Protocol
========

    payload
    
    -> 

    n | padding | m | payload

* n (word32be): the number of bytes of padding
* padding: n bytes of noise
* m (word32be): the number of bytes of the original payload
* payload: the original packet

Implementation
==============

* `n` is randomly generated for each packet.
* `n` is bounded by a maximum `r`, configurable by the `--randomness` argument.
* To reduce overhead, `n` is set to 0 whenever `m` is greater then a 
  threshold `b`, configurable by the `--bound` argument.

Usage
=====
* local:

        need-obfs --localHost TEXT --localPort INTEGER --remoteHost TEXT --remotePort INTEGER
* remote: 

        neko-obfs --remote --remoteHost TEXT --remotePort INTEGER --forwardHost TEXT --forwardPort INTEGER
* This tunnel should be used inside an encrypted tunnel.
* For example:

        ss-local (rc4)

          -> neko-obfs -> ss-tunnel (aes-256-cfb)

            -> gfw -> internet

          -> ss-tunnel (aes-256-cfb) -> neko-obfs 

        -> ss-server (rc4)
* Note it's the `ss-tunnel` layer that protects the obfuscation, otherwise
  data and noise length are clearly visible.

Performance
===========

* No noticeable slow down yet (Jul 24, 2017)