由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
| #!/bin/bash | |
| sudo add-apt-repository ppa:chris-lea/libsodium; | |
| sudo echo "deb http://ppa.launchpad.net/chris-lea/libsodium/ubuntu trusty main" >> /etc/apt/sources.list; | |
| sudo echo "deb-src http://ppa.launchpad.net/chris-lea/libsodium/ubuntu trusty main" >> /etc/apt/sources.list; | |
| sudo apt-get update && sudo apt-get install libsodium-dev; |
| 此API KEY为 Weico.Android 的API。复制后粘贴到BL的自定义API对话框的任意一个框框内即可(开头结尾不要带空格之类的,如果没反应,尝试将光标移到最后删除最后的不可见字符) | |
| SSMjExMTYwNjc5OjoxZTZlMzNkYjA4ZjkxOTIzMDZjNGFmYTBhNjFhZDU2Yzo6aHR0cDovL29hdXRoLndlaWNvLmNjOjplbWFpbCxkaXJlY3RfbWVzc2FnZXNfcmVhZCxkaXJlY3RfbWVzc2FnZXNfd3JpdGUsZnJpZW5kc2hpcHNfZ3JvdXBzX3JlYWQsZnJpZW5kc2hpcHNfZ3JvdXBzX3dyaXRlLHN0YXR1c2VzX3RvX21lX3JlYWQsZm9sbG93X2FwcF9vZmZpY2lhbF9taWNyb2Jsb2csaW52aXRhdGlvbl93cml0ZTo6Y29tLmVpY28ud2VpY286OkVFEE |
| /* | |
| * Copyright 2012 Marco Martin <mart@kde.org> | |
| * | |
| * This program is free software; you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation; either version 2 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, | |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| #!/bin/sh | |
| mkdir -p ~/.vim/syntax/ | |
| cd ~/.vim/syntax/ | |
| wget http://www.vim.org/scripts/download_script.php?src_id=19394 | |
| mv download_script.php\?src_id\=19394 nginx.vim | |
| cat > ~/.vim/filetype.vim <<EOF | |
| au BufRead,BufNewFile /etc/nginx/*,/usr/local/nginx/conf/* if &ft == '' | setfiletype nginx | endif | |
| EOF |
| #!/usr/bin/python3 | |
| import os | |
| def allrepofiles(): | |
| repo = '/var/lib/pacman/local' | |
| files = set() | |
| for dirpath, dirnames, filenames in os.walk(repo): | |
| for file in filenames: | |
| if file != 'files': |
| To enable window.gc() on Chrome browser console you just need to start Chrome like this: | |
| > /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --js-flags="--expose-gc" --enable-memory-info | |
| Those flags enable the following console API, very usefull to debug memory leaks: | |
| > console.memory // print memory information | |
| > window.gc() // force garbage collection |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>IndexedDB onbeforeunload Test</title> | |
| <script src="http://cdnjs.cloudflare.com/ajax/libs/idbwrapper/1.4.1/idbstore.min.js"></script> | |
| <script> | |
| var idb, i; | |
| var testData1 = []; | |
| var testData2 = []; | |
| var testData3 = []; |
| public void copyFileOrDir(String path) { | |
| AssetManager assetManager = this.getAssets(); | |
| String assets[] = null; | |
| try { | |
| assets = assetManager.list(path); | |
| if (assets.length == 0) { | |
| copyFile(path); | |
| } else { | |
| String fullPath = "/data/data/" + this.getPackageName() + "/" + path; | |
| File dir = new File(fullPath); |
| comment_char % | |
| escape_char / | |
| % This file is part of the GNU C Library and contains locale data. | |
| % The Free Software Foundation does not claim any copyright interest | |
| % in the locale data contained in this file. The foregoing does not | |
| % affect the license of the GNU C Library as a whole. It does not | |
| % exempt you from the conditions of the license if your use would | |
| % otherwise be governed by that license. |
