From e25d7432de087ee247f9fdfa9a7cd3d569fe68bc Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Tue, 28 Dec 2021 16:37:42 +0300 Subject: [PATCH] Better Auto TTL adjusting algorithm which honors short distance Say you set --auto-ttl to 4. If the TTL distance to the destination host is too short, say 6, auto-ttl would decrease it by 4 and send a fake packet with TTL 2, which is too low for the packet to travel via DPI system. But if you set --auto-ttl to a lower value such as 2, that may introduce issues over long lines where outgoing-path TTL and incoming-path TTL may have difference more than 2 hops due to higher chance of assymetric routing along the path. To solve this issue, this commit introduce auto-ttl range of two values. If the incoming TTL distance is more than autottl2, it is subtracted by autottl2 value. If the distance is less than autottl2, the distance value is used as a normalized weigth of [autottl1; autottl2] scale. The simplified formula is as follows: 128 > extracted_ttl > 98: // Server is running Windows nhops = 128 - extracted_ttl 64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other nhops = 64 - extracted_ttl if (nhops - autottl2 < autottl2) ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10)); else ttl_of_fake_packet = nhops - autottl2 --- src/goodbyedpi.c | 2 +- src/ttltrack.c | 26 ++++++++++++++++---------- src/ttltrack.h | 3 ++- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index e699594..aeb3e09 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -104,7 +104,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA ppTcpHdr->SrcPort, ppTcpHdr->DstPort, \ &tcp_conn_info, 1))) \ { \ - ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, do_auto_ttl); \ + ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, 1, do_auto_ttl, 3); \ if (do_tcp_verb) { \ printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \ } \ diff --git a/src/ttltrack.c b/src/ttltrack.c index ef12b5d..ba1a931 100644 --- a/src/ttltrack.c +++ b/src/ttltrack.c @@ -8,6 +8,7 @@ #include #include #include +#include #include "goodbyedpi.h" #include "ttltrack.h" #include "utils/uthash.h" @@ -218,23 +219,28 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4], return FALSE; } -int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t decrease_for) { +int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, + const uint8_t autottl2, const uint8_t minhops) { + uint8_t nhops = 0; uint8_t ttl_of_fake_packet = 0; if (ttl > 98 && ttl < 128) { - /* Safekeeping */ - if (128 - ttl > decrease_for + 1) { - ttl_of_fake_packet = 128 - ttl - decrease_for; - } + nhops = 128 - ttl; } else if (ttl > 34 && ttl < 64) { - /* Safekeeping */ - if (64 - ttl > decrease_for + 1) { - ttl_of_fake_packet = 64 - ttl - decrease_for; - } + nhops = 64 - ttl; } else { - ttl_of_fake_packet = 0; + return 0; + } + + if (nhops <= autottl1 || nhops < minhops) { + return 0; + } + + ttl_of_fake_packet = nhops - autottl2; + if (ttl_of_fake_packet < autottl2 && nhops <= 9) { + ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10)); } return ttl_of_fake_packet; diff --git a/src/ttltrack.h b/src/ttltrack.h index 187a535..0563298 100644 --- a/src/ttltrack.h +++ b/src/ttltrack.h @@ -21,5 +21,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4], tcp_conntrack_info_t *conn_info, uint8_t is_ipv6); -int tcp_get_auto_ttl(uint8_t ttl, uint8_t decrease_for); +int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, + const uint8_t autottl2, const uint8_t minhops); #endif