Better Auto TTL adjusting algorithm which honors short distance

Say you set --auto-ttl to 4.
If the TTL distance to the destination host is too short, say 6, auto-ttl
would decrease it by 4 and send a fake packet with TTL 2, which is too low
for the packet to travel via DPI system.
But if you set --auto-ttl to a lower value such as 2, that may introduce
issues over long lines where outgoing-path TTL and incoming-path TTL may have
difference more than 2 hops due to higher chance of assymetric routing along
the path.

To solve this issue, this commit introduce auto-ttl range of two values.
If the incoming TTL distance is more than autottl2, it is subtracted by
autottl2 value.
If the distance is less than autottl2, the distance value is used as a
normalized weigth of [autottl1; autottl2] scale.

The simplified formula is as follows:

    128 > extracted_ttl > 98: // Server is running Windows
      nhops = 128 - extracted_ttl
    64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other
      nhops = 64 - extracted_ttl

    if (nhops - autottl2 < autottl2)
        ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
    else
        ttl_of_fake_packet = nhops - autottl2
This commit is contained in:
ValdikSS 2021-12-28 16:37:42 +03:00
parent c60dbf7ca7
commit e25d7432de
3 changed files with 19 additions and 12 deletions

View File

@ -104,7 +104,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
ppTcpHdr->SrcPort, ppTcpHdr->DstPort, \ ppTcpHdr->SrcPort, ppTcpHdr->DstPort, \
&tcp_conn_info, 1))) \ &tcp_conn_info, 1))) \
{ \ { \
ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, do_auto_ttl); \ ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, 1, do_auto_ttl, 3); \
if (do_tcp_verb) { \ if (do_tcp_verb) { \
printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \ printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \
} \ } \

View File

@ -8,6 +8,7 @@
#include <windows.h> #include <windows.h>
#include <time.h> #include <time.h>
#include <stdio.h> #include <stdio.h>
#include <math.h>
#include "goodbyedpi.h" #include "goodbyedpi.h"
#include "ttltrack.h" #include "ttltrack.h"
#include "utils/uthash.h" #include "utils/uthash.h"
@ -218,23 +219,28 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
return FALSE; return FALSE;
} }
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t decrease_for) { int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops) {
uint8_t nhops = 0;
uint8_t ttl_of_fake_packet = 0; uint8_t ttl_of_fake_packet = 0;
if (ttl > 98 && ttl < 128) { if (ttl > 98 && ttl < 128) {
/* Safekeeping */ nhops = 128 - ttl;
if (128 - ttl > decrease_for + 1) {
ttl_of_fake_packet = 128 - ttl - decrease_for;
}
} }
else if (ttl > 34 && ttl < 64) { else if (ttl > 34 && ttl < 64) {
/* Safekeeping */ nhops = 64 - ttl;
if (64 - ttl > decrease_for + 1) {
ttl_of_fake_packet = 64 - ttl - decrease_for;
}
} }
else { else {
ttl_of_fake_packet = 0; return 0;
}
if (nhops <= autottl1 || nhops < minhops) {
return 0;
}
ttl_of_fake_packet = nhops - autottl2;
if (ttl_of_fake_packet < autottl2 && nhops <= 9) {
ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
} }
return ttl_of_fake_packet; return ttl_of_fake_packet;

View File

@ -21,5 +21,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
tcp_conntrack_info_t *conn_info, tcp_conntrack_info_t *conn_info,
uint8_t is_ipv6); uint8_t is_ipv6);
int tcp_get_auto_ttl(uint8_t ttl, uint8_t decrease_for); int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops);
#endif #endif