zapret2/docs/changes.txt

v0.1.0

first public release

v0.1.1

* nfqws2: fixed crash on 32-bit platforms if debug is enabled

v0.1.2

* nfqws2: 'mtproto' protocol, 'mtproto_initial' payload
* nfqws2: 'known' protocol and payload filter
* nfqws2: 'aes_ctr' luacall
* zapret-antidpi: rst
* github actions: remove FFI from luajit

v0.1.4

* winws2: set low mandatory level in process token if possible : no --wlan-filter or --nlm-filter (no windivert reinit required)
* nfqws2: optimize debug logging to file

v0.1.5

* nfqws2: # and % arg substitution
* zapret-antidpi: luaexec
* zapret-pcap: simple packet capture to .cap file

v0.2

* blockcheck2
* nfqws2: several crash fixes
* nfqws2: bu8,bu16,bu24,bu32,swap16,swap32 functions now work with negative int
* nfqws2: getpid,gettid,uname,get_clock luacalls
* zapret-lib: bugfixes
* zapret-lib: remove ip6_hopbyhop_x2 fooling, separately add second hopbyhop header using ip6_hopbyhop2
* zapret-pcap

v0.3

* init.d launch scripts
* init.d: 40-webserver custom script
* install_easy

v0.4

* nfqws2: profile names and cookies
* nfqws2: profile templates
* nfqws2: remove stun_binding_req, replace to stun. no more message type details
* nfqws2: proper conntack position for replayed packets
* nfqws2: execution_plan, execution_plan_cancel
* blockcheck2: fix broken dns cache
* nfqws2: LUA_COMPAT_VER tracking

v0.5

* nfqws2: u8add,u16add,u24add,u32add luacalls
* nfqws2: abandon any arithmetics beyond 32bit (because lua 5.1 does not support 64 bit integers, store everything as double)
* nfqws2: fix issues with 32-bit lua_Integer in lua<5.3 on 32-bit platforms
* nfqws2: instance_cutoff luacall just warns and do nothing if ctx is nil
* actions: build nfqws2 x86 binary with LUA 5.4, not with luajit
* zapret-lib: http_reply, url and nld dissectors
* zapret-lib: instance_cutoff_shim
* zapret-auto: circular orchestrator

v0.5.1

* zapret-auto: separate failure detection logic
* blockcheck2: fix broken http3 test

v0.6

* zapret-lib,zapret-antidpi: tls_mod_shim supports sni=%var subst
* blockcheck2: syndata tests
* nfqws2: reasm support negative overlaps. gaps are not supported.
* nfqws2,zapret-auto: changed retransmission detection scheme.
* zapret-auto: udp_in/udp_out failure detection

v0.6.1

* zapret-lib, zapret-auto: condition and stopif orchestrators
* zapret-lib: detect_payload_str - sample lua payload detector
* blockcheck2: unterminated string fix

v0.7

* nfqws2, zapret-lib : fix non-working % and # arg substitution under orchestrator
* nfqws2, zapret-lib : structure conntrack in/out positions. pass in desync.track.pos.{client,server,direct,reverse} position tables
* nfqws2: autohostlist: trigger RST and http redirect failures only within specified relative sequence
* nfqws2: autohostlist: trigger http redirect failure if payload is http_req without connection proto check
* nfqws2: push desync.track.pos.dt as float with nsec accuracy
* zapret-auto: override host autostate key in automate_host_record
* nfqws2: rewrite udp autohostlist failure detector logic

v0.7.1

* init.d: nft fix non-working incoming redirect
* nfqws2: cancel reasm if server window size is smaller than expected reasm size
* nfqws2: add EOL at the end of truncated buffered DLOG line if it's too large. increase log line buffer
* nfqws2: autohostlist reset fail counter if udp_in > threshold
* nfqws2: reduced default retrans maxseq to 32768
* nfqws2: solved inability to get SSID using nl80211 on kernels 5.19+

v0.7.2

* zapret-lib: fix broken is_retransmission()
* zapret-auto: add success detector logic
* nfqws2: clean lua cutoff on profile change
* zapret-auto: separate hostkey function

v0.7.4

* nfqws2, zapret-lib : check tcp sequence range overflow
* zapret-lib: seq compare functions
* nfqws2: add l3_len, l4_len to dissect
* nfqws2: fix broken l7proto profile rediscovery
* winws2: harden sandbox. disable child process execution , some UI interaction and desktop settings change

v0.7.5

* zapret-auto: orchestrator "repeater"
* blockcheck2: check http3 with ipv6 exthdr
* github actions: separate target arm-old with LUA classic, not JIT
* zapret-auto: iff/neg in repeater
* zapret-antidpi: multidisorder_legacy
* ipset: remove get_reestr_hostlist.sh and get_reestr_resolve.sh because zapret-info does not and will probably not ever update
* nfqws2: fix "reasm cancelled" if no incoming traffic redirected
* blockcheck2: MULTIDISORDER=multidisorder_legacy

v0.7.6

* nfqws2: reevaluate profile on l7/host discovery in any direction
* nfqws2: dtls protocol detection
* nfqws2: autohostlist reset retransmitter to break long wait
* zapret-auto: stadard_failure_detector reset retransmitter to break long wait
* nfqws2, init.d, windivert : dht and wg detection changes

v0.8.0

* init.d: 50-dht4all NFQWS_OPT_DHT_PKT_OUT
* nfqws2: (LUA_COMPAT_VER=4) support 48-bit arithmetics
* github actions: remove arm-old target - luajit fail reason revealed
* nfqws2: do not treat quic handshake messages as initials
* zapret-lib: tls dissector/reconstructor
* zapret-antidpi: tls_client_hello_clone
* zapret-antidpi: "optional" arg to blob taking functions
* nfqws2: support gzipped lua file. auto use script.lua.gz

v0.8.1

* nfqws2: fix bu48 crash and wrong results in bitset
* zapret-lib: http_reconstruct_req
* zapret-antidpi: http_unixeol
* blockcheck2: http_unixeol test

0.8.2

* nfqws2: do not start if NFQWS2_COMPAT_VER unexpected
* nfqws2: cache dns response IP addresses if --ipcache-hostname enabled
* winws2: remove hardcoded filter for loopback
* init.d: ressurect @lanif in nft scheme
* init.d: fix broken @wanif/@wanif6 fill in sysv nft scheme
* init.d: 80-dns-intercept
* winws2: --wf-filter-loopback
* blockcheck2: NOTEST_MISC_HTTP[S], NOTEST_SYNDATA_HTTP[S]

0.8.3

* nfqws2, zapret-lib: gzip compression and decompression
* nfqws2: ignore trailing spaces and tabs in hostlists and ipsets. "host.com   " or "1.2.3.4 " are ok now
* init.d: 99-lan-filter custom script
* mdig: --eagain, --eagain-delay

0.8.4

* winws2: fix loopback large packets processing (up to 64K)
* zapret-lib, zapret-antidpi: use numeric indexes in http dissects
* nfqws2: move ctx from lightuserdata to userdata. prevents crashes on specific ARM cpus
* nfqws2: alternative representation of payload filter in execution_plan item
* nfqws2: --payload-disable
* nfqws2: gracefully shutdown on SIGINT and SIGTERM
* nfqws2: harden wireguard detection. do not detect if reserved bytes 1..3 != 0

0.8.5

* nfqws2: do not require / in the beginning of URI in http
* zapret-lib: rawsend_dissect_segmented support URG
* zapret-antidpi: oob
* blockcheck2: 17-oob.sh
* nfqws2: set desync.tcp_mss to minimum of both ends or default if at least one is unknown
* zapret-lib: tcp_nop_del
* blockcheck2: tcp_nop_del in SYN packets with md5 in openbsd

0.8.6

* winws2, blockcheck2: allow multiple instances in windows, linux, freebsd (not openbsd)
* nfqws2: fix critical bug - wrong ipv6 dissection
* zapret-auto: fix standard_failure_detector http redirect regression

0.9.0

* nfqws2: removed hard check for host: presence in http_req
* nfqws2: file open test before destroying in-memory content of ipset/hostlist
* github actions: lua 5.5
* nfqws2: enable dead reasm protection in wsize=0 case
* nfqws2: --intercept
* winws2: changed icon to multi-res png up to 256px
* nfqws2: support icmp and ipp
* nfqws2: VERDICT_PRESERVE_NEXT
* nfqws2: keepsum reconstruct option
* nfqws2: more helpers
* zapret-obfs: ippxor, udp2icmp, synhide
* nfqws2: LUA_COMPAT_VER=5
* winws2: --wf-raw-filter
* nfqws2: conntrack_feed
* winws2: use windivert bulk mode
* nfqws2: template free import

0.9.1

* nfqws2: 'stat', 'clock_getfloattime' luacalls
* nfqws2: bcryptorandom normalize behavior when system entropy is low. prevent blocks
* nfqws2: --new[=name]
* winws2: fix not setting signal handlers

0.9.2

nfqws2: bt and utp_bt protocol detectors
nfqws2: localtime,gmtime,timelocal,timegm luacalls