From 9e2222549e7c2eee6f4827f7c36fb7e7c3a07b4c Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 25 Dec 2025 16:38:09 +0300
Subject: [PATCH] init.d: 50-wg4all catch also response and cookie

---
 init.d/custom.d.examples.linux/50-wg4all | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/init.d/custom.d.examples.linux/50-wg4all b/init.d/custom.d.examples.linux/50-wg4all
index 6f46f5e..1608ea6 100644
--- a/init.d/custom.d.examples.linux/50-wg4all
+++ b/init.d/custom.d.examples.linux/50-wg4all
@@ -1,9 +1,9 @@
-# this custom script runs desync to all wireguard handshake initiation packets
+# this custom script runs desync to all wireguard handshake initiation, response and cookie packets
 # NOTE: this works for original wireguard and may not work for 3rd party implementations such as xray
 # NOTE: @ih requires nft 1.0.1+ and updated kernel version. it's confirmed to work on 5.15 (openwrt 23) and not work on 5.10 (openwrt 22)
 
 # can override in config :
-NFQWS_OPT_DESYNC_WG="${NFQWS_OPT_DESYNC_WG:---payload wireguard_initiation --lua-desync=fake:blob=0x00000000000000000000000000000000:repeats=2}"
+NFQWS_OPT_DESYNC_WG="${NFQWS_OPT_DESYNC_WG:---payload wireguard_initiation,wireguard_response,wireguard_cookie --lua-desync=fake:blob=0x00000000000000000000000000000000:repeats=2}"
 
 alloc_dnum DNUM_WG4ALL
 alloc_qnum QNUM_WG4ALL
@@ -21,7 +21,9 @@ zapret_custom_firewall()
 	# $1 - 1 - run, 0 - stop
 
 	local f='-p udp -m u32 --u32'
-	fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=0x9c&&0>>22&0x3C@8=0x01000000" "$f 44>>16=0x9c&&48=0x01000000" $QNUM_WG4ALL
+	fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=156&&0>>22&0x3C@8=0x01000000" "$f 44>>16=156&&48=0x01000000" $QNUM_WG4ALL
+	fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=100&&0>>22&0x3C@8=0x02000000" "$f 44>>16=100&&48=0x02000000" $QNUM_WG4ALL
+	fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=72&&0>>22&0x3C@8=0x03000000" "$f 44>>16=72&&48=0x03000000" $QNUM_WG4ALL
 }
 zapret_custom_firewall_nft()
 {
@@ -29,4 +31,8 @@ zapret_custom_firewall_nft()
 
 	local f="udp length 156 @ih,0,32 0x01000000"
 	nft_fw_nfqws_post "$f" "$f" $QNUM_WG4ALL
+	local f="udp length 100 @ih,0,32 0x02000000"
+	nft_fw_nfqws_post "$f" "$f" $QNUM_WG4ALL
+	local f="udp length 72 @ih,0,32 0x03000000"
+	nft_fw_nfqws_post "$f" "$f" $QNUM_WG4ALL
 }