From a5c2f9fac99c8cf5da5705c9a3195d4220f1c92c Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Sat, 25 Dec 2021 13:10:58 +0300 Subject: [PATCH] Introduce -5 and -6 modes and make -5 default Modern modesets (more stable, more compatible, faster): -5 -f 2 -e 2 --auto-ttl --reverse-frag (this is the default now) -6 -f 2 -e 2 --wrong-seq --reverse-frag --- README.md | 8 +++++++- src/goodbyedpi.c | 39 +++++++++++++++++++++++++++++++-------- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7f9a757..a1123ac 100644 --- a/README.md +++ b/README.md @@ -48,10 +48,16 @@ Usage: goodbyedpi.exe [OPTION...] reversed order. Works with the websites which could not handle segmented HTTPS TLS ClientHello (because they receive the TCP flow "combined"). - -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default) + +LEGACY modesets: + -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode) -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible) -3 -p -r -s -e 40 (better speed for HTTP and HTTPS) -4 -p -r -s (best speed) + +Modern modesets (more stable, more compatible, faster): + -5 -f 2 -e 2 --auto-ttl --reverse-frag (this is the default) + -6 -f 2 -e 2 --wrong-seq --reverse-frag ``` To check if your ISP's DPI could be circumvented, run `3_all_dnsredir_hardcore.cmd` first. This is the most hardcore mode which will show if this program is suitable for your ISP and DPI vendor at all. If you can open blocked websites with this mode, it means your ISP has DPI which can be circumvented. This is the slowest and prone to break websites mode, but suitable for most DPI. diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 03cd468..6ea7c20 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -572,15 +572,16 @@ int main(int argc, char *argv[]) { ); if (argc == 1) { - /* enable mode -1 by default */ + /* enable mode -5 by default */ + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; http_fragment_size = https_fragment_size = 2; - do_passivedpi = do_host = do_host_removespace \ - = do_fragment_http = do_fragment_https \ - = do_fragment_http_persistent \ - = do_fragment_http_persistent_nowait = 1; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_auto_ttl = 2; } - while ((opt = getopt_long(argc, argv, "1234prsaf:e:mwk:n", long_options, NULL)) != -1) { + while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) { switch (opt) { case '1': do_passivedpi = do_host = do_host_removespace \ @@ -603,6 +604,22 @@ int main(int argc, char *argv[]) { case '4': do_passivedpi = do_host = do_host_removespace = 1; break; + case '5': + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; + http_fragment_size = https_fragment_size = 2; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_auto_ttl = 2; + break; + case '6': + do_fragment_http = do_fragment_https = 1; + do_reverse_frag = do_native_frag = 1; + http_fragment_size = https_fragment_size = 2; + do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; + do_fake_packet = 1; + do_wrong_seq = 1; + break; case 'p': do_passivedpi = 1; break; @@ -795,10 +812,16 @@ int main(int argc, char *argv[]) { " reversed order. Works with the websites which could not handle segmented\n" " HTTPS TLS ClientHello (because they receive the TCP flow \"combined\").\n" "\n" - " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)\n" + "\n" + "LEGACY modesets:\n" + " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)\n" " -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)\n" " -3 -p -r -s -e 40 (better speed for HTTP and HTTPS)\n" - " -4 -p -r -s (best speed)"); + " -4 -p -r -s (best speed)" + "\n" + "Modern modesets (more stable, more compatible, faster):\n" + " -5 -f 2 -e 2 --auto-ttl --reverse-frag (this is the default)\n" + " -6 -f 2 -e 2 --wrong-seq --reverse-frag\n"); exit(EXIT_FAILURE); } }