Max Lv

Average 10ms latency looks too slow to me. Assuming 300 users and the worst case that 300 authentications performed for each connection, one single authentication takes 33us. It means more...

It would be lovely to implement SIP003 client mode in your restls as well, so that shadowsocks users can use it as a plugin directly. Some reference SIP003 Rust code...

Cool! I think you can follow this list to complete all the features: - [ ] TCP relay - [ ] UDP relay - [ ] DNS relay - [...

I think we can first implement it in shadowsocks-rust as an experimental feature.

There two kinds of replay attacks for shadowsocks: short-term and long-term. To defend any short-term replay, I think our current implementation is already good enough. In shadowsocks, we are maintaining...

@wongsyrone A random chunk within a TCP stream? I don't think it's possible, because currently we assume the nonce of each chunk increased by 2. If one chunk is sent...

> Does it mean someone should reconstruct the whole TCP stream or only a request header in the first packet? As our current design is based on session key and...

@riobard I did some research for bloom filter before. There two concerns: 1. False positive. 2. False positive increasea with more inserts. To overcome these limitations, we may clear the...

Implemented a Ping-Pong bloom filter in the branch https://github.com/shadowsocks/shadowsocks-libev/tree/bloomfilter. Current parameters are: 1000000 entries and 0.00001 error rate. The additional memory usage is 2.85 MBytes. I'm running tests in a...

Since it's a Ping-Pong bloom filter, it forgets half of history (500,000 entries) after each resetting.