Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(transport): TLS Client Hello fragmentation by fixed length #134

Merged
merged 7 commits into from
Dec 1, 2023
Merged

feat(transport): TLS Client Hello fragmentation by fixed length #134

merged 7 commits into from
Dec 1, 2023

Conversation

jyyi1
Copy link
Contributor

@jyyi1 jyyi1 commented Nov 28, 2023
edited
Loading

This PR adds NewFixedBytesStreamDialer that accepts a fixed splitBytes to fragment the Client Hello message:

  • splitBytes > 0: split a fixed leading bytes to two records: msg[:splitBytes] and msg[splitBytes:]
  • splitBytes < 0: split a fixed trailing bytes to two records: msg[:len(msg)-abs(splitBytes)] and msg[len(msg)-abs(splitBytes):]
  • splitBytes = 0: no split

The function will be used in #135 .

@jyyi1 jyyi1 mentioned this pull request Nov 28, 2023
Merged
1 task
@jyyi1 jyyi1 requested a review from fortuna November 28, 2023 04:44
fortuna
fortuna requested changes Nov 28, 2023
View reviewed changes
transport/tlsfrag/stream_dialer.go Outdated Show resolved Hide resolved
transport/tlsfrag/stream_dialer.go Outdated Show resolved Hide resolved
transport/tlsfrag/stream_dialer_test.go Show resolved Hide resolved
@jyyi1 jyyi1 requested a review from fortuna November 28, 2023 21:36
@jyyi1 jyyi1 changed the title feat(transport): TLS Client Hello fragmentation by fixed bytes feat(transport): TLS Client Hello fragmentation by fixed length Nov 28, 2023
fortuna
fortuna reviewed Nov 30, 2023
View reviewed changes
transport/tlsfrag/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/tlsfrag/stream_dialer_test.go
inner := &collectStreamDialer{}
d, err := NewFixedLenStreamDialer(inner, 3) // Further split msg[:8] mentioned below into msg[:3] + msg[3:8]
require.NoError(t, err)
d, err = NewFixedLenStreamDialer(d, 8) // Further split msg[:16] mentioned below into msg[:8] + msg[8:16]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works different from the TCP split.
If you do split:3|split:8, you end up with [3][5][...], because it's the absolute position.
Your code for tlsfrag:3|tlsfrag:8 is doing [3][8][...].
Perhaps we should align that behavior, otherwise it's surprising.

I find it more helpful to use an absolute number, as it makes it easier to specify them.

Copy link
Contributor Author

@jyyi1 jyyi1 Nov 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'm doing the absolute value as well. See the four fragmented packets above: frag1, frag2, frag3 and frag4, they are of lengths: [3][5][8][...].

And the config would be tlsfrag:3|tlsfrag:8|tlsfrag:16 (or tlsfrag:3|tlsfrag:8|tlsfrag:-3 since the total message size is 19).

@jyyi1 jyyi1 merged commit a1906fd into main Dec 1, 2023
6 checks passed
@jyyi1 jyyi1 deleted the junyi/tls-fixed-dialer branch December 1, 2023 03:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fortuna fortuna fortuna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jyyi1 @fortuna