Commit Graph

204 Commits

Author SHA1 Message Date
ValdikSS
c92cd77c51 Ensure the resource file to be compiled before linking 2021-12-30 03:45:20 +03:00
ValdikSS
f97a2d04f0 Use --max-payload-size=1200 for -5 and -6 modes. 2021-12-30 03:44:37 +03:00
ValdikSS
d7c681d1a2 Add Max Payload Size limit option (--max-payload-size)
This option excludes TCP packets with the data payload larger than
defined value from being copied by WinDivert driver to GoodbyeDPI.

As most of HTTP and TLS ClientHello packets are repatively small,
and file transfers are usually big and are sent/received using
the whole available MTU/MSS, we can just exclude them from
being processed by our userspace program to reduce unnecessary
CPU load.
2021-12-30 03:41:12 +03:00
ValdikSS
ab74ddc425 Update readme 2021-12-29 16:22:43 +03:00
ValdikSS
cc1676ad92 --allow-no-sni option. Useful with --blacklist and undetectable SNI.
This option is added specially for protonmail.com, as it sends
low Window Size in SYN-ACK for requests from Russia, to force
the client to fragment the packet. GoodbyeDPI doesn't do reassembling
and can't extract SNI in this case, thus won't circumvent the
censorship if --blacklist option is used.
2021-12-29 16:18:56 +03:00
ValdikSS
7f59593a28 Check TLS Handshake ClientHello byte if packet length is enough 2021-12-29 16:14:12 +03:00
ValdikSS
372cc6a45d Properly handle Native Fragmentation packet of bigger or equal size than the fragment size 2021-12-29 16:10:18 +03:00
ValdikSS
46c4f36de8 Add Fake Packet maximum TTL limit to Auto TTL mode
This patchset adds maximum TTL size of the fake packet to be sent,
to further  improve compatibility with asymmertic routing and
non-standard TTL value set on servers.
2021-12-29 02:05:39 +03:00
ValdikSS
8911e459d8 Exit when native fragmentation is enabled but http/https values are not set 2021-12-28 23:48:57 +03:00
ValdikSS
f4edcf7b4f Small text output enhancements 2021-12-28 23:48:57 +03:00
ValdikSS
bb8bafb663 Add Auto TTL range adjustment, introduce min-ttl and use it for --set-ttl as well. 2021-12-28 23:48:57 +03:00
ValdikSS
e25d7432de Better Auto TTL adjusting algorithm which honors short distance
Say you set --auto-ttl to 4.
If the TTL distance to the destination host is too short, say 6, auto-ttl
would decrease it by 4 and send a fake packet with TTL 2, which is too low
for the packet to travel via DPI system.
But if you set --auto-ttl to a lower value such as 2, that may introduce
issues over long lines where outgoing-path TTL and incoming-path TTL may have
difference more than 2 hops due to higher chance of assymetric routing along
the path.

To solve this issue, this commit introduce auto-ttl range of two values.
If the incoming TTL distance is more than autottl2, it is subtracted by
autottl2 value.
If the distance is less than autottl2, the distance value is used as a
normalized weigth of [autottl1; autottl2] scale.

The simplified formula is as follows:

    128 > extracted_ttl > 98: // Server is running Windows
      nhops = 128 - extracted_ttl
    64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other
      nhops = 64 - extracted_ttl

    if (nhops - autottl2 < autottl2)
        ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
    else
        ttl_of_fake_packet = nhops - autottl2
2021-12-28 22:28:55 +03:00
ValdikSS
c60dbf7ca7 Remove man-db auto-update for slightly faster installation 2021-12-28 00:31:54 +03:00
ValdikSS
b1273c8e10 Update Makefile, add more warning options 2021-12-28 00:31:54 +03:00
ValdikSS
9e98b478df Update readme 2021-12-28 00:31:54 +03:00
ValdikSS
67c226dc7c Fix all types and warnings 2021-12-28 00:31:47 +03:00
ValdikSS
46219e95e7 Update uthash to 2.3.0 2021-12-27 06:58:20 +03:00
ValdikSS
6eec99e874 GoodbyeDPI v0.1.8 2021-12-26 20:29:24 +03:00
ValdikSS
b799b33fed Update readme 2021-12-26 20:24:16 +03:00
ValdikSS
76c4658985 Update github issue templates 2021-12-26 20:10:18 +03:00
ValdikSS
d61a9f8022 Handle only (default_ttl - 30) range in Auto TTL 2021-12-26 19:05:03 +03:00
ValdikSS
fc15088c33 Fix spelling 2021-12-26 18:42:26 +03:00
ValdikSS
1ea70f9bc9 Do not print "Error receiving packet!" upon exiting 2021-12-26 18:39:44 +03:00
ValdikSS
ed42c5d627 Fix all the warnings and notes 2021-12-26 17:45:37 +03:00
ValdikSS
a79377f606 Github Actions: rebuild only on src directory changes 2021-12-26 15:12:13 +03:00
ValdikSS
db37b4f1f2 Add Github Actions build script 2021-12-26 15:03:35 +03:00
ValdikSS
9fcf097cb7 Use Auto TTL = 4 by default
Previous value of 2 caused issues with the services connected via
very different uplink/downlink routing links.
2021-12-25 20:43:56 +03:00
ValdikSS
e1e09f9103 Add safekeeping TTL value for Auto TTL 2021-12-25 13:56:57 +03:00
ValdikSS
a5c2f9fac9 Introduce -5 and -6 modes and make -5 default
Modern modesets (more stable, more compatible, faster):
 -5          -f 2 -e 2 --auto-ttl --reverse-frag (this is the default now)
 -6          -f 2 -e 2 --wrong-seq --reverse-frag
2021-12-25 13:56:57 +03:00
ValdikSS
11c322aaed Show fragmentation value issues only when Window Size is used 2021-12-25 13:07:39 +03:00
ValdikSS
88d4a60cdf Merge branch 'badseq_for_master' into master 2021-12-25 12:30:08 +03:00
ValdikSS
b45b463d51 Update readme 2021-12-25 12:24:25 +03:00
ValdikSS
80fcd9c5cf Replace required/optional brackets in the readme 2021-12-25 12:24:25 +03:00
ValdikSS
21ff80b43c Automatic TTL value picker for --set-ttl Fake Packet mode
This is a per-connection (per-destination) automatic TTL adjusting feature.
Basically a --set-ttl mode where you don't need to set specific TTL value.

It works as follows:
 1. All incoming SYN/ACKs (the response to client's SYN) are intercepted
 2. TTL value is extracted from SYN/ACK
 3. New TTL is calculated with the simple formula:
    128 > extracted_ttl > 64: // Server is running Windows
      fakepacket_ttl = 128 - extracted_ttl - decrement
    64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other
      fakepacket_ttl = 64 - extracted_ttl - decrement
 4. Fake packet is sent

To comply with the multi-path multi-hop server connections
where 1 hop dispersion is not rare, decrement should be at least of
value "2", which is the default.

The patch does not process "too strange" TTL values (bigger than 128,
less than 34).
2021-12-25 12:24:25 +03:00
ValdikSS
bbb6af89fe New Fake Packet circumvention method: wrong SEQ/ACK numbers
This method sends Fake Packet with the TCP SEQ/ACK numbers "in the past":
-66000 is used for ACK (right out of the ACK permissive window in Linux stack),
-10000 is used for SEQ (without any reasoning).

This method is pretty effective in Russia.
It also could be handy in a networks which prohibit changing TTL values
(mobile networks with tethering block/premium feature).
2021-12-25 11:55:26 +03:00
ValdikSS
b57a204d96 Apply each Fake Packet method to each packet separately
Before: --set-ttl and --wrong-chksum generated single Fake Packet with both low TTL and incorrect checksum.
Now:    --set-ttl and --wrong-chksum generate two packets: one with low TTL, another with incorrect checksum.
2021-12-25 10:49:26 +03:00
ValdikSS
3899a719c1 Update Makefile, make fortify work on modern mingw compilers 2021-12-25 10:24:43 +03:00
ValdikSS
b9682ac222 Print parsed hostnames in DEBUG mode 2021-12-25 10:24:43 +03:00
ValdikSS
35c6e401db Handle TLS SNI in blacklist option
Now blacklist applies not only to HTTP websites, but also to HTTPS.

Fixes #213
2021-12-25 10:23:43 +03:00
ValdikSS
cf7d1c69e0 Add TLS Server Name Indication (SNI) extractor 2021-12-25 10:09:37 +03:00
ValdikSS
5b79d8e8ba Update Makefile, make fortify work on modern mingw compilers 2021-12-25 01:50:34 +03:00
ValdikSS
787c4d25c3 Update readme 2021-12-24 22:28:59 +03:00
ValdikSS
7d50748e2e GoodbyeDPI version 0.1.7 2021-12-24 22:17:32 +03:00
ValdikSS
e28cb52645 Send native-fragged fragments in the reversed order
Some websites (or more precisely, TLS terminators/balancers) can't
handle segmented TLS ClientHello packet properly, requiring the whole
ClientHello in a single segment, otherwise the connection gets dropped.

However they still operate with a proper TCP stack.
Cheat on them: send the latter segment first (with TCP SEQ "in the future"),
the former segment second (with "current" SEQ), allowing OS TCP
stack to combine it in a single TCP read().

This fixes long-standing number of TCP fragmentation issues:
Fixes #4, #158, #224, #59, #192 and many others.
2021-12-24 22:07:07 +03:00
ValdikSS
e3638786da Add Native Fragmentation support (without window size)
This patch adds `--native-frag` option for userspace TCP
segmentation (packet splitting), without shrinking
TCP Window Size in SYN/ACK.

Compared to Window Size shrinking, this method does not require
waiting for ACK, which saves two RTTs.

This is preferrable method of operation since it has no cons.
It's faster and easier to handle in the software.
2021-12-24 21:36:43 +03:00
ValdikSS
ad60d30caa Fix fake packet handling without other modifying parameters
Fixes #150
2021-12-24 21:30:15 +03:00
ValdikSS
505b8bf516
Merge pull request #171 from msekmfb/master
Add PowerTunnel for Android to similar projects
2020-03-08 14:38:40 +03:00
msekmfb
0c04f201eb
Add PowerTunnel for Android to similar projects 2020-03-08 11:11:35 +03:00
ValdikSS
19b777cdb2
Update README.md
Add PowerTunnel (manual merge of #168)
2020-02-09 22:24:43 +03:00
ValdikSS
b69ab64d5d
Update README.md 2020-02-09 19:22:30 +03:00