Oct 12

源码: Psiphon 3 Tunnel Core 项目
编译:
原项目中关于编译说的比较简单笼统,这里详细说下。
首先确认 Go 编译环境已经安装好,可以参考 Tomatoware ARM 下建立 Go 编译环境 一文。
然后要下载一些依赖及源程序:
go get -u -v github.com/Psiphon-Inc/bolt
go get -u -v github.com/Psiphon-Inc/dns
go get -u -v github.com/Psiphon-Inc/goptlib
go get -u -v github.com/Psiphon-Inc/goregen
go get -u -v github.com/Psiphon-Inc/ratelimit
go get -u -v github.com/Psiphon-Inc/crypto/nacl/box
go get -u -v github.com/Psiphon-Inc/crypto/nacl/secretbox
go get -u -v github.com/Psiphon-Inc/crypto/ssh
go get -u -v github.com/Psiphon-Inc/goarista/monotime
go get -u -v github.com/Psiphon-Inc/goselect
go get -u -v github.com/Psiphon-Inc/sss
go get -u -v github.com/Psiphon-Inc/gocapability/capability
go get -u -v github.com/Psiphon-Inc/m3u8
go get -u -v github.com/Psiphon-Labs/psiphon-tunnel-core

写个编译脚本:

#!/bin/sh

WORKDIR=$(pwd)

cd src/github.com/Psiphon-Labs/psiphon-tunnel-core

BUILDDATE=$(date --iso-8601=seconds)
BUILDREPO=$(git config --get remote.origin.url)
BUILDREV=$(git rev-parse --short HEAD)
GOVERSION=$(go version | perl -ne '/go version (.*?) / && print $1')
DEPENDENCIES=$(echo -n "{" && go list -f '{{range $dep := .Deps}}
{{printf "%sn" $dep}}{{end}}' | xargs go list -f '{{if not .Standard}}
{{.ImportPath}}{{end}}' | xargs -I pkg bash -c 'cd $GOPATH/src/pkg
 && echo -n "\"pkg\":\"$(git rev-parse --short HEAD)\","' | sed 's/,$/}/')

LDFLAGS="
-X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildDate=$BUILDDATE 
-X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildRepo=$BUILDREPO 
-X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildRev=$BUILDREV 
-X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.goVersion=$GOVERSION 
-X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.dependencies=$DEPENDENCIES 
"

cd ConsoleClient && go build -ldflags "${LDFLAGS}"
mv -f ./ConsoleClient ${WORKDIR}/bin/psiphon-tunnel-core-$BUILDREV
cd ${WORKDIR}
strip bin/psiphon-tunnel-core-$BUILDREV
upx -9 bin/psiphon-tunnel-core-$BUILDREV

bin/psiphon-tunnel-core-$BUILDREV

命令行运行:
./psiphon-tunnel-core -config ./psiphon.config -serverList ./server_list.dat -listenInterface br0 -formatNotices

psiphon.config 以及 server_list.dat 文件可以从 Windows 版本的 Psiphon3 (赛风3) 安装版本中提取。
运行结果:
psiphon-tunnel-core: Starting psiphon-tunnel-core...
2016-10-12T02:52:38Z BuildInfo {"buildDate":"2016-09-27T16:28:36+08:00","buildRepo":"https://github.com/Psiphon-Labs/psiphon-tunnel-core","buildRev":"31dad76","goVersion":"go1.6","gomobileVersion":"go1.6"}
2016-10-12T02:52:38Z AvailableEgressRegions {"regions":["CA","DE","GB","IN","JP","NL","SG","US"]}
2016-10-12T02:52:38Z ListeningSocksProxyPort {"port":7788}
2016-10-12T02:52:38Z ListeningHttpProxyPort {"port":8788}
2016-10-12T02:52:38Z ImpairedProtocolClassification {"classification":{}}
2016-10-12T02:52:38Z CandidateServers {"count":153,"protocol":"","region":""}
2016-10-12T02:52:42Z Homepage {"url":"http://www.psiphontoday.com/zh/index_desktop.html?client_region=CN"}
2016-10-12T02:52:42Z ClientUpgradeAvailable {"version":"116"}
2016-10-12T02:52:42Z Tunnels {"count":1}

出现 Tunnels {"count":1} 字样就表示连接服务器成功了。

新版编译出错:
# github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/tls
/mnt/data/compile/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/tls/tls.go:106: undefined: deadlineTimeout

修改:

if !dialer.Deadline.IsZero() {
  		deadlineTimeout := dialer.Deadline.Sub(time.Now())
  		if timeout == 0 || deadlineTimeout < timeout {
  			timeout = deadlineTimeout
  		}
  	}

参考: https://github.com/golang/go/issues/14595


Oct 11

好吧,全站 HTTPS 测试中。。。

OK ~ https://www.ssllabs.com/ssltest/analyze.html?d=www.quakemachinex.com


Mar 27

样本是 China Domain List,平台是 ASUS RT-AC68P ARM + Tomato,DNS 解析程序都是静态编译。支持排除/指定解析列表的,都加载了样本域名。没什么太大实际意义,蛋疼而已。

Unbound
Statistics:

Queries sent: 26919
Queries completed: 26832 (99.68%)
Queries lost: 87 (0.32%)

Response codes: NOERROR 20030 (74.65%), SERVFAIL 6714 (25.02%), NXDOMAIN 88 (0.33%)
Average packet size: request 28, response 50
Run time (s): 69.774275
Queries per second: 384.554336

Average Latency (s): 0.238396 (min 0.000236, max 4.992936)
Latency StdDev (s): 0.389999

Pdnsd:
Statistics:

Queries sent: 26919
Queries completed: 23513 (87.35%)
Queries lost: 3406 (12.65%)

Response codes: NOERROR 23234 (98.81%), SERVFAIL 171 (0.73%), NXDOMAIN 108 (0.46%)
Average packet size: request 28, response 59
Run time (s): 314.555457
Queries per second: 74.749935

Average Latency (s): 0.596292 (min 0.000358, max 4.999555)
Latency StdDev (s): 1.019165

dnsforwarder:
Statistics:

Queries sent: 26919
Queries completed: 25401 (94.36%)
Queries lost: 1518 (5.64%)

Response codes: NOERROR 25401 (100.00%)
Average packet size: request 28, response 61
Run time (s): 183.965017
Queries per second: 138.075165

Average Latency (s): 0.416087 (min 0.000227, max 4.999129)
Latency StdDev (s): 0.644664

ChinaDNS:
Statistics:

Queries sent: 26919
Queries completed: 21331 (79.24%)
Queries lost: 5588 (20.76%)

Response codes: NOERROR 21232 (99.54%), SERVFAIL 13 (0.06%), NXDOMAIN 86 (0.40%)
Average packet size: request 28, response 57
Run time (s): 363.248690
Queries per second: 58.722855

Average Latency (s): 0.375668 (min 0.015623, max 4.569101)
Latency StdDev (s): 0.340221

Pcap_DNSProxy
Statistics:

Queries sent: 26919
Queries completed: 25476 (94.64%)
Queries lost: 1443 (5.36%)

Response codes: NOERROR 25205 (98.94%), SERVFAIL 158 (0.62%), NXDOMAIN 113 (0.44%)
Average packet size: request 28, response 57
Run time (s): 513.577050
Queries per second: 49.605020

Average Latency (s): 1.716650 (min 0.059361, max 4.998602)
Latency StdDev (s): 1.207510


Mar 25

Windows 7 豪华中文版,在线安装英文语言包失败,用 Vistalizator 安装也失败。

查看出错代码 0x80070052。

原来是我把系统临时目录设到了内存盘,而这个内存盘为了性能我使用的是 FAT32 格式~ 安装语言包时它会解压 N 多个小文件/文件夹到临时目录,可能就是这出了问题。重新格式化内存盘为 NTFS 格式,安装成功!

FAT32 标称为65534,实际到2万+时已不稳定。
NTFS 似乎没有明确限制单目录文件数量,但有人反应在生成10万+ 文件的目录时遇到报错,想来应该是和文件属性(文件名等)、磁盘使用状况相关,至于对效率的影响,可以参考以下内容,以下内容为转载

似乎 FAT32 文件系统下的单一目录下的文件数限制在 20000 -30000 之间的一个数字。。。

具体就不知道是哪个了。。因为我在 解压一个有 30000 多个文件的 rar 文件到 fat32 目录的时候出现 磁盘满的提示。。但是磁盘并没有满。。。 每个目录都要描述它的内容所在的磁盘位置,名字等信息。这些信息是连续存放的,而且空间有限,用完了就不能再加了。改进的文件系统,目录信息自身也是在磁盘上不连续分布的,就没有这个问题了。不过一般来讲这个都不是问题。在文件很多的系统中,往往会自己创建子目录进行分类。比如VSS.
对于FAT16文件系统,可以保存的文件体积最大值是 4 GB - 1 byte (2^32 bytes - 1 byte);卷的最大体积是4GB;每个卷上最多可以保存的文件数量是65,536个 (2^16);根目录下可以保存的文件和文件夹数量最大值是512个(如果使用了长文件名,该数字还会减小)

对于FAT32文件系统, 可以保存的文件体积最大值是 4 GB - 1 byte (2^32 bytes - 1 byte);Windows自带的工具可以创建的卷的最大体积是32GB;每个卷中最多可以保存的文件数量是4,177,920个;一个特定文件夹中最多可以保存的子文件夹和文件的数量是65,534(如果使用了长文件名,那么该数字会减小)

对于NTFS文件系统,可以保存的文件的大小的最大值,理论上是16EB - 1 KB (2^64 bytes - 1 KB)(1EB=1024PB=1024TB=1024GB) ,实际实现过的最大值是16TB - 64 KB (2^44 bytes - 64 KB);卷的体积最大值,理论上可以达到2^64个簇 - 1个簇,实际实现过的最大值是2^56 TB - 64 KB ( 2^32 个簇 - 1个簇);每个卷可以包含的文件个数的最大值是4,294,967,295个 (2^32 - 1)

理论上FAT32单个目录下,最多可以包括65534个子目录或者文件。但是如果采用长文件名命名的话,实际可以容纳的文件数目会远远小于6万多。2万多属于正常现象。

NTFS克服了这个问题,但是对于单个目录下多文件的操作(拷贝,移动或者删除),比如说几万个小文件,每个十几k大,仍然十分头疼,个人觉得是死穴,也是正常现象。


Mar 23

一个是做 DNSSEC 的
auto-trust-anchor-file: "/opt/etc/unbound/root.key"
一个是
use-caps-for-id: yes
开启这两个参数任意一个,如果转发的 DNS (若干)上游服务器稍有“不遵循规范”的就会返回空值:

wrong 0x20-ID in reply qname
......
Capsforid fallback: getting different replies, failed
......

具体没做细研究了!

Use 0x20-encoded random bits in the query to foil spoof
attempts. This perturbs the lowercase and uppercase of query
names sent to authority servers and checks if the reply still
has the correct casing. Disabled by default. This feature is
an experimental implementation of draft dns-0x20.


[13/59]  «< 8 9 10 11 12 13 14 15 16 17 > ... »