Mikrotik WireGuard anti DPI

Mikrotik WireGuard anti DPI.md

Подправил скрипт @wiktorbgu:

• Скрипт добавляется по пути в меню System - Scripts с именем wg-antidpi, те можно пнуть скрипт когда угодно
• Сам прописывается в System - Scheduler при первом ручном запуске
• учтены правки из чата antifilter.network

# wg-antipdi traffic flood | by antifilter tg chat
# Enable traffic-gen: /system device-mode update traffic-gen=yes

# SCHEDULER
# warn if schedule does not exist and create it
:local scheduleName "wg-antidpi";
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
    /log warning "[wg-antidpi] Alert : Schedule does not exist. Creating schedule ...."
    /system scheduler add name=$scheduleName interval=5m start-time=startup on-event=wg-antidpi policy=read,write,policy,test,sniff,sensitive
    /log warning "[wg-antidpi] Alert : Schedule created!"
}

# MAIN PART
:global Tx
:global Rx
/interface wireguard peers
:foreach i in=[find where disabled=no and responder!=yes] do={
    :local LocalTx [get $i tx]
    :local LocalRx [get $i rx]
    :local LastHandshake [get $i last-handshake]
    :if (([:tostr $LastHandshake] = "") or (($LastHandshake > [:totime "2m20s"]) and ($Rx->[:tostr $i] = $LocalRx))) do={
        :local PeerName [get $i name]
        :local Interface [get $i interface]
        :local EndpointAddress [get $i endpoint-address]
        :local EndpointIP [get $i current-endpoint-address]
        :local DstPort [get $i current-endpoint-port]
        :local RawHeader [:rndstr length=4 from=123456789abcdef]
        
        #Reset source port
        /interface wireguard set $Interface listen-port=0
        :local SrcPort [/interface wireguard get $Interface listen-port]
        
        #Log peer info
        :log warning ("Peer: $PeerName, Interface: $Interface")
        :log warning ("Endpoint Address: $EndpointAddress, Endpoint IP: $EndpointIP")
        :log warning ("Src Port: $SrcPort, Dst Port: $DstPort, Last Handshake: $LastHandshake")
        :log warning ("Last Rx: " . $Rx->[:tostr $i] . ", Current Rx: $LocalRx")
        :log warning ("Last Tx: " . $Tx->[:tostr $i] . ", Current Tx: $LocalTx")
        
        #Disable peer
        :log warning ("Disable peer: $PeerName")
        set $i disabled=yes
        :delay 1
        
        #Generating spam
        :log warning ("Generating spam")
        /tool traffic-generator stream remove [find]
        /tool traffic-generator packet-template remove [find]
        :delay 1
        /tool traffic-generator packet-template add header-stack=mac,ip,udp,raw ip-dst=$EndpointIP name=packet-template-wg raw-header=$RawHeader special-footer=no udp-dst-port=$DstPort udp-src-port=$SrcPort
        :delay 1
        /tool traffic-generator stream add disabled=no mbps=1 name=stream1 id=3 packet-size=1450 pps=0 tx-template=packet-template-wg
        :delay 1
        /tool traffic-generator quick duration=4
        
        #Enable peer
        :log warning ("Enable peer: $PeerName")
        set $i disabled=no
    }
    :set ($Tx->[:tostr $i]) $LocalTx
    :set ($Rx->[:tostr $i]) $LocalRx
}

UI окно System - Scripts