Better Auto TTL adjusting algorithm which honors short distance

Say you set --auto-ttl to 4. If the TTL distance to the destination host is too short, say 6, auto-ttl would decrease it by 4 and send a fake packet with TTL 2, which is too low for the packet to travel via DPI system. But if you set --auto-ttl to a lower value such as 2, that may introduce issues over long lines where outgoing-path TTL and incoming-path TTL may have difference more than 2 hops due to higher chance of assymetric routing along the path. To solve this issue, this commit introduce auto-ttl range of two values. If the incoming TTL distance is more than autottl2, it is subtracted by autottl2 value. If the distance is less than autottl2, the distance value is used as a normalized weigth of [autottl1; autottl2] scale. The simplified formula is as follows: 128 > extracted_ttl > 98: // Server is running Windows nhops = 128 - extracted_ttl 64 > extracted_ttl > 34: // Server is running Linux/FreeBSD/other nhops = 64 - extracted_ttl if (nhops - autottl2 < autottl2) ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10)); else ttl_of_fake_packet = nhops - autottl2
2021-12-28 16:37:42 +03:00 · 2021-12-28 16:37:42 +03:00 · e25d7432de
parent c60dbf7ca7
commit e25d7432de
3 changed files with 19 additions and 12 deletions
--- a/src/goodbyedpi.c
+++ b/src/goodbyedpi.c
@ -104,7 +104,7 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA
                        ppTcpHdr->SrcPort, ppTcpHdr->DstPort, \
                        &tcp_conn_info, 1))) \
    { \
-        ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, do_auto_ttl); \
+        ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, 1, do_auto_ttl, 3); \
        if (do_tcp_verb) { \
            printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \
        } \
--- a/src/ttltrack.c
+++ b/src/ttltrack.c
@ -8,6 +8,7 @@
 #include <windows.h>
 #include <time.h>
 #include <stdio.h>
+#include <math.h>
 #include "goodbyedpi.h"
 #include "ttltrack.h"
 #include "utils/uthash.h"
@ -218,23 +219,28 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
    return FALSE;
 }

-int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t decrease_for) {
+int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
+                     const uint8_t autottl2, const uint8_t minhops) {
+    uint8_t nhops = 0;
    uint8_t ttl_of_fake_packet = 0;

    if (ttl > 98 && ttl < 128) {
-        /* Safekeeping */
-        if (128 - ttl > decrease_for + 1) {
-            ttl_of_fake_packet = 128 - ttl - decrease_for;
-        }
+        nhops = 128 - ttl;
    }
    else if (ttl > 34 && ttl < 64) {
-        /* Safekeeping */
-        if (64 - ttl > decrease_for + 1) {
-            ttl_of_fake_packet = 64 - ttl - decrease_for;
-        }
+        nhops = 64 - ttl;
    }
    else {
-        ttl_of_fake_packet = 0;
+        return 0;
+    }
+
+    if (nhops <= autottl1 || nhops < minhops) {
+        return 0;
+    }
+
+    ttl_of_fake_packet = nhops - autottl2;
+    if (ttl_of_fake_packet < autottl2 && nhops <= 9) {
+        ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10));
    }

    return ttl_of_fake_packet;
--- a/src/ttltrack.h
+++ b/src/ttltrack.h
@ -21,5 +21,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4],
                        tcp_conntrack_info_t *conn_info,
                        uint8_t is_ipv6);

-int tcp_get_auto_ttl(uint8_t ttl, uint8_t decrease_for);
+int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
+                     const uint8_t autottl2, const uint8_t minhops);
 #endif