Merge branch 'bol-van:master' into master

3 months ago · a7491d89d2
2 changed files with 60 additions and 38 deletions
--- a/blockcheck.sh
+++ b/blockcheck.sh
@ -23,7 +23,7 @@ CURL=${CURL:-curl}
 . "$ZAPRET_BASE/common/fwtype.sh"
 . "$ZAPRET_BASE/common/virt.sh"

-DOMAINS_DEFAULT="rutracker.org"
+DOMAINS_DEFAULT=${DOMAINS_DEFAULT:-rutracker.org}
 QNUM=${QNUM:-59780}
 SOCKS_PORT=${SOCKS_PORT:-1993}
 TPWS_UID=${TPWS_UID:-1}
@ -38,6 +38,7 @@ IPFW_RULE_NUM=${IPFW_RULE_NUM:-1}
 IPFW_DIVERT_PORT=${IPFW_DIVERT_PORT:-59780}
 CURL_MAX_TIME=${CURL_MAX_TIME:-2}
 CURL_MAX_TIME_QUIC=${CURL_MAX_TIME_QUIC:-$CURL_MAX_TIME}
+CURL_MAX_TIME_DOH=${CURL_MAX_TIME_DOH:-2}
 MIN_TTL=${MIN_TTL:-1}
 MAX_TTL=${MAX_TTL:-12}
 USER_AGENT=${USER_AGENT:-Mozilla}
@ -215,7 +216,7 @@ doh_resolve()
 	# $1 - ip version 4/6
 	# $2 - hostname
 	# $3 - doh server URL. use $DOH_SERVER if empty
-	$MDIG --family=$1 --dns-make-query=$2 | $CURL -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | $MDIG --dns-parse-query
+	$MDIG --family=$1 --dns-make-query=$2 | $CURL --max-time $CURL_MAX_TIME_DOH -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | $MDIG --dns-parse-query
 }
 doh_find_working()
 {
@ -1733,18 +1734,22 @@ ask_params()
 	local dom
 	[ -n "$DOMAINS" ] || {
 		DOMAINS="$DOMAINS_DEFAULT"
-		echo "specify domain(s) to test. multiple domains are space separated."
-		printf "domain(s) (default: $DOMAINS) : "
-		read dom
-		[ -n "$dom" ] && DOMAINS="$dom"
+		[ "$BATCH" = 1 ] || {
+			echo "specify domain(s) to test. multiple domains are space separated."
+			printf "domain(s) (default: $DOMAINS) : "
+			read dom
+			[ -n "$dom" ] && DOMAINS="$dom"
+		}
 	}

 	local IPVS_def=4
 	[ -n "$IPVS" ] || {
 		# yandex public dns
 		pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46
-		printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
-		read IPVS
+		[ "$BATCH" = 1 ] || {
+			printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : "
+			read IPVS
+		}
 		[ -n "$IPVS" ] || IPVS=$IPVS_def
 		[ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || {
 			echo 'invalid ip version(s). should be 4, 6 or 46.'
@ -1757,48 +1762,60 @@ ask_params()

 	[ -n "$ENABLE_HTTP" ] || {
 		ENABLE_HTTP=1
-		echo
-		ask_yes_no_var ENABLE_HTTP "check http"
+		[ "$BATCH" = 1 ] || {
+			echo
+			ask_yes_no_var ENABLE_HTTP "check http"
+		}
 	}

 	[ -n "$ENABLE_HTTPS_TLS12" ] || {
 		ENABLE_HTTPS_TLS12=1
-		echo
-		ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2"
+		[ "$BATCH" = 1 ] || {
+			echo
+			ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2"
+		}
 	}

 	[ -n "$ENABLE_HTTPS_TLS13" ] || {
 		ENABLE_HTTPS_TLS13=0
-		echo
 		if [ -n "$TLS13" ]; then
-			echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
-			echo "This can allow more bypass strategies to work."
-			echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
-			echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
-			echo "TLS 1.3 only strategy is better than nothing."
-			ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
+			[ "$BATCH" = 1 ] || {
+				echo
+				echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response."
+				echo "This can allow more bypass strategies to work."
+				echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa."
+				echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test."
+				echo "TLS 1.3 only strategy is better than nothing."
+				ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3"
+			}
 		else
+			echo
 			echo "installed curl version does not support TLS 1.3 . tests disabled."
 		fi
 	}

 	[ -n "$ENABLE_HTTP3" ] || {
 		ENABLE_HTTP3=0
-		echo
 		if [ -n "$HTTP3" ]; then
-			echo "make sure target domain(s) support QUIC or result will be negative in any case"
 			ENABLE_HTTP3=1
-			ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC"
+			[ "$BATCH" = 1 ] || {
+				echo
+				echo "make sure target domain(s) support QUIC or result will be negative in any case"
+				ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC"
+			}
 		else
+			echo
 			echo "installed curl version does not support http3 QUIC. tests disabled."
 		fi
 	}

 	[ -n "$REPEATS" ] || {
-		echo
-		echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable."
-		printf "how many times to repeat each test (default: 1) : "
-		read REPEATS
+		[ "$BATCH" = 1 ] || {
+			echo
+			echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable."
+			printf "how many times to repeat each test (default: 1) : "
+			read REPEATS
+		}
 		REPEATS=$((0+${REPEATS:-1}))
 		[ "$REPEATS" = 0 ] && {
 			echo invalid repeat count
@ -1806,22 +1823,26 @@ ask_params()
 		}
 	}
 	[ -z "$PARALLEL" -a $REPEATS -gt 1 ] && {
-		echo
-		echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result"
 		PARALLEL=0
-		ask_yes_no_var PARALLEL "enable parallel scan"
+		[ "$BATCH" = 1 ] || {
+			echo
+			echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result"
+			ask_yes_no_var PARALLEL "enable parallel scan"
+		}
 	}
 	PARALLEL=${PARALLEL:-0}

 	[ -n "$SCANLEVEL" ] || {
-		echo
-		echo quick    - scan as fast as possible to reveal any working strategy
-		echo standard - do investigation what works on your DPI
-		echo force    - scan maximum despite of result
-		SCANLEVEL=${SCANLEVEL:-standard}
-		ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
-		# disable tpws checks by default in quick mode
-		[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1
+		SCANLEVEL=standard
+		[ "$BATCH" = 1 ] || {
+			echo
+			echo quick    - scan as fast as possible to reveal any working strategy
+			echo standard - do investigation what works on your DPI
+			echo force    - scan maximum despite of result
+			ask_list SCANLEVEL "quick standard force" "$SCANLEVEL"
+			# disable tpws checks by default in quick mode
+			[ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1
+		}
 	}

 	echo
--- a/docs/readme.md
+++ b/docs/readme.md
@ -1427,6 +1427,7 @@ linux, но через раз приобретает статус INVALID в con
 CURL - замена программы curl
 CURL_MAX_TIME - время таймаута curl в секундах
 CURL_MAX_TIME_QUIC - время таймаута curl для quic. если не задано, используется значение CURL_MAX_TIME
+CURL_MAX_TIME_DOH - время таймаута curl для DoH серверов
 CURL_CMD=1 - показывать команды curl
 CURL_OPT - дополнительные параметры curl. `-k` - игнор сертификатов. `-v` - подробный вывод протокола
 DOMAINS - список тестируемых доменов через пробел
@ -1438,7 +1439,7 @@ ENABLE_HTTP3=0|1 - включить тест QUIC
 REPEATS - количество попыток тестирования
 PARALLEL=0|1 - включить параллельные попытки. может обидеть сайт из-за долбежки и привести к неверному результату
 SCANLEVEL=quick|standard|force - уровень сканирования
-BATCH=1 - отключить "press enter to continue"
+BATCH=1 - пакетный режим без вопросов и ожидания ввода в консоли
 HTTP_PORT, HTTPS_PORT, QUIC_PORT - номера портов для соответствующих протоколов
 SKIP_DNSCHECK=1 - отказ от проверки DNS
 SKIP_TPWS=1 - отказ от тестов tpws