TCP Brutal behavior with ShadowTLS #2074
Comments
|
Due to the difficulty in installing kernel modules, brutal is not mandatory on the client side. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Operating system
Linux
System version
Ubuntu 22.04 + Kernel 5.15
Installation type
Original sing-box Command Line
If you are using a graphical client, please provide the version of the client.
No response
Version
Description
Thanks for your time!
I am trying to use ShadowTLS with TCP Brutal under sing-box and I followed common ShadowTLS configuration on Google by detouring the ShadowTLS inbound to Shadowsocks inbound.
Since ShadowTLS doesn't support multiplex and inherently brutal, I enabled the brutal at Shadowsocks inbound. Then I start to concern that whether brutal will be set since the socket listing belongs to ShadowTLS.
Then I did a simple experiement to see the TCP_CONGESTION socket option of the ShadowTLS accepted socket by using
ss -ti. Unsurprisingly, the socket is using the system default congestion control instead of brutal.# ss -ti | rg -C 1 58238 ESTAB 0 1610541 [::ffff:192.168.28.2]:https [::ffff:192.168.28.3]:58238 bbr wscale:8,7 rto:468 rtt:264.915/4.593 ato:40 mss:1448 pmtu:1500 rcvmss:989 advmss:1448 cwnd:5454 bytes_sent:53956654 bytes_retrans:1448 bytes_acked:52380865 bytes_received:2012 segs_out:37631 segs_in:1993 data_segs_out:37625 data_segs_in:8 bbr:(bw:57.9Mbps,mrtt:259.311,pacing_gain:2.88672,cwnd_gain:2.88672) send 238Mbps lastrcv:2240 pacing_rate 238Mbps delivery_rate 57.9Mbps delivered:36532 app_limited busy:9840ms rwnd_limited:4280ms(43.5%) sndbuf_limited:1104ms(11.2%) unacked:1094 retrans:0/1 dsack_dups:1 reordering:68 reord_seen:210 rcv_space:14600 rcv_ssthresh:64076 notsent:36200 minrtt:259.311I also checked sockets on inbound with directly connected and enabled brutal.
ss-tican show brutal correctlyMay I ask how can I enable brutal for ShadowTLS listen socket accepted sockets?
I maybe able to help write some code for this feature.
Thanks a lot again.
Reproduction
Server
{ "log": { "level": "trace" }, "inbounds": [ { "type": "shadowtls", "listen": "::", "listen_port": 443, "tcp_fast_open": true, "version": 3, "users": [ { "name": "test", "password": "CQqC8d+iVa4Hyw3KP0JW/Q==" } ], "handshake": { "server": "www.douyin.com", "server_port": 443 }, "strict_mode": true, "detour": "shadowsocks-in" }, { "type": "shadowsocks", "tag": "shadowsocks-in", "network": "tcp", "method": "2022-blake3-aes-128-gcm", "password": "CQqC8d+iVa4Hyw3KP0JW/Q==", "multiplex": { "enabled": true, "padding": false, "brutal": { "enabled": true, "up_mbps": 200, "down_mbps": 200 } } } ], "outbounds": [ { "tag": "direct", "type": "direct", "domain_strategy": "ipv4_only" }, { "tag": "block", "type": "block" }, { "tag": "dns-out", "type": "dns" } ], "route": { "auto_detect_interface": true, "final": "direct" } }Client
{ "log": { "level": "debug" }, "inbounds": [ { "type": "socks", "listen": "0.0.0.0", "listen_port": 10808, "sniff_timeout": "300ms", "tag": "socks-in" } ], "outbounds": [ { "type": "shadowsocks", "tag": "shadowsocks-out", "detour": "shadowtls-out", "method": "2022-blake3-aes-128-gcm", "password": "CQqC8d+iVa4Hyw3KP0JW/Q==", "multiplex": { "enabled": true, "max_connections": 1, "padding": false, "brutal": { "enabled": true, "up_mbps": 200, "down_mbps": 200 } } }, { "type": "shadowtls", "tag": "shadowtls-out", "server": "192.168.28.2", "server_port": 443, "version": 3, "password": "CQqC8d+iVa4Hyw3KP0JW/Q==", "tls": { "enabled": true, "server_name": "www.douyin.com", "utls": { "enabled": true, "fingerprint": "chrome" } } } ], "route": { "auto_detect_interface": true, "rules": [ { "inbound": [ "socks-in" ], "outbound": "shadowsocks-out" } ] } }Logs
No response
Supporter
Integrity requirements
The text was updated successfully, but these errors were encountered: