From 87d2fcd5a181c7bac854f7eeb93ec8e3c92efeec Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 15 Jan 2026 22:31:20 +0300
Subject: [PATCH] blockcheck2: AI fixes and oob

---
 blockcheck2.d/standard/17-oob.sh           | 41 ++++++++++++++++++++++
 blockcheck2.d/standard/20-multi.sh         | 10 ++++--
 blockcheck2.d/standard/23-seqovl.sh        |  6 ++--
 blockcheck2.d/standard/25-fake.sh          |  8 ++---
 blockcheck2.d/standard/35-hostfake.sh      |  3 +-
 blockcheck2.d/standard/60-fake-hostfake.sh |  4 +--
 docs/changes.txt                           |  1 +
 7 files changed, 60 insertions(+), 13 deletions(-)
 create mode 100644 blockcheck2.d/standard/17-oob.sh

diff --git a/blockcheck2.d/standard/17-oob.sh b/blockcheck2.d/standard/17-oob.sh
new file mode 100644
index 0000000..f5f70d1
--- /dev/null
+++ b/blockcheck2.d/standard/17-oob.sh
@@ -0,0 +1,41 @@
+. "$TESTDIR/def.inc"
+
+pktws_oob()
+{
+	# $1 - test function
+	# $2 - domain
+
+	local dropacks urp
+	for dropack in '' ':drop_ack'; do
+		for urp in b 0 2 midsld; do
+			pktws_curl_test_update "$1" "$2" --in-range=-s1 --lua-desync=oob:urp=$urp$dropack
+		done
+	done
+}
+
+pktws_check_http()
+{
+	# $1 - test function
+	# $2 - domain
+
+	[ "$NOTEST_OOB_HTTP" = 1 ] && { echo "SKIPPED"; return; }
+
+	pktws_oob "$@"
+}
+
+pktws_check_https_tls12()
+{
+	# $1 - test function
+	# $2 - domain
+
+	[ "$NOTEST_OOB_HTTPS" = 1 ] && { echo "SKIPPED"; return; }
+
+	pktws_oob "$@"
+}
+
+pktws_check_https_tls13()
+{
+	# $1 - test function
+	# $2 - domain
+	pktws_check_https_tls12 "$1" "$2"
+}
diff --git a/blockcheck2.d/standard/20-multi.sh b/blockcheck2.d/standard/20-multi.sh
index 91f2e74..e473b77 100644
--- a/blockcheck2.d/standard/20-multi.sh
+++ b/blockcheck2.d/standard/20-multi.sh
@@ -1,18 +1,22 @@
+. "$TESTDIR/def.inc"
+
 pktws_simple_split_tests()
 {
 	# $1 - test function
 	# $2 - domain/uri
 	# $3 - splits
 	# $4 - PRE args for nfqws2
-	local pos ok ok_any pre="$4"
-	local splitf splitfs="multisplit $MULTIDISORDER"
+	local pos ok ok_any pre="$4" func
+	local splitf splitfs="multisplit multidisorder"
 
 	ok_any=0
 	for splitf in $splitfs; do
+		func=$splitf
+		[ "$func" = multidisorder ] && func=$MULTIDISORDER
 		eval need_$splitf=0
 		ok=0
 		for pos in $3; do
-			pktws_curl_test_update $1 $2 $pre $PAYLOAD --lua-desync=$splitf:pos=$pos && ok=1
+			pktws_curl_test_update $1 $2 $pre $PAYLOAD --lua-desync=$func:pos=$pos && ok=1
 		done
 		[ "$ok" = 1 -a "$SCANLEVEL" != force ] || eval need_$splitf=1
 		[ "$ok" = 1 ] && ok_any=1
diff --git a/blockcheck2.d/standard/23-seqovl.sh b/blockcheck2.d/standard/23-seqovl.sh
index ab28451..3d80e5c 100644
--- a/blockcheck2.d/standard/23-seqovl.sh
+++ b/blockcheck2.d/standard/23-seqovl.sh
@@ -1,3 +1,5 @@
+. "$TESTDIR/def.inc"
+
 pktws_check_http()
 {
 	# $1 - test function
@@ -48,14 +50,14 @@ pktws_seqovl_tests_tls()
 	ok=0
 	pktws_curl_test_update $testf $domain $pre $PAYLOAD --lua-desync=tcpseg:pos=0,-1:seqovl=1 --lua-desync=drop && ok=1
 	pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$rnd_mod $pre $PAYLOAD --lua-desync=tcpseg:pos=0,-1:seqovl=#$pat:seqovl_pattern=$pat --lua-desync=drop && ok=1
-	pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$pre $PAYLOAD $padencap_mod --lua-desync=tcpseg:pos=0,-1:seqovl=#pat:seqovl_pattern=$pat --lua-desync=drop && ok=1
+	pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$pre $PAYLOAD $padencap_mod --lua-desync=tcpseg:pos=0,-1:seqovl=#$pat:seqovl_pattern=$pat --lua-desync=drop && ok=1
 	ok_any=$ok
 
 	ok=0
 	for split in 10 10,sniext+1 10,sniext+4 10,midsld; do
 		pktws_curl_test_update $testf $domain $pre $PAYLOAD --lua-desync=multisplit:pos=$split:seqovl=1 && ok=1
 		pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$rnd_mod $pre $PAYLOAD --lua-desync=multisplit:pos=$split:seqovl=#$pat:seqovl_pattern=$pat && ok=1
-		pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$pre $PAYLOAD $padencap_mod --lua-desync=multisplit:pos=$split:seqovl=#pat:seqovl_pattern=$pat && ok=1
+		pktws_curl_test_update $testf $domain ${SEQOVL_PATTERN_HTTPS:+--blob=$pat:@"$SEQOVL_PATTERN_HTTPS" }$pre $PAYLOAD $padencap_mod --lua-desync=multisplit:pos=$split:seqovl=#$pat:seqovl_pattern=$pat && ok=1
 		[ "$ok" = 1 -a "$SCANLEVEL" != force ] && break
 	done
 	for split in '1 2' 'sniext sniext+1' 'sniext+3 sniext+4' 'midsld-1 midsld' '1 2,midsld'; do
diff --git a/blockcheck2.d/standard/25-fake.sh b/blockcheck2.d/standard/25-fake.sh
index aa7e52e..ef9de2e 100644
--- a/blockcheck2.d/standard/25-fake.sh
+++ b/blockcheck2.d/standard/25-fake.sh
@@ -55,8 +55,8 @@ pktws_check_http()
 	done
 
 	[ $ok = 0 -a "$SCANLEVEL" != force ] && need_fake=1
-	[ $ok = 1 ] && okany=1
-	[ $okany = 1 ]
+	[ $ok = 1 ] && ok_any=1
+	[ $ok_any = 1 ]
 }
 
 pktws_fake_https_vary_()
@@ -123,8 +123,8 @@ pktws_check_https_tls()
 	done
 
 	[ $ok = 0 -a "$SCANLEVEL" != force ] && need_fake=1
-	[ $ok = 1 ] && okany=1
-	[ $okany = 1 ]
+	[ $ok = 1 ] && ok_any=1
+	[ $ok_any = 1 ]
 }
 
 pktws_check_https_tls12()
diff --git a/blockcheck2.d/standard/35-hostfake.sh b/blockcheck2.d/standard/35-hostfake.sh
index 92ca0ed..5c816c9 100644
--- a/blockcheck2.d/standard/35-hostfake.sh
+++ b/blockcheck2.d/standard/35-hostfake.sh
@@ -1,6 +1,5 @@
 . "$TESTDIR/def.inc"
 
-
 pktws_hostfake_vary_()
 {
 	local ok_any=0 testf=$1 domain="$2" fooling="$3" pre="$4" post="$5" disorder
@@ -58,7 +57,7 @@ pktws_check_hostfake()
 			pktws_hostfake_vary $testf $domain "ip${IPVV}_autottl=-$ttl,3-20" "$pre" "$f" && [ "$SCANLEVEL" != force ] && break
 		done
 	done
-	[ $ok = 0 -a "$SCANLEVEL" != force ] && eval need_hostfake=1
+	[ $ok = 0 -a "$SCANLEVEL" != force ] && need_hostfakesplit=1
 	[ $ok = 1 ]
 }
 
diff --git a/blockcheck2.d/standard/60-fake-hostfake.sh b/blockcheck2.d/standard/60-fake-hostfake.sh
index bddb863..1b2d32e 100644
--- a/blockcheck2.d/standard/60-fake-hostfake.sh
+++ b/blockcheck2.d/standard/60-fake-hostfake.sh
@@ -69,7 +69,7 @@ pktws_check_http()
 	local FAKE="$FAKE_HTTP"
 
 	if [ -n "$FAKE_HTTP" ]; then
-		fake=bfake
+		fake=fake_http
 	else
 		fake=fake_default_http
 	fi
@@ -87,7 +87,7 @@ pktws_check_https_tls()
 	local FAKE="$FAKE_HTTPS"
 
 	if [ -n "$FAKE_HTTPS" ]; then
-		fake=bfake
+		fake=fake_tls
 	else
 		fake=fake_default_tls
 	fi
diff --git a/docs/changes.txt b/docs/changes.txt
index d9127d4..a28c0dd 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -185,4 +185,5 @@ v0.8.1
 * nfqws2: do not require / in the beginning of URI in http
 * zapret-lib: rawsend_dissect_segmented support URG
 * zapret-antidpi: oob
+* blockcheck2: 17-oob.sh
 * nfqws2: set desync.tcp_mss to minimum of both ends or default if at least one is unknown