On Sun, Nov 09, 2014 at 08:23:33PM -0500, Xiang Cai wrote:
I started to work on csbuflo code a long time ago, and I wasn’t using any version control software back then, so I don’t have file commit history either… Sorry about that.
However, I only modified several core files based on openssh-5.9p1 source code: clientloop.c serverloop.c packet.c misc.c and related header files. A simple diff between these files and the original ssh code will tell you what I modified.
I am not sure if the code is directly useable for your purpose, but I’ll briefly talk about what my code does, and hopefully, it will give you some help when reading the code.
The code actually implements the Glove system, which requires that both the client and server have a transcript of “super traces”. — I believe the location of the transcript is hardcoded as ‘/var/tmp/st.txt’ in my code … When visiting a website that is not shown in the transcript, the system falls back to use CSBuFLO scheme.
I see. Thanks for the references.
Building this code into a pluggable transport would be more work than I had originally supposed. If there were a minimal network client and server, only implementing the website fingerprinting defense, then I wouldn't mind spending half a day to make them into a pluggable transport. But as it stands, it looks like it will be more work, essentially a reimplementation.
David Fifield