Skip to content
This repository has been archived by the owner on Nov 14, 2023. It is now read-only.
/ sosistab2 Public archive
forked from geph-official/sosistab2

A pluggable, obfuscated datagram transport for horrible networks

0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GNU-Linux-libre/sosistab2

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

225 Commits
benches
benches
 
 
examples
examples
 
 
lib/replay_filter
lib/replay_filter
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Sosistab2 - an obfuscated datagram transport for horrible networks

Sosistab2 is a vaguely QUIC-like datagram transport framework. Over a single Multiplex session, it multiplexes streams that support both reliable TCP-like bytestreams and UDP-like unreliable datagrams.

The cool feature, and key innovation over the legacy sosistab protocol, is that the same Multiplex can be backed by multiple "pipes". Pipes implement the Pipe trait and are a simple abstraction over an unreliable datagram transport. A Multiplex will intelligently decide what pipe to send its traffic down, and automatically avoids non-functional pipes. The Multiplex also maintains end-to-end encryption using chacha20-poly1305 with a triple-x25519 key exchange, and does not trust the Pipes for confidentiality, integrity, or authentication in any way.

This crate comes with two Pipe implementations:

  • ObfsUdpPipe, an obfuscated, loss-resistant UDP transport
    • uses an active-probing-resistant and padded (obfs4-like) obfuscation, with traffic reasonably indistinguishable from random.
    • Reed-Solomon forward error correction that auto-adjusts to detected packet loss level and uses dynamic batch sizes, nearly eliminating all sporadic packet loss and making bad links much more usable. Packet loss calculation intelligently avoids counting "fully loaded" traffic to detect the uncontended packet loss level, to avoid congestion causing increasing FEC redundancy and congestive collapse.
  • ObfsTlsPipe, an obfuscated TLS transport
    • uses configurable native-tls connectors to mitigate TLS fingerprinting. native-tls uses OS-native TLS libraries and is least likely to be fingerprinted.
    • padding is used to obfuscate packet size signatures
    • servers are active-probing resistant by means of a preshared secret cookie that must be transmitted within the TLS session.
    • no attempt is made to imitate browser HTTPS. the intention is to imitate "unknown TLS-based protocols" --- blocking all unclassifiable TLS protocols is likely to cause massive collateral damage beyond blocking obfs4-like high entropy protocols, considering that it's the most common way for new software to trasmit encrypted traffic.

Other crates may also implement the Pipe interface. For instance, we are currently working on a thoroughly browser-imitating HTTP(S) transport.

About

A pluggable, obfuscated datagram transport for horrible networks

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%