Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chacha20-ietf-poly1305比xchacha20-ietf-poly1305更容易引来主动探测 #2677

Closed
sophauer opened this issue Feb 13, 2021 · 5 comments
Closed
Labels

Comments

@sophauer
Copy link

sophauer commented Feb 13, 2021

同一个服务器端
Centos 7,SS-libev.no plugins
TCP only and disable TCP Fast Open
端口A,用chacha20-ietf-poly1305
端口B用xchacha20-ietf-poly1305

同一用户端:ss-libev local
在同一时间段的测试发现
端口B引来的主动探测IP更多.是端口A的四倍
端口B日志不产生Salt AHEAD detect报警
端口A产生一大堆的Salt AHEAD detect报警

建议还是把xchacha20-ietf-poly1305加回来吧
看不出只支持chacha20-ietf-poly1305有什么好处

@sophauer sophauer added the bug label Feb 13, 2021
@dev4u
Copy link
Contributor

dev4u commented Feb 13, 2021

两个端口对调加密方式试试。

@sophauer
Copy link
Author

sophauer commented Feb 13, 2021

两个端口对调加密方式试试。

结果一样,我在3个小鸡上测试过

@IceCodeNew
Copy link

IceCodeNew commented Feb 13, 2021

我觉得这个你需要去 https://github.com/shadowsocks/shadowsocks-rust/ 那边提才有用。

此外这个建议和 Issue #2663 重复,我觉得几乎不太可能得到推进。

@sophauer
Copy link
Author

我觉得这个你需要去 https://github.com/shadowsocks/shadowsocks-rust/ 那边提才有用。

此外这个建议和 Issue #2663 重复,我觉得几乎不太可能得到推进。

谢谢,刚去看了一下,原来是backend换了,那这个真玄了.也实在不懂为什么非得要拿掉xchacha20-ietf-poly1305

@jtan21at
Copy link

把加密部分独立出来用户自己选择更好

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants