diff --git a/README.md b/README.md index 7f9a757..a1123ac 100644 --- a/README.md +++ b/README.md @@ -48,10 +48,16 @@ Usage: goodbyedpi.exe [OPTION...] reversed order. Works with the websites which could not handle segmented HTTPS TLS ClientHello (because they receive the TCP flow "combined"). - -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default) + +LEGACY modesets: + -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode) -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible) -3 -p -r -s -e 40 (better speed for HTTP and HTTPS) -4 -p -r -s (best speed) + +Modern modesets (more stable, more compatible, faster): + -5 -f 2 -e 2 --auto-ttl --reverse-frag (this is the default) + -6 -f 2 -e 2 --wrong-seq --reverse-frag ``` To check if your ISP's DPI could be circumvented, run `3_all_dnsredir_hardcore.cmd` first. This is the most hardcore mode which will show if this program is suitable for your ISP and DPI vendor at all. If you can open blocked websites with this mode, it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI. diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 03cd468..6ea7c20 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -572,15 +572,16 @@ int main(int argc, char *argv[]) { ); if (argc == 1) { - /* enable mode -1 by default */ + /* enable mode -5 by default */ + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; http_fragment_size = https_fragment_size = 2; - do_passivedpi = do_host = do_host_removespace \ - = do_fragment_http = do_fragment_https \ - = do_fragment_http_persistent \ - = do_fragment_http_persistent_nowait = 1; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_auto_ttl = 2; } - while ((opt = getopt_long(argc, argv, "1234prsaf:e:mwk:n", long_options, NULL)) != -1) { + while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) { switch (opt) { case '1': do_passivedpi = do_host = do_host_removespace \ @@ -603,6 +604,22 @@ int main(int argc, char *argv[]) { case '4': do_passivedpi = do_host = do_host_removespace = 1; break; + case '5': + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; + http_fragment_size = https_fragment_size = 2; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_auto_ttl = 2; + break; + case '6': + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; + http_fragment_size = https_fragment_size = 2; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_wrong_seq = 1; + break; case 'p': do_passivedpi = 1; break; @@ -795,10 +812,16 @@ int main(int argc, char *argv[]) { " reversed order. Works with the websites which could not handle segmented\n" " HTTPS TLS ClientHello (because they receive the TCP flow \"combined\").\n" "\n" - " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)\n" + "\n" + "LEGACY modesets:\n" + " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)\n" " -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)\n" " -3 -p -r -s -e 40 (better speed for HTTP and HTTPS)\n" - " -4 -p -r -s (best speed)"); + " -4 -p -r -s (best speed)" + "\n" + "Modern modesets (more stable, more compatible, faster):\n" + " -5 -f 2 -e 2 --auto-ttl --reverse-frag (this is the default)\n" + " -6 -f 2 -e 2 --wrong-seq --reverse-frag\n"); exit(EXIT_FAILURE); } }