English | 简体中文
PacketGhost is a lightweight, userspace network traffic mutation engine written in pure C. It leverages Linux Netfilter and Raw Sockets to intercept, analyze, and manipulate TCP/IP packets in real-time.
The primary goal of this project is to research Deep Packet Inspection (DPI) evasion strategies by exploiting the implementation asymmetries between middleboxes (firewalls, IDS) and end-host TCP stacks. Currently, it implements advanced TCP Fragmentation and Payload Splitting strategies capable of bypassing SNI-based blocking (HTTPS) and Keyword filtering (HTTP).
Geneva Strategy Integration: While Geneva (CCS '19) utilizes a genetic algorithm to discover evasion strategies, PacketGhost focuses on the deterministic, high-performance execution of these strategies. It ports Geneva's core primitives (Tamper, Duplicate, Fragment, Drop) from Python to pure C, enabling deployment on resource-constrained devices (e.g., OpenWrt routers) with minimal overhead.
This tool has been validated in a live environment subject to state-level censorship.
- Location: Novosibirsk, Russia (RU)
- Network: AS49392 LLC Baxet (JustHost OVB Node)
- Censorship System: TSPU (Technical Means of Counteracting Threats) / Roskomnadzor DPI
- Test Date: January 2026
- Results:
- ✅ Twitter/X (Bypassed Blackhole/SNI Filtering)
- ✅ Instagram (Bypassed Meta Ban)
- ✅ Meduza.io (Bypassed Political Censorship)
Note: The test environment confirmed active DPI interference (connection timeouts without PacketGhost). With PacketGhost enabled, full TCP handshakes and TLS sessions were established successfully.
In modern network environments, middleboxes often rely on signature-based detection to block specific traffic. However, due to performance constraints, many DPI devices operate in a "stateless" or "weakly stateful" mode, analyzing packets in isolation or with limited reassembly buffers.
PacketGhost validates the hypothesis that semantic-preserving mutations—such as splitting a TLS ClientHello into multiple TCP segments—can effectively blind these middleboxes while maintaining the integrity of the end-to-end connection.
PacketGhost utilizes a Hybrid User-Kernel architecture to achieve fine-grained control over packet transmission.
+---------------------------------------------------------------+
| USER SPACE (PacketGhost) |
| |
| +-------------+ +------------------+ +---------+ |
| | NFQ Listener| ---> | Strategy Engine | ---> | Injector| |
| +------+------+ | (Split/Tamper) | +----+----+ |
| ^ +------------------+ | |
| | Verdict: DROP | |
| | (Original Pkt) | |
+----------|------------------------|-------------------|-------+
| | libnetfilter_queue | | raw |
| | v | sock |
| +------+------+ +------+------+ +----+----+ |
| | iptables | <------- | Output Chain| <---- | SO_MARK | |
| | (NFQUEUE) | +------+------+ | (0x100) | |
| +-------------+ ^ +---------+ |
| ^ | | |
| | (Normal Traffic) | (Loop Avoidance) | |
| +------+------+ +------+------+ +----+----+ |
| | Application | | Routing / | ----> | NIC | |
| | (Browser) | | Network Stack| | (WLAN0) | |
| +-------------+ +-------------+ +---------+ |
| |
| KERNEL SPACE (Linux) |
+---------------------------------------------------------------+
-
Interception:
iptablesrules redirect specific outbound TCP traffic (ports 80, 443) toNFQUEUE. -
Decision: The PacketGhost userspace agent analyzes the packet payload.
- HTTP: Detects methods (GET, POST) and fragments the header.
- TLS: Detects the
ClientHellohandshake and fragments the SNI field.
-
Injection: Instead of modifying the packet in place (which requires complex SEQ/ACK NAT), PacketGhost:
- Constructs multiple smaller packets (slices).
- Injects them directly into the network interface using Raw Sockets (
SOCK_RAW). - Drops (
NF_DROP) the original packet from the kernel queue.
-
Loop Avoidance: Injected packets are tagged with a specific
SO_MARK(0x100) to bypass theiptablesinterception rule, preventing infinite routing loops. -
Configuration: At startup PacketGhost loads a simple
key=valueconfiguration (optional). Each strategy can be enabled/disabled and tuned without recompiling.
The project is modularized to separate core logic, network interaction, and protocol parsing.
.
├── common.h # Global configuration macros and shared definitions
├── main.c # Application entry point; initializes Netfilter hooks and event loops
├── core/ # Central logic for traffic analysis and manipulation
│ ├── apply_strategies.c # Strategy Dispatcher: matches traffic features to specific evasion logic
│ ├── strategies.c # Implementation of Geneva primitives (e.g., Fake RST, TTL Decoy)
│ ├── fragmenter.c # TCP Segmentation engine (HTTP/TLS splitting & Out-of-Order injection)
│ └── mutator.c # Payload modification logic (Legacy/Direct modification)
├── network/ # Low-level network I/O abstraction
│ └── injector.c # Raw Socket wrapper; handles SO_MARK to prevent routing loops
├── protocol/ # Protocol parsing and construction
│ └── packet.c # Lightweight parser for IP/TCP headers (Zero-copy approach)
├── state/ # Stateful TCP tracking (Optional/Experimental)
│ └── session.c # Manages TCP flow contexts and session tables
└── utils/ # Helper utilities
├── csum.h # Algorithms for IP/TCP checksum recalculation (Critical for tampering)
├── protocol_types.h # Struct definitions for protocol headers
└── uthash.h # C macro for hash table implementationTo support Length-Changing Modifications (e.g., replacing the short User-Agent "curl" with the longer "Mozilla/5.0"), PacketGhost implements a custom TCP Network Address Translation (NAT) mechanism.
- Mechanism: It tracks the difference in length (
delta) introduced by the modification. - Result: The engine dynamically corrects the Sequence Numbers (SEQ) of outgoing packets and the Acknowledgment Numbers (ACK) of incoming packets in real-time, preventing TCP connection desynchronization.
To bypass HTTPS SNI blocking, PacketGhost identifies the TLS Record Layer and fragments the packet at the very first byte of the handshake header:
- Packet A: Contains only the first byte (
0x16). - Packet B: Contains the rest of the payload (
0x03 0x01 ... SNI ...). - Result: The DPI device fails to recognize the TLS handshake signature in either packet and allows the traffic to pass, while the destination server reassembles it seamlessly.
PacketGhost implements TCP Reordering to exploit the lack of reassembly buffers in stateless DPI middleboxes.
- Mechanism: When splitting a packet, the engine injects the second fragment (Slice 2) into the network before the first fragment (Slice 1).
- Result:
- DPI: Receives the second slice first (which lacks protocol headers), fails to identify the protocol, and allows it to pass.
- Server: Buffers the out-of-order slice and waits for the first slice to arrive, successfully reconstructing the stream.
This strategy utilizes the "Geneva" Tamper primitive to desynchronize the state of the middlebox from the server.
- Mechanism: The engine injects a fabricated TCP Reset (RST) packet with an intentionally incorrect TCP Checksum but a valid IP Checksum.
- Result:
- DPI: Often ignores the checksum for performance reasons, processes the RST, and stops inspecting the connection (believing it is closed).
- Server: Validates the checksum, detects the error, and discards the fake RST packet, keeping the legitimate connection alive.
This strategy creates a duplicate of the original packet but lowers the IP TTL so that the decoy expires on‑path before reaching the server.
- Mechanism: Duplicate the current packet (e.g., HTTP request or TLS ClientHello), set
IP.ttlto a small value (e.g., 1–2), recompute checksums, and inject via RAW socket. - Result:
- DPI sees the decoy and may change or drop tracking for the flow.
- Server never sees the decoy (expires en route), so end‑to‑end state remains intact.
- Optional: apply the same small TTL to injected RST to make it visible to DPI but not to the server.
A common challenge in raw socket injection is the "infinite loop," where injected packets are re-intercepted by Netfilter. PacketGhost solves this by marking injected packets at the socket level:
// src/network/injector.c
int mark = 0x100;
setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));Coupled with the iptables rule ! --mark 0x100, this ensures a clean egress path for modified traffic.
The project minimizes memory overhead by parsing protocol headers directly from the Netfilter buffer pointers where possible. It adheres to a Zero-Copy philosophy for analysis, allocating new memory only during the fragmentation or injection phase.
- Linux Kernel (with Netfilter support)
libnetfilter-queue-deviptablescmakeormake
mkdir build && cd build
cmake ..
makePacketGhost requires root privileges to manipulate network interfaces.
-
Setup Firewall Rules:
TODO: Use more elegant way to handle this.
Intercept HTTP/HTTPS traffic but exclude PacketGhost's own injected packets.
# Flush existing rules sudo iptables -F OUTPUT # Add interception rule sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x100 -j NFQUEUE --queue-num 0
-
Optional: Create/Edit Configuration
A minimal example (see
sample.configin the repo):# TTL decoy ttl_decoy.enabled=1 ttl_decoy.ttl=2 # choose 1 for first-hop expiry, or 2–3 for slightly further ttl_decoy.apply_once_per_flow=1 # Fake RST rst.enabled=1 rst.bad_checksum=1 rst.with_ack=0 rst.small_ttl=0 # set to 1 to also apply small TTL to fake RST # Fragmentation fragment.enabled=0 # set to 1 to enable HTTP/TLS splitting fragment.out_of_order=1 fragment.http_split_pos=2 # e.g., split GET header after first 2 bytes fragment.tls_split_pos=1 # e.g., split TLS ClientHello after first byte # User-Agent replacement ua_replace.enabled=1 ua_replace.target=curl/ ua_replace.replace=Mozilla/ # TCP options sack.disable=1
-
Start the Engine:
# without config -> defaults
sudo ./packet_ghost
# with config file
sudo ./packet_ghost ./sample.config
# pay attention here,actually,the program is under "./build"
# so you should choose the right path.
sudo ./packet_ghost ../sample.config # I put the sample in the root directory.-
Verify:
curl -v https://www.twitter.com # Logs will show: [Fragmenter] TLS Client Hello detected. Splitting... sudo tcpdump -ni wlan0 'tcp and ip[8] == 2' -vvv -s 0
- Optionally, confirm the decoy expires in flight by looking for ICMP Time Exceeded:
sudo tcpdump -ni wlan0 'icmp and icmp[0] == 11'- If you cannot see the decoy, set
ttl_decoy.ttl=1or verify there is no iptables TTL-rewrite (checkiptables -t mangle -S).
- Strategy Registry: Pluggable per‑flow strategies with ordering and predicates, to ease experimentation.
- Adaptive TTL: Infer hop count from SYN‑ACK TTL and choose a decoy TTL that expires one hop before the server.
- eBPF / XDP Integration: Currently, PacketGhost uses
NFQUEUE(userspace). Future plans involve offloading the packet classification (filtering) logic to eBPF/XDP to avoid context switches for non-target traffic, reserving userspace processing only for complex mutations. - Richer Config: Switch from key=value to JSON/YAML when needed; current parser keeps footprint minimal.
PacketGhost 是一个用纯 C 语言编写的轻量级用户态网络流量变异引擎。它利用 Linux Netfilter 和 Raw Sockets(原始套接字)实时地拦截、分析并篡改 TCP/IP 数据包。
本项目的首要目标是研究 深度包检测 (DPI) 的规避策略。其核心原理是利用中间盒(Middleboxes,如防火墙、IDS)与终端主机 TCP 协议栈之间在实现上的不对称性 (Implementation Asymmetries)。目前,项目已实现了高级 TCP 分片 (Fragmentation) 和 载荷拆分 (Payload Splitting) 策略,能够有效绕过基于 SNI 的阻断(针对 HTTPS)和关键字过滤(针对 HTTP)。
Geneva 策略集成: 虽然 Geneva (CCS '19) 使用遗传算法来发现规避策略,但 PacketGhost 专注于这些策略的确定性与高性能执行。它将 Geneva 的核心原语(Tamper, Duplicate, Fragment, Drop)从 Python 移植到了纯 C 语言中,从而能够以极低的开销部署在资源受限的设备上(例如 OpenWrt 路由器)。
本工具已在一个受俄罗斯国家级网络审查(State-Level Censorship)管控的真实/现网环境中通过验证。
- 地点: 俄罗斯,新西伯利亚 (RU)
- 网络环境: AS49392 LLC Baxet (JustHost 新西伯利亚节点)
- 审查系统: TSPU(威胁对抗技术手段)/ Roskomnadzor(俄联邦通信监管局)DPI
- 测试日期: 2026年1月
测试结果:
- ✅ Twitter/X(成功绕过路由黑洞/SNI 过滤)
- ✅ Instagram(成功绕过针对 Meta 系应用的封锁)
- ✅ Meduza.io(成功绕过政治类内容审查)
注: 该测试环境已确认存在活跃的 DPI 干预(在未开启 PacketGhost 时会出现连接超时)。开启 PacketGhost 后,能够成功建立完整的 TCP 握手和 TLS 会话。
在现代网络环境中,中间盒(Middleboxes)通常依赖基于特征的检测 (Signature-based detection) 来阻断特定流量。然而,受限于性能约束,许多 DPI 设备运行在“无状态”或“弱状态”模式下,它们往往孤立地分析数据包,或者仅拥有非常有限的重组缓冲区。
PacketGhost 验证了这样一个假设:通过语义保留型变异 (Semantic-preserving mutations)——例如将 TLS ClientHello 拆分为多个 TCP 分段——可以有效地蒙蔽这些中间盒,同时保持端到端连接的完整性。
PacketGhost 采用用户-内核混合架构 (Hybrid User-Kernel architecture),以实现对数据包传输的细粒度控制。
+---------------------------------------------------------------+
| USER SPACE (PacketGhost) |
| |
| +-------------+ +------------------+ +---------+ |
| | NFQ Listener| ---> | Strategy Engine | ---> | Injector| |
| +------+------+ | (Split/Tamper) | +----+----+ |
| ^ +------------------+ | |
| | Verdict: DROP | |
| | (Original Pkt) | |
+----------|------------------------|-------------------|-------+
| | libnetfilter_queue | | raw |
| | v | sock |
| +------+------+ +------+------+ +----+----+ |
| | iptables | <------- | Output Chain| <---- | SO_MARK | |
| | (NFQUEUE) | +------+------+ | (0x100) | |
| +-------------+ ^ +---------+ |
| ^ | | |
| | (Normal Traffic) | (Loop Avoidance) | |
| +------+------+ +------+------+ +----+----+ |
| | Application | | Routing / | ----> | NIC | |
| | (Browser) | | Network Stack| | (WLAN0) | |
| +-------------+ +-------------+ +---------+ |
| |
| KERNEL SPACE (Linux) |
+---------------------------------------------------------------+
工作流程 (Workflow)
- 拦截 (Interception): 使用
iptables规则将特定的出站 TCP 流量(如端口 80, 443)重定向至NFQUEUE。 - 决策 (Decision): PacketGhost 的用户态代理分析数据包载荷。
- HTTP: 检测请求方法(GET, POST)并对头部进行分片。
- TLS: 检测
ClientHello握手并对 SNI 字段进行分片。
- 注入 (Injection): PacketGhost 不会在原位修改数据包(这通常需要复杂的 SEQ/ACK NAT 处理),而是采取以下策略:
- 构造多个更小的数据包(切片/Slices)。
- 使用原始套接字 (
SOCK_RAW) 将它们直接注入到网络接口。 - 通知内核队列丢弃 (NF_DROP) 原始数据包。
- 环路规避 (Loop Avoidance): 注入的数据包会被标记上特定的
SO_MARK(0x100),以此绕过 iptables 的拦截规则,防止产生无限路由死循环。 - 配置 (Configuration): 启动时,PacketGhost 会加载一个简单的
key=value配置文件(可选)。每种策略都可以在不重新编译的情况下启用、禁用或微调。
本项目采用模块化设计,将核心逻辑、网络交互和协议解析分离。
.
├── common.h # 全局配置宏与共享定义
├── main.c # 应用程序入口点;初始化 Netfilter 钩子和事件循环
├── core/ # 流量分析与篡改的核心逻辑
│ ├── apply_strategies.c # 策略分发器:将流量特征匹配到具体的规避逻辑
│ ├── strategies.c # Geneva 原语的实现(例如:伪造 RST, TTL 诱饵)
│ ├── fragmenter.c # TCP 分段引擎(HTTP/TLS 拆分及乱序注入)
│ └── mutator.c # 载荷修改逻辑(遗留/直接修改模式)
├── network/ # 低层网络 I/O 抽象
│ └── injector.c # 原始套接字 (Raw Socket) 封装;处理 SO_MARK 以防止路由环路
├── protocol/ # 协议解析与构建
│ └── packet.c # IP/TCP 头部的轻量级解析器(采用零拷贝方法)
├── state/ # 有状态 TCP 追踪(可选/实验性功能)
│ └── session.c # 管理 TCP 状态机流转以及管理上下文和会话表
└── utils/ # 辅助工具
├── csum.h # IP/TCP 校验和重计算算法(对篡改包至关重要)
├── protocol_types.h # 协议头部的结构体定义
└── uthash.h # C 语言哈希表实现的宏库为了支持变长修改(Length-Changing Modifications,例如将短的 User-Agent "curl" 替换为更长的 "Mozilla/5.0"),PacketGhost 实现了一套自定义的 TCP 网络地址转换 (NAT) 机制。
- 机制: 引擎会追踪由修改引入的长度差值 (delta)。
- 结果: 引擎实时地动态修正出站数据包的 序列号 (SEQ) 和入站数据包的 确认号 (ACK),从而防止 TCP 连接出现失步 (Desynchronization)。
为了绕过 HTTPS 的 SNI 阻断,PacketGhost 会识别 TLS 记录层 (Record Layer),并在握手头部的第一个字节处对数据包进行强制切分:
- 数据包 A: 仅包含第一个字节 (
0x16,即 Handshake 类型)。 - 数据包 B: 包含剩余的载荷 (
0x03 0x01 ... SNI ...)。 - 结果: DPI 设备无法在任何一个单独的数据包中识别出完整的 TLS 握手签名从而放行,而目标服务器能够无缝地重组这些分片。
PacketGhost 实现了 TCP 乱序 (Reordering) 策略,以利用无状态 DPI 中间盒缺乏重组缓冲区的弱点。
- 机制: 在拆分数据包时,引擎会在发送第一个分片(Slice 1)之前,先将第二个分片(Slice 2)注入网络。
- 结果:
- DPI: 先收到第二个分片(该分片缺少协议头部),无法识别协议,因此放行。
- 服务器: 缓存这个乱序到达的分片,等待第一个分片到达后,成功重组流。
该策略利用了 Geneva 的 "Tamper"(篡改)原语,使中间盒的状态与服务器的状态去同步 (Desynchronize)。
- 机制: 引擎注入一个伪造的 TCP 重置 (RST) 包,该包具有故意错误的 TCP 校验和,但拥有有效的 IP 校验和。
- 结果:
- DPI: 通常为了性能而忽略 TCP 校验和检查,处理该 RST 包并停止审计该连接(误以为连接已关闭)。
- 服务器: 验证校验和,检测到错误,丢弃该伪造的 RST 包,保持合法连接存活。
该策略创建原始数据包的一个副本,但降低其 IP TTL 值,使诱饵包在到达服务器之前就在路径上 (on-path) 过期。
- 机制: 复制当前数据包(如 HTTP 请求或 TLS ClientHello),将
IP.ttl设置为一个很小的值(如 1–2),重新计算校验和,并通过 RAW Socket 注入。 - 结果:
- DPI 看到诱饵包,可能会更改状态或放弃对该流的追踪。
- 服务器永远看不到诱饵包(它在途中已过期),因此端到端的连接状态保持完好。
- 可选: 也可以将此小 TTL 策略应用于注入的 RST 包,使其对 DPI 可见但对服务器不可见。
原始套接字注入面临的一个常见挑战是“无限循环”,即注入的数据包被 Netfilter 再次拦截。PacketGhost 通过在 Socket 层面标记注入的数据包来解决这个问题:
// src/network/injector.c
int mark = 0x100;
setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));配合 iptables 规则 ! --mark 0x100,确保修改后的流量拥有一个干净的出口路径。
本项目遵循零拷贝 (Zero-Copy) 理念,尽可能直接从 Netfilter 的缓冲区指针处解析协议头部,从而最小化内存开销。仅在进行分片或注入阶段时才分配新的内存。
- Linux 内核(需支持 Netfilter)
libnetfilter-queue-deviptablescmake或make
mkdir build && cd build
cmake ..
makePacketGhost 需要 root 权限 来操作网络接口。
- 设置防火墙规则:
TODO: 未来需使用更优雅的方式处理此步骤。
拦截 HTTP/HTTPS 流量,但排除 PacketGhost 自己注入的数据包。
# 清空现有规则
sudo iptables -F OUTPUT
# 添加拦截规则 (注意 ! --mark 0x100 用于防止死循环)
sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x100 -j NFQUEUE --queue-num 0- 可选:创建/编辑配置文件
一个最小化的示例(参考仓库中的 sample.config):
# TTL 诱饵 (TTL Decoy)
ttl_decoy.enabled=1
ttl_decoy.ttl=2 # 1 为第一跳过期,2-3 为稍远一点过期
ttl_decoy.apply_once_per_flow=1
# 伪造 RST (Fake RST)
rst.enabled=1
rst.bad_checksum=1
rst.with_ack=0
rst.small_ttl=0 # 设置为 1 则同时对伪造的 RST 应用小 TTL
# 分片策略 (Fragmentation)
fragment.enabled=0 # 设置为 1 以启用 HTTP/TLS 拆分
fragment.out_of_order=1 # 启用乱序发送
fragment.http_split_pos=2 # 例如:在首个 2 字节后拆分 GET 头部
fragment.tls_split_pos=1 # 例如:在首个字节后拆分 TLS ClientHello
# User-Agent 替换
ua_replace.enabled=1
ua_replace.target=curl/
ua_replace.replace=Mozilla/
# TCP 选项
sack.disable=1 # 禁用 SACK3. 启动引擎:
# 不带配置文件 -> 使用默认值
sudo ./packet_ghost
# 带配置文件
sudo ./packet_ghost ./sample.config
# 注意路径问题:实际上程序是在 "./build" 目录下编译的
# 所以你需要选择正确的配置文件路径。
# 假设 sample.config 在项目根目录,而你在 build 目录运行:
sudo ./packet_ghost ../sample.config4. 验证 (Verify):
curl -v https://www.twitter.com
# 日志应显示:[Fragmenter] TLS Client Hello detected. Splitting...使用 tcpdump 验证:
sudo tcpdump -ni wlan0 'tcp and ip[8] == 2' -vvv -s 0可选:通过查找 ICMP Time Exceeded 数据包来确认诱饵包是否在途中过期:
sudo tcpdump -ni wlan0 'icmp and icmp[0] == 11'如果你看不到诱饵包效果,请尝试设置 ttl_decoy.ttl=1,或者检查是否有 iptables 规则重写了 TTL(使用 iptables -t mangle -S 检查)。
- 策略注册表 (Strategy Registry): 实现可插拔的、针对每条流 (per-flow) 的策略,支持自定义排序和谓词逻辑,以简化实验过程。
- 自适应 TTL (Adaptive TTL): 从 SYN-ACK 包的 TTL 推断跳数 (hop count),并自动选择一个恰好在服务器前一跳过期的诱饵 TTL 值。
- eBPF / XDP 集成: 目前 PacketGhost 使用 NFQUEUE(用户态)。未来的计划包括将数据包分类(过滤)逻辑卸载到 eBPF/XDP,以避免非目标流量的上下文切换开销,仅保留用户态处理复杂的变异逻辑。
- 更丰富的配置: 当需要时,从
key=value格式切换到 JSON/YAML;目前的解析器旨在保持极小的占用空间。