search

bol-van / zapret

DPI bypass multi platform
5.84k stars 512 forks source link

Don't see synack from 192.0.0.0/16 with syndata #284

Closed darkblaze69 closed 3 weeks ago

darkblaze69 commented 4 weeks ago

Don't see synack from 192.0.0.0/16 with syndata. When zapret is stopped, it opens.

sudo tcpdump -i any -nn net 192.0.0.0/16
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:05:15.141804 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533410772 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:15.141835 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [none], win 64240, options [mss 1460,sackOK,TS val 2533410772 ecr 0,nop,wscale 7], length 0
10:05:16.155162 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533411785 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:17.171788 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533412802 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:18.185137 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533413815 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:19.198483 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533414829 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:20.208450 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533415839 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:22.261807 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [S], seq 1643254173:1643254690, win 64240, options [TS val 2533417892 ecr 0,wscale 7,nop,nop,nop], length 517
10:05:22.261851 enp3s0 Out IP x.x.x.x.54054 > 192.0.73.2.443: Flags [none], win 64240, options [mss 1460,sackOK,TS val 2533417892 ecr 0,nop,wscale 7], length 0
sudo pwru net 192.0.0.0/16
2024/08/16 10:27:14 Attaching kprobes (via kprobe-multi)...
1529 / 1529 [---------------------------------------------------------] 100.00% ? p/s
2024/08/16 10:27:14 Attached (ignored 0)
2024/08/16 10:27:14 Listening for events..
SKB                CPU PROCESS          FUNC
0xffff8f9d501d0000 1   ~/bin/curl:43528 ip_local_out
0xffff8f9d501d0000 1   ~/bin/curl:43528 __ip_local_out
0xffff8f9d501d0000 1   ~/bin/curl:43528 nf_hook_slow
0xffff8f9d501d0000 1   ~/bin/curl:43528 ip_output
0xffff8f9d501d0000 1   ~/bin/curl:43528 nf_hook_slow
0xffff8f9d501d0000 1   ~/bin/curl:43528 nf_queue
0xffff8f9d501d0000 1   ~/bin/curl:43528 skb_checksum_help
0xffff8f9d501d0000 1   ~/bin/curl:43528 skb_ensure_writable
0xffff8f9d6db56400 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_finish_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __ip_finish_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_finish_output2
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __dev_queue_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 netdev_core_pick_tx
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_qdisc_enqueue
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __skb_get_hash_net
0xffff8f9d6db56400 2   ~_64/nfqws:43385 sch_direct_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_skb_list
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_skb
0xffff8f9d6db56400 2   ~_64/nfqws:43385 netif_skb_features
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_network_protocol
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_xfrm
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_hard_start_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_queue_xmit_nit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_clone
0xffff8f9d6db56400 2   ~_64/nfqws:43385 tpacket_rcv
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_pull
0xffff8f9d6db56400 2   ~_64/nfqws:43385 tpacket_get_timestamp
0xffff8f9d6db56400 2   ~_64/nfqws:43385 vlan_get_protocol_dgram
0xffff8f9d6db56400 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d6db56400 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_clone_tx_timestamp
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_ensure_writable
0xffff8f9d501d0000 2   ~_64/nfqws:43385 ip_finish_output
0xffff8f9d6db56400 0   <empty>:0        napi_consume_skb
0xffff8f9d501d0000 2   ~_64/nfqws:43385 __ip_finish_output
0xffff8f9d6db56400 0   <empty>:0        skb_release_head_state
0xffff8f9d501d0000 2   ~_64/nfqws:43385 ip_finish_output2
0xffff8f9d6db56400 0   <empty>:0        sock_wfree
0xffff8f9d501d0000 2   ~_64/nfqws:43385 __dev_queue_xmit
0xffff8f9d6db56400 0   <empty>:0        skb_release_data
0xffff8f9d6db56400 0   <empty>:0        skb_free_head
0xffff8f9d501d0000 2   ~_64/nfqws:43385 netdev_core_pick_tx
0xffff8f9d501d0000 2   ~_64/nfqws:43385 dev_qdisc_enqueue
0xffff8f9d6db56400 0   <empty>:0        napi_skb_cache_put
0xffff8f9d501d0000 2   ~_64/nfqws:43385 sch_direct_xmit
0xffff8f9d501d0000 2   ~_64/nfqws:43385 validate_xmit_skb_list
0xffff8f9d501d0000 2   ~_64/nfqws:43385 validate_xmit_skb
0xffff8f9d501d0000 2   ~_64/nfqws:43385 netif_skb_features
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_network_protocol
0xffff8f9d501d0000 2   ~_64/nfqws:43385 validate_xmit_xfrm
0xffff8f9d501d0000 2   ~_64/nfqws:43385 dev_hard_start_xmit
0xffff8f9d501d0000 2   ~_64/nfqws:43385 dev_queue_xmit_nit
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_clone
0xffff8f9d501d0000 2   ~_64/nfqws:43385 tpacket_rcv
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_pull
0xffff8f9d501d0000 2   ~_64/nfqws:43385 tpacket_get_timestamp
0xffff8f9d501d0000 2   ~_64/nfqws:43385 vlan_get_protocol_dgram
0xffff8f9d501d0000 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d501d0000 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_clone_tx_timestamp
0xffff8f9d501d0000 0   <empty>:0        napi_consume_skb
0xffff8f9d501d0000 0   <empty>:0        skb_release_head_state
0xffff8f9d501d0000 0   <empty>:0        tcp_wfree
0xffff8f9d501d0000 0   <empty>:0        skb_release_data
0xffff8f9d501d0000 0   <empty>:0        kfree_skbmem
0xffff8f9d501d0000 1   <empty>:0        __skb_clone
0xffff8f9d501d0000 1   <empty>:0        __copy_skb_header
0xffff8f9d501d0000 1   <empty>:0        ip_local_out
0xffff8f9d501d0000 1   <empty>:0        __ip_local_out
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        ip_output
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        nf_queue
0xffff8f9d501d0000 1   <empty>:0        skb_checksum_help
0xffff8f9d501d0000 1   <empty>:0        skb_ensure_writable
0xffff8f9e9c448400 1   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9e9c448400 1   ~_64/nfqws:43385 ip_output
0xffff8f9e9c448400 1   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9e9c448400 1   ~_64/nfqws:43385 ip_finish_output
0xffff8f9e9c448400 1   ~_64/nfqws:43385 __ip_finish_output
0xffff8f9e9c448400 1   ~_64/nfqws:43385 ip_finish_output2
0xffff8f9e9c448400 1   ~_64/nfqws:43385 __dev_queue_xmit
0xffff8f9e9c448400 1   ~_64/nfqws:43385 netdev_core_pick_tx
0xffff8f9e9c448400 1   ~_64/nfqws:43385 dev_qdisc_enqueue
0xffff8f9e9c448400 1   ~_64/nfqws:43385 __skb_get_hash_net
0xffff8f9e9c448400 1   ~_64/nfqws:43385 sch_direct_xmit
0xffff8f9e9c448400 1   ~_64/nfqws:43385 validate_xmit_skb_list
0xffff8f9e9c448400 1   ~_64/nfqws:43385 validate_xmit_skb
0xffff8f9e9c448400 1   ~_64/nfqws:43385 netif_skb_features
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_network_protocol
0xffff8f9e9c448400 1   ~_64/nfqws:43385 validate_xmit_xfrm
0xffff8f9e9c448400 1   ~_64/nfqws:43385 dev_hard_start_xmit
0xffff8f9e9c448400 1   ~_64/nfqws:43385 dev_queue_xmit_nit
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_clone
0xffff8f9e9c448400 1   ~_64/nfqws:43385 tpacket_rcv
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_pull
0xffff8f9e9c448400 1   ~_64/nfqws:43385 tpacket_get_timestamp
0xffff8f9e9c448400 1   ~_64/nfqws:43385 vlan_get_protocol_dgram
0xffff8f9e9c448400 1   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_release_data
0xffff8f9e9c448400 1   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9e9c448400 1   ~_64/nfqws:43385 skb_clone_tx_timestamp
0xffff8f9e9c448400 0   <empty>:0        napi_consume_skb
0xffff8f9e9c448400 0   <empty>:0        skb_release_head_state
0xffff8f9e9c448400 0   <empty>:0        sock_wfree
0xffff8f9d501d0000 1   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9e9c448400 0   <empty>:0        skb_release_data
0xffff8f9d501d0000 1   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9e9c448400 0   <empty>:0        skb_free_head
0xffff8f9d501d0000 1   ~_64/nfqws:43385 tcp_wfree
0xffff8f9e9c448400 0   <empty>:0        napi_skb_cache_put
0xffff8f9d501d0000 1   ~_64/nfqws:43385 skb_release_data
0xffff8f9d501d0000 1   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d501d0000 1   <empty>:0        __skb_clone
0xffff8f9d501d0000 1   <empty>:0        __copy_skb_header
0xffff8f9d501d0000 1   <empty>:0        ip_local_out
0xffff8f9d501d0000 1   <empty>:0        __ip_local_out
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        ip_output
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        nf_queue
0xffff8f9d501d0000 1   <empty>:0        skb_checksum_help
0xffff8f9d501d0000 1   <empty>:0        skb_ensure_writable
0xffff8f9d6db56400 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_finish_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __ip_finish_output
0xffff8f9d6db56400 2   ~_64/nfqws:43385 ip_finish_output2
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __dev_queue_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 netdev_core_pick_tx
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_qdisc_enqueue
0xffff8f9d6db56400 2   ~_64/nfqws:43385 __skb_get_hash_net
0xffff8f9d6db56400 2   ~_64/nfqws:43385 sch_direct_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_skb_list
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_skb
0xffff8f9d6db56400 2   ~_64/nfqws:43385 netif_skb_features
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_network_protocol
0xffff8f9d6db56400 2   ~_64/nfqws:43385 validate_xmit_xfrm
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_hard_start_xmit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 dev_queue_xmit_nit
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_clone
0xffff8f9d6db56400 2   ~_64/nfqws:43385 tpacket_rcv
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_pull
0xffff8f9d6db56400 2   ~_64/nfqws:43385 tpacket_get_timestamp
0xffff8f9d6db56400 2   ~_64/nfqws:43385 vlan_get_protocol_dgram
0xffff8f9d6db56400 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d6db56400 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d6db56400 2   ~_64/nfqws:43385 skb_clone_tx_timestamp
0xffff8f9d6db56400 0   ~s_unbound:39569 napi_consume_skb
0xffff8f9d6db56400 0   ~s_unbound:39569 skb_release_head_state
0xffff8f9d6db56400 0   ~s_unbound:39569 sock_wfree
0xffff8f9d6db56400 0   ~s_unbound:39569 skb_release_data
0xffff8f9d501d0000 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d6db56400 0   ~s_unbound:39569 skb_free_head
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d6db56400 0   ~s_unbound:39569 napi_skb_cache_put
0xffff8f9d501d0000 2   ~_64/nfqws:43385 tcp_wfree
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d501d0000 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d501d0000 1   <empty>:0        __skb_clone
0xffff8f9d501d0000 1   <empty>:0        __copy_skb_header
0xffff8f9d501d0000 1   <empty>:0        ip_local_out
0xffff8f9d501d0000 1   <empty>:0        __ip_local_out
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        ip_output
0xffff8f9d501d0000 1   <empty>:0        nf_hook_slow
0xffff8f9d501d0000 1   <empty>:0        nf_queue
0xffff8f9d501d0000 1   <empty>:0        skb_checksum_help
0xffff8f9d501d0000 1   <empty>:0        skb_ensure_writable
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 ip_output
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 nf_hook_slow
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 ip_finish_output
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 __ip_finish_output
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 ip_finish_output2
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 __dev_queue_xmit
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 netdev_core_pick_tx
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 dev_qdisc_enqueue
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 __skb_get_hash_net
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 sch_direct_xmit
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 validate_xmit_skb_list
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 validate_xmit_skb
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 netif_skb_features
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_network_protocol
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 validate_xmit_xfrm
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 dev_hard_start_xmit
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 dev_queue_xmit_nit
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_clone
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 tpacket_rcv
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_pull
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 tpacket_get_timestamp
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 vlan_get_protocol_dgram
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d6db55c00 2   ~_64/nfqws:43385 skb_clone_tx_timestamp
0xffff8f9d501d0000 2   ~_64/nfqws:43385 sk_skb_reason_drop
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_head_state
0xffff8f9d501d0000 2   ~_64/nfqws:43385 tcp_wfree
0xffff8f9d501d0000 2   ~_64/nfqws:43385 skb_release_data
0xffff8f9d501d0000 2   ~_64/nfqws:43385 kfree_skbmem
0xffff8f9d6db55c00 0   <empty>:0        napi_consume_skb
0xffff8f9d6db55c00 0   <empty>:0        skb_release_head_state
0xffff8f9d6db55c00 0   <empty>:0        sock_wfree
0xffff8f9d6db55c00 0   <empty>:0        skb_release_data
0xffff8f9d6db55c00 0   <empty>:0        skb_free_head
0xffff8f9d6db55c00 0   <empty>:0        napi_skb_cache_put
bol-van commented 4 weeks ago

syndata doesnt work with all servers some ddos protection systems may filter unusual packets

darkblaze69 commented 3 weeks ago

More specifically it's https://secure.gravatar.com. If there's no nfqws fault, it can be closed.