gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfqws2: reduce default retrans maxseq to 32768, adjust config

Browse Source
This commit is contained in:
bol-van
2025-12-12 23:28:37 +03:00
parent 053556fe2d
commit 7ce0b4a996
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
config.default
View File

@@ -26,8 +26,10 @@ IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist # options for auto hostlist
# NOTE : in order for these adjustment to work it's required to redirect enough starting packets
# NOTE : set PKT_IN, PKT_OUT variables appropriately
AUTOHOSTLIST_INCOMING_MAXSEQ=4096 AUTOHOSTLIST_INCOMING_MAXSEQ=4096
AUTOHOSTLIST_RETRANS_MAXSEQ=65536 AUTOHOSTLIST_RETRANS_MAXSEQ=32768
AUTOHOSTLIST_RETRANS_THRESHOLD=3 AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3 AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60 AUTOHOSTLIST_FAIL_TIME=60
@@ -64,11 +66,10 @@ NFQWS2_PORTS_TCP=80,443
NFQWS2_PORTS_UDP=443 NFQWS2_PORTS_UDP=443
# PKT_OUT means connbytes dir original # PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply # PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU. NFQWS2_TCP_PKT_OUT=20
NFQWS2_TCP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD)) NFQWS2_TCP_PKT_IN=10
NFQWS2_TCP_PKT_IN=3 NFQWS2_UDP_PKT_OUT=5
NFQWS2_UDP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD)) NFQWS2_UDP_PKT_IN=3
NFQWS2_UDP_PKT_IN=0
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter # redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session # normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives # typical example are plain HTTP keep alives

1
docs/changes.txt
View File

@@ -97,3 +97,4 @@ v0.7.1
* nfqws2: cancel reasm if server window size is smaller than expected reasm size * nfqws2: cancel reasm if server window size is smaller than expected reasm size
* nfqws2: add EOL at the end of truncated buffered DLOG line if it's too large. increase log line buffer * nfqws2: add EOL at the end of truncated buffered DLOG line if it's too large. increase log line buffer
* nfqws2: autohostlist reset fail counter if udp_in > threshold * nfqws2: autohostlist reset fail counter if udp_in > threshold
* nfqws2: reduced default retrans maxseq to 32768

2
nfq2/params.h
View File

@@ -30,7 +30,7 @@
#define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT 3 #define HOSTLIST_AUTO_FAIL_THRESHOLD_DEFAULT 3
#define HOSTLIST_AUTO_FAIL_TIME_DEFAULT 60 #define HOSTLIST_AUTO_FAIL_TIME_DEFAULT 60
#define HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT 3 #define HOSTLIST_AUTO_RETRANS_THRESHOLD_DEFAULT 3
#define HOSTLIST_AUTO_RETRANS_MAXSEQ 65536 #define HOSTLIST_AUTO_RETRANS_MAXSEQ 32768
#define HOSTLIST_AUTO_INCOMING_MAXSEQ 4096 #define HOSTLIST_AUTO_INCOMING_MAXSEQ 4096
#define HOSTLIST_AUTO_UDP_OUT 4 #define HOSTLIST_AUTO_UDP_OUT 4
#define HOSTLIST_AUTO_UDP_IN 1 #define HOSTLIST_AUTO_UDP_IN 1