Skip to content

Commit

Permalink
v3.5.0 release
Browse files Browse the repository at this point in the history
1. In each new release, randomly selected users will have network packets filled with low information entropy content.
enfein committed Sep 29, 2024
1 parent 39a2c72 commit 77124d6
Showing 20 changed files with 106 additions and 53 deletions.
7 changes: 5 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@ PROJECT_NAME=$(shell basename "${ROOT}")
# - pkg/version/current.go
#
# Use `tools/bump_version.sh` script to change all those files at one shot.
VERSION="3.4.0"
VERSION="3.5.0"

# Build binaries and installation packages.
.PHONY: build
@@ -47,9 +47,12 @@ bin: lib client-android client-linux client-mac client-windows server-linux
lib: fmt vet
CGO_ENABLED=0 go build -v ./...
CGO_ENABLED=0 go test -timeout=1m0s -coverprofile coverage.out ./...
CGO_ENABLED=0 go test -bench=. -benchtime=5s ./pkg/cipher
go tool cover -html coverage.out -o coverage.html

# Run benchmark.
.PHONY: bench
CGO_ENABLED=0 go test -bench=. -benchtime=5s ./pkg/cipher

# Generate vendor directory.
.PHONY: vendor
vendor:
2 changes: 1 addition & 1 deletion build/package/mieru/amd64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mieru
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: amd64
2 changes: 1 addition & 1 deletion build/package/mieru/amd64/rpm/mieru.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mieru
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy client
License: GPLv3+
2 changes: 1 addition & 1 deletion build/package/mieru/arm64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mieru
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: arm64
2 changes: 1 addition & 1 deletion build/package/mieru/arm64/rpm/mieru.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mieru
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy client
License: GPLv3+
2 changes: 1 addition & 1 deletion build/package/mita/amd64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mita
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: amd64
2 changes: 1 addition & 1 deletion build/package/mita/amd64/rpm/mita.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mita
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy server
License: GPLv3+
2 changes: 1 addition & 1 deletion build/package/mita/arm64/debian/DEBIAN/control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Package: mita
Version: 3.4.0
Version: 3.5.0
Section: net
Priority: optional
Architecture: arm64
2 changes: 1 addition & 1 deletion build/package/mita/arm64/rpm/mita.spec
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Name: mita
Version: 3.4.0
Version: 3.5.0
Release: 1%{?dist}
Summary: Mieru proxy server
License: GPLv3+
16 changes: 8 additions & 8 deletions docs/server-install.md
Original file line number Diff line number Diff line change
@@ -8,32 +8,32 @@ Before installation and configuration, connect to the server via SSH and then ex

```sh
# Debian / Ubuntu - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_amd64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_arm64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.x86_64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.aarch64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.aarch64.rpm
```

## Install mita package

```sh
# Debian / Ubuntu - X86_64
sudo dpkg -i mita_3.4.0_amd64.deb
sudo dpkg -i mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
sudo dpkg -i mita_3.4.0_arm64.deb
sudo dpkg -i mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
sudo rpm -Uvh --force mita-3.4.0-1.x86_64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
sudo rpm -Uvh --force mita-3.4.0-1.aarch64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.aarch64.rpm
```

Those instructions can also be used to upgrade the version of mita software package.
16 changes: 8 additions & 8 deletions docs/server-install.zh_CN.md
Original file line number Diff line number Diff line change
@@ -8,32 +8,32 @@

```sh
# Debian / Ubuntu - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_amd64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita_3.4.0_arm64.deb
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.x86_64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
curl -LSO https://github.com/enfein/mieru/releases/download/v3.4.0/mita-3.4.0-1.aarch64.rpm
curl -LSO https://github.com/enfein/mieru/releases/download/v3.5.0/mita-3.5.0-1.aarch64.rpm
```

## 安装 mita 软件包

```sh
# Debian / Ubuntu - X86_64
sudo dpkg -i mita_3.4.0_amd64.deb
sudo dpkg -i mita_3.5.0_amd64.deb

# Debian / Ubuntu - ARM 64
sudo dpkg -i mita_3.4.0_arm64.deb
sudo dpkg -i mita_3.5.0_arm64.deb

# RedHat / CentOS / Rocky Linux - X86_64
sudo rpm -Uvh --force mita-3.4.0-1.x86_64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.x86_64.rpm

# RedHat / CentOS / Rocky Linux - ARM 64
sudo rpm -Uvh --force mita-3.4.0-1.aarch64.rpm
sudo rpm -Uvh --force mita-3.5.0-1.aarch64.rpm
```

上述指令也可以用来升级 mita 软件包的版本。
2 changes: 1 addition & 1 deletion pkg/cli/client.go
Original file line number Diff line number Diff line change
@@ -473,7 +473,7 @@ var clientRunFunc = func(s []string) error {
} else {
hashedPassword = cipher.HashPassword([]byte(user.GetPassword()), []byte(user.GetName()))
}
mux = mux.SetClientPassword(hashedPassword)
mux = mux.SetClientUserNamePassword(user.GetName(), hashedPassword)
mtu := util.DefaultMTU
if activeProfile.GetMtu() != 0 {
mtu = int(activeProfile.GetMtu())
12 changes: 10 additions & 2 deletions pkg/protocol/mux.go
Original file line number Diff line number Diff line change
@@ -54,6 +54,7 @@ type Mux struct {
cleaner *time.Ticker

// ---- client fields ----
username string
password []byte
multiplexFactor int

@@ -100,8 +101,8 @@ func NewMux(isClinet bool) *Mux {
return mux
}

// SetClientPassword panics if the mux is already started.
func (m *Mux) SetClientPassword(password []byte) *Mux {
// SetClientUserNamePassword panics if the mux is already started.
func (m *Mux) SetClientUserNamePassword(username string, password []byte) *Mux {
m.mu.Lock()
defer m.mu.Unlock()
if !m.isClient {
@@ -110,6 +111,7 @@ func (m *Mux) SetClientPassword(password []byte) *Mux {
if m.used {
panic("Can't set client password after mux is used")
}
m.username = username
m.password = password
return m
}
@@ -545,6 +547,9 @@ func (m *Mux) newUnderlay(ctx context.Context) (Underlay, error) {
if err != nil {
return nil, fmt.Errorf("cipher.BlockCipherFromPassword() failed: %v", err)
}
block.SetBlockContext(cipher.BlockContext{
UserName: m.username,
})
underlay, err = NewTCPUnderlay(ctx, p.RemoteAddr().Network(), "", p.RemoteAddr().String(), p.MTU(), block)
if err != nil {
return nil, fmt.Errorf("NewTCPUnderlay() failed: %v", err)
@@ -554,6 +559,9 @@ func (m *Mux) newUnderlay(ctx context.Context) (Underlay, error) {
if err != nil {
return nil, fmt.Errorf("cipher.BlockCipherFromPassword() failed: %v", err)
}
block.SetBlockContext(cipher.BlockContext{
UserName: m.username,
})
underlay, err = NewUDPUnderlay(ctx, p.RemoteAddr().Network(), "", p.RemoteAddr().String(), p.MTU(), block)
if err != nil {
return nil, fmt.Errorf("NewUDPUnderlay() failed: %v", err)
2 changes: 1 addition & 1 deletion pkg/protocol/mux_test.go
Original file line number Diff line number Diff line change
@@ -43,7 +43,7 @@ var users = map[string]*appctlpb.User{

func runClient(t *testing.T, properties UnderlayProperties, username, password []byte, concurrent int) {
clientMux := NewMux(true).
SetClientPassword(cipher.HashPassword(password, username)).
SetClientUserNamePassword(string(username), cipher.HashPassword(password, username)).
SetClientMultiplexFactor(2).
SetEndpoints([]UnderlayProperties{properties})

31 changes: 30 additions & 1 deletion pkg/protocol/padding.go
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ import (

var (
recommendedConsecutiveASCIILen = 24 + rng.FixedIntPerHost(17)
recommendedTargetProbability = 0.375
recommendedTargetProbability = 0.325
)

type paddingOpts struct {
@@ -58,6 +58,35 @@ type entropyPaddingOpts struct {
targetProbability float64
}

func buildRecommendedPaddingOpts(maxLen, randomDataLen int, strategySource string) paddingOpts {
// strategySource decides the padding strategy.
strategy := rng.FixedInt(2, strategySource)
if strategy == 0 {
// Use ASCII.
return paddingOpts{
maxLen: maxLen,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxLen, recommendedConsecutiveASCIILen),
},
}
} else {
// Use entropy.
randomData := make([]byte, randomDataLen)
for {
if _, err := crand.Read(randomData); err == nil {
break
}
}
return paddingOpts{
maxLen: maxLen,
entropy: &entropyPaddingOpts{
existingData: randomData,
targetProbability: recommendedTargetProbability,
},
}
}
}

func newPadding(opts paddingOpts) []byte {
if opts.ascii != nil {
if opts.maxLen < opts.ascii.minConsecutiveASCIILen {
14 changes: 10 additions & 4 deletions pkg/protocol/session.go
Original file line number Diff line number Diff line change
@@ -753,19 +753,25 @@ func (s *Session) input(seg *segment) error {
if s.block != nil {
prevUserName := s.block.BlockContext().UserName
nextUserName := seg.block.BlockContext().UserName
if prevUserName != "" && nextUserName != "" && prevUserName != nextUserName {
panic(fmt.Sprintf("%v cipher block user name %q is different from segment cipher block user name %q", s, prevUserName, nextUserName))
if prevUserName == "" {
panic(fmt.Sprintf("%v cipher block user name is not set", s))
}
if nextUserName == "" {
panic(fmt.Sprintf("%v cipher block user name is not set", seg))
}
if prevUserName != nextUserName {
panic(fmt.Sprintf("%v cipher block user name %q is different from %v cipher block user name %q", s, prevUserName, seg, nextUserName))
}
}

s.block = seg.block

// Register server per user metrics.
if !s.isClient {
if s.uploadBytes == nil && s.block.BlockContext().UserName != "" {
if s.uploadBytes == nil {
s.uploadBytes = metrics.RegisterMetric(fmt.Sprintf(metrics.UserMetricGroupFormat, s.block.BlockContext().UserName), metrics.UserMetricUploadBytes, metrics.COUNTER_TIME_SERIES)
}
if s.downloadBytes == nil && s.block.BlockContext().UserName != "" {
if s.downloadBytes == nil {
s.downloadBytes = metrics.RegisterMetric(fmt.Sprintf(metrics.UserMetricGroupFormat, s.block.BlockContext().UserName), metrics.UserMetricDownloadBytes, metrics.COUNTER_TIME_SERIES)
}
}
21 changes: 11 additions & 10 deletions pkg/protocol/underlay_tcp.go
Original file line number Diff line number Diff line change
@@ -25,7 +25,6 @@ import (
"github.com/enfein/mieru/pkg/appctl/appctlpb"
"github.com/enfein/mieru/pkg/cipher"
"github.com/enfein/mieru/pkg/log"
"github.com/enfein/mieru/pkg/mathext"
"github.com/enfein/mieru/pkg/metrics"
"github.com/enfein/mieru/pkg/replay"
"github.com/enfein/mieru/pkg/rng"
@@ -34,6 +33,10 @@ import (
"github.com/enfein/mieru/pkg/util/sockopts"
)

const (
tcpOverhead = MetadataLength + cipher.DefaultOverhead*2
)

type TCPUnderlay struct {
baseUnderlay
conn *net.TCPConn
@@ -502,23 +505,21 @@ func (t *TCPUnderlay) writeOneSegment(seg *segment) error {
t.sendMutex.Lock()
defer t.sendMutex.Unlock()

if err := t.maybeInitSendBlockCipher(); err != nil {
return fmt.Errorf("maybeInitSendBlockCipher() failed: %w", err)
}

if ss, ok := toSessionStruct(seg.metadata); ok {
maxPaddingSize := MaxPaddingSize(t.mtu, t.IPVersion(), t.TransportProtocol(), int(ss.payloadLen), 0)
padding := newPadding(paddingOpts{
maxLen: maxPaddingSize,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxPaddingSize, recommendedConsecutiveASCIILen),
},
})
padding := newPadding(
buildRecommendedPaddingOpts(maxPaddingSize, tcpOverhead+int(ss.payloadLen), t.send.BlockContext().UserName),
)
ss.suffixLen = uint8(len(padding))
if log.IsLevelEnabled(log.TraceLevel) {
log.Tracef("%v is sending %v", t, seg)
}

plaintextMetadata := seg.metadata.Marshal()
if err := t.maybeInitSendBlockCipher(); err != nil {
return fmt.Errorf("maybeInitSendBlockCipher() failed: %w", err)
}
encryptedMetadata, err := t.send.Encrypt(plaintextMetadata)
if err != nil {
return fmt.Errorf("Encrypt() failed: %w", err)
14 changes: 7 additions & 7 deletions pkg/protocol/underlay_udp.go
Original file line number Diff line number Diff line change
@@ -26,7 +26,6 @@ import (
"github.com/enfein/mieru/pkg/appctl/appctlpb"
"github.com/enfein/mieru/pkg/cipher"
"github.com/enfein/mieru/pkg/log"
"github.com/enfein/mieru/pkg/mathext"
"github.com/enfein/mieru/pkg/metrics"
"github.com/enfein/mieru/pkg/replay"
"github.com/enfein/mieru/pkg/stderror"
@@ -648,14 +647,15 @@ func (u *UDPUnderlay) writeOneSegment(seg *segment, addr *net.UDPAddr) error {
}
}

if blockCipher == nil {
panic(fmt.Sprintf("%v cipher block is not ready", u))
}

if ss, ok := toSessionStruct(seg.metadata); ok {
maxPaddingSize := MaxPaddingSize(u.mtu, u.IPVersion(), u.TransportProtocol(), int(ss.payloadLen), 0)
padding := newPadding(paddingOpts{
maxLen: maxPaddingSize,
ascii: &asciiPaddingOpts{
minConsecutiveASCIILen: mathext.Min(maxPaddingSize, recommendedConsecutiveASCIILen),
},
})
padding := newPadding(
buildRecommendedPaddingOpts(maxPaddingSize, udpOverhead+int(ss.payloadLen), blockCipher.BlockContext().UserName),
)
ss.suffixLen = uint8(len(padding))
if log.IsLevelEnabled(log.TraceLevel) {
log.Tracef("%v is sending %v", u, seg)
Loading

0 comments on commit 77124d6

Please sign in to comment.