feat: add flow offloading warnings for TCP Desync and NFQUEUE modes

2025-12-16 16:57:08 +00:00 · 2025-12-03 20:57:50 +08:00 · 2025-12-03 20:57:50 +08:00 · 65e7e786cf
commit 65e7e786cf
parent 462727b5e8
4 changed files with 39 additions and 2 deletions
--- a/openwrt/files/luci/model/cbi/ua3f/desync.lua
+++ b/openwrt/files/luci/model/cbi/ua3f/desync.lua
@ -24,6 +24,18 @@ function M.add_desync_fields(section)
        end
    end

+    if utils.offloading_enabled() then
+        local offloading_warning = section:taboption("desync", DummyValue, "_desync_offloading_warning", " ")
+        offloading_warning.rawhtml = true
+        offloading_warning:depends("desync_enabled", 1)
+        function offloading_warning.cfgvalue(self, section)
+            return "<strong style='color:red;'>" ..
+                translate(
+                    "Flow Offloading is enabled in firewall settings, it may cause TCP Desync to not work properly") ..
+                "</strong>"
+        end
+    end
+
    -- CT Byte Setting
    local ct_byte = section:taboption("desync", Value, "desync_ct_bytes", translate("Desync Bytes"))
    ct_byte.placeholder = "1500"
--- a/openwrt/files/luci/model/cbi/ua3f/general.lua
+++ b/openwrt/files/luci/model/cbi/ua3f/general.lua
@ -40,6 +40,18 @@ function M.add_general_fields(section)
        end
    end

+    if utils.offloading_enabled() then
+        local offloading_warning = section:taboption("general", DummyValue, "_offloading_warning", " ")
+        offloading_warning.rawhtml = true
+        offloading_warning:depends("server_mode", "NFQUEUE")
+        function offloading_warning.cfgvalue(self, section)
+            return "<strong style='color:red;'>" ..
+                translate(
+                "Flow Offloading is enabled in firewall settings, it may cause NFQUEUE mode to not work properly") ..
+                "</strong>"
+        end
+    end
+
    -- Bind Address
    local bind = section:taboption("general", Value, "bind", translate("Bind Address"))
    bind:value("127.0.0.1")
--- a/openwrt/files/luci/model/cbi/ua3f/utils.lua
+++ b/openwrt/files/luci/model/cbi/ua3f/utils.lua
@ -18,4 +18,11 @@ function M.tproxy_exists()
    return opkg or apk
 end

+function M.offloading_enabled()
+    -- uci get firewall.@defaults[0].flow_offloading
+    local uci = require("luci.model.uci").cursor()
+    local flow_offloading = uci:get("firewall", "@defaults[0]", "flow_offloading")
+    return flow_offloading == "1"
+end
+
 return M
--- a/openwrt/po/zh_cn/ua3f.po
+++ b/openwrt/po/zh_cn/ua3f.po
@ -294,10 +294,16 @@ msgid "Number of packets for fragmented random emission"
 msgstr "乱序发射的数据包数，谨慎设置过大"

 msgid "Enable TCP Desynchronization to evade DPI"
-msgstr "启用 TCP 分片乱序发射，可以用于规避 DPI 检测"
+msgstr "启用 TCP 分片乱序发射，用于对抗 DPI 检测"

 msgid "Recommend install kmod-nft-tproxy package for TPROXY mode"
 msgstr "建议安装 kmod-nft-tproxy 软件包以增强兼容性"

 msgid "Recommend install kmod-nft-queue package for NFQUEUE mode"
 msgstr "建议安装 kmod-nft-queue 软件包以增强兼容性"
+
+msgid "Flow Offloading is enabled in firewall settings, it may cause NFQUEUE mode to not work properly"
+msgstr "防火墙设置中启用了流量卸载，可能导致 NFQUEUE 模式无法正常工作"
+
+msgid "Flow Offloading is enabled in firewall settings, it may cause TCP Desync to not work properly"
+msgstr "防火墙设置中启用了流量卸载，可能导致 TCP Desync 无法正常工作"