www.bamsoftware.com/git/turbotunnel-paper.git/example

This is a worked example of converting a client–server system (in this case an echo server) to a Turbo Tunnel design. The Turbo Tunnel version is resistant to TCP connection termination attacks. This example uses KCP and kcp-go to implement the inner session/reliability layer.

The "plain" directory contains the original version and the "turbotunnel" directory contains the Turbo Tunnel version. For a high-level overview of the changes required, diff the client.go and server.go files: diff -ru plain/ turbotunnel/

To run: server$ ./server 127.0.0.1:8000 client$ ./client 127.0.0.1:8000

To test the turbotunnel version's resistance to TCP termination, you can run through a TCP proxy that terminates connections after a timeout. One such proxy is $ git clone https://www.bamsoftware.com/git/lilbastard.git To run the proxy, lilbastard$ cargo run -- -w 20 127.0.0.1:7000 127.0.0.1:8000 Then run the example programs as before, having the client connect to the proxy instead of directly to the server. server$ ./server 127.0.0.1:7000 client$ ./client 127.0.0.1:8000

The turbotunnel version adds new types, RedialPacketConn in the client and ListenerPacketConn in the server. These are the abstract "network interfaces" over which the session layer operates. In an circumvention system, these would be implemented in some way that provides blocking resistance. Here, they are just a sequence of TCP connections.

The turbotunnel/turbotunnel contains common support code and code that has proved useful in implementing Turbo Tunnel designs. The ReadPacket and WritePacket functions do packet encapsulation over a TCP connection by preceding each packet with a 16-bit length header. In a circumvention application, you would want to use slightly more complicated encapsulation that allows padding.

https://www.bamsoftware.com/papers/turbotunnel/ This code is in the public domain.