From 12a800db97035fab7e3d4ba69ff989576b902ec1 Mon Sep 17 00:00:00 2001 From: bol-van Date: Fri, 3 Jan 2025 14:40:02 +0300 Subject: [PATCH 1/2] blockcheck: use defaults if BATCH=1 --- blockcheck.sh | 92 ++++++++++++++++++++++++++++++-------------------- docs/readme.md | 2 +- 2 files changed, 57 insertions(+), 37 deletions(-) diff --git a/blockcheck.sh b/blockcheck.sh index 99b5896..ad80674 100755 --- a/blockcheck.sh +++ b/blockcheck.sh @@ -23,7 +23,7 @@ CURL=${CURL:-curl} . "$ZAPRET_BASE/common/fwtype.sh" . "$ZAPRET_BASE/common/virt.sh" -DOMAINS_DEFAULT="rutracker.org" +DOMAINS_DEFAULT=${DOMAINS_DEFAULT:-rutracker.org} QNUM=${QNUM:-59780} SOCKS_PORT=${SOCKS_PORT:-1993} TPWS_UID=${TPWS_UID:-1} @@ -1733,18 +1733,22 @@ ask_params() local dom [ -n "$DOMAINS" ] || { DOMAINS="$DOMAINS_DEFAULT" - echo "specify domain(s) to test. multiple domains are space separated." - printf "domain(s) (default: $DOMAINS) : " - read dom - [ -n "$dom" ] && DOMAINS="$dom" + [ "$BATCH" = 1 ] || { + echo "specify domain(s) to test. multiple domains are space separated." + printf "domain(s) (default: $DOMAINS) : " + read dom + [ -n "$dom" ] && DOMAINS="$dom" + } } local IPVS_def=4 [ -n "$IPVS" ] || { # yandex public dns pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46 - printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : " - read IPVS + [ "$BATCH" = 1 ] || { + printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : " + read IPVS + } [ -n "$IPVS" ] || IPVS=$IPVS_def [ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || { echo 'invalid ip version(s). should be 4, 6 or 46.' @@ -1757,48 +1761,60 @@ ask_params() [ -n "$ENABLE_HTTP" ] || { ENABLE_HTTP=1 - echo - ask_yes_no_var ENABLE_HTTP "check http" + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTP "check http" + } } [ -n "$ENABLE_HTTPS_TLS12" ] || { ENABLE_HTTPS_TLS12=1 - echo - ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2" + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2" + } } [ -n "$ENABLE_HTTPS_TLS13" ] || { ENABLE_HTTPS_TLS13=0 - echo if [ -n "$TLS13" ]; then - echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response." - echo "This can allow more bypass strategies to work." - echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa." - echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test." - echo "TLS 1.3 only strategy is better than nothing." - ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3" + [ "$BATCH" = 1 ] || { + echo + echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response." + echo "This can allow more bypass strategies to work." + echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa." + echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test." + echo "TLS 1.3 only strategy is better than nothing." + ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3" + } else + echo echo "installed curl version does not support TLS 1.3 . tests disabled." fi } [ -n "$ENABLE_HTTP3" ] || { ENABLE_HTTP3=0 - echo if [ -n "$HTTP3" ]; then - echo "make sure target domain(s) support QUIC or result will be negative in any case" ENABLE_HTTP3=1 - ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC" + [ "$BATCH" = 1 ] || { + echo + echo "make sure target domain(s) support QUIC or result will be negative in any case" + ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC" + } else + echo echo "installed curl version does not support http3 QUIC. tests disabled." fi } [ -n "$REPEATS" ] || { - echo - echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable." - printf "how many times to repeat each test (default: 1) : " - read REPEATS + [ "$BATCH" = 1 ] || { + echo + echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable." + printf "how many times to repeat each test (default: 1) : " + read REPEATS + } REPEATS=$((0+${REPEATS:-1})) [ "$REPEATS" = 0 ] && { echo invalid repeat count @@ -1806,22 +1822,26 @@ ask_params() } } [ -z "$PARALLEL" -a $REPEATS -gt 1 ] && { - echo - echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result" PARALLEL=0 - ask_yes_no_var PARALLEL "enable parallel scan" + [ "$BATCH" = 1 ] || { + echo + echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result" + ask_yes_no_var PARALLEL "enable parallel scan" + } } PARALLEL=${PARALLEL:-0} [ -n "$SCANLEVEL" ] || { - echo - echo quick - scan as fast as possible to reveal any working strategy - echo standard - do investigation what works on your DPI - echo force - scan maximum despite of result - SCANLEVEL=${SCANLEVEL:-standard} - ask_list SCANLEVEL "quick standard force" "$SCANLEVEL" - # disable tpws checks by default in quick mode - [ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1 + SCANLEVEL=standard + [ "$BATCH" = 1 ] || { + echo + echo quick - scan as fast as possible to reveal any working strategy + echo standard - do investigation what works on your DPI + echo force - scan maximum despite of result + ask_list SCANLEVEL "quick standard force" "$SCANLEVEL" + # disable tpws checks by default in quick mode + [ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1 + } } echo diff --git a/docs/readme.md b/docs/readme.md index 639cd76..5222934 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -1438,7 +1438,7 @@ ENABLE_HTTP3=0|1 - включить тест QUIC REPEATS - количество попыток тестирования PARALLEL=0|1 - включить параллельные попытки. может обидеть сайт из-за долбежки и привести к неверному результату SCANLEVEL=quick|standard|force - уровень сканирования -BATCH=1 - отключить "press enter to continue" +BATCH=1 - пакетный режим без вопросов и ожидания ввода в консоли HTTP_PORT, HTTPS_PORT, QUIC_PORT - номера портов для соответствующих протоколов SKIP_DNSCHECK=1 - отказ от проверки DNS SKIP_TPWS=1 - отказ от тестов tpws From c6e729b237be9a30817ce0b4e8a7ab49574a9e2f Mon Sep 17 00:00:00 2001 From: bol-van Date: Fri, 3 Jan 2025 15:11:11 +0300 Subject: [PATCH 2/2] blockcheck: CURL_MAX_TIME_DOH --- blockcheck.sh | 3 ++- docs/readme.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/blockcheck.sh b/blockcheck.sh index ad80674..57124b9 100755 --- a/blockcheck.sh +++ b/blockcheck.sh @@ -38,6 +38,7 @@ IPFW_RULE_NUM=${IPFW_RULE_NUM:-1} IPFW_DIVERT_PORT=${IPFW_DIVERT_PORT:-59780} CURL_MAX_TIME=${CURL_MAX_TIME:-2} CURL_MAX_TIME_QUIC=${CURL_MAX_TIME_QUIC:-$CURL_MAX_TIME} +CURL_MAX_TIME_DOH=${CURL_MAX_TIME_DOH:-2} MIN_TTL=${MIN_TTL:-1} MAX_TTL=${MAX_TTL:-12} USER_AGENT=${USER_AGENT:-Mozilla} @@ -215,7 +216,7 @@ doh_resolve() # $1 - ip version 4/6 # $2 - hostname # $3 - doh server URL. use $DOH_SERVER if empty - $MDIG --family=$1 --dns-make-query=$2 | $CURL -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | $MDIG --dns-parse-query + $MDIG --family=$1 --dns-make-query=$2 | $CURL --max-time $CURL_MAX_TIME_DOH -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | $MDIG --dns-parse-query } doh_find_working() { diff --git a/docs/readme.md b/docs/readme.md index 5222934..9894a6f 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -1427,6 +1427,7 @@ linux, но через раз приобретает статус INVALID в con CURL - замена программы curl CURL_MAX_TIME - время таймаута curl в секундах CURL_MAX_TIME_QUIC - время таймаута curl для quic. если не задано, используется значение CURL_MAX_TIME +CURL_MAX_TIME_DOH - время таймаута curl для DoH серверов CURL_CMD=1 - показывать команды curl CURL_OPT - дополнительные параметры curl. `-k` - игнор сертификатов. `-v` - подробный вывод протокола DOMAINS - список тестируемых доменов через пробел