如果改用114.114.114.114是不是就会被误杀了

ihciah / clean-dns-bpf

基于 Rust + eBPF 丢弃 GFW DNS 污染包

1.12k stars 65 forks source link

Open wciq1208 opened 3 years ago

wciq1208 commented 3 years ago

2021-11-09 18-34-17屏幕截图图里114的正确结果也满足ip.id = 0并且1Q1A

ihciah commented 3 years ago

确实有可能，这个规律总之很迷==所以搞规则的时候感觉还是要谨慎一些，只对特定dns生效比较保险。

yingziwu commented 2 years ago

udp src port 53 and ip[4:2] = 0x0000 and ip[6:2] = 0x0000 and ip[8] <= 40 and udp[12:2] = 0x0001 and udp[14:2] = 0x0001 and udp[16:2] = 0x0000