Release candidate 3.

Bugfixes:

• Fix crash due to missing second parameter in fake_load_random function

Known bugs:

• Blacklist option may inconsistently work with Kyber enabled, but should at least work fine without blacklist now. See #330

Обход замедления YouTube в России

The -2 version have been repackaged. It is the same release as goodbyedpi-0.2.3rc3.zip, the only difference is in YouTube .cmd files.

Release candidate 2.

Bugfixes:

• Print human-readable WinDivert error messages
• Ignore all RSTs with -p
• Allow to add the whole root zones into blacklist. Fixes #564.
• Many other small fixes and typos correction

New features:

• --fake-from-hex option: load Fake Packet from HEX data
• --fake-gen option: generate random-filled Fake Packets
• --fake-resend option: repeat sending each fake packet number of times

Packaging:

• Added YOUTUBE scripts for Russia (regular and service)
• Added stopping and deleting WinDivert14 service in service_remove.cmd
• Added more domains to youtube-blacklist

Known bugs:

• Blacklist option may inconsistently work with Kyber enabled, but should at least work fine without blacklist now. See #330

Обход замедления YouTube в России

Release candidate 1.

Bugfixes:

• Switch to WinDivert 2.2.0-D
• Disable auto-ttl if set-ttl has been used after auto-ttl
• Print correct set-ttl/auto-ttl mode in the status
• Handle TLSv1.2 record version handshakes (16 03 03). #353
• Make ClientHello ignore --max-payload limits

New features:

• Fragment packet by the beginning of SNI value. #357
• New option: -q - block QUIC/HTTP3
• New mode: -7 (As -6 but with wrong chksum)
• New modes: -8 and -9 (wrong chksum + wrong seq + block quic)
• Make mode -9 the default, instead of -5

Packaging:

• Update .cmd scripts to use -9 mode
• Replace domain in Russian list update script

Known bugs:

• Blacklist option may inconsistently work with Kyber enabled, but should at least work fine without blacklist now. See #330

Обход замедления YouTube в России

The -2 version have been repackaged. It is the same release as goodbyedpi-0.2.3rc1.zip, the only difference is in Russian .cmd files (add youtube).

Bugfix release:

• Document forgotten --max-payload in -5 and -6 modes
• Allow setting --max-payload to zero
• Fix optional parameter parser in service mode
• Handle "0" in domain names (SNI)
• Fix --set-ttl when used with --min-ttl

Known bugs:

• --set-ttl after --auto-ttl does not work (does not disable auto-ttl) despite Fake requests, TTL: fixed in the status line (since v0.2.0)
• Not really a bug, but anyway: --max-payload 1200 would skip HTTP request block circumvention if the payload is large (if there's a lot of cookies for example).

Обход замедления YouTube в России

Quick bugfix for the domain names which contain hyphen (-), which were not processed correctly in v0.2.0.

Known bugs:

• -5 and -6 modes activate --max-payload, but it's not mentioned in the help message.

New features:

• Better Auto TTL adjusting algorithm which honors short distance: auto-ttl is now a range, not a fixed decrement value (see e25d743)
• Fake Packet TTL now has upper limit in Auto TTL mode, to fix destinations with slightly bigger TTL increased from standard values
• New --min-ttl option which prevents Fake TTL Packet in --set-ttl mode from being sent if TTL distance is lower than the defined value
• New --allow-no-sni option. Useful to process the packet with --blacklist option, when SNI can't be detected for any reason (more info: cc1676a)
• Max Payload Size limit option (--max-payload) to reduce large download/upload CPU consumption (more info: d7c681d)

This release also has small bug fixes.

-5 and -6 modes now use --max-payload=1200 by default.

Known bugs:

• When --blacklist is used, domain names which contain hyphen (-) are not considered as blocked even if they are in the blacklist.
  If --blacklist is used in combination with --allow-no-sni, TLS circumvention techniques are applied to all domains with hyphen (even not in blacklist).
• -5 and -6 modes activate --max-payload, but it's not mentioned in the help message.

Try the new -5 mode, which is default now when you start the program without options. It should work on overwhelming majority of DPI systems out of the box.

New censorship circumvention method:

• Fake Packet with wrong SEQ/ACK numbers (--wrong-seq)

New features:

• --blacklist option now also applies to TLS (HTTPS websites)
• Automatic TTL value picker for set-ttl Fake Packet mode (--auto-ttl) ← very convenient
• New modern mode sets (more stable, more compatible, faster): -5 (now default) with native reversed fragmentation and fake packet auto-ttl, and -6 with wrong-seq instead of auto-ttl.

Other changes:

• Fake Packet mode (--set-ttl, --wrong-chksum, --wrong-seq) now applies each method to each packet separately, and doesn't combine all methods for a single packet.

New feature: --native-frag non-Window-Size TCP segmentation and it's companion --reverse-frag, which sends segments in the reverse order to workaround TLS terminators issues with fragmented packets.
This is faster and more compatible than using Window Size shrinking.

Bugfix: Fix fake packet handling without other modifying parameters (#150)

New feature: Fake Packet Mode, activate with --set-ttl and --wrong-chksum options.
This feature is surprisingly effective against many DPI systems.

Known bugs: fake HTTP packets are not getting sent if only Fake Packet Mode is activated, without any other HTTP options (#150)

• Change: Add version number into greeting message
• Change: Use newlines for current options information