mirror of
https://github.com/ValdikSS/GoodbyeDPI.git
synced 2024-12-22 14:26:08 +00:00
New option: -q - block QUIC/HTTP3
Only Initial packet in Long Header Packets are blocked. The packet should be at least 1200 bytes in size.
This commit is contained in:
parent
905d3c98a6
commit
d031ae65bf
@ -22,6 +22,7 @@ Download [latest version from Releases page](https://github.com/ValdikSS/Goodbye
|
|||||||
```
|
```
|
||||||
Usage: goodbyedpi.exe [OPTION...]
|
Usage: goodbyedpi.exe [OPTION...]
|
||||||
-p block passive DPI
|
-p block passive DPI
|
||||||
|
-q block QUIC/HTTP3
|
||||||
-r replace Host with hoSt
|
-r replace Host with hoSt
|
||||||
-s remove space between host header and its value
|
-s remove space between host header and its value
|
||||||
-m mix Host header case (test.com -> tEsT.cOm)
|
-m mix Host header case (test.com -> tEsT.cOm)
|
||||||
|
@ -78,6 +78,9 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
|
|||||||
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and " \
|
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and " \
|
||||||
"(" DIVERT_NO_LOCALNETSv4_DST " or " DIVERT_NO_LOCALNETSv6_DST "))" \
|
"(" DIVERT_NO_LOCALNETSv4_DST " or " DIVERT_NO_LOCALNETSv6_DST "))" \
|
||||||
"))"
|
"))"
|
||||||
|
#define FILTER_PASSIVE_BLOCK_QUIC "outbound and !impostor and !loopback and udp " \
|
||||||
|
"and udp.DstPort == 443 and udp.PayloadLength >= 1200 " \
|
||||||
|
"and udp.Payload[0] >= 0xC0 and udp.Payload32[1b] == 0x01"
|
||||||
#define FILTER_PASSIVE_STRING_TEMPLATE "inbound and ip and tcp and " \
|
#define FILTER_PASSIVE_STRING_TEMPLATE "inbound and ip and tcp and " \
|
||||||
"!impostor and !loopback and " \
|
"!impostor and !loopback and " \
|
||||||
"((ip.Id <= 0xF and ip.Id >= 0x0) " IPID_TEMPLATE ") and " \
|
"((ip.Id <= 0xF and ip.Id >= 0x0) " IPID_TEMPLATE ") and " \
|
||||||
@ -559,7 +562,8 @@ int main(int argc, char *argv[]) {
|
|||||||
conntrack_info_t dns_conn_info;
|
conntrack_info_t dns_conn_info;
|
||||||
tcp_conntrack_info_t tcp_conn_info;
|
tcp_conntrack_info_t tcp_conn_info;
|
||||||
|
|
||||||
int do_passivedpi = 0, do_fragment_http = 0,
|
int do_passivedpi = 0, do_block_quic = 0,
|
||||||
|
do_fragment_http = 0,
|
||||||
do_fragment_http_persistent = 0,
|
do_fragment_http_persistent = 0,
|
||||||
do_fragment_http_persistent_nowait = 0,
|
do_fragment_http_persistent_nowait = 0,
|
||||||
do_fragment_https = 0, do_host = 0,
|
do_fragment_https = 0, do_host = 0,
|
||||||
@ -641,7 +645,7 @@ int main(int argc, char *argv[]) {
|
|||||||
max_payload_size = 1200;
|
max_payload_size = 1200;
|
||||||
}
|
}
|
||||||
|
|
||||||
while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) {
|
while ((opt = getopt_long(argc, argv, "123456pqrsaf:e:mwk:n", long_options, NULL)) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case '1':
|
case '1':
|
||||||
do_passivedpi = do_host = do_host_removespace \
|
do_passivedpi = do_host = do_host_removespace \
|
||||||
@ -685,6 +689,9 @@ int main(int argc, char *argv[]) {
|
|||||||
case 'p':
|
case 'p':
|
||||||
do_passivedpi = 1;
|
do_passivedpi = 1;
|
||||||
break;
|
break;
|
||||||
|
case 'q':
|
||||||
|
do_block_quic = 1;
|
||||||
|
break;
|
||||||
case 'r':
|
case 'r':
|
||||||
do_host = 1;
|
do_host = 1;
|
||||||
break;
|
break;
|
||||||
@ -884,6 +891,7 @@ int main(int argc, char *argv[]) {
|
|||||||
default:
|
default:
|
||||||
puts("Usage: goodbyedpi.exe [OPTION...]\n"
|
puts("Usage: goodbyedpi.exe [OPTION...]\n"
|
||||||
" -p block passive DPI\n"
|
" -p block passive DPI\n"
|
||||||
|
" -q block QUIC/HTTP3\n"
|
||||||
" -r replace Host with hoSt\n"
|
" -r replace Host with hoSt\n"
|
||||||
" -s remove space between host header and its value\n"
|
" -s remove space between host header and its value\n"
|
||||||
" -a additional space between Method and Request-URI (enables -s, may break sites)\n"
|
" -a additional space between Method and Request-URI (enables -s, may break sites)\n"
|
||||||
@ -960,6 +968,7 @@ int main(int argc, char *argv[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
printf("Block passive: %d\n" /* 1 */
|
printf("Block passive: %d\n" /* 1 */
|
||||||
|
"Block QUIC/HTTP3: %d\n" /* 1 */
|
||||||
"Fragment HTTP: %u\n" /* 2 */
|
"Fragment HTTP: %u\n" /* 2 */
|
||||||
"Fragment persistent HTTP: %u\n" /* 3 */
|
"Fragment persistent HTTP: %u\n" /* 3 */
|
||||||
"Fragment HTTPS: %u\n" /* 4 */
|
"Fragment HTTPS: %u\n" /* 4 */
|
||||||
@ -979,7 +988,7 @@ int main(int argc, char *argv[]) {
|
|||||||
"Fake requests, wrong checksum: %d\n" /* 17 */
|
"Fake requests, wrong checksum: %d\n" /* 17 */
|
||||||
"Fake requests, wrong SEQ/ACK: %d\n" /* 18 */
|
"Fake requests, wrong SEQ/ACK: %d\n" /* 18 */
|
||||||
"Max payload size: %hu\n", /* 19 */
|
"Max payload size: %hu\n", /* 19 */
|
||||||
do_passivedpi, /* 1 */
|
do_passivedpi, do_block_quic, /* 1 */
|
||||||
(do_fragment_http ? http_fragment_size : 0), /* 2 */
|
(do_fragment_http ? http_fragment_size : 0), /* 2 */
|
||||||
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
|
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
|
||||||
(do_fragment_https ? https_fragment_size : 0), /* 4 */
|
(do_fragment_https ? https_fragment_size : 0), /* 4 */
|
||||||
@ -1031,6 +1040,15 @@ int main(int argc, char *argv[]) {
|
|||||||
filter_num++;
|
filter_num++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (do_block_quic) {
|
||||||
|
filters[filter_num] = init(
|
||||||
|
FILTER_PASSIVE_BLOCK_QUIC,
|
||||||
|
WINDIVERT_FLAG_DROP);
|
||||||
|
if (filters[filter_num] == NULL)
|
||||||
|
die();
|
||||||
|
filter_num++;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* IPv4 & IPv6 filter for inbound HTTP redirection packets and
|
* IPv4 & IPv6 filter for inbound HTTP redirection packets and
|
||||||
* active DPI circumvention
|
* active DPI circumvention
|
||||||
|
Loading…
Reference in New Issue
Block a user