extend wait range

2026-01-07 19:04:49 +00:00 · 2021-05-06 14:57:06 +08:00 · 2021-05-06 14:57:06 +08:00 · ec4366356b
commit ec4366356b
parent 3951e25d64
3 changed files with 9 additions and 43 deletions
--- a/4
+++ b/4
@ -1,9 +1,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=UA2F
-PKG_VERSION:=3.2
+PKG_VERSION:=3.3

-PKG_RELEASE:=6
+PKG_RELEASE:=7


 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
--- a/README.md
+++ b/README.md
@ -28,9 +28,9 @@ iptables -t mangle -A ua2f -d 127.0.0.0/8 -j RETURN
 iptables -t mangle -A ua2f -d 192.168.0.0/16 -j RETURN # 不处理流向保留地址的包
 iptables -t mangle -A ua2f -p tcp --dport 443 -j RETURN
 iptables -t mangle -A ua2f -p tcp --dport 22 -j RETURN # 不处理 SSH 和 https
-iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 24
+iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 54
+iptables -t mangle -A ua2f -m connmark --mark 53 -j RETURN # 不处理标记为非 http 的流 (实验性)
 iptables -t mangle -A ua2f -m set --set nohttp dst,dst -j RETURN
-iptables -t mangle -A ua2f -m connmark --mark 23 -j RETURN # 不处理标记为非 http 的流 (实验性)
 iptables -t mangle -A ua2f -j NFQUEUE --queue-num 10010

 iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir ORIGINAL -j ua2f
--- a/src/ua2f.c
+++ b/src/ua2f.c
@ -75,40 +75,6 @@ static int parse_attrs(const struct nlattr *attr, void *data) {
    return MNL_CB_OK;
 }

-// static bool http_sign_check(bool firstcheck, unsigned int tcplen, unsigned char *tcppayload);
-
-//static int probe_http_method(const char *p, const char *opt) {
-//    return !strncmp(p, opt, strlen(opt));
-//}
-//
-//static bool http_judge(char *tcppayload, unsigned int tcplen) {
-//
-//    if (tcplen <= 12) {
-//        return false;
-//    }
-//
-//    if (memmem(tcppayload, tcplen, "HTTP", 4)) {
-//        return true;
-//    }
-//
-//#define PROBE_HTTP_METHOD(option) if(probe_http_method(tcppayload, option)) {http1_0count++; return true;}
-//
-//    /* Otherwise it could be HTTP/1.0 without version: check if it's got an
-//     * HTTP method (RFC2616 5.1.1) */
-//    PROBE_HTTP_METHOD("GET ")
-//    PROBE_HTTP_METHOD("POST ")
-//    PROBE_HTTP_METHOD("OPTIONS ")
-//    PROBE_HTTP_METHOD("HEAD ")
-//    PROBE_HTTP_METHOD("PUT ")
-//    PROBE_HTTP_METHOD("DELETE ")
-//    PROBE_HTTP_METHOD("TRACE ")
-//    PROBE_HTTP_METHOD("CONNECT ")
-//
-//#undef PROBE_HTTP_METHOD
-//
-//    return false;
-//}
-
 static void
 nfq_send_verdict(int queue_num, uint32_t id, struct pkt_buff *pktb, uint32_t mark, bool noUA,
                 char addcmd[50]) { // http mark = 24, ukn mark = 16-20, no http mark = 23
@ -139,17 +105,17 @@ nfq_send_verdict(int queue_num, uint32_t id, struct pkt_buff *pktb, uint32_t mar
            mnl_attr_nest_end(nlh, nest);
        }

-        if (mark >= 16 && mark <= 20) {
+        if (mark >= 16 && mark <= 40) {
            setmark = mark + 1;
            nest = mnl_attr_nest_start(nlh, NFQA_CT);
            mnl_attr_put_u32(nlh, CTA_MARK, htonl(setmark));
            mnl_attr_nest_end(nlh, nest);
        }

-        if (mark == 21) { // 21 统计确定此连接为非http连接
+        if (mark == 41) { // 21 统计确定此连接为不含UA连接

            nest = mnl_attr_nest_start(nlh, NFQA_CT);
-            mnl_attr_put_u32(nlh, CTA_MARK, htonl(23));
+            mnl_attr_put_u32(nlh, CTA_MARK, htonl(43));
            mnl_attr_nest_end(nlh, nest); // 加 CONNMARK

            ipset_parse_line(Pipset, addcmd); //加 ipset 标记
@ -157,9 +123,9 @@ nfq_send_verdict(int queue_num, uint32_t id, struct pkt_buff *pktb, uint32_t mar
            noUAmark++;
        }
    } else {
-        if (mark != 24) {
+        if (mark != 44) {
            nest = mnl_attr_nest_start(nlh, NFQA_CT);
-            mnl_attr_put_u32(nlh, CTA_MARK, htonl(24));
+            mnl_attr_put_u32(nlh, CTA_MARK, htonl(44));
            mnl_attr_nest_end(nlh, nest);
            UAmark++;
        }