mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-24 23:26:42 +00:00
readme.eng : mediatek badsum limitation
This commit is contained in:
parent
401275c6f6
commit
df23cb365a
@ -182,6 +182,9 @@ add tcp option **MD5 signature**. All of them have their own disadvantages :
|
|||||||
System never verifies checksums of locally generated packets so nfqws will always work on the router itself.
|
System never verifies checksums of locally generated packets so nfqws will always work on the router itself.
|
||||||
If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it.
|
If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it.
|
||||||
But usually ISPs pass badsum.
|
But usually ISPs pass badsum.
|
||||||
|
Some adapters/switches/drivers enable hardware filtering of rx badsum not allowing it to pass to the OS.
|
||||||
|
This behavior was observed on a Mediatek MT7621 based device.
|
||||||
|
Tried to modify mediatek ethernet driver with no luck, likely hardware enforced limitation.
|
||||||
* badsum doesn't work if your device is behind NAT which does not pass invalid packets.
|
* badsum doesn't work if your device is behind NAT which does not pass invalid packets.
|
||||||
Linux NAT by default does not pass them without special setting `sysctl -w net.netfilter.nf_conntrack_checksum=0`
|
Linux NAT by default does not pass them without special setting `sysctl -w net.netfilter.nf_conntrack_checksum=0`
|
||||||
Openwrt sets it from the box, other routers in most cases don't, and its not always possible to change it.
|
Openwrt sets it from the box, other routers in most cases don't, and its not always possible to change it.
|
||||||
|
Loading…
Reference in New Issue
Block a user