fix: replace netfilter reset tcp option timestamp with nfqueue way

src/internal/server/netlink/iptables.go

@@ -87,12 +87,7 @@ func (s *Server) IptSetTTL(ipt *iptables.IPTables) error {
 }
 
 func (s *Server) IptDelTCPTS(ipt *iptables.IPTables) error {
-	err := ipt.Append(table, chain, RuleRstTimestamp...)
+	err := ipt.Append(table, chain, RuleDelTCPTS...)
-	if err == nil {
-		return nil
-	}
-
-	err = ipt.Append(table, chain, RuleDelTCPTS...)
 	if err != nil {
 		return err
 	}

src/internal/server/netlink/nftables.go

@@ -83,22 +83,12 @@ func (s *Server) NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table)
 	}
 	tx.Add(chain)
 	var rule *knftables.Rule
-	if resetOptionAvailable() {
+	rule = &knftables.Rule{
-		rule = &knftables.Rule{
+		Chain: chain.Name,
-			Chain: chain.Name,
+		Rule: knftables.Concat(
-			Rule: knftables.Concat(
+			"tcp flags syn",
-				"tcp option timestamp exists",
+			fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
-				"counter reset tcp option timestamp",
+		),
-			),
-		}
-	} else {
-		rule = &knftables.Rule{
-			Chain: chain.Name,
-			Rule: knftables.Concat(
-				"tcp flags syn",
-				fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
-			),
-		}
 	}
 	tx.Add(rule)
 }
@@ -122,7 +112,8 @@ func (s *Server) NftSetIP(tx *knftables.Transaction, table *knftables.Table) {
 	tx.Add(rule)
 }
 
-func resetOptionAvailable() bool {
+// unused currently
+func ResetOptionAvailable() bool {
 	const TestName = "UA3F_TEST_RESET"
 	table := &knftables.Table{
 		Name:   TestName,
@@ -130,7 +121,7 @@ func resetOptionAvailable() bool {
 	}
 	nft, err := knftables.New(table.Family, table.Name)
 	if err != nil {
-		slog.Error("resetOptionAvailable knftables.New", slog.Any("error", err))
+		slog.Error("ResetOptionAvailable knftables.New", slog.Any("error", err))
 		return false
 	}
 	tx := nft.NewTransaction()