mirror of https://github.com/bol-van/zapret/
bol-van
8 hours ago
6 changed files with 82 additions and 0 deletions
@ -1,3 +1,4 @@ |
|||
* text=auto eol=lf |
|||
*.cmd eol=crlf |
|||
*.bat eol=crlf |
|||
init.d/windivert.filter.examples/** eol=crlf |
|||
|
|||
@ -0,0 +1,12 @@ |
|||
Цель этих фильтров - отсекать полезную нагрузку в режиме ядра, не насилуя процессор перенаправлением целого потока на winws. |
|||
Задействуются через `winws --wf-raw=@filename`. |
|||
Однако, язык фильтров windivert не содержит операций с битовыми полями, сдвигов и побитовой логики. |
|||
Поэтому фильтры получились более слабыми, способными передавать неправильную нагрузку. |
|||
Дофильтрация производится силами winws. |
|||
|
|||
Пример инстанса для пробития медиапотоков в discord : `winws --wf-raw=@windivert.discord_media+stun.txt --dpi-desync=fake` |
|||
|
|||
These filters are invoked using `winws --wf-raw=@filename`. |
|||
Filters are kernel mode and save great amount of CPU. |
|||
However windivert cannot filter by bit fields, lacks shift and bitwise logic operations. |
|||
Filters are relaxed and can pass wrong payloads. Finer filtering is done by winws. |
|||
@ -0,0 +1,28 @@ |
|||
!impostor and !loopback and |
|||
(outbound and |
|||
((udp.DstPort>=50000 and udp.DstPort<=50099 and |
|||
udp.PayloadLength=74 and |
|||
udp.Payload32[0]=0x00010046 and |
|||
udp.Payload32[2]=0 and |
|||
udp.Payload32[3]=0 and |
|||
udp.Payload32[4]=0 and |
|||
udp.Payload32[5]=0 and |
|||
udp.Payload32[6]=0 and |
|||
udp.Payload32[7]=0 and |
|||
udp.Payload32[8]=0 and |
|||
udp.Payload32[9]=0 and |
|||
udp.Payload32[10]=0 and |
|||
udp.Payload32[11]=0 and |
|||
udp.Payload32[12]=0 and |
|||
udp.Payload32[13]=0 and |
|||
udp.Payload32[14]=0 and |
|||
udp.Payload32[15]=0 and |
|||
udp.Payload32[16]=0 and |
|||
udp.Payload32[17]=0) |
|||
or |
|||
(udp.PayloadLength>=20 and |
|||
udp.Payload32[1]=0x2112A442)) and |
|||
( ((ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and (ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and (ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and (ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and (ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)) or |
|||
((ipv6.DstAddr > ::1) and (ipv6.DstAddr < 2001::0 or ipv6.DstAddr >= 2001:1::0) and (ipv6.DstAddr < fc00::0 or ipv6.DstAddr >= fe00::0) and (ipv6.DstAddr < fe80::0 or ipv6.DstAddr >= fec0::0) and (ipv6.DstAddr < ff00::0 or ipv6.DstAddr >= ffff::0)) |
|||
) |
|||
) |
|||
@ -0,0 +1,25 @@ |
|||
!impostor and !loopback and |
|||
(outbound and |
|||
udp.DstPort>=50000 and udp.DstPort<=50099 and |
|||
udp.PayloadLength=74 and |
|||
udp.Payload32[0]=0x00010046 and |
|||
udp.Payload32[2]=0 and |
|||
udp.Payload32[3]=0 and |
|||
udp.Payload32[4]=0 and |
|||
udp.Payload32[5]=0 and |
|||
udp.Payload32[6]=0 and |
|||
udp.Payload32[7]=0 and |
|||
udp.Payload32[8]=0 and |
|||
udp.Payload32[9]=0 and |
|||
udp.Payload32[10]=0 and |
|||
udp.Payload32[11]=0 and |
|||
udp.Payload32[12]=0 and |
|||
udp.Payload32[13]=0 and |
|||
udp.Payload32[14]=0 and |
|||
udp.Payload32[15]=0 and |
|||
udp.Payload32[16]=0 and |
|||
udp.Payload32[17]=0 and |
|||
( ((ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and (ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and (ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and (ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and (ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)) or |
|||
((ipv6.DstAddr > ::1) and (ipv6.DstAddr < 2001::0 or ipv6.DstAddr >= 2001:1::0) and (ipv6.DstAddr < fc00::0 or ipv6.DstAddr >= fe00::0) and (ipv6.DstAddr < fe80::0 or ipv6.DstAddr >= fec0::0) and (ipv6.DstAddr < ff00::0 or ipv6.DstAddr >= ffff::0)) |
|||
) |
|||
) |
|||
@ -0,0 +1,8 @@ |
|||
!impostor and !loopback and |
|||
(outbound and |
|||
udp.PayloadLength>=20 and |
|||
udp.Payload32[1]=0x2112A442 and |
|||
( ((ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and (ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and (ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and (ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and (ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)) or |
|||
((ipv6.DstAddr > ::1) and (ipv6.DstAddr < 2001::0 or ipv6.DstAddr >= 2001:1::0) and (ipv6.DstAddr < fc00::0 or ipv6.DstAddr >= fe00::0) and (ipv6.DstAddr < fe80::0 or ipv6.DstAddr >= fec0::0) and (ipv6.DstAddr < ff00::0 or ipv6.DstAddr >= ffff::0)) |
|||
) |
|||
) |
|||
@ -0,0 +1,8 @@ |
|||
!impostor and !loopback and |
|||
(outbound and |
|||
udp.PayloadLength=148 and |
|||
udp.Payload[0]=0x01 and |
|||
( ((ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and (ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and (ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and (ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and (ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)) or |
|||
((ipv6.DstAddr > ::1) and (ipv6.DstAddr < 2001::0 or ipv6.DstAddr >= 2001:1::0) and (ipv6.DstAddr < fc00::0 or ipv6.DstAddr >= fe00::0) and (ipv6.DstAddr < fe80::0 or ipv6.DstAddr >= fec0::0) and (ipv6.DstAddr < ff00::0 or ipv6.DstAddr >= ffff::0)) |
|||
) |
|||
) |
|||
Loading…
Reference in new issue