Add WeirdSplitter

[Lanius-collaris]

sequenceDiagram
 Client --x Router : 1st segment, TTL = 1
 Client ->> Server: 2nd segment, TTL = 64
 Client ->> Server: 1st segment, TTL = 64

Loading

WeirdSplitter can access some websites that cannot handle handshake messages that are fragmented to multiple TCP segments. (e.g. www.itu.int)

[ignoramous]

Can you add a succinct code comment on what this approach does to bypass censorship or link to existing projects using this technique?

Is it similar to what's discussed here? #46

[Lanius-collaris]

GoodbyeDPI commit e28cb526
ValdikSS wrote:

Some websites (or more precisely, TLS terminators/balancers) can't
handle segmented TLS ClientHello packet properly, requiring the whole
ClientHello in a single segment, otherwise the connection gets dropped.

However they still operate with a proper TCP stack.
Cheat on them: send the latter segment first (with TCP SEQ "in the future"),
the former segment second (with "current" SEQ), allowing OS TCP
stack to combine it in a single TCP read().

But we don't have privileges, so we should implement this with setting TTL. The TCP stack transmits the segment with TTL=1 first, then we restore TTL option before the TCP stack retransmits, this idea is mentioned in #46 too.

[ignoramous]

you think we should add a code comment on why len(b) < 2 won't work?

(to my untrained eye, it isn't obvious)

[ignoramous]

A code comment on how clients should set this field? To half of MSS/MTU? Or, some arbitrary value greater than 0 will do (and why)?

[Lanius-collaris]

I don't know. splitHello() choose where the upstream segment to be split randomly.
https://github.com/celzero/firestack/blob/n2/intra/dialers/retrier.go#L343-L359
And should I rename this field position?

[Lanius-collaris]

Suggest a name please.

[ignoramous]

Suggest a name please.

Following current dialers (DialWithSplit, DialWithSplitRetry), how about:

• DialWithSplitAndDesync, DialWithSplitAndDesyncRetry
• DialWithDesync, DialWithDesyncRetry

[Lanius-collaris]

Suggest a name please.

Following current dialers (DialWithSplit, DialWithSplitRetry), how about:

* `DialWithSplitAndDesync`, `DialWithSplitAndDesyncRetry`

* `DialWithDesync`, `DialWithDesyncRetry`

Are they for #48? #45 doesn't implement TCB Desynchronization.

[ignoramous]

Are they for #48? #45 doesn't implement TCB Desynchronization

Well, I am confused as to what weirdsplitter does vs what desync is doing. Can these two be a single PR?

[Lanius-collaris]

@ignoramous
weirdsplitter is similar to direct_split from DPI perspective (can bypass stateless DPI but cannot bypass stateful DPI), the only advantage of weirdsplitter is that it works with websites which can't handle segmented TLS ClientHello. #48 also has this advantage, because they are implemented in similar ways.
In addition, #48 overwrites the buffer before retransmitting, so TCP stack will retransmit different payload.

Why does weirdsplitter not cause desynchronization?
If original 1st segment and 2nd segment are reassembled, the censor will inject RST.
But our prepared payload + 2nd segment doesn't trigger RST, so the censor increases the sequence number in TCB and waits for more packets.

Why is the sequence number of the server inconsistent with the sequence number of censor ?
Only the censor sees the first packet.