him411/UA3F
1
0
Fork 0
mirror of https://github.com/SunBK201/UA3F.git synced 2025-12-16 16:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: replace netfilter reset tcp option timestamp with nfqueue way

Browse Source
This commit is contained in:
SunBK201 2025-11-23 15:53:32 +08:00
parent 43d95183d9
commit 82c9d7ebc8
2 changed files with 10 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal/server/netlink/iptables.go
View File

@ -87,12 +87,7 @@ func (s *Server) IptSetTTL(ipt *iptables.IPTables) error {
}
func (s *Server) IptDelTCPTS(ipt *iptables.IPTables) error {
err := ipt.Append(table, chain, RuleRstTimestamp...)
if err == nil {
return nil
}
err = ipt.Append(table, chain, RuleDelTCPTS...)
err := ipt.Append(table, chain, RuleDelTCPTS...)
if err != nil {
return err
}

15
src/internal/server/netlink/nftables.go
View File

@ -83,15 +83,6 @@ func (s *Server) NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table)
}
tx.Add(chain)
var rule *knftables.Rule
if resetOptionAvailable() {
rule = &knftables.Rule{
Chain: chain.Name,
Rule: knftables.Concat(
"tcp option timestamp exists",
"counter reset tcp option timestamp",
),
}
} else {
rule = &knftables.Rule{
Chain: chain.Name,
Rule: knftables.Concat(
@ -99,7 +90,6 @@ func (s *Server) NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table)
fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
),
}
}
tx.Add(rule)
}
@ -122,7 +112,8 @@ func (s *Server) NftSetIP(tx *knftables.Transaction, table *knftables.Table) {
tx.Add(rule)
}
func resetOptionAvailable() bool {
// unused currently
func ResetOptionAvailable() bool {
const TestName = "UA3F_TEST_RESET"
table := &knftables.Table{
Name: TestName,
@ -130,7 +121,7 @@ func resetOptionAvailable() bool {
}
nft, err := knftables.New(table.Family, table.Name)
if err != nil {
slog.Error("resetOptionAvailable knftables.New", slog.Any("error", err))
slog.Error("ResetOptionAvailable knftables.New", slog.Any("error", err))
return false
}
tx := nft.NewTransaction()