {
                     do_dnsv6_redirect = 1;
                     if (inet_pton(AF_INET6, optarg, dnsv6_addr.s6_addr) != 1) {
                         puts("DNS address parameter error!");
-                        exit(EXIT_FAILURE);
+                        exit(ERROR_DNS_V6_ADDR);
                     }
                     add_filter_str(IPPROTO_UDP, 53);
                     flush_dns_cache();
                     break;
                 }
                 puts("DNS address parameter error!");
-                exit(EXIT_FAILURE);
+                exit(ERROR_DNS_V6_ADDR);
                 break;
             case 'g': // --dns-port
                 if (!do_dnsv4_redirect) {
                     puts("--dns-port should be used with --dns-addr!\n"
                         "Make sure you use --dns-addr and pass it before "
                         "--dns-port");
-                    exit(EXIT_FAILURE);
+                    exit(ERROR_DNS_V4_PORT);
                 }
                 dnsv4_port = atousi(optarg, "DNS port parameter error!");
                 if (dnsv4_port != 53) {
@@ -813,7 +848,7 @@ int main(int argc, char *argv[]) {
                     puts("--dnsv6-port should be used with --dnsv6-addr!\n"
                         "Make sure you use --dnsv6-addr and pass it before "
                         "--dnsv6-port");
-                    exit(EXIT_FAILURE);
+                    exit(ERROR_DNS_V6_PORT);
                 }
                 dnsv6_port = atousi(optarg, "DNS port parameter error!");
                 if (dnsv6_port != 53) {
@@ -829,7 +864,7 @@ int main(int argc, char *argv[]) {
                 do_blacklist = 1;
                 if (!blackwhitelist_load_list(optarg)) {
                     printf("Can't load blacklist from file!\n");
-                    exit(EXIT_FAILURE);
+                    exit(ERROR_BLACKLIST_LOAD);
                 }
                 break;
             case ']': // --allow-no-sni
@@ -863,13 +898,13 @@ int main(int argc, char *argv[]) {
                         autottl_current = strtok(NULL, "-");
                         if (!autottl_current) {
                             puts("Set Auto TTL parameter error!");
-                            exit(EXIT_FAILURE);
+                            exit(ERROR_AUTOTTL);
                         }
                         auto_ttl_2 = atoub(autottl_current, "Set Auto TTL parameter error!");
                         autottl_current = strtok(NULL, "-");
                         if (!autottl_current) {
                             puts("Set Auto TTL parameter error!");
-                            exit(EXIT_FAILURE);
+                            exit(ERROR_AUTOTTL);
                         }
                         auto_ttl_max = atoub(autottl_current, "Set Auto TTL parameter error!");
                     }
@@ -908,6 +943,28 @@ int main(int argc, char *argv[]) {
                 else
                     max_payload_size = 1200;
                 break;
+            case 'u': // --fake-from-hex
+                if (fake_load_from_hex(optarg)) {
+                    printf("WARNING: bad fake HEX value %s\n", optarg);
+                }
+                break;
+            case 'j': // --fake-gen
+                if (fake_load_random(atoub(optarg, "Fake generator parameter error!"))) {
+                    puts("WARNING: fake generator has failed!");
+                }
+                break;
+            case 't': // --fake-resend
+                fakes_resend = atoub(optarg, "Fake resend parameter error!");
+                if (fakes_resend == 1)
+                    puts("WARNING: fake-resend is 1, no resending is in place!");
+                else if (!fakes_resend)
+                    puts("WARNING: fake-resend is 0, fake packet mode is disabled!");
+                else if (fakes_resend > 100)
+                    puts("WARNING: fake-resend value is a little too high, don't you think?");
+                break;
+            case 'x': // --debug-exit
+                debug_exit = true;
+                break;
             default:
                 puts("Usage: goodbyedpi.exe [OPTION...]\n"
                 " -p          block passive DPI\n"
@@ -953,6 +1010,13 @@ int main(int argc, char *argv[]) {
                 " --reverse-frag           fragment (split) the packets just as --native-frag, but send them in the\n"
                 "                          reversed order. Works with the websites which could not handle segmented\n"
                 "                          HTTPS TLS ClientHello (because they receive the TCP flow \"combined\").\n"
+                " --fake-from-hex <value>  Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).\n"
+                "                          This option can be supplied multiple times, in this case each fake packet\n"
+                "                          would be sent on every request in the command line argument order.\n"
+                " --fake-gen <value>       Generate random-filled fake packets for Fake Request Mode, value of them\n"
+                "                          (up to 30).\n"
+                " --fake-resend <value>    Send each fake packet value number of times.\n"
+                "                          Default: 1 (send each packet once).\n"
                 " --max-payload [value]    packets with TCP payload data more than [value] won't be processed.\n"
                 "                          Use this option to reduce CPU usage by skipping huge amount of data\n"
                 "                          (like file transfers) in already established sessions.\n"
@@ -973,7 +1037,7 @@ int main(int argc, char *argv[]) {
                 " -9          -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)\n\n"
                 "Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.\n"
                 );
-                exit(EXIT_FAILURE);
+                exit(ERROR_DEFAULT);
         }
     }
 
@@ -998,21 +1062,23 @@ int main(int argc, char *argv[]) {
            "Fragment persistent HTTP: %u\n"         /* 3 */
            "Fragment HTTPS: %u\n"                   /* 4 */
            "Fragment by SNI: %u\n"                  /* 5 */
-           "Native fragmentation (splitting): %d\n" /* 5 */
+           "Native fragmentation (splitting): %d\n" /* 6 */
-           "Fragments sending in reverse: %d\n"     /* 6 */
+           "Fragments sending in reverse: %d\n"     /* 7 */
-           "hoSt: %d\n"                             /* 7 */
+           "hoSt: %d\n"                             /* 8 */
-           "Host no space: %d\n"                    /* 8 */
+           "Host no space: %d\n"                    /* 9 */
-           "Additional space: %d\n"                 /* 9 */
+           "Additional space: %d\n"                 /* 10 */
-           "Mix Host: %d\n"                         /* 10 */
+           "Mix Host: %d\n"                         /* 11 */
-           "HTTP AllPorts: %d\n"                    /* 11 */
+           "HTTP AllPorts: %d\n"                    /* 12 */
-           "HTTP Persistent Nowait: %d\n"           /* 12 */
+           "HTTP Persistent Nowait: %d\n"           /* 13 */
-           "DNS redirect: %d\n"                     /* 13 */
+           "DNS redirect: %d\n"                     /* 14 */
-           "DNSv6 redirect: %d\n"                   /* 14 */
+           "DNSv6 redirect: %d\n"                   /* 15 */
-           "Allow missing SNI: %d\n"                /* 15 */
+           "Allow missing SNI: %d\n"                /* 16 */
-           "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n"  /* 16 */
+           "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n"  /* 17 */
-           "Fake requests, wrong checksum: %d\n"    /* 17 */
+           "Fake requests, wrong checksum: %d\n"    /* 18 */
-           "Fake requests, wrong SEQ/ACK: %d\n"     /* 18 */
+           "Fake requests, wrong SEQ/ACK: %d\n"     /* 19 */
-           "Max payload size: %hu\n",               /* 19 */
+           "Fake requests, custom payloads: %d\n"   /* 20 */
+           "Fake requests, resend: %d\n"            /* 21 */
+           "Max payload size: %hu\n",               /* 22 */
            do_passivedpi, do_block_quic,                          /* 1 */
            (do_fragment_http ? http_fragment_size : 0),           /* 2 */
            (do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
@@ -1034,7 +1100,9 @@ int main(int argc, char *argv[]) {
                do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
            do_wrong_chksum, /* 18 */
            do_wrong_seq,    /* 19 */
-           max_payload_size /* 20 */
+           fakes_count,     /* 20 */
+           fakes_resend,    /* 21 */
+           max_payload_size /* 22 */
           );
 
     if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) {
@@ -1087,7 +1155,10 @@ int main(int argc, char *argv[]) {
         if (filters[i] == NULL)
             die();
     }
-
+    if (debug_exit) {
+        printf("Debug Exit\n");
+        exit(EXIT_SUCCESS);
+    }
     printf("Filter activated, GoodbyeDPI is now running!\n");
     signal(SIGINT, sigint_handler);