history purge

Makefile

@@ -0,0 +1,21 @@
+DIRS := nfq tpws ip2net mdig
+TGT := binaries/my
+
+all:	clean
+	mkdir -p "$(TGT)"; \
+	for dir in $(DIRS); do \
+		chmod -x "$$dir/"*; \
+		$(MAKE) -C "$$dir" || exit; \
+		for exe in "$$dir/"*; do \
+			if [ -f "$$exe" ] && [ -x "$$exe" ]; then \
+				mv -f "$$exe" "${TGT}" ; \
+				ln -fs "../${TGT}/$$(basename "$$exe")" "$$exe" ; \
+			fi \
+		done \
+	done
+
+clean:
+	[ -d "$(TGT)" ] && rm -r "$(TGT)" ; \
+	for dir in $(DIRS); do \
+		$(MAKE) -C "$$dir" clean; \
+	done

config

@@ -0,0 +1,53 @@
+# this file is included from init scripts
+# change values here
+
+# can help in case /tmp has not enough space
+#TMPDIR=/opt/zapret/tmp
+
+# options for ipsets
+# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
+# too large hashsize will waste lots of RAM
+IPSET_OPT="hashsize 262144 maxelem 2097152"
+
+# options for ip2net. "-4" or "-6" auto added by ipset create script
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
+IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
+
+# CHOOSE OPERATION MODE
+# use nfqws : nfqws_ipset nfqws_ipset_https nfqws_all nfqws_all_https
+# use tpws : tpws_ipset tpws_ipset_https tpws_all tpws_all_https tpws_hostlist
+# no daemon, just ipset : ipset
+# custom mode : custom . should modify init script and add your own code
+MODE=tpws_ipset_https
+
+# CHOOSE NFQWS DAEMON OPTIONS. run "nfq/nfqws --help" for option list
+NFQWS_OPT="--wsize=3 --hostspell=HOST"
+
+# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
+DESYNC_MARK=0x40000000
+NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum --dpi-desync-fwmark=$DESYNC_MARK"
+
+# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
+TPWS_OPT_HTTP="--hostspell=HOST --split-http-req=method"
+TPWS_OPT_HTTPS="--split-pos=3"
+
+# for routers based on desktop linux only. has not effect in openwrt.
+# CHOOSE LAN and WAN NETWORK INTERFACES
+# or leave them commented if its not router
+#IFACE_LAN=eth0
+#IFACE_WAN=eth1
+
+# should init scripts apply firewall rules ?
+# set to 0 if firewall control system is present
+# openwrt uses fw3 firewall , init never touch fw
+INIT_APPLY_FW=1
+
+# do not work with ipv4
+#DISABLE_IPV4=1
+# do not work with ipv6
+DISABLE_IPV6=1
+
+# select which init script will be used to get ip or host list
+# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
+# comment if not required
+GETLIST=get_antifilter_ipsmart.sh

docs/changes.txt

@@ -0,0 +1,154 @@
+v1
+
+Initial release
+
+v2
+
+nfqws : command line options change. now using standard getopt.
+nfqws : added options for window size changing and "Host:" case change
+ISP support : tested on mns.ru and beeline (corbina)
+init scripts : rewritten init scripts for simple choise of ISP
+create_ipset : now using 'ipset restore', it works much faster
+readme : updated. now using UTF-8 charset.
+
+v3
+
+tpws : added transparent proxy (supports TPROXY and DNAT).
+       can help when ISP tracks whole HTTP session, not only the beginning
+ipset : added zapret-hosts-user.txt which contain user defined host names to be resolved
+        and added to zapret ip list
+ISP support : dom.ru support via TPROXY/DNAT
+ISP support : successfully tested sknt.ru on 'domru' configuration
+  other configs will probably also work, but cannot test
+compile : openwrt compile howto
+
+v4
+
+tpws : added ability to insert extra space after http method : "GET /" => "GET  /"
+ISP support : TKT support
+
+v5
+
+nfqws : ipv6 support in nfqws
+
+v6
+
+ipset : added "get_antizapret.sh"
+
+v7
+
+tpws : added ability to insert "." after Host: name
+
+v8
+
+openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
+
+v9
+
+ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
+	these IPs must be soxified for both http and https
+ISP support : tiera support
+ISP support : added DNS filtering to ubuntu and debian scripts
+
+v10
+
+tpws : added split-pos option. split every message at specified position
+
+v11
+
+ipset : scripts optimizations
+
+v12
+
+nfqws : fix wrong tcp checksum calculation if packet length is odd and platform is big-endian
+
+v13
+
+added binaries
+
+v14
+
+change get_antizapret script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv
+filter out 192.168.*, 127.*, 10.* from blocked ips
+
+v15
+
+added --hostspell option to nfqws and tpws
+ISP support : beeline now catches "host" but other spellings still work
+openwrt/LEDE : changed init script to work with procd
+tpws, nfqws : minor cosmetic fixes
+
+v16
+
+tpws: split-http-req=method : split inside method name, not after
+ISP support : mns.ru changed split pos to 3 (got redirect page with HEAD req : curl -I ej.ru)
+
+v17
+
+ISP support : athome moved from nfqws to tpws because of instability and http request hangs
+tpws : added options unixeol,methodeol,hosttab
+
+v18
+
+tpws,nfqws : added hostnospace option
+
+v19
+
+tpws : added hostlist option
+
+v20
+
+added ip2net. ip2net groups ips from iplist into subnets and reduces ipset size twice
+
+v21
+
+added mdig. get_reestr.sh is *real* again
+
+v22
+
+total review of init script logic
+dropped support of older debian 7 and ubuntu 12/14 systems
+install_bin.sh : auto binaries preparation
+docs: readme review. some new topics added, others deleted
+docs: VPN setup with policy based routing using wireguard
+docs: wireguard modding guide
+
+v23
+
+major init system rewrite
+openwrt : separate firewall include /etc/firewall.zapret
+install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse
+
+v24
+
+separate config from init scripts
+gzip support in ipset/*.sh and tpws
+
+v25
+
+init : move to native systemd units
+use links to units, init scripts and firewall includes, no more copying
+
+v26
+
+ipv6 support
+tpws : advanced bind options
+
+v27
+
+tpws : major connection code rewrite. originally it was derived from not top quality example , with many bugs and potential problems.
+next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state.
+
+v28
+
+tpws : added socks5 support
+ipset : major RKN getlist rewrite. added antifilter.network support
+
+v29
+
+nfqws : DPI desync attack
+ip exclude system
+
+v30
+
+nfqws : DPI desync attack modes : fake,rst

docs/compile/build_howto_openwrt.txt

@@ -0,0 +1,42 @@
+How to compile native programs for use in openwrt
+-------------------------------------------------
+
+1) <fetch correct version of openwrt>
+
+   cd ~
+
+ <chaos calmer>
+   git clone git://git.openwrt.org/15.05/openwrt.git
+ <barrier breaker>
+   git clone git://git.openwrt.org/14.07/openwrt.git
+ <trunk>
+   git clone git://git.openwrt.org/openwrt.git
+
+   cd openwrt
+
+2) ./scripts/feeds update -a
+   ./scripts/feeds install -a
+
+3) #add zapret packages to build root
+   #copy package descriptions
+   copy compile/openwrt/* to ~/openwrt
+   #copy source code of tpws
+   copy tpws to ~/openwrt/package/zapret/tpws
+   #copy source code of nfq
+   copy nfq to ~/openwrt/package/zapret/nfq
+   #copy source code of ip2net
+   copy ip2net to ~/openwrt/package/zapret/ip2net
+
+4) make menuconfig
+   #select your target architecture
+   #select packages Network/Zapret/* as "M"
+
+5) make toolchain/compile
+
+6) make package/tpws/compile
+   make package/nfqws/compile
+   make package/ip2net/compile
+   make package/mdig/compile
+
+7) find bin -name tpws*.ipk
+   #take your tpws*.ipk , nfqws*.ipk , ip2net*.ipk, mdig*.ipk from there

docs/compile/openwrt/package/zapret/ip2net/Makefile

@@ -0,0 +1,32 @@
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ip2net
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ip2net
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=ip2net
+	SUBMENU:=Zapret
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./ip2net/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS)
+endef
+
+define Package/ip2net/install
+	$(INSTALL_DIR) $(1)/opt/zapret/ip2net
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ip2net $(1)/opt/zapret/ip2net
+endef
+
+$(eval $(call BuildPackage,ip2net))
+

docs/compile/openwrt/package/zapret/ip2net/readme.txt

@@ -0,0 +1 @@
+Copy "ip2net" folder here !

docs/compile/openwrt/package/zapret/mdig/Makefile

@@ -0,0 +1,32 @@
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mdig
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mdig
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=mdig
+	SUBMENU:=Zapret
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./mdig/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS)
+endef
+
+define Package/mdig/install
+	$(INSTALL_DIR) $(1)/opt/zapret/mdig
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdig $(1)/opt/zapret/mdig
+endef
+
+$(eval $(call BuildPackage,mdig))
+

docs/compile/openwrt/package/zapret/mdig/readme.txt

@@ -0,0 +1 @@
+Copy "mdig" folder here !

docs/compile/openwrt/package/zapret/nfqws/Makefile

@@ -0,0 +1,34 @@
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nfqws
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nfqws
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=nfqws
+	SUBMENU:=Zapret
+ 	DEPENDS:=+libnetfilter-queue +libcap +zlib
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./nfq/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS)
+endef
+
+define Package/nfqws/install
+	$(INSTALL_DIR) $(1)/opt/zapret/nfq
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/nfqws $(1)/opt/zapret/nfq
+endef
+
+$(eval $(call BuildPackage,nfqws))
+
+

docs/compile/openwrt/package/zapret/nfqws/readme.txt

@@ -0,0 +1 @@
+Copy "nfq" folder here !