2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 12:54:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:test_windres
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
...
compare: 2gW94:0.2.3rc2
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

45 Commits
test_windr ... 0.2.3rc2

Author SHA1 Message Date
ValdikSS
c2784dd79e 0.2.3rc2 version 2024-09-14 23:06:36 +03:00
ValdikSS
bc95b6f598 --fake-resend option: repeat sending each fake packet number of times 2024-09-14 23:00:38 +03:00
ValdikSS
985a09c73d Print number of custom fake payloads on start 2024-09-14 22:42:56 +03:00
ValdikSS
15793fb84f --fake-gen option: generate random-filled Fake Packets 
This option is similar to fake-from-hex, but generates number of
packets with random payload.
 2024-09-14 22:35:28 +03:00
ValdikSS
f0d42129aa --fake-from-hex option: load Fake Packet from HEX data 
This option replaces built-in fake packets with the user-supplied
ones, could be used multiple times (up to 30).
Each fake packet loaded with this option is sent in command
line order, every time (on each TLS ClientHello or HTTP GET/POST).
 2024-09-14 22:34:11 +03:00
ValdikSS
83af8cc541 Update README.md 2024-08-19 19:02:04 +03:00
ValdikSS
62f2953515 Ignore all RSTs with -p 2024-08-17 18:49:43 +03:00
ValdikSS
7b66094f56 Fix help print (--help), '?' is reserved in getopt. 
Broken due to 16f2a8fb81
 2024-08-15 14:02:06 +03:00
ValdikSS
a6c7169033 Allow to add the whole root zones into blacklist. Fixes #564. 2024-08-14 17:42:05 +03:00
Viktor45
c8c596f37e add youtubeUnblock link (#551) 
updated readme with youtubeUnblock link for OpenWRT/Entware routers and Linux
 2024-08-13 20:57:49 +03:00
ValdikSS
fb552640b6 Merge pull request #533 from EgorWeders/image-base-remove-patch-1 
Removed not recommended --image-base linker param. Closes #530.
 2024-08-09 14:09:11 +03:00
EgorWeders
ed210cdf44 Removed not recommended --image-base linker param 
Tested only on windows 10 locally and in github actions image
 2024-08-09 17:36:36 +07:00
ValdikSS
dcff8389b3 Fix fox 16f2a8fb81 2024-08-08 12:59:36 +03:00
ValdikSS
9bb1bc5682 Run Github Actions on pull requests 2024-08-08 12:57:49 +03:00
EgorWeders
16f2a8fb81 Added argument --debug-exit (#512) 
* Added argument --debug-exit
 2024-08-08 12:53:01 +03:00
ValdikSS
c517169e94 Merge branch 'EgorWeders-master' 2024-08-07 17:11:08 +03:00
ValdikSS
e9ac13bcda Enum style fixes. Closes #504, #507. 2024-08-07 17:10:13 +03:00
EgorWeders
78ae517871 Changed to enum 2024-08-07 13:54:23 +00:00
EgorWeders
ed45c42c9e Added different return codes 2024-08-07 12:45:01 +00:00
ValdikSS
aab7842a76 Partial revert "Bump version to v0.2.3. Closes #429" 
This reverts commit 6b2f3cfa74.
Accidential commit of a new fake packet
 2024-08-05 14:20:52 +03:00
ValdikSS
79bda5c482 Merge branch 'quic_block' 2024-08-04 18:22:09 +03:00
Alexander Ilinykh
68bc67685f Fix incorrect zhenyolka's URL in readme.md (#478) 
* Update README.md

Fix url DPI-Tunnel-CLI

* Update README.md

fix incorrect url DPI Tunnel for Android
 2024-08-04 12:34:27 +03:00
ValdikSS
e463f4b4e5 Update feature.yml 2024-08-03 17:36:49 +03:00
ValdikSS
1a867ddf9c Update feature.yml 2024-08-03 17:36:16 +03:00
ValdikSS
7e43110f74 Update bug.yml 2024-08-03 17:27:24 +03:00
ValdikSS
abcca5ea84 Print errorcode in WinDivert error message 2024-08-02 17:47:30 +03:00
ValdikSS
74822fca16 Merge pull request #441 from glvoff/master 
FIX: Comment's indexes in printf block at main function (line 979)
 2024-08-02 16:55:21 +03:00
JijogBf
8401dfcc1a FIX: Comment's indexes in printf block at main function (line 979) 2024-08-02 16:49:19 +03:00
ValdikSS
c4bbd0b8e2 Print human-readable WinDivert error messages 2024-08-02 15:45:31 +03:00
ValdikSS
6b2f3cfa74 Bump version to v0.2.3. Closes #429 2024-08-02 14:42:48 +03:00
ValdikSS
d9bf7c3ccd Update bug.yml 2024-08-01 10:41:07 +03:00
ValdikSS
ad18fb9854 Merge pull request #383 from mdashlw/patch-1 
Update README.md
 2024-07-31 15:18:17 +03:00
mdashlw
bc82203364 Update README.md 2024-07-31 20:13:32 +08:00
ValdikSS
9bfce3156e Make mode -9 the default, instead of -5 
Auto-ttl gives many false positives in TTL detection, which breaks non-blocked websites.
Use the combination of wrong-seq and wrong-chksum and hope to the best.
Also block QUIC to workaround possible throttling, as right now it is not dissected.
 2024-07-31 14:49:15 +03:00
ValdikSS
f7362094d3 New modes: -8 and -9 
-8 is -7 with added --wrong-seq, it sends two subsequent fake packets, one with
incorrect sequence, and another one with incorrect checksum.

-9 is -8 with QUIC block.
 2024-07-31 14:49:15 +03:00
ValdikSS
f1aece75ae New mode: -7 - As -6 but with wrong chksum 2024-07-31 14:49:15 +03:00
ValdikSS
60dd3cb004 Make ClientHello ignore --max-payload limits 
Receive TLS ClientHello despite max-payload limit set, to get all
the benefits of the option (decreased CPU consumption) but still
handle all TLS connections, including Kyber.
 2024-07-31 14:49:15 +03:00
ValdikSS
d031ae65bf New option: -q - block QUIC/HTTP3 
Only Initial packet in Long Header Packets are blocked.
The packet should be at least 1200 bytes in size.
 2024-07-31 14:49:10 +03:00
ValdikSS
a1fb62ff82 Merge pull request #379 from eltociear/patch-1 
chore: update README.md
 2024-07-28 22:51:17 +03:00
Ikko Eltociear Ashimine
46e6c8f2db chore: update README.md 
resover -> resolver
 2024-07-29 00:50:56 +09:00
ValdikSS
905d3c98a6 Revert "Add Unicorn HTTPS for iOS": doesn't do anything 
This reverts commit 95c5ca81b2.
 2024-07-26 03:44:16 +03:00
ValdikSS
b08836de50 Use WinDivert 2.2.0-D for Windows 7 compatibility 2024-07-25 00:51:47 +03:00
ValdikSS
cf1f2a8674 Actions: use $GITHUB_OUTPUT instead of ::set-output 2024-07-23 07:14:35 +03:00
ValdikSS
16464646a9 Use WinDivert 2.2.2 2024-07-23 07:11:47 +03:00
ValdikSS
ba015cf44e Update Github Actions "actions" to newest versions 2024-07-23 07:11:18 +03:00
9 changed files with 350 additions and 78 deletions
Expand all files Collapse all files

21
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@@ -5,7 +5,24 @@ body:
- type: markdown
attributes:
value: |
**USE THIS FORM ONLY FOR BUGS**
### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do NOT report it here!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда, ВЫ БУДЕТЕ ЗАБАНЕНЫ!
GoodbyeDPI does not guarantee to work with your ISP for every blocked website or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it here.
Please only report software bugs, such as:
@@ -18,7 +35,7 @@ body:
Please make sure to check other opened and closed issues, it could be your bug has been reported already.
For questions, or if in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
**ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ**
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда!
GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу с каждым заблокированным сайтом. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
Пожалуйста, сообщайте только об ошибках в программе, таких как:

11
.github/ISSUE_TEMPLATE/feature.yml vendored
View File

@@ -5,8 +5,15 @@ body:
- type: markdown
attributes:
value: |
If you think of a great function or circumvention method which is missing from the program, go ahead and suggest it here.
Если вы придумали новую функцию или метод обхода, которого еще нет в программе, напишите о нем подробнее здесь.
If you think of a great function or circumvention method which is missing from the program, go ahead and suggest it here. But first make sure to search exiting tickets.
Если вы придумали новую функцию или метод обхода, которого еще нет в программе, напишите о нем подробнее здесь. Но сначала убедитесь с помощью поиска, что такого запроса еще не было.
- type: checkboxes
id: ensure
attributes:
label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
options:
- label: I've made sure there's no existing feature request / Я убедился, что такой функциональности еще никто не предлагал
required: true
- type: textarea
id: description
attributes:

21
.github/workflows/build.yml vendored
View File

@@ -4,24 +4,27 @@ on:
push:
paths:
- 'src/**'
pull_request:
paths:
- 'src/**'
workflow_dispatch:
env:
WINDIVERT_URL: https://www.reqrypt.org/download/WinDivert-2.2.0-A.zip
WINDIVERT_NAME: WinDivert-2.2.0-A.zip
WINDIVERT_BASENAME: WinDivert-2.2.0-A
WINDIVERT_SHA256: 2a7630aac0914746fbc565ac862fa096e3e54233883ac52d17c83107496b7a7f
WINDIVERT_URL: https://reqrypt.org/download/WinDivert-2.2.0-D.zip
WINDIVERT_NAME: WinDivert-2.2.0-D.zip
WINDIVERT_BASENAME: WinDivert-2.2.0-D
WINDIVERT_SHA256: 1d461cfdfa7ba88ebcfbb3603b71b703e9f72aba8aeff99a75ce293e6f89d2ba
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Declare short commit variable
id: vars
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Install MinGW-w64
run: >
@@ -31,7 +34,7 @@ jobs:
- name: Download WinDivert from cache
id: windivert-cache
uses: actions/cache@v2
uses: actions/cache@v4
with:
path: ${{ env. WINDIVERT_NAME }}
key: ${{ env. WINDIVERT_SHA256 }}
@@ -56,7 +59,7 @@ jobs:
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86_64
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
path: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
@@ -72,7 +75,7 @@ jobs:
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
- name: Upload output file x86
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
path: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}

26
README.md
View File

@@ -22,6 +22,7 @@ Download [latest version from Releases page](https://github.com/ValdikSS/Goodbye
```
Usage: goodbyedpi.exe [OPTION...]
-p block passive DPI
-q block QUIC/HTTP3
-r replace Host with hoSt
-s remove space between host header and its value
-m mix Host header case (test.com -> tEsT.cOm)
@@ -63,6 +64,13 @@ Usage: goodbyedpi.exe [OPTION...]
--reverse-frag fragment (split) the packets just as --native-frag, but send them in the
reversed order. Works with the websites which could not handle segmented
HTTPS TLS ClientHello (because they receive the TCP flow "combined").
--fake-from-hex <value> Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).
This option can be supplied multiple times, in this case each fake packet
would be sent on every request in the command line argument order.
--fake-gen <value> Generate random-filled fake packets for Fake Request Mode, value of them
(up to 30).
--fake-resend <value> Send each fake packet value number of times.
Default: 1 (send each packet once).
--max-payload [value] packets with TCP payload data more than [value] won't be processed.
Use this option to reduce CPU usage by skipping huge amount of data
(like file transfers) in already established sessions.
@@ -77,8 +85,13 @@ LEGACY modesets:
-4 -p -r -s (best speed)
Modern modesets (more stable, more compatible, faster):
-5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload (this is the default)
-5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload
-6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload
-7 -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload
-8 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload
-9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)
Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.
```
To check if your ISP's DPI could be circumvented, first make sure that your provider does not poison DNS answers by enabling "Secure DNS (DNS over HTTPS)" option in your browser.
@@ -88,7 +101,7 @@ To check if your ISP's DPI could be circumvented, first make sure that your prov
Then run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resover running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
Check the .cmd scripts and modify it according to your preference and network conditions.
@@ -135,22 +148,23 @@ Modify them according to your own needs.
# Known issues
* Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install KB3033929 [x86](https://www.microsoft.com/en-us/download/details.aspx?id=46078)/[x64](https://www.microsoft.com/en-us/download/details.aspx?id=46148), or better, update the whole system using Windows Update.
* Intel/Qualcomm Killer network cards: `Advanced Stream Detect` in Killer Control Center is incompabitle with GoodbyeDPI, [disable it](https://github.com/ValdikSS/GoodbyeDPI/issues/541#issuecomment-2296038239).
* ~~Some SSL/TLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https://github.com/ValdikSS/GoodbyeDPI/issues/4), [#64](https://github.com/ValdikSS/GoodbyeDPI/issues/64).~~ Fragmentation issues are fixed in v0.1.7.
* ~~ESET Antivirus is incompatible with WinDivert driver [#91](https://github.com/ValdikSS/GoodbyeDPI/issues/91). This is most probably antivirus bug, not WinDivert.~~
# Similar projects
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for Linux)
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for MacOS, Linux and Windows)
- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)
- **[DPI Tunnel CLI](https://github.com/zhenyolka/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
- **[DPI Tunnel for Android](https://github.com/zhenyolka/DPITunnel-android)** by @zhenyolka (for Android)
- **[DPI Tunnel CLI](https://github.com/nomoresat/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
- **[DPI Tunnel for Android](https://github.com/nomoresat/DPITunnel-android)** by @zhenyolka (for Android)
- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux)
- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android)
- **[SpoofDPI](https://github.com/xvzc/SpoofDPI)** by @xvzc (for macOS and Linux)
- **[GhosTCP](https://github.com/macronut/ghostcp)** by @macronut (for Windows)
- **[ByeDPI](https://github.com/hufrea/byedpi)** for Linux/Windows + **[ByeDPIAndroid](https://github.com/dovecoteescapee/ByeDPIAndroid/)** for Android (no root)
- **[Unicorn HTTPS](https://apps.apple.com/kr/app/unicorn-https/id1466584968?l=en)** for iOS
- **[youtubeUnblock](https://github.com/Waujito/youtubeUnblock/)** by @Waujito (for OpenWRT/Entware routers and Linux)
# Kudos

2
src/Makefile
View File

@@ -27,7 +27,7 @@ CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
-Wfloat-equal -Wcast-align -Wsign-conversion \
#-fstack-protector-strong
LDFLAGS = -fstack-protector -Wl,-O1,-pie,--dynamicbase,--nxcompat,--sort-common,--as-needed \
-Wl,--image-base,0x140000000 -Wl,--disable-auto-image-base
-Wl,--disable-auto-image-base
ifdef BIT64
LDFLAGS += -Wl,--high-entropy-va -Wl,--pic-executable,-e,mainCRTStartup

7
src/blackwhitelist.c
View File

@@ -70,8 +70,8 @@ int blackwhitelist_load_list(const char *filename) {
line);
continue;
}
if (strlen(line) < 3) {
printf("WARNING: host %s is less than 3 bytes, skipping\n", line);
if (strlen(line) < 2) {
printf("WARNING: host %s is less than 2 characters, skipping\n", line);
continue;
}
if (add_hostname(line))
@@ -99,8 +99,7 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
tokenized_host = strchr(current_host, '.');
while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
/* Search hostname only if there is next token */
if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1))
if (check_get_hostname(tokenized_host + 1))
return TRUE;
tokenized_host = strchr(tokenized_host + 1, '.');
}

134
src/fakepackets.c
View File

@@ -1,5 +1,7 @@
#include <stdio.h>
#define _CRT_RAND_S
#include <stdlib.h>
#include <stdbool.h>
#include <ctype.h>
#include <unistd.h>
#include <in6addr.h>
@@ -7,6 +9,15 @@
#include "windivert.h"
#include "goodbyedpi.h"
struct fake_t {
const unsigned char* data;
size_t size;
};
static struct fake_t *fakes[30] = {0};
int fakes_count = 0;
int fakes_resend = 1;
static const unsigned char fake_http_request[] = "GET / HTTP/1.1\r\nHost: www.w3.org\r\n"
"User-Agent: curl/7.65.3\r\nAccept: */*\r\n"
"Accept-Encoding: deflate, gzip, br\r\n\r\n";
@@ -54,7 +65,8 @@ static int send_fake_data(const HANDLE w_filter,
const BOOL is_https,
const BYTE set_ttl,
const BYTE set_checksum,
const BYTE set_seq
const BYTE set_seq,
const struct fake_t *fake_data
) {
char packet_fake[MAX_PACKET_SIZE];
WINDIVERT_ADDRESS addr_new;
@@ -66,6 +78,10 @@ static int send_fake_data(const HANDLE w_filter,
PWINDIVERT_TCPHDR ppTcpHdr;
unsigned const char *fake_request_data = is_https ? fake_https_request : fake_http_request;
UINT fake_request_size = is_https ? sizeof(fake_https_request) : sizeof(fake_http_request) - 1;
if (fake_data) {
fake_request_data = fake_data->data;
fake_request_size = fake_data->size;
}
memcpy(&addr_new, addr, sizeof(WINDIVERT_ADDRESS));
memcpy(packet_fake, pkt, packetLen);
@@ -148,22 +164,26 @@ static int send_fake_request(const HANDLE w_filter,
const BOOL is_https,
const BYTE set_ttl,
const BYTE set_checksum,
const BYTE set_seq
const BYTE set_seq,
const struct fake_t *fake_data
) {
if (set_ttl) {
send_fake_data(w_filter, addr, pkt, packetLen,
is_ipv6, is_https,
set_ttl, FALSE, FALSE);
set_ttl, FALSE, FALSE,
fake_data);
}
if (set_checksum) {
send_fake_data(w_filter, addr, pkt, packetLen,
is_ipv6, is_https,
FALSE, set_checksum, FALSE);
FALSE, set_checksum, FALSE,
fake_data);
}
if (set_seq) {
send_fake_data(w_filter, addr, pkt, packetLen,
is_ipv6, is_https,
FALSE, FALSE, set_seq);
FALSE, FALSE, set_seq,
fake_data);
}
return 0;
}
@@ -177,9 +197,18 @@ int send_fake_http_request(const HANDLE w_filter,
const BYTE set_checksum,
const BYTE set_seq
) {
return send_fake_request(w_filter, addr, pkt, packetLen,
int ret = 0;
for (int i=0; i<fakes_count || i == 0; i++) {
for (int j=0; j<fakes_resend; j++)
if (send_fake_request(w_filter, addr, pkt, packetLen,
is_ipv6, FALSE,
set_ttl, set_checksum, set_seq);
set_ttl, set_checksum, set_seq,
fakes[i]))
{
ret++;
}
}
return ret;
}
int send_fake_https_request(const HANDLE w_filter,
@@ -191,7 +220,94 @@ int send_fake_https_request(const HANDLE w_filter,
const BYTE set_checksum,
const BYTE set_seq
) {
return send_fake_request(w_filter, addr, pkt, packetLen,
int ret = 0;
for (int i=0; i<fakes_count || i == 0; i++) {
for (int j=0; j<fakes_resend; j++)
if (send_fake_request(w_filter, addr, pkt, packetLen,
is_ipv6, TRUE,
set_ttl, set_checksum, set_seq);
set_ttl, set_checksum, set_seq,
fakes[i]))
{
ret++;
}
}
return ret;
}
static int fake_add(const unsigned char *data, size_t size) {
struct fake_t *fake = malloc(sizeof(struct fake_t));
fake->size = size;
fake->data = data;
for (size_t k = 0; k <= sizeof(fakes) / sizeof(*fakes); k++) {
if (!fakes[k]) {
fakes[k] = fake;
fakes_count++;
return 0;
}
}
return 3;
}
int fake_load_from_hex(const char *data) {
size_t len = strlen(data);
if (len < 2 || len % 2 || len > 1420)
return 1;
unsigned char *finaldata = calloc((len + 2) / 2, 1);
for (size_t i = 0; i<len - 1; i+=2) {
char num1 = data[i];
char num2 = data[i+1];
debug("Current num1: %X, num2: %X\n", num1, num2);
unsigned char finalchar = 0;
char curchar = num1;
for (int j=0; j<=1; j++) {
if (curchar >= '0' && curchar <= '9')
curchar -= '0';
else if (curchar >= 'a' && curchar <= 'f')
curchar -= 'a' - 0xA;
else if (curchar >= 'A' && curchar <= 'F')
curchar -= 'A' - 0xA;
else
return 2; // incorrect character, not a hex data
if (!j) {
num1 = curchar;
curchar = num2;
continue;
}
num2 = curchar;
}
debug("Processed num1: %X, num2: %X\n", num1, num2);
finalchar = (num1 << 4) | num2;
debug("Final char: %X\n", finalchar);
finaldata[i/2] = finalchar;
}
return fake_add(finaldata, len / 2);
}
int fake_load_random(unsigned int count, unsigned int maxsize) {
if (count < 1 || count > sizeof(fakes) / sizeof(*fakes))
return 1;
unsigned int random = 0;
for (unsigned int i=0; i<count; i++) {
unsigned int len = 0;
if (rand_s(&len))
return 1;
len = 8 + (len % maxsize);
unsigned char *data = calloc(len, 1);
for (unsigned int j=0; j<len; j++) {
rand_s(&random);
data[j] = random % 0xFF;
}
if (fake_add(data, len))
return 2;
}
return 0;
}

2
src/fakepackets.h
View File

@@ -1,3 +1,5 @@
extern int fakes_count;
extern int fakes_resend;
int send_fake_http_request(const HANDLE w_filter,
const PWINDIVERT_ADDRESS addr,
const char *pkt,

200
src/goodbyedpi.c
View File

@@ -4,6 +4,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <ctype.h>
#include <signal.h>
#include <unistd.h>
@@ -23,7 +24,7 @@
// My mingw installation does not load inet_pton definition for some reason
WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pAddr);
#define GOODBYEDPI_VERSION "v0.2.2"
#define GOODBYEDPI_VERSION "v0.2.3rc2"
#define die() do { sleep(20); exit(EXIT_FAILURE); } while (0)
@@ -78,9 +79,12 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and " \
"(" DIVERT_NO_LOCALNETSv4_DST " or " DIVERT_NO_LOCALNETSv6_DST "))" \
"))"
#define FILTER_PASSIVE_BLOCK_QUIC "outbound and !impostor and !loopback and udp " \
"and udp.DstPort == 443 and udp.PayloadLength >= 1200 " \
"and udp.Payload[0] >= 0xC0 and udp.Payload32[1b] == 0x01"
#define FILTER_PASSIVE_STRING_TEMPLATE "inbound and ip and tcp and " \
"!impostor and !loopback and " \
"((ip.Id <= 0xF and ip.Id >= 0x0) " IPID_TEMPLATE ") and " \
"(true " IPID_TEMPLATE ") and " \
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and " \
DIVERT_NO_LOCALNETSv4_SRC
@@ -131,6 +135,18 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
ttl_of_fake_packet, do_wrong_chksum, do_wrong_seq); \
} while (0)
enum ERROR_CODE{
ERROR_DEFAULT = 1,
ERROR_PORT_BOUNDS,
ERROR_DNS_V4_ADDR,
ERROR_DNS_V6_ADDR,
ERROR_DNS_V4_PORT,
ERROR_DNS_V6_PORT,
ERROR_BLACKLIST_LOAD,
ERROR_AUTOTTL,
ERROR_ATOUSI,
ERROR_AUTOB
};
static int running_from_service = 0;
static int exiting = 0;
@@ -172,6 +188,10 @@ static struct option long_options[] = {
{"native-frag", no_argument, 0, '*' },
{"reverse-frag",no_argument, 0, '(' },
{"max-payload", optional_argument, 0, '|' },
{"fake-from-hex", required_argument, 0, 'u' },
{"fake-gen", required_argument, 0, 'j' },
{"fake-resend", required_argument, 0, 't' },
{"debug-exit", optional_argument, 0, 'x' },
{0, 0, 0, 0 }
};
@@ -218,7 +238,10 @@ static void add_ip_id_str(int id) {
static void add_maxpayloadsize_str(unsigned short maxpayload) {
char *newstr;
/* 0x47455420 is "GET ", 0x504F5354 is "POST", big endian. */
const char *maxpayloadsize_str = "and (tcp.PayloadLength ? tcp.PayloadLength < %hu or tcp.Payload32[0] == 0x47455420 or tcp.Payload32[0] == 0x504F5354 : true)";
const char *maxpayloadsize_str =
"and (tcp.PayloadLength ? tcp.PayloadLength < %hu " \
"or tcp.Payload32[0] == 0x47455420 or tcp.Payload32[0] == 0x504F5354 " \
"or (tcp.Payload[0] == 0x16 and tcp.Payload[1] == 0x03 and tcp.Payload[2] <= 0x03): true)";
char *addfilter = malloc(strlen(maxpayloadsize_str) + 16);
sprintf(addfilter, maxpayloadsize_str, maxpayload);
@@ -264,7 +287,7 @@ unsigned short int atousi(const char *str, const char *msg) {
if(res > limitValue) {
puts(msg);
exit(EXIT_FAILURE);
exit(ERROR_ATOUSI);
}
return (unsigned short int)res;
}
@@ -277,7 +300,7 @@ BYTE atoub(const char *str, const char *msg) {
if(res > limitValue) {
puts(msg);
exit(EXIT_FAILURE);
exit(ERROR_AUTOB);
}
return (BYTE)res;
}
@@ -294,10 +317,27 @@ static HANDLE init(char *filter, UINT64 flags) {
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, errorcode, MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
(LPTSTR)&errormessage, 0, NULL);
printf("Error opening filter: %s", errormessage);
printf("Error opening filter: %d %s\n", errorcode, errormessage);
LocalFree(errormessage);
if (errorcode == 577)
printf("Windows Server 2016 systems must have secure boot disabled to be "
if (errorcode == 2)
printf("The driver files WinDivert32.sys or WinDivert64.sys were not found.\n");
else if (errorcode == 654)
printf("An incompatible version of the WinDivert driver is currently loaded.\n"
"Please unload it with the following commands ran as administrator:\n\n"
"sc stop windivert\n"
"sc delete windivert\n"
"sc stop windivert14"
"sc delete windivert14\n");
else if (errorcode == 1275)
printf("This error occurs for various reasons, including:\n"
"the WinDivert driver is blocked by security software; or\n"
"you are using a virtualization environment that does not support drivers.\n");
else if (errorcode == 1753)
printf("This error occurs when the Base Filtering Engine service has been disabled.\n"
"Enable Base Filtering Engine service.\n");
else if (errorcode == 577)
printf("Could not load driver due to invalid digital signature.\n"
"Windows Server 2016 systems must have secure boot disabled to be \n"
"able to load WinDivert driver.\n"
"Windows 7 systems must be up-to-date or at least have KB3033929 installed.\n"
"https://www.microsoft.com/en-us/download/details.aspx?id=46078\n\n"
@@ -542,6 +582,7 @@ int main(int argc, char *argv[]) {
ipv4_tcp, ipv4_tcp_data, ipv4_udp_data,
ipv6_tcp, ipv6_tcp_data, ipv6_udp_data
} packet_type;
bool debug_exit = false;
int i, should_reinject, should_recalc_checksum = 0;
int sni_ok = 0;
int opt;
@@ -559,7 +600,8 @@ int main(int argc, char *argv[]) {
conntrack_info_t dns_conn_info;
tcp_conntrack_info_t tcp_conn_info;
int do_passivedpi = 0, do_fragment_http = 0,
int do_passivedpi = 0, do_block_quic = 0,
do_fragment_http = 0,
do_fragment_http_persistent = 0,
do_fragment_http_persistent_nowait = 0,
do_fragment_https = 0, do_host = 0,
@@ -631,17 +673,19 @@ int main(int argc, char *argv[]) {
);
if (argc == 1) {
/* enable mode -5 by default */
/* enable mode -9 by default */
do_fragment_http = do_fragment_https = 1;
do_reverse_frag = do_native_frag = 1;
http_fragment_size = https_fragment_size = 2;
do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1;
do_fake_packet = 1;
do_auto_ttl = 1;
do_wrong_chksum = 1;
do_wrong_seq = 1;
do_block_quic = 1;
max_payload_size = 1200;
}
while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) {
while ((opt = getopt_long(argc, argv, "123456789pqrsaf:e:mwk:n", long_options, NULL)) != -1) {
switch (opt) {
case '1':
do_passivedpi = do_host = do_host_removespace \
@@ -682,9 +726,27 @@ int main(int argc, char *argv[]) {
do_wrong_seq = 1;
max_payload_size = 1200;
break;
case '9': // +7+8
do_block_quic = 1;
// fall through
case '8': // +7
do_wrong_seq = 1;
// fall through
case '7':
do_fragment_http = do_fragment_https = 1;
do_reverse_frag = do_native_frag = 1;
http_fragment_size = https_fragment_size = 2;
do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1;
do_fake_packet = 1;
do_wrong_chksum = 1;
max_payload_size = 1200;
break;
case 'p':
do_passivedpi = 1;
break;
case 'q':
do_block_quic = 1;
break;
case 'r':
do_host = 1;
break;
@@ -724,7 +786,7 @@ int main(int argc, char *argv[]) {
i = atoi(optarg);
if (i <= 0 || i > 65535) {
printf("Port parameter error!\n");
exit(EXIT_FAILURE);
exit(ERROR_PORT_BOUNDS);
}
if (i != 80 && i != 443)
add_filter_str(IPPROTO_TCP, i);
@@ -743,14 +805,14 @@ int main(int argc, char *argv[]) {
do_dnsv4_redirect = 1;
if (inet_pton(AF_INET, optarg, &dnsv4_addr) != 1) {
puts("DNS address parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V4_ADDR);
}
add_filter_str(IPPROTO_UDP, 53);
flush_dns_cache();
break;
}
puts("DNS address parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V4_ADDR);
break;
case '!': // --dnsv6-addr
if ((inet_pton(AF_INET6, optarg, dns_temp_addr.s6_addr) == 1) &&
@@ -759,21 +821,21 @@ int main(int argc, char *argv[]) {
do_dnsv6_redirect = 1;
if (inet_pton(AF_INET6, optarg, dnsv6_addr.s6_addr) != 1) {
puts("DNS address parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V6_ADDR);
}
add_filter_str(IPPROTO_UDP, 53);
flush_dns_cache();
break;
}
puts("DNS address parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V6_ADDR);
break;
case 'g': // --dns-port
if (!do_dnsv4_redirect) {
puts("--dns-port should be used with --dns-addr!\n"
"Make sure you use --dns-addr and pass it before "
"--dns-port");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V4_PORT);
}
dnsv4_port = atousi(optarg, "DNS port parameter error!");
if (dnsv4_port != 53) {
@@ -786,7 +848,7 @@ int main(int argc, char *argv[]) {
puts("--dnsv6-port should be used with --dnsv6-addr!\n"
"Make sure you use --dnsv6-addr and pass it before "
"--dnsv6-port");
exit(EXIT_FAILURE);
exit(ERROR_DNS_V6_PORT);
}
dnsv6_port = atousi(optarg, "DNS port parameter error!");
if (dnsv6_port != 53) {
@@ -802,7 +864,7 @@ int main(int argc, char *argv[]) {
do_blacklist = 1;
if (!blackwhitelist_load_list(optarg)) {
printf("Can't load blacklist from file!\n");
exit(EXIT_FAILURE);
exit(ERROR_BLACKLIST_LOAD);
}
break;
case ']': // --allow-no-sni
@@ -836,13 +898,13 @@ int main(int argc, char *argv[]) {
autottl_current = strtok(NULL, "-");
if (!autottl_current) {
puts("Set Auto TTL parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_AUTOTTL);
}
auto_ttl_2 = atoub(autottl_current, "Set Auto TTL parameter error!");
autottl_current = strtok(NULL, "-");
if (!autottl_current) {
puts("Set Auto TTL parameter error!");
exit(EXIT_FAILURE);
exit(ERROR_AUTOTTL);
}
auto_ttl_max = atoub(autottl_current, "Set Auto TTL parameter error!");
}
@@ -881,9 +943,32 @@ int main(int argc, char *argv[]) {
else
max_payload_size = 1200;
break;
case 'u': // --fake-from-hex
if (fake_load_from_hex(optarg)) {
printf("WARNING: bad fake HEX value %s\n", optarg);
}
break;
case 'j': // --fake-gen
if (fake_load_random(atoub(optarg, "Fake generator parameter error!"))) {
puts("WARNING: fake generator has failed!");
}
break;
case 't': // --fake-resend
fakes_resend = atoub(optarg, "Fake resend parameter error!");
if (fakes_resend == 1)
puts("WARNING: fake-resend is 1, no resending is in place!");
else if (!fakes_resend)
puts("WARNING: fake-resend is 0, fake packet mode is disabled!");
else if (fakes_resend > 100)
puts("WARNING: fake-resend value is a little too high, don't you think?");
break;
case 'x': // --debug-exit
debug_exit = true;
break;
default:
puts("Usage: goodbyedpi.exe [OPTION...]\n"
" -p block passive DPI\n"
" -q block QUIC/HTTP3\n"
" -r replace Host with hoSt\n"
" -s remove space between host header and its value\n"
" -a additional space between Method and Request-URI (enables -s, may break sites)\n"
@@ -925,6 +1010,13 @@ int main(int argc, char *argv[]) {
" --reverse-frag fragment (split) the packets just as --native-frag, but send them in the\n"
" reversed order. Works with the websites which could not handle segmented\n"
" HTTPS TLS ClientHello (because they receive the TCP flow \"combined\").\n"
" --fake-from-hex <value> Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).\n"
" This option can be supplied multiple times, in this case each fake packet\n"
" would be sent on every request in the command line argument order.\n"
" --fake-gen <value> Generate random-filled fake packets for Fake Request Mode, value of them\n"
" (up to 30).\n"
" --fake-resend <value> Send each fake packet value number of times.\n"
" Default: 1 (send each packet once).\n"
" --max-payload [value] packets with TCP payload data more than [value] won't be processed.\n"
" Use this option to reduce CPU usage by skipping huge amount of data\n"
" (like file transfers) in already established sessions.\n"
@@ -938,9 +1030,14 @@ int main(int argc, char *argv[]) {
" -4 -p -r -s (best speed)"
"\n"
"Modern modesets (more stable, more compatible, faster):\n"
" -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload (this is the default)\n"
" -6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload\n");
exit(EXIT_FAILURE);
" -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload\n"
" -6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload\n"
" -7 -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload\n"
" -8 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload\n"
" -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)\n\n"
"Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.\n"
);
exit(ERROR_DEFAULT);
}
}
@@ -960,26 +1057,29 @@ int main(int argc, char *argv[]) {
}
printf("Block passive: %d\n" /* 1 */
"Block QUIC/HTTP3: %d\n" /* 1 */
"Fragment HTTP: %u\n" /* 2 */
"Fragment persistent HTTP: %u\n" /* 3 */
"Fragment HTTPS: %u\n" /* 4 */
"Fragment by SNI: %u\n" /* 5 */
"Native fragmentation (splitting): %d\n" /* 5 */
"Fragments sending in reverse: %d\n" /* 6 */
"hoSt: %d\n" /* 7 */
"Host no space: %d\n" /* 8 */
"Additional space: %d\n" /* 9 */
"Mix Host: %d\n" /* 10 */
"HTTP AllPorts: %d\n" /* 11 */
"HTTP Persistent Nowait: %d\n" /* 12 */
"DNS redirect: %d\n" /* 13 */
"DNSv6 redirect: %d\n" /* 14 */
"Allow missing SNI: %d\n" /* 15 */
"Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 16 */
"Fake requests, wrong checksum: %d\n" /* 17 */
"Fake requests, wrong SEQ/ACK: %d\n" /* 18 */
"Max payload size: %hu\n", /* 19 */
do_passivedpi, /* 1 */
"Native fragmentation (splitting): %d\n" /* 6 */
"Fragments sending in reverse: %d\n" /* 7 */
"hoSt: %d\n" /* 8 */
"Host no space: %d\n" /* 9 */
"Additional space: %d\n" /* 10 */
"Mix Host: %d\n" /* 11 */
"HTTP AllPorts: %d\n" /* 12 */
"HTTP Persistent Nowait: %d\n" /* 13 */
"DNS redirect: %d\n" /* 14 */
"DNSv6 redirect: %d\n" /* 15 */
"Allow missing SNI: %d\n" /* 16 */
"Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 17 */
"Fake requests, wrong checksum: %d\n" /* 18 */
"Fake requests, wrong SEQ/ACK: %d\n" /* 19 */
"Fake requests, custom payloads: %d\n" /* 20 */
"Fake requests, resend: %d\n" /* 21 */
"Max payload size: %hu\n", /* 22 */
do_passivedpi, do_block_quic, /* 1 */
(do_fragment_http ? http_fragment_size : 0), /* 2 */
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
(do_fragment_https ? https_fragment_size : 0), /* 4 */
@@ -1000,7 +1100,9 @@ int main(int argc, char *argv[]) {
do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
do_wrong_chksum, /* 18 */
do_wrong_seq, /* 19 */
max_payload_size /* 20 */
fakes_count, /* 20 */
fakes_resend, /* 21 */
max_payload_size /* 22 */
);
if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) {
@@ -1031,6 +1133,15 @@ int main(int argc, char *argv[]) {
filter_num++;
}
if (do_block_quic) {
filters[filter_num] = init(
FILTER_PASSIVE_BLOCK_QUIC,
WINDIVERT_FLAG_DROP);
if (filters[filter_num] == NULL)
die();
filter_num++;
}
/*
* IPv4 & IPv6 filter for inbound HTTP redirection packets and
* active DPI circumvention
@@ -1044,7 +1155,10 @@ int main(int argc, char *argv[]) {
if (filters[i] == NULL)
die();
}
if (debug_exit) {
printf("Debug Exit\n");
exit(EXIT_SUCCESS);
}
printf("Filter activated, GoodbyeDPI is now running!\n");
signal(SIGINT, sigint_handler);