Skip to content

Commit

Permalink
v3.5.0 release
Browse files Browse the repository at this point in the history
1. In each new release, randomly selected users will have network packets filled with low information entropy content.
  • Loading branch information
enfein committed Sep 29, 2024
1 parent 39a2c72 commit 77124d6
Show file tree
Hide file tree
Showing 20 changed files with 106 additions and 53 deletions.
7 changes: 5 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ PROJECT_NAME=$(shell basename "${ROOT}")
# - pkg/version/current.go
#
# Use `tools/bump_version.sh` script to change all those files at one shot.
VERSION="3.4.0"
VERSION="3.5.0"

# Build binaries and installation packages.
.PHONY: build
Expand All @@ -47,9 +47,12 @@ bin: lib client-android client-linux client-mac client-windows server-linux
lib: fmt vet
CGO_ENABLED=0 go build -v ./...
CGO_ENABLED=0 go test -timeout=1m0s -coverprofile coverage.out ./...
CGO_ENABLED=0 go test -bench=. -benchtime=5s ./pkg/cipher
go tool cover -html coverage.out -o coverage.html

# Run benchmark.
.PHONY: bench
CGO_ENABLED=0 go test -bench=. -benchtime=5s ./pkg/cipher

# Generate vendor directory.
.PHONY: vendor
vendor:
Expand Down
2 changes: 1 addition & 1 deletion build/package/mieru/amd64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mieru
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: amd64
Expand Down
2 changes: 1 addition & 1 deletion build/package/mieru/amd64/rpm/mieru.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mieru
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy client
License: GPLv3+
Expand Down
2 changes: 1 addition & 1 deletion build/package/mieru/arm64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mieru
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: arm64
Expand Down
2 changes: 1 addition & 1 deletion build/package/mieru/arm64/rpm/mieru.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mieru
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy client
License: GPLv3+
Expand Down
2 changes: 1 addition & 1 deletion build/package/mita/amd64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mita
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: amd64
Expand Down
2 changes: 1 addition & 1 deletion build/package/mita/amd64/rpm/mita.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mita
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy server
License: GPLv3+
Expand Down
2 changes: 1 addition & 1 deletion build/package/mita/arm64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mita
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: arm64
Expand Down
2 changes: 1 addition & 1 deletion build/package/mita/arm64/rpm/mita.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mita
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy server
License: GPLv3+
Expand Down
16 changes: 8 additions & 8 deletions docs/server-install.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,32 +8,32 @@ Before installation and configuration, connect to the server via SSH and then ex

```sh
# Debian / Ubuntu - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_amd64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_arm64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.x86_64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.aarch64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.aarch64.rpm
```

## Install mita package

```sh
# Debian / Ubuntu - X86_64
sudo dpkg -i mita_3.4.0_amd64.deb
sudo dpkg -i mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
sudo dpkg -i mita_3.4.0_arm64.deb
sudo dpkg -i mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
sudo rpm -Uvh --force mita-3.4.0-1.x86_64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
sudo rpm -Uvh --force mita-3.4.0-1.aarch64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.aarch64.rpm
```

Those instructions can also be used to upgrade the version of mita software package.
Expand Down
16 changes: 8 additions & 8 deletions docs/server-install.zh_CN.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,32 +8,32 @@

```sh
# Debian / Ubuntu - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_amd64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_arm64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.x86_64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.aarch64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.aarch64.rpm
```

## 安装 mita 软件包

```sh
# Debian / Ubuntu - X86_64
sudo dpkg -i mita_3.4.0_amd64.deb
sudo dpkg -i mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
sudo dpkg -i mita_3.4.0_arm64.deb
sudo dpkg -i mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
sudo rpm -Uvh --force mita-3.4.0-1.x86_64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
sudo rpm -Uvh --force mita-3.4.0-1.aarch64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.aarch64.rpm
```

上述指令也可以用来升级 mita 软件包的版本。
Expand Down
2 changes: 1 addition & 1 deletion pkg/cli/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ var clientRunFunc = func(s []string) error {
} else {
hashedPassword = cipher.HashPassword([]byte(user.GetPassword()), []byte(user.GetName()))
}
mux = mux.SetClientPassword(hashedPassword)
mux = mux.SetClientUserNamePassword(user.GetName(), hashedPassword)
mtu := util.DefaultMTU
if activeProfile.GetMtu() != 0 {
mtu = int(activeProfile.GetMtu())
Expand Down
12 changes: 10 additions & 2 deletions pkg/protocol/mux.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ type Mux struct {
cleaner *time.Ticker

// ---- client fields ----
username string
password []byte
multiplexFactor int

Expand Down Expand Up @@ -100,8 +101,8 @@ func NewMux(isClinet bool) *Mux {
return mux
}

// SetClientPassword panics if the mux is already started.
func (m *Mux) SetClientPassword(password []byte) *Mux {
// SetClientUserNamePassword panics if the mux is already started.
func (m *Mux) SetClientUserNamePassword(username string, password []byte) *Mux {
m.mu.Lock()
defer m.mu.Unlock()
if !m.isClient {
Expand All @@ -110,6 +111,7 @@ func (m *Mux) SetClientPassword(password []byte) *Mux {
if m.used {
panic("Can't set client password after mux is used")
}
m.username = username
m.password = password
return m
}
Expand Down Expand Up @@ -545,6 +547,9 @@ func (m *Mux) newUnderlay(ctx context.Context) (Underlay, error) {
if err != nil {
return nil, fmt.Errorf("cipher.BlockCipherFromPassword() failed: %v", err)
}
block.SetBlockContext(cipher.BlockContext{
UserName: m.username,
})
underlay, err = NewTCPUnderlay(ctx, p.RemoteAddr().Network(), "", p.RemoteAddr().String(), p.MTU(), block)
if err != nil {
return nil, fmt.Errorf("NewTCPUnderlay() failed: %v", err)
Expand All @@ -554,6 +559,9 @@ func (m *Mux) newUnderlay(ctx context.Context) (Underlay, error) {
if err != nil {
return nil, fmt.Errorf("cipher.BlockCipherFromPassword() failed: %v", err)
}
block.SetBlockContext(cipher.BlockContext{
UserName: m.username,
})
underlay, err = NewUDPUnderlay(ctx, p.RemoteAddr().Network(), "", p.RemoteAddr().String(), p.MTU(), block)
if err != nil {
return nil, fmt.Errorf("NewUDPUnderlay() failed: %v", err)
Expand Down
2 changes: 1 addition & 1 deletion pkg/protocol/mux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ var users = map[string]*appctlpb.User{

func runClient(t *testing.T, properties UnderlayProperties, username, password []byte, concurrent int) {
clientMux := NewMux(true).
SetClientPassword(cipher.HashPassword(password, username)).
SetClientUserNamePassword(string(username), cipher.HashPassword(password, username)).
SetClientMultiplexFactor(2).
SetEndpoints([]UnderlayProperties{properties})

Expand Down
31 changes: 30 additions & 1 deletion pkg/protocol/padding.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (

var (
recommendedConsecutiveASCIILen = 24 + rng.FixedIntPerHost(17)
recommendedTargetProbability = 0.375
recommendedTargetProbability = 0.325
)

type paddingOpts struct {
Expand Down Expand Up @@ -58,6 +58,35 @@ type entropyPaddingOpts struct {
targetProbability float64
}

func buildRecommendedPaddingOpts(maxLen, randomDataLen int, strategySource string) paddingOpts {
// strategySource decides the padding strategy.
strategy := rng.FixedInt(2, strategySource)
if strategy == 0 {
// Use ASCII.
return paddingOpts{
maxLen: maxLen,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxLen, recommendedConsecutiveASCIILen),
},
}
} else {
// Use entropy.
randomData := make([]byte, randomDataLen)
for {
if _, err := crand.Read(randomData); err == nil {
break
}
}
return paddingOpts{
maxLen: maxLen,
entropy: &entropyPaddingOpts{
existingData: randomData,
targetProbability: recommendedTargetProbability,
},
}
}
}

func newPadding(opts paddingOpts) []byte {
if opts.ascii != nil {
if opts.maxLen < opts.ascii.minConsecutiveASCIILen {
Expand Down
14 changes: 10 additions & 4 deletions pkg/protocol/session.go
Original file line number Diff line number Diff line change
Expand Up @@ -753,19 +753,25 @@ func (s *Session) input(seg *segment) error {
if s.block != nil {
prevUserName := s.block.BlockContext().UserName
nextUserName := seg.block.BlockContext().UserName
if prevUserName != "" && nextUserName != "" && prevUserName != nextUserName {
panic(fmt.Sprintf("%v cipher block user name %q is different from segment cipher block user name %q", s, prevUserName, nextUserName))
if prevUserName == "" {
panic(fmt.Sprintf("%v cipher block user name is not set", s))
}
if nextUserName == "" {
panic(fmt.Sprintf("%v cipher block user name is not set", seg))
}
if prevUserName != nextUserName {
panic(fmt.Sprintf("%v cipher block user name %q is different from %v cipher block user name %q", s, prevUserName, seg, nextUserName))
}
}

s.block = seg.block

// Register server per user metrics.
if !s.isClient {
if s.uploadBytes == nil && s.block.BlockContext().UserName != "" {
if s.uploadBytes == nil {
s.uploadBytes = metrics.RegisterMetric(fmt.Sprintf(metrics.UserMetricGroupFormat, s.block.BlockContext().UserName), metrics.UserMetricUploadBytes, metrics.COUNTER_TIME_SERIES)
}
if s.downloadBytes == nil && s.block.BlockContext().UserName != "" {
if s.downloadBytes == nil {
s.downloadBytes = metrics.RegisterMetric(fmt.Sprintf(metrics.UserMetricGroupFormat, s.block.BlockContext().UserName), metrics.UserMetricDownloadBytes, metrics.COUNTER_TIME_SERIES)
}
}
Expand Down
21 changes: 11 additions & 10 deletions pkg/protocol/underlay_tcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"github.com/enfein/mieru/pkg/appctl/appctlpb"
"github.com/enfein/mieru/pkg/cipher"
"github.com/enfein/mieru/pkg/log"
"github.com/enfein/mieru/pkg/mathext"
"github.com/enfein/mieru/pkg/metrics"
"github.com/enfein/mieru/pkg/replay"
"github.com/enfein/mieru/pkg/rng"
Expand All @@ -34,6 +33,10 @@ import (
"github.com/enfein/mieru/pkg/util/sockopts"
)

const (
tcpOverhead = MetadataLength + cipher.DefaultOverhead*2
)

type TCPUnderlay struct {
baseUnderlay
conn *net.TCPConn
Expand Down Expand Up @@ -502,23 +505,21 @@ func (t *TCPUnderlay) writeOneSegment(seg *segment) error {
t.sendMutex.Lock()
defer t.sendMutex.Unlock()

if err := t.maybeInitSendBlockCipher(); err != nil {
return fmt.Errorf("maybeInitSendBlockCipher() failed: %w", err)
}

if ss, ok := toSessionStruct(seg.metadata); ok {
maxPaddingSize := MaxPaddingSize(t.mtu, t.IPVersion(), t.TransportProtocol(), int(ss.payloadLen), 0)
padding := newPadding(paddingOpts{
maxLen: maxPaddingSize,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxPaddingSize, recommendedConsecutiveASCIILen),
},
})
padding := newPadding(
buildRecommendedPaddingOpts(maxPaddingSize, tcpOverhead+int(ss.payloadLen), t.send.BlockContext().UserName),
)
ss.suffixLen = uint8(len(padding))
if log.IsLevelEnabled(log.TraceLevel) {
log.Tracef("%v is sending %v", t, seg)
}

plaintextMetadata := seg.metadata.Marshal()
if err := t.maybeInitSendBlockCipher(); err != nil {
return fmt.Errorf("maybeInitSendBlockCipher() failed: %w", err)
}
encryptedMetadata, err := t.send.Encrypt(plaintextMetadata)
if err != nil {
return fmt.Errorf("Encrypt() failed: %w", err)
Expand Down
14 changes: 7 additions & 7 deletions pkg/protocol/underlay_udp.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
"github.com/enfein/mieru/pkg/appctl/appctlpb"
"github.com/enfein/mieru/pkg/cipher"
"github.com/enfein/mieru/pkg/log"
"github.com/enfein/mieru/pkg/mathext"
"github.com/enfein/mieru/pkg/metrics"
"github.com/enfein/mieru/pkg/replay"
"github.com/enfein/mieru/pkg/stderror"
Expand Down Expand Up @@ -648,14 +647,15 @@ func (u *UDPUnderlay) writeOneSegment(seg *segment, addr *net.UDPAddr) error {
}
}

if blockCipher == nil {
panic(fmt.Sprintf("%v cipher block is not ready", u))
}

if ss, ok := toSessionStruct(seg.metadata); ok {
maxPaddingSize := MaxPaddingSize(u.mtu, u.IPVersion(), u.TransportProtocol(), int(ss.payloadLen), 0)
padding := newPadding(paddingOpts{
maxLen: maxPaddingSize,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxPaddingSize, recommendedConsecutiveASCIILen),
},
})
padding := newPadding(
buildRecommendedPaddingOpts(maxPaddingSize, udpOverhead+int(ss.payloadLen), blockCipher.BlockContext().UserName),
)
ss.suffixLen = uint8(len(padding))
if log.IsLevelEnabled(log.TraceLevel) {
log.Tracef("%v is sending %v", u, seg)
Expand Down
Loading

0 comments on commit 77124d6

Please sign in to comment.