On Wed, Sep 19, 2012 at 8:36 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote:
>
> On Tuesday 2012-09-18 09:46, Aft nix wrote:
>>
>>On Tue, Sep 18, 2012 at 6:04 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote:
>>>
>>> On Monday 2012-09-17 17:21, aft wrote:
>>>>
>>>>1) it encrypts UDP traffic.
>>>>2) it adds false bytes(padding).
>>>>
>>>>Its purpose is to escape smarter DPIs which blocks certain kinds of
>>>>packets by several heuristic methods.
>>>
>>> But then why not use IPsec (udpencap), OpenVPN, or something?
>>> After all, you do already need a cooperating peer to decrypt
>>> your traffic, and hence might as well pick a _standardized_ solution.
>>
>>The client does not support IPsec.
>
> Why would it not? If you can make kernel changes, you can as well run
> a simple userspace program. (Example for a userspace program that
> does IPsec using tun interface: vpnc.)
I'm doing these in Server's kernel. The client is a mobile device. AES/ARC4
are implemented in the client application directly.
>
>>>>+ },
>>>>+ {
>>>>+ .name = "OBSF",
>>>>+ .revision = 1,
>>>>+ .family = NFPROTO_UNSPEC,
>>>>+ .target = obsf_tg_v1,
>>>>+ .targetsize = sizeof(struct xt_OBSF_tginfo_v1),
>>>>+ .checkentry = obsf_tg_check_v1,
>>>>+ .me = THIS_MODULE,
>>>>+ },
>>>>+};
>>>
>>> There is no need to use two revisions.
>>
>>Well, i thought there are times when you will not inject false bytes,
>>just encryption will suffices. That's why i've made
>>Two versions. When to make two versions is not really clear to me.
>
> A new ABI is needed when the struct you are using to pass options
> such as "pad or not" does not suffice to hold your option data
> any more.
I've changed it in my recent version, see newer pathces, where i
changed it to reflect your suggestion.
Thanks for clearing that out. I had a confused conception about when
to use more than one DS.
--
-aft
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
