HackerTrans
TopNewTrendsCommentsPastAskShowJobs

boratanrikulu

no profile record

Submissions

Show HN: Write your BPF programs in Go, not C

github.com
112 points·by boratanrikulu·قبل شهرين·52 comments

Show HN: Bpfvet – minimum kernel version and CO-RE analyzer for BPF objects

github.com
2 points·by boratanrikulu·قبل 3 أشهر·0 comments

Show HN: Gecit – DPI bypass using eBPF sock_ops, no proxy or VPN

github.com
9 points·by boratanrikulu·قبل 3 أشهر·2 comments

comments

boratanrikulu
·قبل 3 أشهر·discuss
Thanks for sharing! I'm the author, happy to answer any questions about the implementation.
boratanrikulu
·قبل 3 أشهر·discuss
Thanks! Yes, the DPI systems I've tested against only look at the first ClientHello in a connection. They don't do full TCP reassembly. The fake packet arrives first (eBPF fires synchronously before the app sends data), DPI records that SNI, and the real ClientHello passes through unchecked.

More sophisticated DPI (like China's GFW) does reassembly and would likely catch this. But for simpler stateless DPI, it works.

Good analogy with domain fronting. The key difference is exactly what you said: the server sees the real SNI, so no server-side cooperation needed.