Dpi: Enable ipv6 and quic.
This commit is contained in:
parent
a978a1e2c0
commit
0029f02e50
SSH key fingerprint:
SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
|
|
@ -67,14 +67,14 @@ in
|
||||||
udpPorts = lib.concatStringsSep "," cfg.udpPorts;
|
udpPorts = lib.concatStringsSep "," cfg.udpPorts;
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
iptables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
ip46tables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
||||||
''
|
''
|
||||||
+ lib.optionalString (cfg.httpSupport) ''
|
+ lib.optionalString (cfg.httpSupport) ''
|
||||||
iptables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
ip46tables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
||||||
''
|
''
|
||||||
+ lib.optionalString (cfg.udpSupport) ''
|
+ lib.optionalString (cfg.udpSupport) ''
|
||||||
iptables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
ip46tables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -22,16 +22,17 @@
|
||||||
};
|
};
|
||||||
dpi.bypass = {
|
dpi.bypass = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
udpSupport = true;
|
||||||
params = [
|
params = [
|
||||||
"--dpi-desync=fake,disorder2"
|
"--dpi-desync=fake,disorder2"
|
||||||
|
|
||||||
"--dpi-desync-ttl=1"
|
"--dpi-desync-ttl=1"
|
||||||
"--dpi-desync-autottl=2"
|
"--dpi-desync-autottl=2"
|
||||||
|
|
||||||
# "--dpi-desync-ttl6=1"
|
"--dpi-desync-ttl6=1"
|
||||||
# "--dpi-desync-autottl6=2"
|
"--dpi-desync-autottl6=2"
|
||||||
|
|
||||||
# "--dpi-desync-any-protocol"
|
"--dpi-desync-any-protocol"
|
||||||
];
|
];
|
||||||
whitelist = [
|
whitelist = [
|
||||||
"youtube.com"
|
"youtube.com"
|
||||||
|
|
@ -44,6 +45,9 @@
|
||||||
"t-ru.org"
|
"t-ru.org"
|
||||||
"medium.com"
|
"medium.com"
|
||||||
];
|
];
|
||||||
|
udpPorts = [
|
||||||
|
"443"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
amd = {
|
amd = {
|
||||||
cpu.enable = true;
|
cpu.enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue