mirror of
https://github.com/Waujito/youtubeUnblock.git
synced 2024-12-22 14:26:11 +00:00
Update performance settings for openwrt
Add iptables connbytes counter thanks to this comment https://github.com/Waujito/youtubeUnblock/issues/17#issuecomment-2266359878
This commit is contained in:
parent
1eb95f50f5
commit
ba4dce1df1
@ -63,6 +63,8 @@ Also you can copy `owrt/537-youtubeUnblock.nft` to `/usr/share/nftables.d/rulese
|
|||||||
Next step is to daemonize the application in openwrt. Copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. You can alo run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart the program on boot, but I don't recommend this since if the packet has bug you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router).
|
Next step is to daemonize the application in openwrt. Copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. You can alo run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart the program on boot, but I don't recommend this since if the packet has bug you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router).
|
||||||
|
|
||||||
## Performance
|
## Performance
|
||||||
If you have bad performance you can queue to youtubeUnblock only first, say, 20 packets from the connection. To do so, use nftables conntrack packets counter: `nft add rule inet fw4 mangle_forward tcp dport 443 ct "packets < 20" counter queue num 537 bypass`. For my 1 CPU core device it worked pretty well. This works because we do care about only first packets with ClientHello. We don't need to process others.
|
If you have bad performance you can queue to youtubeUnblock only first, say, 20 packets from the connection. To do so, use nftables conntrack packets counter: `nft add rule inet fw4 mangle_forward tcp dport 443 ct original "packets < 20" counter queue num 537 bypass`. For my 1 CPU core device it worked pretty well. This works because we do care about only first packets with ClientHello. We don't need to process others.
|
||||||
|
|
||||||
|
The same behavior is also possible in iptables: `iptables -t mangle -A FORWARD -p tcp -m tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass`
|
||||||
|
|
||||||
## If you have any questions/suggestions/problems feel free to open an issue.
|
## If you have any questions/suggestions/problems feel free to open an issue.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/usr/sbin/nft -f
|
#!/usr/sbin/nft -f
|
||||||
# This file
|
# This file
|
||||||
|
|
||||||
insert rule inet fw4 mangle_forward tcp dport 443 ct packets < 20 counter queue num 537 bypass
|
insert rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass
|
||||||
insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept
|
insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept
|
||||||
|
Loading…
Reference in New Issue
Block a user