[tor-dev] brdgrd: Protecting bridges from the GFC

Philipp Winter identity.function at gmail.com
Sun Apr 15 15:24:41 UTC 2012

> Basically, the tool achieves two things:
> - Evading the Chinese DPI engine by rewriting the TCP window size
>   during the TCP handshake. This leads to a fragmented cipher list
>   which does not seem to be recognized by the GFC.
> - Blocking scanners with two dirty hacks.

I removed the "two dirty hacks" because they sometimes made a bridge
unusable - especially if there is lots of packet loss between client and
bridge. So the tool only conducts window size rewriting now.

I've been testing it for several days on my EC2 bridge. The bridge has
seen many Chinese users and still remains unblocked.


More information about the tor-dev mailing list