From d55c033f5bc8abc4fdd80fbcb7b31a9cf9d8a676 Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Wed, 31 Jul 2024 12:59:39 +0300 Subject: [PATCH] Make mode -9 the default, instead of -5 Auto-ttl gives many false positives in TTL detection, which breaks non-blocked websites. Use the combination of wrong-seq and wrong-chksum and hope to the best. Also block QUIC to workaround possible throttling, as right now it is not dissected. --- README.md | 4 ++-- src/goodbyedpi.c | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f9067805..68bb0072 100644 --- a/README.md +++ b/README.md @@ -78,11 +78,11 @@ LEGACY modesets: -4 -p -r -s (best speed) Modern modesets (more stable, more compatible, faster): - -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload (this is the default) + -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload -6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload -7 -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload -8 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload - -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q + -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default) Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets. ``` diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index d396e8c8..37da98fc 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -638,13 +638,15 @@ int main(int argc, char *argv[]) { ); if (argc == 1) { - /* enable mode -5 by default */ + /* enable mode -9 by default */ do_fragment_http = do_fragment_https = 1; do_reverse_frag = do_native_frag = 1; http_fragment_size = https_fragment_size = 2; do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; do_fake_packet = 1; - do_auto_ttl = 1; + do_wrong_chksum = 1; + do_wrong_seq = 1; + do_block_quic = 1; max_payload_size = 1200; } @@ -964,11 +966,11 @@ int main(int argc, char *argv[]) { " -4 -p -r -s (best speed)" "\n" "Modern modesets (more stable, more compatible, faster):\n" - " -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload (this is the default)\n" + " -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload\n" " -6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload\n" " -7 -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload\n" " -8 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload\n" - " -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q\n\n" + " -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)\n\n" "Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.\n" ); exit(EXIT_FAILURE);