extend wait range

Zxilly · May 6, 2021 · ec43663 · ec43663
1 parent 3951e25
commit ec43663
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 43 deletions.
diff --git a/Makefile b/Makefile
@@ -1,9 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=UA2F
-PKG_VERSION:=3.2
+PKG_VERSION:=3.3
 
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

diff --git a/README.md b/README.md
@@ -28,9 +28,9 @@ iptables -t mangle -A ua2f -d 127.0.0.0/8 -j RETURN
 iptables -t mangle -A ua2f -d 192.168.0.0/16 -j RETURN # 不处理流向保留地址的包
 iptables -t mangle -A ua2f -p tcp --dport 443 -j RETURN
 iptables -t mangle -A ua2f -p tcp --dport 22 -j RETURN # 不处理 SSH 和 https
-iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 24
+iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 54
+iptables -t mangle -A ua2f -m connmark --mark 53 -j RETURN # 不处理标记为非 http 的流 (实验性)
 iptables -t mangle -A ua2f -m set --set nohttp dst,dst -j RETURN
-iptables -t mangle -A ua2f -m connmark --mark 23 -j RETURN # 不处理标记为非 http 的流 (实验性)
 iptables -t mangle -A ua2f -j NFQUEUE --queue-num 10010
 
 iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir ORIGINAL -j ua2f

diff --git a/src/ua2f.c b/src/ua2f.c
@@ -75,40 +75,6 @@ static int parse_attrs(const struct nlattr *attr, void *data) {
     return MNL_CB_OK;
 }
 
-// static bool http_sign_check(bool firstcheck, unsigned int tcplen, unsigned char *tcppayload);
-
-//static int probe_http_method(const char *p, const char *opt) {
-//    return !strncmp(p, opt, strlen(opt));
-//}
-//
-//static bool http_judge(char *tcppayload, unsigned int tcplen) {
-//
-//    if (tcplen <= 12) {
-//        return false;
-//    }
-//
-//    if (memmem(tcppayload, tcplen, "HTTP", 4)) {
-//        return true;
-//    }
-//
-//#define PROBE_HTTP_METHOD(option) if(probe_http_method(tcppayload, option)) {http1_0count++; return true;}
-//
-//    /* Otherwise it could be HTTP/1.0 without version: check if it's got an
-//     * HTTP method (RFC2616 5.1.1) */
-//    PROBE_HTTP_METHOD("GET ")
-//    PROBE_HTTP_METHOD("POST ")
-//    PROBE_HTTP_METHOD("OPTIONS ")
-//    PROBE_HTTP_METHOD("HEAD ")
-//    PROBE_HTTP_METHOD("PUT ")
-//    PROBE_HTTP_METHOD("DELETE ")
-//    PROBE_HTTP_METHOD("TRACE ")
-//    PROBE_HTTP_METHOD("CONNECT ")
-//
-//#undef PROBE_HTTP_METHOD
-//
-//    return false;
-//}
-
 static void
 nfq_send_verdict(int queue_num, uint32_t id, struct pkt_buff *pktb, uint32_t mark, bool noUA,
                  char addcmd[50]) { // http mark = 24, ukn mark = 16-20, no http mark = 23
@@ -139,27 +105,27 @@ nfq_send_verdict(int queue_num, uint32_t id, struct pkt_buff *pktb, uint32_t mar
             mnl_attr_nest_end(nlh, nest);
         }
 
-        if (mark >= 16 && mark <= 20) {
+        if (mark >= 16 && mark <= 40) {
             setmark = mark + 1;
             nest = mnl_attr_nest_start(nlh, NFQA_CT);
             mnl_attr_put_u32(nlh, CTA_MARK, htonl(setmark));
             mnl_attr_nest_end(nlh, nest);
         }
 
-        if (mark == 21) { // 21 统计确定此连接为非http连接
+        if (mark == 41) { // 21 统计确定此连接为不含UA连接
 
             nest = mnl_attr_nest_start(nlh, NFQA_CT);
-            mnl_attr_put_u32(nlh, CTA_MARK, htonl(23));
+            mnl_attr_put_u32(nlh, CTA_MARK, htonl(43));
             mnl_attr_nest_end(nlh, nest); // 加 CONNMARK
 
             ipset_parse_line(Pipset, addcmd); //加 ipset 标记
 
             noUAmark++;
         }
     } else {
-        if (mark != 24) {
+        if (mark != 44) {
             nest = mnl_attr_nest_start(nlh, NFQA_CT);
-            mnl_attr_put_u32(nlh, CTA_MARK, htonl(24));
+            mnl_attr_put_u32(nlh, CTA_MARK, htonl(44));
             mnl_attr_nest_end(nlh, nest);
             UAmark++;
         }