reverse regex patterns

README.md

@@ -71,6 +71,8 @@ Usage: spoof-dpi [options...]
         disable banner
   -pattern value
         bypass DPI only on packets matching this regex pattern; can be given multiple times
+  -antipattern value
+        never bypass DPI on packets matching this regex pattern; can be given multiple times
   -port int
         port (default 8080)
   -system-proxy

_docs/README_ja.md

@@ -68,6 +68,8 @@ Usage: spoof-dpi [options...]
         disable banner
   -pattern value
         bypass DPI only on packets matching this regex pattern; can be given multiple times
+  -antipattern value
+        never bypass DPI on packets matching this regex pattern; can be given multiple times
   -port int
         port (default 8080)
   -system-proxy

_docs/README_ko.md

@@ -66,6 +66,8 @@ Usage: spoof-dpi [options...]
         disable banner
   -pattern value
         bypass DPI only on packets matching this regex pattern; can be given multiple times
+  -antipattern value
+        never bypass DPI on packets matching this regex pattern; can be given multiple times
   -port int
         port (default 8080)
   -system-proxy

_docs/README_ru.md

@@ -70,6 +70,8 @@ Usage: spoof-dpi [опции...]
         disable banner
   -pattern value
         bypass DPI only on packets matching this regex pattern; can be given multiple times
+  -antipattern value
+        never bypass DPI on packets matching this regex pattern; can be given multiple times
   -port int
         port (default 8080)
   -system-proxy

_docs/README_zh-cn.md

@@ -75,6 +75,8 @@ Usage: spoof-dpi [options...]
         disable banner
   -pattern value
         bypass DPI only on packets matching this regex pattern; can be given multiple times
+  -antipattern value
+        never bypass DPI on packets matching this regex pattern; can be given multiple times
   -port int
         port (default 8080)
   -system-proxy

cmd/spoof-dpi/main.go

@@ -13,14 +13,14 @@ import (
 )
 
 func main() {
-  args := util.ParseArgs()
+	args := util.ParseArgs()
 	if *args.Version {
 		version.PrintVersion()
 		os.Exit(0)
 	}
 
 	config := util.GetConfig()
-  config.Load(args)
+	config.Load(args)
 
 	pxy := proxy.New(config)
 	if *config.Debug {

proxy/proxy.go

@@ -14,22 +14,24 @@ import (
 )
 
 type Proxy struct {
-	addr           string
-	port           int
-	timeout        int
-	resolver       *dns.DnsResolver
-	windowSize     int
-	allowedPattern []*regexp.Regexp
+	addr              string
+	port              int
+	timeout           int
+	resolver          *dns.DnsResolver
+	windowSize        int
+	allowedPattern    []*regexp.Regexp
+	disallowedPattern []*regexp.Regexp
 }
 
 func New(config *util.Config) *Proxy {
 	return &Proxy{
-		addr:           *config.Addr,
-		port:           *config.Port,
-		timeout:        *config.Timeout,
-		windowSize:     *config.WindowSize,
-		allowedPattern: config.AllowedPatterns,
-		resolver:       dns.NewResolver(config),
+		addr:              *config.Addr,
+		port:              *config.Port,
+		timeout:           *config.Timeout,
+		windowSize:        *config.WindowSize,
+		allowedPattern:    config.AllowedPatterns,
+		disallowedPattern: config.DisallowedPatterns,
+		resolver:          dns.NewResolver(config),
 	}
 }
 
@@ -48,6 +50,9 @@ func (pxy *Proxy) Start() {
 	if len(pxy.allowedPattern) > 0 {
 		log.Println("[PROXY] number of white-listed pattern:", len(pxy.allowedPattern))
 	}
+	if len(pxy.disallowedPattern) > 0 {
+		log.Println("[PROXY] number of black-listed pattern:", len(pxy.disallowedPattern))
+	}
 
 	for {
 		conn, err := l.Accept()
@@ -100,6 +105,14 @@ func (pxy *Proxy) Start() {
 }
 
 func (pxy *Proxy) patternMatches(bytes []byte) bool {
+	if pxy.disallowedPattern != nil {
+		for _, pattern := range pxy.disallowedPattern {
+			if pattern.Match(bytes) {
+				return false
+			}
+		}
+	}
+
 	if pxy.allowedPattern == nil {
 		return true
 	}

util/args.go

@@ -6,18 +6,19 @@ import (
 )
 
 type Args struct {
-	Addr           *string
-	Port           *int
-	DnsAddr        *string
-	DnsPort        *int
-	EnableDoh      *bool
-	Debug          *bool
-	NoBanner       *bool
-	SystemProxy    *bool
-	Timeout        *int
-	AllowedPattern *StringArray
-	WindowSize     *int
-	Version        *bool
+	Addr              *string
+	Port              *int
+	DnsAddr           *string
+	DnsPort           *int
+	EnableDoh         *bool
+	Debug             *bool
+	NoBanner          *bool
+	SystemProxy       *bool
+	Timeout           *int
+	AllowedPattern    *StringArray
+	DisallowedPattern *StringArray
+	WindowSize        *int
+	Version           *bool
 }
 
 type StringArray []string
@@ -47,7 +48,8 @@ try lower values if the default value doesn't bypass the DPI;
 when not given, the client hello packet will be sent in two parts:
 fragmentation for the first data packet and the rest
 `)
-  args.AllowedPattern = new(StringArray)
+	args.AllowedPattern = new(StringArray)
+	args.DisallowedPattern = new(StringArray)
 	args.Version = flag.Bool("v", false, "print spoof-dpi's version; this may contain some other relevant information")
 
 	flag.Var(
@@ -56,6 +58,12 @@ fragmentation for the first data packet and the rest
 		"bypass DPI only on packets matching this regex pattern; can be given multiple times",
 	)
 
+	flag.Var(
+		args.DisallowedPattern,
+		"antipattern",
+		"nevery bypass DPI on packets matching this regex pattern; can be given multiple times",
+	)
+
 	flag.Parse()
 
 	return args

util/config.go

@@ -9,17 +9,18 @@ import (
 )
 
 type Config struct {
-	Addr            *string
-	Port            *int
-	DnsAddr         *string
-	DnsPort         *int
-	EnableDoh       *bool
-	Debug           *bool
-	NoBanner        *bool
-	SystemProxy     *bool
-	Timeout         *int
-	WindowSize      *int
-	AllowedPatterns []*regexp.Regexp
+	Addr               *string
+	Port               *int
+	DnsAddr            *string
+	DnsPort            *int
+	EnableDoh          *bool
+	Debug              *bool
+	NoBanner           *bool
+	SystemProxy        *bool
+	Timeout            *int
+	WindowSize         *int
+	AllowedPatterns    []*regexp.Regexp
+	DisallowedPatterns []*regexp.Regexp
 }
 
 var config *Config
@@ -41,18 +42,19 @@ func (c *Config) Load(args *Args) {
 	c.NoBanner = args.NoBanner
 	c.SystemProxy = args.SystemProxy
 	c.Timeout = args.Timeout
-	c.AllowedPatterns = parseAllowedPattern(args.AllowedPattern)
+	c.AllowedPatterns = parsePattern(args.AllowedPattern)
+	c.DisallowedPatterns = parsePattern(args.DisallowedPattern)
 	c.WindowSize = args.WindowSize
 }
 
-func parseAllowedPattern(patterns *StringArray) []*regexp.Regexp {
-	var allowedPatterns []*regexp.Regexp
+func parsePattern(patterns *StringArray) []*regexp.Regexp {
+	var regexps []*regexp.Regexp
 
 	for _, pattern := range *patterns {
-		allowedPatterns = append(allowedPatterns, regexp.MustCompile(pattern))
+		regexps = append(regexps, regexp.MustCompile(pattern))
 	}
 
-	return allowedPatterns
+	return regexps
 }
 
 func PrintColoredBanner() {