Kyber on Chromium

This commit is contained in:
Vadim Vetrov 2024-08-03 01:55:19 +03:00
parent ac9f49f937
commit 1eb95f50f5
No known key found for this signature in database
GPG Key ID: E8A308689D7A73A5
2 changed files with 3 additions and 1 deletions

View File

@ -41,6 +41,8 @@ Available flags:
- -DNO_FAKE_SNI This flag disables -DFAKE_SNI which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to FAQ for EPERMS. - -DNO_FAKE_SNI This flag disables -DFAKE_SNI which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to FAQ for EPERMS.
- -DNOUSE_GSO This flag disables fix for Google Chrome fat ClientHello. The GSO is well tested now, so this flag probably won't fix anything. - -DNOUSE_GSO This flag disables fix for Google Chrome fat ClientHello. The GSO is well tested now, so this flag probably won't fix anything.
If you are on Chromium you may have to disable kyber (the feature that makes the TLS ClientHello very fat). I've got the problem with it on router, so to escape possibly errors it is better to just disable it: in chrome://flags search for kyber and switch it to disabled state.
### Troubleshooting EPERMS (Operation not permitted) ### Troubleshooting EPERMS (Operation not permitted)
EPERM may occur in a lot of places but generally here are two: mnl_cb_run and when sending the packet via rawsocket (raw_frags_send and send fake sni). EPERM may occur in a lot of places but generally here are two: mnl_cb_run and when sending the packet via rawsocket (raw_frags_send and send fake sni).
- mnl_cb_run Operation not permitted indicates that another instance of youtubeUnblock is running on the specified queue-num. - mnl_cb_run Operation not permitted indicates that another instance of youtubeUnblock is running on the specified queue-num.

View File

@ -1,5 +1,5 @@
#!/usr/sbin/nft -f #!/usr/sbin/nft -f
# This file # This file
add rule inet fw4 mangle_forward tcp dport 443 ct packets < 20 counter queue num 537 bypass insert rule inet fw4 mangle_forward tcp dport 443 ct packets < 20 counter queue num 537 bypass
insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept