prefix

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 26, 2023 License: Apache-2.0 Imports: 14 Imported by: 1

README

Prefix Transport

TLDR - This transport allows up to prepend conjure connections with bytes that look like the initialization of other protocols. This can help to circumvent blocking in some areas and better understand censorship regimes, but is generally a short term solution.

The Prefix_Min transport is a strictly improved version of the existing Min transport and we suggest migration.

Description

This package implements the prefix transport for the conjure refraction-networking system. The prefix transport operates in much the same way as the min transport, sending a tag in the fist packet signalling to the station that the flow has knowledge of a secret shared with the station by a previous registration.

TODO: Comparison to min transport

Prefixes Supported by Default

TODO: The prefixes supported by default are as follows.

Ports

TODO: Prefixes have default ports associated with them, but also allow port randomization.

⚠ Sharp Edges ⚠

In general this transport will not properly mimic the protocols that are sent as a prefix and should not be expected to do so.

Integrating the Prefix Transport

Though the client dialer allows the use of TrasnportType for compatibility reasons, the prefix transport requires use of the newer Client Transport interface (TransportConfig in the dialer) which is implemented by the prefix.ClientTransport object.

TODO: code change example.

Adding a Prefix / Bidirectional Registration Prefix Overrides

In order to add a prefix ...

🚧 Road-Map

These features are not necessarily planned or landing imminently, they are simply things that would be nice to have.

  • Server Side Prefix Override From File - file format shared between station and Reg server describing available prefixes outside of defaults.

  • TagEncodings - Allow the tag to (by prefix configuration) be encoded using an encoder expected by the station, Base64 for example.

  • StreamEncodings - Allow the Stream of client bytes to (by configuration) encoded / encrypted using a scheme expected by the station, AES or Base64 for example.

  • Randomization - indicate segments of the prefix to be filled from a random source.

  • Prefix Revocation - If there is a prefix that is known to be blocked and we don't want clients to use it, but we still want them to roll a random prefix, how do we do this?

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrUnknownPrefix indicates that the provided Prefix ID is unknown to the transport object.
	ErrUnknownPrefix = errors.New("unknown / unsupported prefix")

	// ErrBadParams indicates that the parameters provided to a call on the server side do not make
	// sense in the context that they are provided and the registration will be ignored.
	ErrBadParams = errors.New("bad parameters provided")

	// ErrIncorrectPrefix indicates that tryFindRegistration found a valid registration based on
	// the obfuscated tag, however the prefix that it matched was not the prefix indicated in the
	// registration.
	ErrIncorrectPrefix = errors.New("found connection for unexpected prefix")

	// ErrIncorrectTransport indicates that tryFindRegistration found a valid registration based on
	// the obfuscated tag, however the prefix that it matched was not the prefix indicated in the
	// registration.
	ErrIncorrectTransport = errors.New("found registration w/ incorrect transport type")
)
View Source
var DefaultPrefixes = map[PrefixID]Prefix{}

DefaultPrefixes provides the prefixes supported by default for use when by the client.

Functions

This section is empty.

Types

type ClientParams

type ClientParams struct {
	RandomizeDstPort bool
}

ClientParams are parameters avaialble to configure the Prefix transport outside of the specific Prefix

type ClientTransport

type ClientTransport struct {
	Prefix        Prefix
	TagObfuscator transports.Obfuscator
	// contains filtered or unexported fields
}

ClientTransport implements the client side transport interface for the Min transport. The significant difference is that there is an instance of this structure per client session, where the station side Transport struct has one instance to be re-used for all sessions.

External libraries must set parameters through SetParams using PrefixTransportParams.

func (*ClientTransport) GetDstPort

func (t *ClientTransport) GetDstPort(seed []byte) (uint16, error)

GetDstPort returns the destination port that the client should open the phantom connection to

func (*ClientTransport) GetParams

func (t *ClientTransport) GetParams() (proto.Message, error)

GetParams returns a generic protobuf with any parameters from both the registration and the transport.

func (*ClientTransport) ID

ID provides an identifier that will be sent to the conjure station during the registration so that the station knows what transport to expect connecting to the chosen phantom.

func (*ClientTransport) Name

func (t *ClientTransport) Name() string

Name returns the human-friendly name of the transport, implementing the Transport interface.

func (ClientTransport) ParseParams

func (t ClientTransport) ParseParams(data *anypb.Any) (any, error)

ParseParams gives the specific transport an option to parse a generic object into parameters provided by the station in the registration response during registration.

func (*ClientTransport) PrepareKeys

func (t *ClientTransport) PrepareKeys(pubkey [32]byte, sharedSecret []byte, hkdf io.Reader) error

PrepareKeys provides an opportunity for the transport to integrate the station public key as well as bytes from the deterministic random generator associated with the registration that this ClientTransport is attached to.

func (*ClientTransport) SetParams

func (t *ClientTransport) SetParams(p any, unchecked ...bool) error

SetParams allows the caller to set parameters associated with the transport, returning an error if the provided generic message is not compatible or the parameters are otherwise invalid

func (*ClientTransport) String

func (t *ClientTransport) String() string

String returns a string identifier for the Transport for logging (including string formatters)

func (*ClientTransport) WrapConn

func (t *ClientTransport) WrapConn(conn net.Conn) (net.Conn, error)

WrapConn gives the transport the opportunity to perform a handshake and wrap / transform the incoming and outgoing bytes send by the implementing client.

type Prefix

type Prefix interface {
	Bytes() []byte
	FlushAfterPrefix() bool
	ID() PrefixID
	DstPort([]byte) uint16
}

Prefix struct used by, selected by, or given to the client. This interface allows for non-uniform behavior like a rand prefix for example.

func TryFromID

func TryFromID(id PrefixID) (Prefix, error)

TryFromID returns a Prefix based on the Prefix ID. This is useful for non-static prefixes like the random prefix

type PrefixID

type PrefixID int

PrefixID provide an integer Identifier for each individual prefixes allowing clients to indicate to the station the prefix they intend to connect with.

const (
	Rand PrefixID = -1 + iota
	Min
	GetLong
	PostLong
	HTTPResp
	TLSClientHello
	TLSServerHello
	TLSAlertWarning
	TLSAlertFatal
	DNSOverTCP
	OpenSSH2
)

func (PrefixID) Name

func (id PrefixID) Name() string

Name returns the human-friendly name of the prefix.

type Transport

type Transport struct {
	SupportedPrefixes map[PrefixID]prefix
	TagObfuscator     transports.Obfuscator
	Privkey           [32]byte
}

Transport provides a struct implementing the Transport, WrappingTransport, PortRandomizingTransport, and FixedPortTransport interfaces.

func Default

func Default(privkey [32]byte, filepath ...string) (*Transport, error)

Default Given a private key this builds the server side transport with the DEFAULT set of supported prefixes. The optional filepath specifies a file from which to read extra prefixes. If provided only the first variadic string will be used to attempt to parse prefixes. There can be no colliding PrefixIDs - file defined prefixes take precedent over defaults, and within the file first defined takes precedence.

func DefaultSet

func DefaultSet() *Transport

DefaultSet builds a hollow version of the transport with the DEFAULT set of supported prefixes. This is useful in instances where we just need to check whether the prefix ID is known, not actually handle any major operations (tryFindReg / WrapConn)

func New

func New(privkey [32]byte, filepath ...string) (*Transport, error)

New Given a private key this builds the server side transport with an EMPTY set of supported prefixes. The optional filepath specifies a file from which to read extra prefixes. If provided only the first variadic string will be used to attempt to parse prefixes. There can be no colliding PrefixIDs - within the file first defined takes precedence.

func (Transport) GetDstPort

func (t Transport) GetDstPort(libVersion uint, seed []byte, params any) (uint16, error)

GetDstPort Given the library version, a seed, and a generic object containing parameters the transport should be able to return the destination port that a clients phantom connection will attempt to reach

func (Transport) GetIdentifier

func (Transport) GetIdentifier(d *dd.DecoyRegistration) string

GetIdentifier takes in a registration and returns an identifier for it. This identifier should be unique for each registration on a given phantom; registrations on different phantoms can have the same identifier.

func (Transport) GetProto

func (Transport) GetProto() pb.IPProto

GetProto returns the next layer protocol that the transport uses. Implements the Transport interface.

func (Transport) LogPrefix

func (Transport) LogPrefix() string

LogPrefix returns the prefix used when including this transport in logs, implementing the Transport interface.

func (Transport) Name

func (Transport) Name() string

Name returns the human-friendly name of the transport, implementing the Transport interface..

func (Transport) ParamStrings

func (t Transport) ParamStrings(p any) []string

ParamStrings returns an array of tag string that will be added to tunStats when a proxy session is closed.

func (Transport) ParseParams

func (t Transport) ParseParams(libVersion uint, data *anypb.Any) (any, error)

ParseParams gives the specific transport an option to parse a generic object into parameters provided by the client during registration. This Transport was written after RandomizeDstPort was added, so it should not be usable by clients who don't support destination port randomization.

func (Transport) WrapConnection

func (t Transport) WrapConnection(data *bytes.Buffer, c net.Conn, originalDst net.IP, regManager *dd.RegistrationManager) (*dd.DecoyRegistration, net.Conn, error)

WrapConnection attempts to wrap the given connection in the transport. It takes the information gathered so far on the connection in data, attempts to identify itself, and if it positively identifies itself wraps the connection in the transport, returning a connection that's ready to be used by others.

If the returned error is nil or non-nil and non-{ transports.ErrTryAgain, transports.ErrNotTransport }, the caller may no longer use data or conn.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL