Dpi: Enable ipv6 and quic.

2024-12-30 08:08:13 +03:00 · 2024-12-30 08:08:13 +03:00 · 0029f02e50
parent a978a1e2c0
commit 0029f02e50
2 changed files with 13 additions and 9 deletions
--- a/config/Dpi.nix
+++ b/config/Dpi.nix
@ -67,13 +67,13 @@ in
            udpPorts = lib.concatStringsSep "," cfg.udpPorts;
          in
          ''
-            					iptables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
+            ip46tables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
            ''
          + lib.optionalString (cfg.httpSupport) ''
-            					iptables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
+            ip46tables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
            ''
          + lib.optionalString (cfg.udpSupport) ''
-            					iptables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
+            ip46tables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
            '';
      })
    ]
--- a/host/x86_64-linux/home/default.nix
+++ b/host/x86_64-linux/home/default.nix
@ -22,16 +22,17 @@
    };
    dpi.bypass = {
      enable = true;
+      udpSupport = true;
      params = [
        "--dpi-desync=fake,disorder2"

        "--dpi-desync-ttl=1"
        "--dpi-desync-autottl=2"

-        # "--dpi-desync-ttl6=1"
-        # "--dpi-desync-autottl6=2"
+        "--dpi-desync-ttl6=1"
+        "--dpi-desync-autottl6=2"

-        # "--dpi-desync-any-protocol"
+        "--dpi-desync-any-protocol"
      ];
      whitelist = [
        "youtube.com"
@ -44,6 +45,9 @@
        "t-ru.org"
        "medium.com"
      ];
+      udpPorts = [
+        "443"
+      ];
    };
    amd = {
      cpu.enable = true;