chore: go mod tidy

fix: engine exit when too many packets hit NFQUEUE
This is a more graceful way to disable ENOBUFS reporting than bed34f94be
2024-02-28 21:58:16 +08:00 · 2024-02-28 21:20:08 +08:00 · 2024-02-28 21:17:29 +08:00 · 2024-02-26 15:28:33 -08:00 · 2024-02-26 15:27:35 -08:00 · 2024-02-26 15:17:33 -08:00
7 changed files with 18 additions and 18 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,6 +1,6 @@
 on:
  release:
-    types: [ created ]
+    types: [published]
 permissions:
  contents: write
@@ -21,6 +21,6 @@ jobs:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          goos: ${{ matrix.goos }}
          goarch: ${{ matrix.goarch }}
-          goversion: "https://go.dev/dl/go1.21.6.linux-amd64.tar.gz"
+          goversion: "https://go.dev/dl/go1.22.0.linux-amd64.tar.gz"
          binary_name: "OpenGFW"
          extra_files: LICENSE README.md README.zh.md
--- a/README.ja.md
+++ b/README.ja.md
@@ -19,7 +19,7 @@ Telegram グループ: https://t.me/OpGFW
 - フル IP/TCP 再アセンブル、各種プロトコルアナライザー
  - HTTP、TLS、QUIC、DNS、SSH、SOCKS4/5、WireGuard、その他多数
-  - Shadowsocks の「完全に暗号化されたトラフィック」の検出など (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
+  - Shadowsocks の「完全に暗号化されたトラフィック」の検出など (https://gfw.report/publications/usenixsecurity23/en/)
  - トロイの木馬キラー (https://github.com/XTLS/Trojan-killer) に基づくトロイの木馬 (プロキシプロトコル) 検出
  - [WIP] 機械学習に基づくトラフィック分類
 - IPv4 と IPv6 をフルサポート
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Telegram group: https://t.me/OpGFW
 - Full IP/TCP reassembly, various protocol analyzers
  - HTTP, TLS, QUIC, DNS, SSH, SOCKS4/5, WireGuard, and many more to come
  - "Fully encrypted traffic" detection for Shadowsocks,
-    etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
+    etc. (https://gfw.report/publications/usenixsecurity23/en/)
  - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer)
  - [WIP] Machine learning based traffic classification
 - Full IPv4 and IPv6 support
--- a/README.zh.md
+++ b/README.zh.md
@@ -19,7 +19,7 @@ Telegram 群组： https://t.me/OpGFW
 - 完整的 IP/TCP 重组，各种协议解析器
  - HTTP, TLS, QUIC, DNS, SSH, SOCKS4/5, WireGuard, 更多协议正在开发中
-  - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
+  - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/zh/)
  - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer)
  - [开发中] 基于机器学习的流量分类
 - 同等支持 IPv4 和 IPv6
--- a/analyzer/tcp/fet.go
+++ b/analyzer/tcp/fet.go
@@ -143,8 +143,11 @@ func isTLSorHTTP(bytes []byte) bool {
 	if len(bytes) < 3 {
 		return false
 	}
-	if bytes[0] == 0x16 && bytes[1] == 0x03 && bytes[2] <= 0x03 {
+	// "We observe that the GFW exempts any connection whose first
-		// TLS handshake for TLS 1.0-1.3
+	// three bytes match the following regular expression:
 	// [\x16-\x17]\x03[\x00-\x09]" - from the paper in Section 4.3
 	if bytes[0] >= 0x16 && bytes[0] <= 0x17 &&
 		bytes[1] == 0x03 && bytes[2] <= 0x09 {
 		return true
 	}
 	// HTTP request
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,6 @@ require (
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.26.0
 	golang.org/x/crypto v0.19.0
 	golang.org/x/sys v0.17.0
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -44,6 +43,7 @@ require (
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/net v0.19.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )
--- a/io/nfqueue.go
+++ b/io/nfqueue.go
@@ -12,7 +12,6 @@ import (
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/florianl/go-nfqueue"
 	"github.com/mdlayher/netlink"
 	"golang.org/x/sys/unix"
 )
 const (
@@ -128,6 +127,10 @@ func NewNFQueuePacketIO(config NFQueuePacketIOConfig) (PacketIO, error) {
 	if err != nil {
 		return nil, err
 	}
 	err = n.Con.SetOption(netlink.NoENOBUFS, true)
 	if err != nil {
 		return nil, fmt.Errorf("failed to set NoENOBUFS option: %w", err)
 	}
 	return &nfqueuePacketIO{
 		n:     n,
 		local: config.Local,
@@ -153,12 +156,6 @@ func (n *nfqueuePacketIO) Register(ctx context.Context, cb PacketCallback) error
 			return okBoolToInt(cb(p, nil))
 		},
 		func(e error) int {
 			if opErr := (*netlink.OpError)(nil); errors.As(e, &opErr) {
 				if errors.Is(opErr.Err, unix.ENOBUFS) {
 					// Kernel buffer temporarily full, ignore
 					return 0
 				}
 			}
 			return okBoolToInt(cb(nil, e))
 		})
 	if err != nil {
Author	SHA1	Message	Date
Haruue	234ee32687	chore: go mod tidy	2024-02-28 21:58:16 +08:00
Haruue	1852a2594d	fix: engine exit when too many packets hit NFQUEUE This is a more graceful way to disable ENOBUFS reporting than `bed34f94be`	2024-02-28 21:20:08 +08:00
Haruue	bc8d15ef37	Revert "fix: engine exit when too many packets hit NFQUEUE" This reverts commit `bed34f94be`.	2024-02-28 21:17:29 +08:00
Toby	5d2d874089	Merge pull request #82 from apernet/update-fet feat: update FET analyzer to better reflect what's described in the paper	2024-02-26 15:28:33 -08:00
Toby	797dce3dc2	feat: update FET analyzer to better reflect what's described in the paper	2024-02-26 15:27:35 -08:00
Toby	420286a46c	Merge pull request #81 from apernet/update-gfwreport chore: update gfw report links	2024-02-26 15:17:33 -08:00
Toby	531a7b0ceb	chore: update gfw report links	2024-02-26 15:17:07 -08:00
Toby	20e0637756	Merge pull request #79 from apernet/update-ci fix: release workflow	2024-02-26 10:50:44 -08:00
Toby	74dcc92fc6	fix: release workflow	2024-02-26 10:49:19 -08:00