fix: accept empty tcp payload in first check

2025-12-16 16:57:08 +00:00 · 2025-11-22 23:11:47 +08:00 · 2025-11-22 23:11:47 +08:00 · 83235a79ff
commit 83235a79ff
parent f697c9f67f
2 changed files with 2 additions and 6 deletions
--- a/src/internal/rewrite/packet.go
+++ b/src/internal/rewrite/packet.go
@ -117,11 +117,6 @@ func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr strin

 // RewriteTCP rewrites the TCP packet's User-Agent if applicable
 func (r *Rewriter) RewriteTCP(tcp *layers.TCP, srcAddr, dstAddr string) *RewriteResult {
-	if len(tcp.Payload) == 0 {
-		log.LogDebugWithAddr(srcAddr, dstAddr, "TCP payload is empty")
-		return &RewriteResult{Modified: false}
-	}
-
 	hasUA, modified := r.RewritePacketUserAgent(tcp.Payload, srcAddr, dstAddr)
 	return &RewriteResult{
 		Modified: modified,
--- a/src/internal/server/nfqueue/nfqueue_linux.go
+++ b/src/internal/server/nfqueue/nfqueue_linux.go
@ -73,7 +73,7 @@ func (s *Server) Close() (err error) {

 // handlePacket processes a single NFQUEUE packet
 func (s *Server) handlePacket(packet *netfilter.Packet) {
-	if s.Cfg.RewriteMode == config.RewriteModeDirect || packet.TCP == nil {
+	if s.Cfg.RewriteMode == config.RewriteModeDirect || packet.TCP == nil || len(packet.TCP.Payload) == 0 {
 		_ = s.nfqServer.Nf.SetVerdict(*packet.A.PacketID, nfq.NfAccept)
 		return
 	}
@ -154,6 +154,7 @@ func (s *Server) getNextMark(packet *netfilter.Packet, result *rewrite.RewriteRe
 	}

 	if mark == s.SniffCtMarkUpper {
+		slog.Debug("Connmark reached upper limit, marking as NotHTTP", slog.String("SrcAddr", packet.SrcAddr), slog.String("DstAddr", packet.DstAddr))
 		s.Cache.Add(packet.DstAddr, struct{}{})
 		return true, s.NotHTTPCtMark
 	}