diff --git a/README.ja.md b/README.ja.md index 09f045b..64939e3 100644 --- a/README.ja.md +++ b/README.ja.md @@ -15,7 +15,7 @@ OpenGFW は、Linux 上の [GFW](https://en.wikipedia.org/wiki/Great_Firewall) ## 特徴 -- フルIP/TCP再アセンブル、各種プロトコルアナライザー +- フル IP/TCP 再アセンブル、各種プロトコルアナライザー - HTTP、TLS、DNS、SSH、その他多数 - Shadowsocks の"完全に暗号化されたトラフィック"の検出、 など。 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) @@ -99,6 +99,10 @@ workers: a: "0.0.0.0" aaaa: "::" expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"}) + +- name: block google socks + action: block + expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80 ``` #### サポートされるアクション diff --git a/README.md b/README.md index 83016c2..406a4f5 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,6 @@ [![License][1]][2] [1]: https://img.shields.io/badge/License-MPL_2.0-brightgreen.svg - [2]: LICENSE **[中文文档](README.zh.md)** @@ -21,11 +20,11 @@ Linux that's in many ways more powerful than the real thing. It's cyber sovereig ## Features - Full IP/TCP reassembly, various protocol analyzers - - HTTP, TLS, DNS, SSH, SOCKS5, and many more to come - - "Fully encrypted traffic" detection for Shadowsocks, - etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) - - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer) - - [WIP] Machine learning based traffic classification + - HTTP, TLS, DNS, SSH, SOCKS5, and many more to come + - "Fully encrypted traffic" detection for Shadowsocks, + etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) + - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer) + - [WIP] Machine learning based traffic classification - Full IPv4 and IPv6 support - Flow-based multicore load balancing - Connection offloading @@ -105,9 +104,9 @@ to [Expr Language Definition](https://expr-lang.org/docs/language-definition). aaaa: "::" expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"}) -- name: block google.com:80 via SOCKS5 +- name: block google socks action: block - expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80 + expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80 ``` #### Supported actions diff --git a/README.zh.md b/README.zh.md index 21f4753..1bf57fc 100644 --- a/README.zh.md +++ b/README.zh.md @@ -3,7 +3,6 @@ [![License][1]][2] [1]: https://img.shields.io/badge/License-MPL_2.0-brightgreen.svg - [2]: LICENSE OpenGFW 是一个 Linux 上灵活、易用、开源的 [GFW](https://zh.wikipedia.org/wiki/%E9%98%B2%E7%81%AB%E9%95%BF%E5%9F%8E) @@ -18,10 +17,10 @@ OpenGFW 是一个 Linux 上灵活、易用、开源的 [GFW](https://zh.wikipedi ## 功能 - 完整的 IP/TCP 重组,各种协议解析器 - - HTTP, TLS, DNS, SSH, SOCKS5, 更多协议正在开发中 - - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) - - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer) - - [开发中] 基于机器学习的流量分类 + - HTTP, TLS, DNS, SSH, SOCKS5, 更多协议正在开发中 + - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) + - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer) + - [开发中] 基于机器学习的流量分类 - 同等支持 IPv4 和 IPv6 - 基于流的多核负载均衡 - 连接 offloading @@ -100,9 +99,9 @@ workers: aaaa: "::" expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"}) -- name: block google.com:80 via SOCKS5 +- name: block google socks action: block - expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80 + expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80 ``` #### 支持的 action