Fix ip header id field sequence in generated packets #711
+10
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Да, тут долго рассматривают) . Если нужны бинарники с фиксом, то можно пока скачать у меня в Actions: https://github.com/Pavel4e5/GoodbyeDPI/actions/runs/11728180799 |
|
Может, имеет смысл не случайно задавать ID, а копировать из пакета, и затем это значение увеличивать? |
Если необходимо, могу изменить, чтобы копировать из предыдущего пакета (ACK) и увеличивать. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Если задана последовательность фейковых пакетов, то в текущем виде все они имеют одинаковое поле Identification в заголовке IP пакета, это сказывается на проходимости DPI такими пакетами. Например для доступа к *.googlevideo.com (Ростелеком) у меня достаточно в Zapret задать:
winws.exe --wf-tcp=443 --dpi-desync=fake --dpi-desync-fooling=badseq --dpi-desync-fake-tls=0x00 --dpi-desync-repeats=20.В GoodbyeDPI, в текущей версии программы, аналогичная последовательность не работает -
goodbyedpi.exe --wrong-seq --fake-from-hex 00 --fake-resend 20из за того, что вышеуказанное поле всегда имеет одно и то же значение.Предлагаемый PR исправляет этот момент, и значение в этом поле увеличивается на единицу с каждым сгенерированным пакетом.
If a sequence of fake packets is given, in its current form they all have the same Identification field in the IP packet header, which affects the ability of such packets to pass through DPI. For example, to access *.googlevideo.com (Rostelecom), it is enough for me to set in Zapret:
winws.exe --wf-tcp=443 --dpi-desync=fake --dpi-desync-fooling=badseq --dpi-desync-fake-tls=0x00 --dpi-desync-repeats=20.In GoodbyeDPI, a similar sequence in the current version of the program does not work:
goodbyedpi.exe --wrong-seq --fake-from-hex 00 --fake-resend 20because the aforementioned field always has the same value.The proposed PR fixes this issue by incrementing value in this field by one, with each generated packet.