mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-24 07:06:36 +00:00
273 lines
5.8 KiB
Plaintext
273 lines
5.8 KiB
Plaintext
v1
|
||
|
||
Initial release
|
||
|
||
v2
|
||
|
||
nfqws : command line options change. now using standard getopt.
|
||
nfqws : added options for window size changing and "Host:" case change
|
||
ISP support : tested on mns.ru and beeline (corbina)
|
||
init scripts : rewritten init scripts for simple choise of ISP
|
||
create_ipset : now using 'ipset restore', it works much faster
|
||
readme : updated. now using UTF-8 charset.
|
||
|
||
v3
|
||
|
||
tpws : added transparent proxy (supports TPROXY and DNAT).
|
||
can help when ISP tracks whole HTTP session, not only the beginning
|
||
ipset : added zapret-hosts-user.txt which contain user defined host names to be resolved
|
||
and added to zapret ip list
|
||
ISP support : dom.ru support via TPROXY/DNAT
|
||
ISP support : successfully tested sknt.ru on 'domru' configuration
|
||
other configs will probably also work, but cannot test
|
||
compile : openwrt compile howto
|
||
|
||
v4
|
||
|
||
tpws : added ability to insert extra space after http method : "GET /" => "GET /"
|
||
ISP support : TKT support
|
||
|
||
v5
|
||
|
||
nfqws : ipv6 support in nfqws
|
||
|
||
v6
|
||
|
||
ipset : added "get_antizapret.sh"
|
||
|
||
v7
|
||
|
||
tpws : added ability to insert "." after Host: name
|
||
|
||
v8
|
||
|
||
openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
|
||
|
||
v9
|
||
|
||
ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
|
||
these IPs must be soxified for both http and https
|
||
ISP support : tiera support
|
||
ISP support : added DNS filtering to ubuntu and debian scripts
|
||
|
||
v10
|
||
|
||
tpws : added split-pos option. split every message at specified position
|
||
|
||
v11
|
||
|
||
ipset : scripts optimizations
|
||
|
||
v12
|
||
|
||
nfqws : fix wrong tcp checksum calculation if packet length is odd and platform is big-endian
|
||
|
||
v13
|
||
|
||
added binaries
|
||
|
||
v14
|
||
|
||
change get_antizapret script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv
|
||
filter out 192.168.*, 127.*, 10.* from blocked ips
|
||
|
||
v15
|
||
|
||
added --hostspell option to nfqws and tpws
|
||
ISP support : beeline now catches "host" but other spellings still work
|
||
openwrt/LEDE : changed init script to work with procd
|
||
tpws, nfqws : minor cosmetic fixes
|
||
|
||
v16
|
||
|
||
tpws: split-http-req=method : split inside method name, not after
|
||
ISP support : mns.ru changed split pos to 3 (got redirect page with HEAD req : curl -I ej.ru)
|
||
|
||
v17
|
||
|
||
ISP support : athome moved from nfqws to tpws because of instability and http request hangs
|
||
tpws : added options unixeol,methodeol,hosttab
|
||
|
||
v18
|
||
|
||
tpws,nfqws : added hostnospace option
|
||
|
||
v19
|
||
|
||
tpws : added hostlist option
|
||
|
||
v20
|
||
|
||
added ip2net. ip2net groups ips from iplist into subnets and reduces ipset size twice
|
||
|
||
v21
|
||
|
||
added mdig. get_reestr.sh is *real* again
|
||
|
||
v22
|
||
|
||
total review of init script logic
|
||
dropped support of older debian 7 and ubuntu 12/14 systems
|
||
install_bin.sh : auto binaries preparation
|
||
docs: readme review. some new topics added, others deleted
|
||
docs: VPN setup with policy based routing using wireguard
|
||
docs: wireguard modding guide
|
||
|
||
v23
|
||
|
||
major init system rewrite
|
||
openwrt : separate firewall include /etc/firewall.zapret
|
||
install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse
|
||
|
||
v24
|
||
|
||
separate config from init scripts
|
||
gzip support in ipset/*.sh and tpws
|
||
|
||
v25
|
||
|
||
init : move to native systemd units
|
||
use links to units, init scripts and firewall includes, no more copying
|
||
|
||
v26
|
||
|
||
ipv6 support
|
||
tpws : advanced bind options
|
||
|
||
v27
|
||
|
||
tpws : major connection code rewrite. originally it was derived from not top quality example , with many bugs and potential problems.
|
||
next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state.
|
||
|
||
v28
|
||
|
||
tpws : added socks5 support
|
||
ipset : major RKN getlist rewrite. added antifilter.network support
|
||
|
||
v29
|
||
|
||
nfqws : DPI desync attack
|
||
ip exclude system
|
||
|
||
v30
|
||
|
||
nfqws : DPI desync attack modes : fake,rst
|
||
|
||
v31
|
||
|
||
nfqws : DPI desync attack modes : disorder,disorder2,split,split2.
|
||
nfqws : DPI desync fooling mode : badseq. multiple modes supported
|
||
|
||
v32
|
||
|
||
tpws : multiple binds
|
||
init scripts : run only one instance of tpws in any case
|
||
|
||
v33
|
||
|
||
openwrt : flow offloading support
|
||
config : MODE refactoring
|
||
|
||
v34
|
||
|
||
nfqws : dpi-desync 2 mode combos
|
||
nfqws : dpi-desync without parameter no more supported. previously it meant "fake"
|
||
nfqws : custom fake http request and tls client hello
|
||
|
||
v35
|
||
|
||
limited FreeBSD and OpenBSD support
|
||
|
||
v36
|
||
|
||
full FreeBSD and OpenBSD support
|
||
|
||
v37
|
||
|
||
limited MacOS support
|
||
|
||
v38
|
||
|
||
MacOS easy install
|
||
|
||
v39
|
||
|
||
nfqws: conntrack, wssize
|
||
|
||
v40
|
||
|
||
init scripts : IFACE_LAN, IFACE_WAN now accept multiple interfaces
|
||
init scripts : openwrt uses now OPENWRT_LAN parameter to override incoming interfaces for tpws
|
||
|
||
v41
|
||
|
||
install_easy : openrc support
|
||
|
||
v42
|
||
|
||
blockcheck.sh
|
||
|
||
v43
|
||
|
||
nfqws: UDP desync with conntrack support (any-protocol only for now)
|
||
|
||
v44
|
||
|
||
nfqws: ipfrag
|
||
|
||
v45
|
||
|
||
nfqws: hop-by-hop ipv6 desync and fooling
|
||
|
||
v46
|
||
|
||
big startup script refactoring to support nftables and new openwrt snapshot builds with firewall4
|
||
|
||
v47
|
||
|
||
nfqws: QUIC initial decryption
|
||
nfqws: udplen, fakeknown dpi desync modes
|
||
|
||
v48
|
||
|
||
nfqws, tpws : multiple --hostlist and --hostlist-exclude support
|
||
launch system, ipset : no more list merging. all lists are passed separately to nfqws and tpws
|
||
nfqws : udplen fooling supports packet shrinking (negative increment value)
|
||
|
||
v49
|
||
|
||
QUIC support integrated to the main system and setup
|
||
|
||
v50
|
||
|
||
DHT protocol support.
|
||
DPI desync mode 'tamper' for DHT.
|
||
HEX string support in addition to binary files.
|
||
|
||
v51
|
||
|
||
tpws --tlsrec attack.
|
||
|
||
v52
|
||
|
||
autohostlist mode
|
||
|
||
v53
|
||
|
||
nfqws: tcp session reassemble for TLS ClientHello
|
||
|
||
v54
|
||
|
||
tpws: out of band send when splitting (--oob)
|
||
nfqws: autottl
|
||
nfqws: datanoack fooling
|
||
nftables: use POSTNAT path for tcp redirections to allow NAT-breaking strategies. use additional mark bit DESYNC_MARK_POSTNAT.
|
||
|
||
v55
|
||
|
||
tpws: incompatible oob parameter change. it doesn't take oob byte anymore. instead it takes optional protocol filter - http or tls.
|
||
the same is done with disorder. oob byte can be specified in parameter --oob-data.
|
||
blockcheck: quick mode, strategy order optimizations, QUIC protocol support
|
||
nfqws: syndata desync mode
|
||
|
||
<20> |