This option replaces built-in fake packets with the user-supplied
ones, could be used multiple times (up to 30).
Each fake packet loaded with this option is sent in command
line order, every time (on each TLS ClientHello or HTTP GET/POST).
Auto-ttl gives many false positives in TTL detection, which breaks non-blocked websites.
Use the combination of wrong-seq and wrong-chksum and hope to the best.
Also block QUIC to workaround possible throttling, as right now it is not dissected.
-8 is -7 with added --wrong-seq, it sends two subsequent fake packets, one with
incorrect sequence, and another one with incorrect checksum.
-9 is -8 with QUIC block.
It has been reported that the DPI systems in Saudi Arabia and
United Arab Emirates are started to search for the beginning of
SNI extension header and its value, without parsing the TLS ClientHello
packet, in any part of TCP session.
Workaround the issue by splitting the packet right after the end
of extension headers and before its value.
https://ntc.party/t/goodbyedpi-in-saudi-arabia/7884https://ntc.party/t/goodbyedpi-in-uae/7914
This option excludes TCP packets with the data payload larger than
defined value from being copied by WinDivert driver to GoodbyeDPI.
As most of HTTP and TLS ClientHello packets are repatively small,
and file transfers are usually big and are sent/received using
the whole available MTU/MSS, we can just exclude them from
being processed by our userspace program to reduce unnecessary
CPU load.
This option is added specially for protonmail.com, as it sends
low Window Size in SYN-ACK for requests from Russia, to force
the client to fragment the packet. GoodbyeDPI doesn't do reassembling
and can't extract SNI in this case, thus won't circumvent the
censorship if --blacklist option is used.
This patchset adds maximum TTL size of the fake packet to be sent,
to further improve compatibility with asymmertic routing and
non-standard TTL value set on servers.
