drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-12-02 14:40:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

readme.eng : mediatek badsum limitation

Browse Source
This commit is contained in:
bol-van 2021-12-15 12:59:04 +03:00 committed by GitHub
parent 401275c6f6
commit df23cb365a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/readme.eng.md
View File

@ -182,6 +182,9 @@ add tcp option **MD5 signature**. All of them have their own disadvantages :
System never verifies checksums of locally generated packets so nfqws will always work on the router itself. System never verifies checksums of locally generated packets so nfqws will always work on the router itself.
If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it. If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it.
But usually ISPs pass badsum. But usually ISPs pass badsum.
Some adapters/switches/drivers enable hardware filtering of rx badsum not allowing it to pass to the OS.
This behavior was observed on a Mediatek MT7621 based device.
Tried to modify mediatek ethernet driver with no luck, likely hardware enforced limitation.
* badsum doesn't work if your device is behind NAT which does not pass invalid packets. * badsum doesn't work if your device is behind NAT which does not pass invalid packets.
Linux NAT by default does not pass them without special setting `sysctl -w net.netfilter.nf_conntrack_checksum=0` Linux NAT by default does not pass them without special setting `sysctl -w net.netfilter.nf_conntrack_checksum=0`
Openwrt sets it from the box, other routers in most cases don't, and its not always possible to change it. Openwrt sets it from the box, other routers in most cases don't, and its not always possible to change it.