ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-09-22 09:42:51 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

readme.eng : mediatek badsum limitation

Browse Source
This commit is contained in:
bol-van 2021-12-15 12:59:04 +03:00 committed by GitHub
parent 401275c6f6
commit df23cb365a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/readme.eng.md
View File

@ -182,6 +182,9 @@ add tcp option **MD5 signature**. All of them have their own disadvantages :
System never verifies checksums of locally generated packets so nfqws will always work on the router itself.
If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it.
But usually ISPs pass badsum.
Some adapters/switches/drivers enable hardware filtering of rx badsum not allowing it to pass to the OS.
This behavior was observed on a Mediatek MT7621 based device.
Tried to modify mediatek ethernet driver with no luck, likely hardware enforced limitation.
* badsum doesn't work if your device is behind NAT which does not pass invalid packets.
Linux NAT by default does not pass them without special setting `sysctl -w net.netfilter.nf_conntrack_checksum=0`
Openwrt sets it from the box, other routers in most cases don't, and its not always possible to change it.