neko-obfs: a TCP tunnel with packet length obfuscation

[ apache, network, program ] [ Propose Tags ]

Just another tool that helps accessing the internet

[Skip to Readme]


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Versions [RSS],,,
Change log
Dependencies async, attoparsec, base (>=4.11 && <7), binary, bytestring, lens, network, network-simple, optparse-generic, pipes, pipes-attoparsec, pipes-network, pipes-safe, random, text, transformers [details]
License Apache-2.0
Author Jinjing Wang
Category Network
Home page
Uploaded by JinjingWang at 2019-11-23T08:28:46Z
Distributions NixOS:
Reverse Dependencies 1 direct, 0 indirect [details]
Executables neko-obfs
Downloads 2267 total (7 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
Last success reported on 2019-11-23 [all 2 reports]

Readme for neko-obfs-

[back to package description]




n | padding | m | payload
  • n (word32be): the number of bytes of padding
  • padding: n bytes of noise
  • m (word32be): the number of bytes of the original payload
  • payload: the original packet


  • n is deduced from a randomly generated i = n + m for each packet.
  • When a random i is less then m, payload is split to p1 and p2 to satisfy the constrain, where the length of p1 is equal to i and p1 + p2 = payload. p2 will be sent in the next iteration by the same algorithm.
  • i is bounded by a maximum r, configurable by the --randomnessInBytes argument.
  • To reduce overhead, n is set to 0 whenever m is greater then r.


  • local:

      neko-obfs --localHost TEXT --localPort INTEGER --remoteHost TEXT --remotePort INTEGER
  • remote:

      neko-obfs --role remote --remoteHost TEXT --remotePort INTEGER --forwardHost TEXT --forwardPort INTEGER
  • This tunnel should be used inside an encrypted tunnel.

  • For example:

      ss-local (rc4)
        -> neko-obfs -> ss-tunnel (aes-256-cfb)
          -> gfw -> internet
        -> ss-tunnel (aes-256-cfb) -> neko-obfs 
      -> ss-server (rc4)
  • Note it's the ss-tunnel layer that protects the obfuscation, otherwise data and noise length are clearly visible.


  • No noticeable slow down yet (Jul 24, 2017)