Update performance settings for openwrt

Add iptables connbytes counter thanks to this comment https://github.com/Waujito/youtubeUnblock/issues/17#issuecomment-2266359878
This commit is contained in:
Vadim Vetrov 2024-08-03 09:38:22 +03:00
parent 1eb95f50f5
commit ba4dce1df1
No known key found for this signature in database
GPG Key ID: E8A308689D7A73A5
2 changed files with 4 additions and 2 deletions

View File

@ -63,6 +63,8 @@ Also you can copy `owrt/537-youtubeUnblock.nft` to `/usr/share/nftables.d/rulese
Next step is to daemonize the application in openwrt. Copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. You can alo run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart the program on boot, but I don't recommend this since if the packet has bug you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router). Next step is to daemonize the application in openwrt. Copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. You can alo run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart the program on boot, but I don't recommend this since if the packet has bug you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router).
## Performance ## Performance
If you have bad performance you can queue to youtubeUnblock only first, say, 20 packets from the connection. To do so, use nftables conntrack packets counter: `nft add rule inet fw4 mangle_forward tcp dport 443 ct "packets < 20" counter queue num 537 bypass`. For my 1 CPU core device it worked pretty well. This works because we do care about only first packets with ClientHello. We don't need to process others. If you have bad performance you can queue to youtubeUnblock only first, say, 20 packets from the connection. To do so, use nftables conntrack packets counter: `nft add rule inet fw4 mangle_forward tcp dport 443 ct original "packets < 20" counter queue num 537 bypass`. For my 1 CPU core device it worked pretty well. This works because we do care about only first packets with ClientHello. We don't need to process others.
The same behavior is also possible in iptables: `iptables -t mangle -A FORWARD -p tcp -m tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass`
## If you have any questions/suggestions/problems feel free to open an issue. ## If you have any questions/suggestions/problems feel free to open an issue.

View File

@ -1,5 +1,5 @@
#!/usr/sbin/nft -f #!/usr/sbin/nft -f
# This file # This file
insert rule inet fw4 mangle_forward tcp dport 443 ct packets < 20 counter queue num 537 bypass insert rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass
insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept