neko-obfs: a TCP tunnel with packet length obfuscation

[ apache, network, program ] [ Propose Tags ]

Just another tool that helps accessing the internet


[Skip to Readme]
Versions [faq] 0.1.0.0, 0.1.0.1, 0.1.0.2, 0.1.0.4
Change log ChangeLog.md
Dependencies async, attoparsec, base (>=4.9 && <4.11), binary, bytestring, lens, network, network-simple, optparse-generic, pipes, pipes-attoparsec, pipes-network, pipes-safe, random, text, transformers [details]
License Apache-2.0
Author Jinjing Wang
Maintainer nfjinjing@gmail.com
Category Network
Home page http://github.com/nfjinjing/neko-obfs
Uploaded by JinjingWang at Mon Jul 24 03:36:33 UTC 2017
Distributions NixOS:0.1.0.2
Executables neko-obfs
Downloads 1155 total (87 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs not available [build log]
Last success reported on 2017-07-24 [all 3 reports]

Downloads

Maintainer's Corner

For package maintainers and hackage trustees


Readme for neko-obfs-0.1.0.1

[back to package description]

Protocol

payload

-> 

n | padding | m | payload
  • n (word32be): the number of bytes of padding
  • padding: n bytes of noise
  • m (word32be): the number of bytes of the original payload
  • payload: the original packet

Implementation

  • n is randomly generated for each packet.
  • n is bounded by a maximum r, configurable by the --randomness argument.
  • To reduce overhead, n is set to 0 whenever m is greater then a threshold b, configurable by the --bound argument.

Usage

  • local:

      need-obfs --localHost TEXT --localPort INTEGER --remoteHost TEXT --remotePort INTEGER
    
  • remote:

      neko-obfs --remote --remoteHost TEXT --remotePort INTEGER --forwardHost TEXT --forwardPort INTEGER
    
  • This tunnel should be used inside an encrypted tunnel.

  • For example:

      ss-local (rc4)
    
        -> neko-obfs -> ss-tunnel (aes-256-cfb)
    
          -> gfw -> internet
    
        -> ss-tunnel (aes-256-cfb) -> neko-obfs 
    
      -> ss-server (rc4)
    
  • Note it's the ss-tunnel layer that protects the obfuscation, otherwise data and noise length are clearly visible.

Performance

  • No noticeable slow down yet (Jul 24, 2017)