Skip to content

Commit

Permalink
Better Auto TTL adjusting algorithm which honors short distance
Browse files Browse the repository at this point in the history
Say you set --auto-ttl to 4.
If the TTL distance to the destination host is too short, say 6, auto-ttl
would decrease it by 4 and send a fake packet with TTL 2, which is too low
for the packet to travel via DPI system.
But if you set --auto-ttl to a lower value such as 2, that may introduce
issues over long lines where outgoing-path TTL and incoming-path TTL may have
difference more than 2 hops due to higher chance of assymetric routing along
the path.

To solve this issue, this commit introduce auto-ttl range of two values.
If the incoming TTL distance is more than autottl2, it is subtracted by
autottl2 value.
If the distance is less than autottl2, the distance value is used as a
normalized weigth of [autottl1; autottl2] scale.

The simplified formula is as follows:

    128 > extracted_ttl > 98: // Server is running Windows
      nhops = 128 - extracted_ttl
    64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other
      nhops = 64 - extracted_ttl

    if (nhops - autottl2 < autottl2)
        ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
    else
        ttl_of_fake_packet = nhops - autottl2
  • Loading branch information
ValdikSS committed Dec 28, 2021
1 parent c60dbf7 commit e25d743
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 12 deletions.
2 changes: 1 addition & 1 deletion src/goodbyedpi.c
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
ppTcpHdr->SrcPort, ppTcpHdr->DstPort, \
&tcp_conn_info, 1))) \
{ \
ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, do_auto_ttl); \
ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, 1, do_auto_ttl, 3); \
if (do_tcp_verb) { \
printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \
} \
Expand Down
26 changes: 16 additions & 10 deletions src/ttltrack.c
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
#include <windows.h>
#include <time.h>
#include <stdio.h>
#include <math.h>
#include "goodbyedpi.h"
#include "ttltrack.h"
#include "utils/uthash.h"
Expand Down Expand Up @@ -218,23 +219,28 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
return FALSE;
}

int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t decrease_for) {
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops) {
uint8_t nhops = 0;
uint8_t ttl_of_fake_packet = 0;

if (ttl > 98 && ttl < 128) {
/* Safekeeping */
if (128 - ttl > decrease_for + 1) {
ttl_of_fake_packet = 128 - ttl - decrease_for;
}
nhops = 128 - ttl;
}
else if (ttl > 34 && ttl < 64) {
/* Safekeeping */
if (64 - ttl > decrease_for + 1) {
ttl_of_fake_packet = 64 - ttl - decrease_for;
}
nhops = 64 - ttl;
}
else {
ttl_of_fake_packet = 0;
return 0;
}

if (nhops <= autottl1 || nhops < minhops) {
return 0;
}

ttl_of_fake_packet = nhops - autottl2;
if (ttl_of_fake_packet < autottl2 && nhops <= 9) {
ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
}

return ttl_of_fake_packet;
Expand Down
3 changes: 2 additions & 1 deletion src/ttltrack.h
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
tcp_conntrack_info_t *conn_info,
uint8_t is_ipv6);

int tcp_get_auto_ttl(uint8_t ttl, uint8_t decrease_for);
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops);
#endif

0 comments on commit e25d743

Please sign in to comment.