voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Dpi: Enable ipv6 and quic.

Browse source
This commit is contained in:
Dmitry Voronin 2024-12-30 08:08:13 +03:00
parent a978a1e2c0
commit 0029f02e50
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/Dpi.nix
View file

@ -67,14 +67,14 @@ in
udpPorts = lib.concatStringsSep "," cfg.udpPorts;
in
''
iptables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
''
ip46tables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
''
+ lib.optionalString (cfg.httpSupport) ''
iptables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
''
ip46tables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
''
+ lib.optionalString (cfg.udpSupport) ''
iptables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
'';
ip46tables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass
'';
})
]
);

10
host/x86_64-linux/home/default.nix
View file

@ -22,16 +22,17 @@
};
dpi.bypass = {
enable = true;
udpSupport = true;
params = [
"--dpi-desync=fake,disorder2"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
# "--dpi-desync-ttl6=1"
# "--dpi-desync-autottl6=2"
"--dpi-desync-ttl6=1"
"--dpi-desync-autottl6=2"
# "--dpi-desync-any-protocol"
"--dpi-desync-any-protocol"
];
whitelist = [
"youtube.com"
@ -44,6 +45,9 @@
"t-ru.org"
"medium.com"
];
udpPorts = [
"443"
];
};
amd = {
cpu.enable = true;