Documentation
¶
Index ¶
Constants ¶
const ( SocksInvalid = iota Socks4 Socks4A Socks5 Socks4Version = 0x04 Socks5Version = 0x05 Socks4ReplyVN = 0x00 Socks4CmdTCPConnect = 0x01 Socks4CmdTCPBind = 0x02 Socks4ReqGranted = 0x5A Socks4ReqRejectOrFailed = 0x5B Socks4ReqRejectIdentd = 0x5C Socks4ReqRejectUser = 0x5D Socks5CmdTCPConnect = 0x01 Socks5CmdTCPBind = 0x02 Socks5CmdUDPAssociate = 0x03 Socks5AuthNotRequired = 0x00 Socks5AuthPassword = 0x02 Socks5AuthNoMatchingMethod = 0xFF Socks5AuthSuccess = 0x00 Socks5AuthFailure = 0x01 Socks5AddrTypeIPv4 = 0x01 Socks5AddrTypeDomain = 0x03 Socks5AddrTypeIPv6 = 0x04 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FETAnalyzer ¶
type FETAnalyzer struct{}
FETAnalyzer stands for "Fully Encrypted Traffic" analyzer. It implements an algorithm to detect fully encrypted proxy protocols such as Shadowsocks, mentioned in the following paper: https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf
func (*FETAnalyzer) Limit ¶
func (a *FETAnalyzer) Limit() int
func (*FETAnalyzer) Name ¶
func (a *FETAnalyzer) Name() string
type HTTPAnalyzer ¶
type HTTPAnalyzer struct{}
func (*HTTPAnalyzer) Limit ¶
func (a *HTTPAnalyzer) Limit() int
func (*HTTPAnalyzer) Name ¶
func (a *HTTPAnalyzer) Name() string
type SSHAnalyzer ¶
type SSHAnalyzer struct{}
func (*SSHAnalyzer) Limit ¶
func (a *SSHAnalyzer) Limit() int
func (*SSHAnalyzer) Name ¶
func (a *SSHAnalyzer) Name() string
type SocksAnalyzer ¶ added in v0.0.4
type SocksAnalyzer struct{}
func (*SocksAnalyzer) Limit ¶ added in v0.0.4
func (a *SocksAnalyzer) Limit() int
func (*SocksAnalyzer) Name ¶ added in v0.0.4
func (a *SocksAnalyzer) Name() string
type TLSAnalyzer ¶
type TLSAnalyzer struct{}
func (*TLSAnalyzer) Limit ¶
func (a *TLSAnalyzer) Limit() int
func (*TLSAnalyzer) Name ¶
func (a *TLSAnalyzer) Name() string
type TrojanAnalyzer ¶ added in v0.0.2
type TrojanAnalyzer struct{}
TrojanAnalyzer uses length-based heuristics to detect Trojan traffic based on its "TLS-in-TLS" nature. The heuristics are trained using a decision tree with about 20k Trojan samples and 30k non-Trojan samples. The tree is then converted to code using a custom tool and inlined here (isTrojanSeq function). Accuracy: 1% false positive rate, 10% false negative rate. We do NOT recommend directly blocking all positive connections, as this may break legitimate TLS connections.
func (*TrojanAnalyzer) Limit ¶ added in v0.0.2
func (a *TrojanAnalyzer) Limit() int
func (*TrojanAnalyzer) Name ¶ added in v0.0.2
func (a *TrojanAnalyzer) Name() string
Source Files