Skip to content

Instantly share code, notes, and snippets.

View cicku's full-sized avatar

ᴄʜʀɪsᴛᴏᴘʜᴇʀ ᴍ cicku

View GitHub Profile
@cicku
cicku / cfv4.nft
Last active March 3, 2024 20:02
Cloudflare IP list with nftables
# https://www.cloudflare.com/ips-v4/
define cfv4 = {173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22}
#!/bin/bash -e
. /etc/makepkg.conf
PKGCACHE=$((grep -m 1 '^CacheDir' /etc/pacman.conf || echo 'CacheDir = /var/cache/pacman/pkg') | sed 's/CacheDir = //')
pkgdirs=("$@" "$PKGDEST" "$PKGCACHE")
while read -r -a parampart; do
pkgname="${parampart[0]}-${parampart[1]}-*.pkg.tar.{xz,zst}"
@cicku
cicku / NC.geojson
Created September 3, 2021 02:45
GeoJSON with multiple holes
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
# 规则配置仅供参考,适用于 Surge Mac (1.3.0) 及其后续版本;
# 包含 Proxy Group、URL Rewrite 特性;
# 包含 Reject 规则,用于拦截广告、行为分析、数据统计;
# 屏蔽 Hao123、百度搜索,放行百度地图、百度外卖、百度音乐、百度云盘、百度百科。
# Surge for Mac 简明指南 http://bit.ly/1TATRaG
[General]
# warning, notify, info, verbose
skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
loglevel = notify
@cicku
cicku / gist:f2f9830bbd0b129f65eb
Last active August 29, 2015 14:26 — forked from koelling/gist:ef9b2b9d0be6d6dbab63
CVE-2015-0235 (GHOST) test code
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
@cicku
cicku / Hosts.txt
Last active August 29, 2015 14:25 — forked from chockenberry/Hosts.txt
1.gravatar.com
127.0.0.1:9010
2003---el-oro-de-moscu-xvid-avi.foldforper7.appspot.com
a.tracker.thepiratebay.org
a2.l3-images.myspacecdn.com
a248.e.akamai.net
acyd-karpathicus.deviantart.com
ads.exoclick.com
agentoftrickery.deviantart.com
airinya.deviantart.com
@cicku
cicku / Naive-VPN.md
Last active July 13, 2016 06:01 — forked from klzgrad/Naive-VPN.md

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

@cicku
cicku / 00-README.txt
Last active August 29, 2015 14:13 — forked from klzgrad/00-README.txt
$ LD_PRELOAD=$PWD/sendmsg.so dig twitter.com @8.8.8.8
;; Warning: Message parser reports malformed message packet. <-- malformed 因为把压缩指针当作域名一部分了
;; Question section mismatch: got twitter.com/RESERVED0/CLASS256
; <<>> DiG 9.9.5-3-Ubuntu <<>> twitter.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44722
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
# To be added in ~/.profile or ~/.bashrc (or similars).
parse_git_branch() {
git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1) /'
}
export PS1="\h:\W \u\$(parse_git_branch)$ "