Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4
This issue documents the analysis of censorship of UDP traffic between an VPS in Iran and rest of Internet conducted in 2022 Q4.
This is an ongoing test, and this issue will be updated as the test continue.
Initial Anomaly Observed
When trying to set up kcptun tunnel between an VPS in Iran and another VPS in another part of the world, the connection setup was unsuccessful, while short text UDP message can be transmitted.
Research Mythology
There are 3 tools currently used in this experiment:
Packet Generator
Packet Generator generate a sequence of packet content as test vector based on the specification. The specification define the number of packet to be generated and the regular expression of packets to be generated.
Packet Sender
Packet Sender read test vector file, and send UDP packets to a specified network address. It can either send all packet from a single source port, or send them from different source port. It will by default wait 10 ms before sending next packet.
Packet Receiver
Packet Receiver receives UDP packet, and record the keyed hash of source IP address, source port, and content of the packet.
Tests conducted
Residual block test
Packet specification:
10 [a-z]{10}
10 [\0-\255]{256}
10 [a-z]{10}Test Result when sending to the outside host that can receive some UDP packet:
wc -l *
20 iran_dynamicport.csv
10 iran_staticport.csv
30 ireland_dynamicport.csv
30 ireland_staticport.csvConclusion from this test:
-
[a-z]{10}don't trigger this block. -
[\0-\255]{256}trigger this block. - There is residual block.
The result from packet receiver when sending packet from Ireland with a new source port for every packet.
The result from packet receiver when sending packet from Ireland with a stable source port for every packet.
The result from packet receiver when sending packet from Iran with a new source port for every packet.
The result from packet receiver when sending packet from Iran with a stable source port for every packet.
Residual block reset time test
Packet specification:
1 [a-z]{10}
1 [\0-\255]{256}
1 [a-z]{10}Test Result when sending packet from Iran to outside network with a different sending interval in ms:
wc -l *
1 iran_001000.csv
1 iran_010000.csv
1 iran_060000.csv
1 iran_067500_2.csv
1 iran_067500.csv
1 iran_069375.csv
1 iran_070313_2.csv
1 iran_070313.csv
1 iran_070782.csv
2 iran_070899.csv
2 iran_071016.csv
2 iran_071250.csv
2 iran_075000.csv
2 iran_090000.csv
2 iran_120000.csv
21 totalConclusion from this test:
- The residual block reset time is between 70.899s to 70.782s.
Look like nothing packet censorship test
Test packet generation pattern:
10000 ([a-z]){1,1000}
10000 [A-Z]{1,1000}
10000 [0-9]{1,1000}
10000 [a-zA-Z]{1,1000}
10000 [a-z0-9]{1,1000}
10000 [A-Z0-9]{1,1000}
10000 [a-zA-Z0-9]{1,1000}
10000 [\0-\255]{1,1000}Test result for packet received: Pattern, number of packet sent, number of packet received, probability of receiving the packet.
"^([a-z]){1,1000}$",10033,149,0.0149
"^[A-Z]{1,1000}$",10036,133,0.0133
"^[0-9]{1,1000}$",10011,98,0.0098
"^[a-zA-Z]{1,1000}$",30106,399,0.0133
"^[a-z0-9]{1,1000}$",30027,319,0.0106
"^[A-Z0-9]{1,1000}$",30016,301,0.0100
"^[a-zA-Z0-9]{1,1000}$",70002,694,0.0099
"^[\0-\255]{1,1000}$",80000,781,0.0098
"^([a-z]){1,10}$",132,131,0.9924
"^([a-z]){10,20}$",130,11,0.0846
"^([a-z]){10,15}$",65,11,0.1692
"^([a-z]){10,13}$",40,11,0.2750
"^([a-z]){10,10}$",11,11,1.0000
"^([a-z]){11,11}$",5,0,0.0000
"^([a-z]){12,1000}$",9896,18,0.0018
"^[0-9]{1,10}$",99,98,0.9899
"^[0-9]{10,10}$",7,7,1.0000
"^[0-9]{11,11}$",8,0,0.0000
"^[0-9]{12,1000}$",9904,0,0.0000
"^[a-zA-Z]{1,10}$",380,376,0.9895
"^[a-zA-Z]{11,11}$",24,0,0.0000
"^[a-zA-Z]{12,1000}$",29702,23,0.0008
"^[a-z0-9]{1,10}$",298,296,0.9933
"^[a-z0-9]{11,11}$",17,0,0.0000
"^[a-z0-9]{12,100}$",2741,2,0.0007
"^[A-Z0-9]{1,10}$",304,301,0.9901
"^[A-Z0-9]{11,11}$",26,0,0.0000
"^[A-Z0-9]{12,1000}$",29686,0,0.0000
"^[a-zA-Z0-9]{1,10}$",668,663,0.9925
"^[a-zA-Z0-9]{11,11}$",45,0,0.0000
"^[a-zA-Z0-9]{12,1000}$",69289,31,0.0004
"^[\0-\255]{1,10}$",775,749,0.9665
"^[\0-\255]{11,11}$",58,0,0.0000
"^[\0-\255]{12,1000}$",79167,32,0.0004The result from packet receiver.
The packets sent.
Conclusion from the test:
- In the given test environment, a random packet will more than 10 bytes of content is likely to be dropped. If it is less than 10 bytes, it is very likely to be let through.
- The block seems to to let through some packets longer than 10 bytes, but more research is necessary.
Protocol Specific censorship analysis
Type of protocol tested:
- DNS
- STUN
- DTLS
Conclusion from the test:
- In the given test environment, Some DNS packets are censored.
- In the given test environment, STUN packets are not affected by this censorship.
- In the given test environment, DTLS packets are blocked.