yyuurrii34
commented
2 years ago as I mentioned in here #552 and here #633 ,these points may help improove trojan:
- Change the length of the net packs,like what OutlineVPN and BRDGRD do.
- Make trojan more invulnerable against relay attack,including consistency on server reply,and deactivate 0-RTT in TLS1.3(it's activated by default) @GreaterFire
Is your feature request related to a problem? Please describe. GFW recently seems like focusing on keep-alive connections to distinguish a proxy based on TLS such as trojan,thus trojan may need to find some way to resist in order to stay functional. Many reports including my observation suggest that when accquiring a video websource using trojan,it releases a huge package-loss after a certain persistance of time.That may be a cause of keep-alive connections' flow that outranged and has triggered the censorship of GFW.
Is this problem relevant to what trojan should care about? I think yes!
Describe the solution you'd like Setting a proper time and flow(more important) limit(the same way no. of packages) for a keep-alive connection,when it reaches the limit,handle a new TCP request. It will not do by turning off the keep-alive option in TCP,because sometimes those connections are passively generated especially when they targeting a video/live-stream websource.
Describe alternatives you've considered Also adding a multiplexing function will reduce the delay when too many TCP requests happen at the same time.But I'm afraid that this would perhaps change the way trojan looks as a normal HTTPS webserver,and increases the load of a server.
Additional context Maybe this is an extremely tough job for developers,so I really appreciate you guys' kind devotion. BTW,I may have mistaken the term by calling it keep-alive connection,what I literally suggested was a connection with exceedingly large flow. Maybe a mass-flow connection sounds better.