Skip to content
Snippets Groups Projects
Commit 1a6129b6 authored by Yawning Angel's avatar Yawning Angel
Browse files

obfs4: Alter tear down behavior to be less distinctive 

The old behavior closed the connection on handshake failure after:
 * The first N bytes (random on a per-server basis).
 * The first M seconds (random on a per-server basis).

Whichever came first.  As Sergey Frolov kindly points out, depending on
which conditions cause termination, the server will send either a FIN or
a RST.  This change will remove the "amount read" based termination
threshold, so that connections that cause failed handshakes will discard
all data received until the teardown time is reached.

Thanks to Sergey Frolov for bringing this issue to my attention.
parent a8288437
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ChangeLog
+ 2
0
View file @ 1a6129b6
Changes in version 0.0.11 - UNRELEASED: Changes in version 0.0.11 - UNRELEASED:
- Update my e-mail address. - Update my e-mail address.
- Change the obfs4 behavior for handling handshake failure to be more
uniform. Thanks to Sergey Frolov for assistance.
Changes in version 0.0.10 - 2019-04-12: Changes in version 0.0.10 - 2019-04-12:
- Disable behavior distinctive to crypto/tls when using utls. - Disable behavior distinctive to crypto/tls when using utls.
......
transports/obfs4/obfs4.go
+ 9
17
View file @ 1a6129b6
...@@ -34,6 +34,8 @@ import ( ...@@ -34,6 +34,8 @@ import (
"crypto/sha256" "crypto/sha256"
"flag" "flag"
"fmt" "fmt"
"io"
"io/ioutil"
"math/rand" "math/rand"
"net" "net"
"strconv" "strconv"
...@@ -68,7 +70,6 @@ const ( ...@@ -68,7 +70,6 @@ const (
replayTTL = time.Duration(3) * time.Hour replayTTL = time.Duration(3) * time.Hour
maxIATDelay = 100 maxIATDelay = 100
maxCloseDelayBytes = maxHandshakeLength
maxCloseDelay = 60 maxCloseDelay = 60
) )
...@@ -138,7 +139,7 @@ func (t *Transport) ServerFactory(stateDir string, args *pt.Args) (base.ServerFa ...@@ -138,7 +139,7 @@ func (t *Transport) ServerFactory(stateDir string, args *pt.Args) (base.ServerFa
} }
rng := rand.New(drbg) rng := rand.New(drbg)
sf := &obfs4ServerFactory{t, &ptArgs, st.nodeID, st.identityKey, st.drbgSeed, iatSeed, st.iatMode, filter, rng.Intn(maxCloseDelayBytes), rng.Intn(maxCloseDelay)} sf := &obfs4ServerFactory{t, &ptArgs, st.nodeID, st.identityKey, st.drbgSeed, iatSeed, st.iatMode, filter, rng.Intn(maxCloseDelay)}
return sf, nil return sf, nil
} }
...@@ -233,7 +234,6 @@ type obfs4ServerFactory struct { ...@@ -233,7 +234,6 @@ type obfs4ServerFactory struct {
iatMode int iatMode int
replayFilter *replayfilter.ReplayFilter replayFilter *replayfilter.ReplayFilter
closeDelayBytes int
closeDelay int closeDelay int
} }
...@@ -592,17 +592,9 @@ func (conn *obfs4Conn) closeAfterDelay(sf *obfs4ServerFactory, startTime time.Ti ...@@ -592,17 +592,9 @@ func (conn *obfs4Conn) closeAfterDelay(sf *obfs4ServerFactory, startTime time.Ti
return return
} }
// Consume and discard data on this connection until either the specified // Consume and discard data on this connection until the specified interval
// interval passes or a certain size has been reached. // passes.
discarded := 0 _, _ = io.Copy(ioutil.Discard, conn.Conn)
var buf [framing.MaximumSegmentLength]byte
for discarded < int(sf.closeDelayBytes) {
n, err := conn.Conn.Read(buf[:])
if err != nil {
return
}
discarded += n
}
} }
func (conn *obfs4Conn) padBurst(burst *bytes.Buffer, toPadTo int) (err error) { func (conn *obfs4Conn) padBurst(burst *bytes.Buffer, toPadTo int) (err error) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment