Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
TCP Fastopen (TFO) doesn't work reliably in China Mobile cellular network #1669
What version of shadowsocks-libev are you using?
Client: ss-libev Android 4.1.8
What operating system are you using?
Phone: Pixel XL with Android 8.0
What did you do?
What did you expect to see?
The ss-libev Android app should display "Success: xxxms latency".
What did you see instead?
The app displayed "Internet Unavailable" and "Failed to detect internet connection: SSL handshake timed out".
What is your config in detail (with all sensitive info masked)?
More related details
This issue can only be reproduced with the following combination:
I also tested other combinations and they all seem to work, e.g.:
Please also note Nexus 6P has TFO off at the phone side so the value of
I did a quick tcpdump and it shows that when TFO=3 at server side, ss-server did send back data to the phone side correctly. It's just the phone never receive those packets.
So, it looks like China Mobile's firewall does have issue(s) with TFO cookies.
I'm fully aware that this might not be a ss-libev's problem at all, but maybe this kind of quirks should be documented somewhere so that less "ss is being detected/blocked" cries shall be made?
note that the increase in
it’s not a surprise that NAT(probably?) is doing something nasty dropping inbound packets with unknown TCP options as well as fo cookies.
当带有TFO的包经过路由器 可能会被丢包 不同运营商的策略也不同
I'm using LEDE 17.01.6 with "net.ipv4.tcp_fastopen = 3", so is my Ubuntu 18.04 server.
By the way, both my router and server runs the newest version of shadowsocks-libev.