From 090afa7492695f5128ca0f7d318142b1f17286c0 Mon Sep 17 00:00:00 2001 From: klzgrad Date: Thu, 28 Oct 2021 20:57:33 +0800 Subject: [PATCH] Make --insecure-concurrency option public Can't stop people who want to use it. --- USAGE.txt | 10 ++++++++++ src/net/tools/naive/naive_proxy.cc | 3 +-- src/net/tools/naive/naive_proxy_bin.cc | 8 ++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/USAGE.txt b/USAGE.txt index 25f32c551f..ee9a3d2e0f 100644 --- a/USAGE.txt +++ b/USAGE.txt @@ -58,6 +58,16 @@ Options: Routes traffic via the proxy server. Connects directly by default. Available proto: https, quic. Infers port by default. + --insecure-concurrency= + + Use N concurrent tunnel connections to be more robust under bad network + conditions. More connections make the tunneling easier to detect and less + secure. This project strives for the strongest security against traffic + analysis. Using it in an insecure way defeats its purpose. + + If you must use this, try N=2 first to see if it solves your issues. + Strongly recommend against using more than 4 connections here. + --extra-headers=... Appends extra headers in requests to the proxy server. diff --git a/src/net/tools/naive/naive_proxy.cc b/src/net/tools/naive/naive_proxy.cc index 2971996f9e..b2490ef817 100644 --- a/src/net/tools/naive/naive_proxy.cc +++ b/src/net/tools/naive/naive_proxy.cc @@ -5,7 +5,6 @@ #include "net/tools/naive/naive_proxy.h" -#include #include #include "base/bind.h" @@ -39,7 +38,7 @@ NaiveProxy::NaiveProxy(std::unique_ptr listen_socket, protocol_(protocol), listen_user_(listen_user), listen_pass_(listen_pass), - concurrency_(std::min(4, std::max(1, concurrency))), + concurrency_(concurrency), resolver_(resolver), session_(session), net_log_( diff --git a/src/net/tools/naive/naive_proxy_bin.cc b/src/net/tools/naive/naive_proxy_bin.cc index bb370474bc..8e886ef5ee 100644 --- a/src/net/tools/naive/naive_proxy_bin.cc +++ b/src/net/tools/naive/naive_proxy_bin.cc @@ -137,7 +137,7 @@ void GetCommandLine(const base::CommandLine& proc, CommandLine* cmdline) { " redir (Linux only)\n" "--proxy=://[:@][:]\n" " proto: https, quic\n" - "--concurrency= Use N connections, less secure\n" + "--insecure-concurrency= Use N connections, insecure\n" "--extra-headers=... Extra headers split by CRLF\n" "--host-resolver-rules=... Resolver rules\n" "--resolver-range=... Redirect resolver range\n" @@ -155,7 +155,7 @@ void GetCommandLine(const base::CommandLine& proc, CommandLine* cmdline) { cmdline->listen = proc.GetSwitchValueASCII("listen"); cmdline->proxy = proc.GetSwitchValueASCII("proxy"); - cmdline->concurrency = proc.GetSwitchValueASCII("concurrency"); + cmdline->concurrency = proc.GetSwitchValueASCII("insecure-concurrency"); cmdline->extra_headers = proc.GetSwitchValueASCII("extra-headers"); cmdline->host_resolver_rules = proc.GetSwitchValueASCII("host-resolver-rules"); @@ -189,7 +189,7 @@ void GetCommandLineFromConfig(const base::FilePath& config_path, if (proxy) { cmdline->proxy = *proxy; } - const auto* concurrency = value->FindStringKey("concurrency"); + const auto* concurrency = value->FindStringKey("insecure-concurrency"); if (concurrency) { cmdline->concurrency = *concurrency; } @@ -296,7 +296,7 @@ bool ParseCommandLine(const CommandLine& cmdline, Params* params) { if (!cmdline.concurrency.empty()) { if (!base::StringToInt(cmdline.concurrency, ¶ms->concurrency) || - params->concurrency < 1 || params->concurrency > 4) { + params->concurrency < 1) { std::cerr << "Invalid concurrency" << std::endl; return false; }