Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit ae2b6d1
Showing
117 changed files
with
14,137 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
DIRS := nfq tpws ip2net mdig | ||
TGT := binaries/my | ||
|
||
all: clean | ||
mkdir -p "$(TGT)"; \ | ||
for dir in $(DIRS); do \ | ||
chmod -x "$$dir/"*; \ | ||
$(MAKE) -C "$$dir" || exit; \ | ||
for exe in "$$dir/"*; do \ | ||
if [ -f "$$exe" ] && [ -x "$$exe" ]; then \ | ||
mv -f "$$exe" "${TGT}" ; \ | ||
ln -fs "../${TGT}/$$(basename "$$exe")" "$$exe" ; \ | ||
fi \ | ||
done \ | ||
done | ||
|
||
clean: | ||
[ -d "$(TGT)" ] && rm -r "$(TGT)" ; \ | ||
for dir in $(DIRS); do \ | ||
$(MAKE) -C "$$dir" clean; \ | ||
done |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# this file is included from init scripts | ||
# change values here | ||
|
||
# can help in case /tmp has not enough space | ||
#TMPDIR=/opt/zapret/tmp | ||
|
||
# options for ipsets | ||
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough | ||
# too large hashsize will waste lots of RAM | ||
IPSET_OPT="hashsize 262144 maxelem 2097152" | ||
|
||
# options for ip2net. "-4" or "-6" auto added by ipset create script | ||
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" | ||
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" | ||
|
||
# CHOOSE OPERATION MODE | ||
# use nfqws : nfqws_ipset nfqws_ipset_https nfqws_all nfqws_all_https | ||
# use tpws : tpws_ipset tpws_ipset_https tpws_all tpws_all_https tpws_hostlist | ||
# no daemon, just ipset : ipset | ||
# custom mode : custom . should modify init script and add your own code | ||
MODE=tpws_ipset_https | ||
|
||
# CHOOSE NFQWS DAEMON OPTIONS. run "nfq/nfqws --help" for option list | ||
NFQWS_OPT="--wsize=3 --hostspell=HOST" | ||
|
||
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list | ||
DESYNC_MARK=0x40000000 | ||
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-fooling=badsum --dpi-desync-fwmark=$DESYNC_MARK" | ||
|
||
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list | ||
TPWS_OPT_HTTP="--hostspell=HOST --split-http-req=method" | ||
TPWS_OPT_HTTPS="--split-pos=3" | ||
|
||
# for routers based on desktop linux only. has not effect in openwrt. | ||
# CHOOSE LAN and WAN NETWORK INTERFACES | ||
# or leave them commented if its not router | ||
#IFACE_LAN=eth0 | ||
#IFACE_WAN=eth1 | ||
|
||
# should init scripts apply firewall rules ? | ||
# set to 0 if firewall control system is present | ||
# openwrt uses fw3 firewall , init never touch fw | ||
INIT_APPLY_FW=1 | ||
|
||
# do not work with ipv4 | ||
#DISABLE_IPV4=1 | ||
# do not work with ipv6 | ||
DISABLE_IPV6=1 | ||
|
||
# select which init script will be used to get ip or host list | ||
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh | ||
# comment if not required | ||
GETLIST=get_antifilter_ipsmart.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
v1 | ||
|
||
Initial release | ||
|
||
v2 | ||
|
||
nfqws : command line options change. now using standard getopt. | ||
nfqws : added options for window size changing and "Host:" case change | ||
ISP support : tested on mns.ru and beeline (corbina) | ||
init scripts : rewritten init scripts for simple choise of ISP | ||
create_ipset : now using 'ipset restore', it works much faster | ||
readme : updated. now using UTF-8 charset. | ||
|
||
v3 | ||
|
||
tpws : added transparent proxy (supports TPROXY and DNAT). | ||
can help when ISP tracks whole HTTP session, not only the beginning | ||
ipset : added zapret-hosts-user.txt which contain user defined host names to be resolved | ||
and added to zapret ip list | ||
ISP support : dom.ru support via TPROXY/DNAT | ||
ISP support : successfully tested sknt.ru on 'domru' configuration | ||
other configs will probably also work, but cannot test | ||
compile : openwrt compile howto | ||
|
||
v4 | ||
|
||
tpws : added ability to insert extra space after http method : "GET /" => "GET /" | ||
ISP support : TKT support | ||
|
||
v5 | ||
|
||
nfqws : ipv6 support in nfqws | ||
|
||
v6 | ||
|
||
ipset : added "get_antizapret.sh" | ||
|
||
v7 | ||
|
||
tpws : added ability to insert "." after Host: name | ||
|
||
v8 | ||
|
||
openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user | ||
|
||
v9 | ||
|
||
ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt | ||
these IPs must be soxified for both http and https | ||
ISP support : tiera support | ||
ISP support : added DNS filtering to ubuntu and debian scripts | ||
|
||
v10 | ||
|
||
tpws : added split-pos option. split every message at specified position | ||
|
||
v11 | ||
|
||
ipset : scripts optimizations | ||
|
||
v12 | ||
|
||
nfqws : fix wrong tcp checksum calculation if packet length is odd and platform is big-endian | ||
|
||
v13 | ||
|
||
added binaries | ||
|
||
v14 | ||
|
||
change get_antizapret script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv | ||
filter out 192.168.*, 127.*, 10.* from blocked ips | ||
|
||
v15 | ||
|
||
added --hostspell option to nfqws and tpws | ||
ISP support : beeline now catches "host" but other spellings still work | ||
openwrt/LEDE : changed init script to work with procd | ||
tpws, nfqws : minor cosmetic fixes | ||
|
||
v16 | ||
|
||
tpws: split-http-req=method : split inside method name, not after | ||
ISP support : mns.ru changed split pos to 3 (got redirect page with HEAD req : curl -I ej.ru) | ||
|
||
v17 | ||
|
||
ISP support : athome moved from nfqws to tpws because of instability and http request hangs | ||
tpws : added options unixeol,methodeol,hosttab | ||
|
||
v18 | ||
|
||
tpws,nfqws : added hostnospace option | ||
|
||
v19 | ||
|
||
tpws : added hostlist option | ||
|
||
v20 | ||
|
||
added ip2net. ip2net groups ips from iplist into subnets and reduces ipset size twice | ||
|
||
v21 | ||
|
||
added mdig. get_reestr.sh is *real* again | ||
|
||
v22 | ||
|
||
total review of init script logic | ||
dropped support of older debian 7 and ubuntu 12/14 systems | ||
install_bin.sh : auto binaries preparation | ||
docs: readme review. some new topics added, others deleted | ||
docs: VPN setup with policy based routing using wireguard | ||
docs: wireguard modding guide | ||
|
||
v23 | ||
|
||
major init system rewrite | ||
openwrt : separate firewall include /etc/firewall.zapret | ||
install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse | ||
|
||
v24 | ||
|
||
separate config from init scripts | ||
gzip support in ipset/*.sh and tpws | ||
|
||
v25 | ||
|
||
init : move to native systemd units | ||
use links to units, init scripts and firewall includes, no more copying | ||
|
||
v26 | ||
|
||
ipv6 support | ||
tpws : advanced bind options | ||
|
||
v27 | ||
|
||
tpws : major connection code rewrite. originally it was derived from not top quality example , with many bugs and potential problems. | ||
next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state. | ||
|
||
v28 | ||
|
||
tpws : added socks5 support | ||
ipset : major RKN getlist rewrite. added antifilter.network support | ||
|
||
v29 | ||
|
||
nfqws : DPI desync attack | ||
ip exclude system | ||
|
||
v30 | ||
|
||
nfqws : DPI desync attack modes : fake,rst |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
How to compile native programs for use in openwrt | ||
------------------------------------------------- | ||
|
||
1) <fetch correct version of openwrt> | ||
|
||
cd ~ | ||
|
||
<chaos calmer> | ||
git clone git://git.openwrt.org/15.05/openwrt.git | ||
<barrier breaker> | ||
git clone git://git.openwrt.org/14.07/openwrt.git | ||
<trunk> | ||
git clone git://git.openwrt.org/openwrt.git | ||
|
||
cd openwrt | ||
|
||
2) ./scripts/feeds update -a | ||
./scripts/feeds install -a | ||
|
||
3) #add zapret packages to build root | ||
#copy package descriptions | ||
copy compile/openwrt/* to ~/openwrt | ||
#copy source code of tpws | ||
copy tpws to ~/openwrt/package/zapret/tpws | ||
#copy source code of nfq | ||
copy nfq to ~/openwrt/package/zapret/nfq | ||
#copy source code of ip2net | ||
copy ip2net to ~/openwrt/package/zapret/ip2net | ||
|
||
4) make menuconfig | ||
#select your target architecture | ||
#select packages Network/Zapret/* as "M" | ||
|
||
5) make toolchain/compile | ||
|
||
6) make package/tpws/compile | ||
make package/nfqws/compile | ||
make package/ip2net/compile | ||
make package/mdig/compile | ||
|
||
7) find bin -name tpws*.ipk | ||
#take your tpws*.ipk , nfqws*.ipk , ip2net*.ipk, mdig*.ipk from there |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# | ||
|
||
include $(TOPDIR)/rules.mk | ||
|
||
PKG_NAME:=ip2net | ||
PKG_RELEASE:=1 | ||
|
||
include $(INCLUDE_DIR)/package.mk | ||
|
||
define Package/ip2net | ||
SECTION:=net | ||
CATEGORY:=Network | ||
TITLE:=ip2net | ||
SUBMENU:=Zapret | ||
endef | ||
|
||
define Build/Prepare | ||
mkdir -p $(PKG_BUILD_DIR) | ||
$(CP) ./ip2net/* $(PKG_BUILD_DIR)/ | ||
endef | ||
|
||
define Build/Compile | ||
$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS) | ||
endef | ||
|
||
define Package/ip2net/install | ||
$(INSTALL_DIR) $(1)/opt/zapret/ip2net | ||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ip2net $(1)/opt/zapret/ip2net | ||
endef | ||
|
||
$(eval $(call BuildPackage,ip2net)) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Copy "ip2net" folder here ! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# | ||
|
||
include $(TOPDIR)/rules.mk | ||
|
||
PKG_NAME:=mdig | ||
PKG_RELEASE:=1 | ||
|
||
include $(INCLUDE_DIR)/package.mk | ||
|
||
define Package/mdig | ||
SECTION:=net | ||
CATEGORY:=Network | ||
TITLE:=mdig | ||
SUBMENU:=Zapret | ||
endef | ||
|
||
define Build/Prepare | ||
mkdir -p $(PKG_BUILD_DIR) | ||
$(CP) ./mdig/* $(PKG_BUILD_DIR)/ | ||
endef | ||
|
||
define Build/Compile | ||
$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS) | ||
endef | ||
|
||
define Package/mdig/install | ||
$(INSTALL_DIR) $(1)/opt/zapret/mdig | ||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdig $(1)/opt/zapret/mdig | ||
endef | ||
|
||
$(eval $(call BuildPackage,mdig)) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Copy "mdig" folder here ! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# | ||
|
||
include $(TOPDIR)/rules.mk | ||
|
||
PKG_NAME:=nfqws | ||
PKG_RELEASE:=1 | ||
|
||
include $(INCLUDE_DIR)/package.mk | ||
|
||
define Package/nfqws | ||
SECTION:=net | ||
CATEGORY:=Network | ||
TITLE:=nfqws | ||
SUBMENU:=Zapret | ||
DEPENDS:=+libnetfilter-queue +libcap +zlib | ||
endef | ||
|
||
define Build/Prepare | ||
mkdir -p $(PKG_BUILD_DIR) | ||
$(CP) ./nfq/* $(PKG_BUILD_DIR)/ | ||
endef | ||
|
||
define Build/Compile | ||
$(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS) | ||
endef | ||
|
||
define Package/nfqws/install | ||
$(INSTALL_DIR) $(1)/opt/zapret/nfq | ||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nfqws $(1)/opt/zapret/nfq | ||
endef | ||
|
||
$(eval $(call BuildPackage,nfqws)) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Copy "nfq" folder here ! |
Oops, something went wrong.