diff --git a/docs/changes.txt b/docs/changes.txt index a28c0dd..9667469 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -187,3 +187,4 @@ v0.8.1 * zapret-antidpi: oob * blockcheck2: 17-oob.sh * nfqws2: set desync.tcp_mss to minimum of both ends or default if at least one is unknown +* zapret-lib: tcp_nop_del diff --git a/docs/manual.en.md b/docs/manual.en.md index e719563..072e9e9 100644 --- a/docs/manual.en.md +++ b/docs/manual.en.md @@ -3031,9 +3031,10 @@ On any OS, it is possible to maintain a continuous linear `ip_id` order for a pe | tcp_ack | A positive or negative offset for the TCP Acknowledgment Number. | | tcp_ts | A positive or negative offset for the TCP Timestamp. This only functions if the Timestamp option is already present. | | tcp_md5 | Add a TCP MD5 Signature header if it is not already present. Defaults to random bytes, but a 16-byte hex string can be specified. | -| tcp_flags_set | Set TCP flags. Flags are provided as a comma-separated list: FIN, SYN, RST, PUSH, ACK, URG, ECE, CWR. | +| tcp_flags_set | Set TCP flags. Flags are provided as a comma-separated list: FIN, SYN, RST, PUSH, ACK, URG, ECE, CWR. | | tcp_flags_unset | Clear (unset) TCP flags. Follows the same format as `tcp_flags_set`. | | tcp_ts_up | Move the TCP Timestamp option to the very beginning of the options list, if present. | +| tcp_nop_del | Delete all NOP TCP options to free space in the header | | fool | Name of the custom fooling function. It takes a dissect and a `fooling_options` table. | IPv6 extension headers are added in the following order: diff --git a/docs/manual.md b/docs/manual.md index a0dd934..c2a9fe3 100644 --- a/docs/manual.md +++ b/docs/manual.md @@ -3210,6 +3210,7 @@ Windows заменяет нулевые ip_id на собственную пос | tcp_flags_set | установить флаги TCP. флаги представлены списком через зяпятую : FIN,SYN,RST,PUSH,ACK,FIN,URG,ECE,CWR | | tcp_flags_unset | снять флаги TCP. аналогично tcp_flags_set | | tcp_ts_up | поднять tcp timestamp опцию в самое начало, если она есть | +| tcp_nop_del | удалить все TCP опции NOP для освобождения места в заголовке TCP | | fool | имя кастомной функции фулинга. она берет диссект и таблицу fooling_options | ipv6 extension headers добавляются в следующем порядке: diff --git a/lua/zapret-antidpi.lua b/lua/zapret-antidpi.lua index 7b1fe36..72e2904 100644 --- a/lua/zapret-antidpi.lua +++ b/lua/zapret-antidpi.lua @@ -38,6 +38,7 @@ standard fooling : * tcp_flags_set= - set tcp flags in comma separated list * tcp_flags_unset= - unset tcp flags in comma separated list * tcp_ts_up - move timestamp tcp option to the top if present (workaround for badack without badseq fooling) +* tcp_nop_del - delete NOP tcp options to free space in tcp header * fool=fool_function - custom fooling function : fool_func(dis, fooling_options) diff --git a/lua/zapret-lib.lua b/lua/zapret-lib.lua index 748b875..b129161 100644 --- a/lua/zapret-lib.lua +++ b/lua/zapret-lib.lua @@ -789,6 +789,7 @@ end -- tcp_flags_set= - set tcp flags in comma separated list -- tcp_flags_unset= - unset tcp flags in comma separated list -- tcp_ts_up - move timestamp tcp option to the top if it's present. this allows linux not to accept badack segments without badseq. this is very strange discovery but it works. +-- tcp_nop_del - delete NOP tcp options to free space in tcp header -- fool - custom fooling function : fool_func(dis, fooling_options) function apply_fooling(desync, dis, fooling_options) @@ -850,6 +851,13 @@ function apply_fooling(desync, dis, fooling_options) if fooling_options.tcp_flags_set then dis.tcp.th_flags = bitor(dis.tcp.th_flags, parse_tcp_flags(fooling_options.tcp_flags_set)) end + if fooling_options.tcp_nop_del then + for i=#dis.tcp.options,1,-1 do + if dis.tcp.options[i].kind==TCP_KIND_NOOP then + table.remove(dis.tcp.options,i) + end + end + end if tonumber(fooling_options.tcp_ts) then local idx = find_tcp_option(dis.tcp.options,TCP_KIND_TS) if idx and (dis.tcp.options[idx].data and #dis.tcp.options[idx].data or 0)==8 then