Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not access samba.org #224

Closed
JKot-Coder opened this issue Oct 26, 2021 · 2 comments
Closed

Can not access samba.org #224

JKot-Coder opened this issue Oct 26, 2021 · 2 comments
Labels
Fragmentation

Comments

@JKot-Coder
Copy link

Когда включаю GoodbyeDPI перестаёт работать samba.org если сделать service_remove.cmd всё работает отлично.

image

Curl с включенным GoodbyeDPI

curl -v https://download.samba.org
* Rebuilt URL to: https://download.samba.org/
*   Trying 144.76.82.148...
* TCP_NODELAY set
* Connected to download.samba.org (144.76.82.148) port 443 (#0)
* schannel: SSL/TLS connection with download.samba.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 189 bytes...
* schannel: sent initial handshake data: sent 189 bytes
* schannel: SSL/TLS connection with download.samba.org port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with download.samba.org port 443 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with download.samba.org port 443
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Curl с выключенным:

curl -v https://download.samba.org
* Rebuilt URL to: https://download.samba.org/
*   Trying 144.76.82.148...
* TCP_NODELAY set
* Connected to download.samba.org (144.76.82.148) port 443 (#0)
* schannel: SSL/TLS connection with download.samba.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 189 bytes...
* schannel: sent initial handshake data: sent 189 bytes
* schannel: SSL/TLS connection with download.samba.org port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with download.samba.org port 443 (step 2/3)
* schannel: encrypted data got 3459
* schannel: encrypted data buffer: offset 3459 length 4096
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with download.samba.org port 443 (step 2/3)
* schannel: encrypted data got 51
* schannel: encrypted data buffer: offset 51 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with download.samba.org port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET / HTTP/1.1
> Host: download.samba.org
> User-Agent: curl/7.55.1
> Accept: */*
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 1603
* schannel: encrypted data buffer: offset 1603 length 103424
* schannel: decrypted data length: 1574
* schannel: decrypted data added: 1574
* schannel: decrypted data cached: offset 1574 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 1574 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 1574
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
@ValdikSS
Copy link
Owner

#4

ValdikSS added a commit that referenced this issue Dec 24, 2021
@ValdikSS
Send native-fragged fragments in the reversed order
e28cb52 
Some websites (or more precisely, TLS terminators/balancers) can't
handle segmented TLS ClientHello packet properly, requiring the whole
ClientHello in a single segment, otherwise the connection gets dropped.

However they still operate with a proper TCP stack.
Cheat on them: send the latter segment first (with TCP SEQ "in the future"),
the former segment second (with "current" SEQ), allowing OS TCP
stack to combine it in a single TCP read().

This fixes long-standing number of TCP fragmentation issues:
Fixes #4, #158, #224, #59, #192 and many others.
@ValdikSS
Copy link
Owner

Проблемы с TCP-фрагментацией должны быть решены в версии GoodbyeDPI 0.1.7, опцией --reverse-frag.

TCP fragmentation issues should be solved in GoodbyeDPI 0.1.7, by using --reverse-frag option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fragmentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ValdikSS @JKot-Coder