gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gandc:766b60544f49615ee0204d53773b6b9e868a9e20
Branches Tags
gandc:master
gandc:v0.9.4.5 gandc:v0.9.4.4 gandc:v0.9.4.3 gandc:v0.9.4.2 gandc:v0.9.4.1 gandc:v0.9.3 gandc:v0.9.2 gandc:v0.9.1 gandc:v0.9.0.4 gandc:v0.8.6 gandc:v0.8.4 gandc:v0.8.3 gandc:v0.8.2 gandc:v0.8.1 gandc:v0.8 gandc:v0.7.6 gandc:v0.7.5 gandc:v0.7.4 gandc:v0.7.2 gandc:v0.7.1 gandc:v0.7 gandc:v0.6.1 gandc:v0.5.1 gandc:v0.5 gandc:v0.4 gandc:v0.3 gandc:v0.2 gandc:v0.1.4 gandc:v0.1.2 gandc:v0.1.1
...
compare: gandc:master
Branches Tags
gandc:master
gandc:v0.9.4.5 gandc:v0.9.4.4 gandc:v0.9.4.3 gandc:v0.9.4.2 gandc:v0.9.4.1 gandc:v0.9.3 gandc:v0.9.2 gandc:v0.9.1 gandc:v0.9.0.4 gandc:v0.8.6 gandc:v0.8.4 gandc:v0.8.3 gandc:v0.8.2 gandc:v0.8.1 gandc:v0.8 gandc:v0.7.6 gandc:v0.7.5 gandc:v0.7.4 gandc:v0.7.2 gandc:v0.7.1 gandc:v0.7 gandc:v0.6.1 gandc:v0.5.1 gandc:v0.5 gandc:v0.4 gandc:v0.3 gandc:v0.2 gandc:v0.1.4 gandc:v0.1.2 gandc:v0.1.1

7 Commits
766b60544f ... master

Author SHA1 Message Date
bol-van
7cdc75d0db github: remove sdiv crash on old armv7 2026-03-12 20:51:57 +03:00
bol-van
348f907b47 winws2: remove .buildid section 2026-03-12 17:40:11 +03:00
bol-van
d641b00083 winws2: update res bins 2026-03-12 17:31:02 +03:00
bol-van
d3b3011000 AI fixes 2026-03-06 21:36:09 +03:00
bol-van
2ec512af17 AI fixes 2026-03-06 10:58:05 +03:00
bol-van
d41151ef6f nfqws2: join fragments in quic CRYPTO reconstruction. allow intersections 2026-03-05 18:38:44 +03:00
bol-van
60ac3693fc nfqws2: optimize quic CRYPTO defrag 2026-03-05 09:41:41 +03:00
9 changed files with 35 additions and 25 deletions
Expand all files Collapse all files

5
.github/workflows/build.yml vendored
View File

@@ -106,7 +106,7 @@ jobs:
OPTIMIZE=-Os
;;
arm)
CPU="-mcpu=cortex-a7 -mthumb"
CPU="-mcpu=arm1176jzf-s -mthumb"
;;
arm64|mips64)
# not safe without GC64
@@ -250,6 +250,7 @@ jobs:
arm64-v8a)
# not safe without GC64
SYSMALLOC=
PAGESIZE="-Wl,-z,max-page-size=16384"
;;
esac
@@ -290,7 +291,7 @@ jobs:
# zapret2
CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -I$DEPS_DIR/include $CPU" \
LDFLAGS="-L$DEPS_DIR/lib" \
LDFLAGS="-L$DEPS_DIR/lib $PAGESIZE" \
make -C zapret2 LUA_JIT=$LJIT LUA_CFLAGS="$LCFLAGS" LUA_LIB="$LLIB" -j$(nproc) android
# strip unwanted ELF sections to prevent warnings on old Android versions

1
docs/changes.txt
View File

@@ -270,5 +270,6 @@ v0.9.4.3
0.9.4.5
* github: rollback to lj_alloc in luajit for arm64 and mips64
* github: use 16K page size for android arm64 build
* nfqws2: join fragments in quic CRYPTO reconstruction. allow intersections.

6
lua/zapret-antidpi.lua
View File

@@ -389,7 +389,8 @@ function syndata(ctx, desync)
dis.payload = blob(desync, desync.arg.blob, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
apply_fooling(desync, dis)
if desync.arg.tls_mod then
dis.payload = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil)
local pl = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil)
if pl then dis.payload = pl end
end
if b_debug then DLOG("syndata: "..hexdump_dlog(dis.payload)) end
if rawsend_dissect_ipfrag(dis, desync_opts(desync)) then
@@ -449,7 +450,8 @@ function fake(ctx, desync)
end
local fake_payload = blob(desync, desync.arg.blob)
if desync.reasm_data and desync.arg.tls_mod then
fake_payload = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data)
local pl = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data)
if pl then fake_payload = pl end
end
-- check debug to save CPU
if b_debug then DLOG("fake: "..hexdump_dlog(fake_payload)) end

7
lua/zapret-obfs.lua
View File

@@ -175,7 +175,12 @@ end
-- arg : server=[0|1] - override server mode. by default use "--server" nfqws2 parameter
function udp2icmp(ctx, desync)
local dataxor
local bserver = desync.arg.server and (desync.arg.server~="0") or b_server
local bserver
if desync.arg.server then
bserver = desync.arg.server~="0"
else
bserver = b_server
end
local function one_byte_arg(name)
if desync.arg[name] then

5
nfq2/Makefile
View File

@@ -14,6 +14,7 @@ CFLAGS_UBSAN = -fsanitize=undefined,alignment -fno-sanitize-recover=undefined,al
LDFLAGS_PIE = -pie
LDFLAGS += -flto=auto -Wl,--gc-sections $(LDFLAGS_PIE)
LDFLAGS_ANDROID = -llog
LDFLAGS_CYGWIN = -Wl,--build-id=none
STRIPP=-s
LIBS =
LIBS_LINUX = -lz -lnetfilter_queue -lnfnetlink -lmnl -lm
@@ -157,9 +158,9 @@ bsd: $(SRC_FILES)
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_BSD) -o dvtws2 $(SRC_FILES) $(LIBS) $(LUA_LIB) $(LIBS_BSD) $(LDFLAGS)
cygwin64:
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN64) -o winws2 $(SRC_FILES) $(RES_CYGWIN64) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN64) $(LDFLAGS)
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN64) -o winws2 $(SRC_FILES) $(RES_CYGWIN64) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN64) $(LDFLAGS) $(LDFLAGS_CYGWIN)
cygwin32:
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN32) -o winws2 $(SRC_FILES) $(RES_CYGWIN32) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN32) $(LDFLAGS)
$(CC) $(STRIPP) $(CFLAGS) $(LUA_CFL) $(CFLAGS_CYGWIN) $(CFLAGS_CYGWIN32) -o winws2 $(SRC_FILES) $(RES_CYGWIN32) $(LIBS) $(LUA_LIB) $(LIBS_CYGWIN) $(LIBS_CYGWIN32) $(LDFLAGS) $(LDFLAGS_CYGWIN)
cygwin: cygwin64
clean:

11
nfq2/lua.c
View File

@@ -3350,7 +3350,6 @@ static int luacall_tls_mod(lua_State *L)
int argc=lua_gettop(L);
size_t fake_tls_len;
bool bRes;
const uint8_t *fake_tls = (uint8_t*)lua_reqlstring(L,1,&fake_tls_len);
const char *modlist = lua_reqstring(L,2);
@@ -3370,8 +3369,10 @@ static int luacall_tls_mod(lua_State *L)
uint8_t *newtls = lua_newuserdata(L, maxlen);
memcpy(newtls, fake_tls, newlen);
bRes = TLSMod(&mod, payload, payload_len, newtls, &newlen, maxlen);
lua_pushlstring(L,(char*)newtls,newlen);
if (TLSMod(&mod, payload, payload_len, newtls, &newlen, maxlen))
lua_pushlstring(L,(char*)newtls,newlen);
else
lua_pushnil(L);
lua_remove(L,-2);
}
@@ -3379,11 +3380,9 @@ static int luacall_tls_mod(lua_State *L)
{
// no mod. push it back
lua_pushlstring(L,(char*)fake_tls,fake_tls_len);
bRes = true;
}
lua_pushboolean(L, bRes);
LUA_STACK_GUARD_RETURN(L,2)
LUA_STACK_GUARD_RETURN(L,1)
}
struct userdata_zs

25
nfq2/protocol.c
View File

@@ -649,9 +649,11 @@ bool TLSAdvanceToHostInSNI(const uint8_t **ext, size_t *elen, size_t *slen)
// u8 data+2 - server name type. 0=host_name
// u16 data+3 - server name length
if (*elen < 5 || (*ext)[2] != 0) return false;
uint16_t nll = pntoh16(*ext);
*slen = pntoh16(*ext + 3);
if (nll<(*slen+3) || *slen > *elen-5) return false;
*ext += 5; *elen -= 5;
return *slen <= *elen;
return true;
}
static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, size_t len_host)
{
@@ -1294,28 +1296,27 @@ bool QUICDefragCrypto(const uint8_t *clean,size_t clean_len, uint8_t *defrag,siz
if ((pos+sz)>clean_len) return false;
if ((offset+sz)>defrag_data_len) return false; // defrag buf overflow
// remove exact duplicates early to save cpu
for(i=0;i<range;i++)
if (ranges[i].offset==offset && ranges[i].len==sz)
goto skip_range;
if (zeropos < offset)
// make sure no uninitialized gaps exist in case of not full fragment coverage
memset(defrag_data+zeropos,0,offset-zeropos);
if ((offset+sz) > zeropos)
zeropos=offset+sz;
memcpy(defrag_data+offset,clean+pos,sz);
if ((offset+sz) > szmax) szmax = offset+sz;
found=true;
pos+=sz;
// remove exact duplicates early to save cpu
for(i=0;i<range;i++)
if (ranges[i].offset==offset && ranges[i].len==sz)
goto endloop;
if ((offset+sz) > szmax) szmax = offset+sz;
memcpy(defrag_data+offset,clean+pos,sz);
ranges[range].offset = offset;
ranges[range].len = sz;
range++;
skip_range:
pos+=sz;
}
endloop:
}
if (found)
{

BIN
nfq2/windows/res/winws_res32.o
View File

Binary file not shown.

BIN
nfq2/windows/res/winws_res64.o
View File

Binary file not shown.