|
|
|
@ -306,7 +306,7 @@ Fakes are separate generated by nfqws packets carrying false information for DPI |
|
|
|
* **datanoack** sends tcp fakes without ACK flag. Servers do not accept this but DPI may accept. |
|
|
|
This mode may break NAT and may not work with iptables if masquerade is used, even from the router itself. |
|
|
|
Works with nftables properly. Likely requires external IP address (some ISPs pass these packets through their NAT). |
|
|
|
* Manipulate tcp flags with `--dpi-desync-tcp-flags-set` and `--dpi-desync-tcp-flags-unset`. |
|
|
|
* Manipulate **tcp flags** with `--dpi-desync-tcp-flags-set` and `--dpi-desync-tcp-flags-unset`. |
|
|
|
Invalid tcp flags combination may cause server to drop the packet but DPI can accept it. |
|
|
|
For example, set SYN in fakes. This may not work with all servers. |
|
|
|
`datanoack` can be replaced to `--dpi-desync-tcp-flags-unset=ACK`. |
|
|
|
|