This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
link.go
104 lines (85 loc) · 2.54 KB
/
link.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package main
import (
"time"
"github.com/google/gopacket/layers"
"github.com/ooni/netem"
"github.com/ooni/probe-engine/pkg/model"
)
// newClientLinkConfig configures the link that the client should use.
func newClientLinkConfig(dpi string) *netem.LinkConfig {
switch dpi {
case "none":
return linkWithoutCensorship()
case "dns":
return linkThatSpoofsDNS()
case "tcp":
return linkThatDropsTCPSYN()
case "tls":
return linkThatResetsTLSHandshake()
default:
panic("unsupported -dpi value (supported values: none, dns, tcp, tls)")
}
}
// linkWithoutCensorship models a link without any censorship.
func linkWithoutCensorship() *netem.LinkConfig {
return &netem.LinkConfig{
DPIEngine: nil,
LeftNICWrapper: nil,
LeftToRightDelay: 15 * time.Millisecond,
LeftToRightPLR: 0,
RightNICWrapper: nil,
RightToLeftDelay: 15 * time.Millisecond,
RightToLeftPLR: 0,
}
}
// linkThatSpoofsDNS is a link that spoofs DNS responses.
func linkThatSpoofsDNS() *netem.LinkConfig {
// create the default config.
config := linkWithoutCensorship()
// create the DPI engine.
dpiEngine := netem.NewDPIEngine(model.DiscardLogger)
// add DPI rule.
dpiEngine.AddRule(&netem.DPISpoofDNSResponse{
Addresses: []string{"10.10.34.35"},
Logger: model.DiscardLogger,
Domain: twitterDomain,
})
// assign the DPI engine.
config.DPIEngine = dpiEngine
// return the configured link to the caller.
return config
}
// linkThatDropsTCPSYN is a link that drops a specific TCP SYN segment.
func linkThatDropsTCPSYN() *netem.LinkConfig {
// create the default config.
config := linkWithoutCensorship()
// create the DPI engine.
dpiEngine := netem.NewDPIEngine(model.DiscardLogger)
// add DPI rule.
dpiEngine.AddRule(&netem.DPIDropTrafficForServerEndpoint{
Logger: model.DiscardLogger,
ServerIPAddress: twitterAddress,
ServerPort: 443,
ServerProtocol: layers.IPProtocolTCP,
})
// assign the DPI engine.
config.DPIEngine = dpiEngine
// return the configured link to the caller.
return config
}
// linkThatResetsTLSHandshake is a link that resets during the TLS handshake.
func linkThatResetsTLSHandshake() *netem.LinkConfig {
// create the default config.
config := linkWithoutCensorship()
// create the DPI engine.
dpiEngine := netem.NewDPIEngine(model.DiscardLogger)
// add DPI rule.
dpiEngine.AddRule(&netem.DPIResetTrafficForTLSSNI{
Logger: model.DiscardLogger,
SNI: twitterDomain,
})
// assign the DPI engine.
config.DPIEngine = dpiEngine
// return the configured link to the caller.
return config
}