Skip to content

Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4

This issue documents the analysis of censorship of UDP traffic between an VPS in Iran and rest of Internet conducted in 2022 Q4.

This is an ongoing test, and this issue will be updated as the test continue.

Initial Anomaly Observed

When trying to set up kcptun tunnel between an VPS in Iran and another VPS in another part of the world, the connection setup was unsuccessful, while short text UDP message can be transmitted.

Research Mythology

There are 3 tools currently used in this experiment:

Packet Generator

Packet Generator generate a sequence of packet content as test vector based on the specification. The specification define the number of packet to be generated and the regular expression of packets to be generated.

Packet Sender

Packet Sender read test vector file, and send UDP packets to a specified network address. It can either send all packet from a single source port, or send them from different source port. It will by default wait 10 ms before sending next packet.

Packet Receiver

Packet Receiver receives UDP packet, and record the keyed hash of source IP address, source port, and content of the packet.

Tests conducted

Residual block test

Packet specification:

10	[a-z]{10}
10	[\0-\255]{256}
10	[a-z]{10}

Test Result when sending to the outside host that can receive some UDP packet:

wc -l *
20 iran_dynamicport.csv
10 iran_staticport.csv
30 ireland_dynamicport.csv
30 ireland_staticport.csv

Conclusion from this test:

  1. [a-z]{10} don't trigger this block.
  2. [\0-\255]{256} trigger this block.
  3. There is residual block.

Test Vector

The result from packet receiver when sending packet from Ireland with a new source port for every packet.

The result from packet receiver when sending packet from Ireland with a stable source port for every packet.

The result from packet receiver when sending packet from Iran with a new source port for every packet.

The result from packet receiver when sending packet from Iran with a stable source port for every packet.

Residual block reset time test

Packet specification:

1	[a-z]{10}
1	[\0-\255]{256}
1	[a-z]{10}

Test Result when sending packet from Iran to outside network with a different sending interval in ms:

wc -l *
   1 iran_001000.csv
   1 iran_010000.csv
   1 iran_060000.csv
   1 iran_067500_2.csv
   1 iran_067500.csv
   1 iran_069375.csv
   1 iran_070313_2.csv
   1 iran_070313.csv
   1 iran_070782.csv
   2 iran_070899.csv
   2 iran_071016.csv
   2 iran_071250.csv
   2 iran_075000.csv
   2 iran_090000.csv
   2 iran_120000.csv
  21 total

Conclusion from this test:

  1. The residual block reset time is between 70.899s to 70.782s.

Look like nothing packet censorship test

Test packet generation pattern:

10000	([a-z]){1,1000}
10000	[A-Z]{1,1000}
10000	[0-9]{1,1000}
10000	[a-zA-Z]{1,1000}
10000	[a-z0-9]{1,1000}
10000	[A-Z0-9]{1,1000}
10000	[a-zA-Z0-9]{1,1000}
10000	[\0-\255]{1,1000}

Test result for packet received: Pattern, number of packet sent, number of packet received, probability of receiving the packet.

"^([a-z]){1,1000}$",10033,149,0.0149
"^[A-Z]{1,1000}$",10036,133,0.0133
"^[0-9]{1,1000}$",10011,98,0.0098
"^[a-zA-Z]{1,1000}$",30106,399,0.0133
"^[a-z0-9]{1,1000}$",30027,319,0.0106
"^[A-Z0-9]{1,1000}$",30016,301,0.0100
"^[a-zA-Z0-9]{1,1000}$",70002,694,0.0099
"^[\0-\255]{1,1000}$",80000,781,0.0098
"^([a-z]){1,10}$",132,131,0.9924
"^([a-z]){10,20}$",130,11,0.0846
"^([a-z]){10,15}$",65,11,0.1692
"^([a-z]){10,13}$",40,11,0.2750
"^([a-z]){10,10}$",11,11,1.0000
"^([a-z]){11,11}$",5,0,0.0000
"^([a-z]){12,1000}$",9896,18,0.0018
"^[0-9]{1,10}$",99,98,0.9899
"^[0-9]{10,10}$",7,7,1.0000
"^[0-9]{11,11}$",8,0,0.0000
"^[0-9]{12,1000}$",9904,0,0.0000
"^[a-zA-Z]{1,10}$",380,376,0.9895
"^[a-zA-Z]{11,11}$",24,0,0.0000
"^[a-zA-Z]{12,1000}$",29702,23,0.0008
"^[a-z0-9]{1,10}$",298,296,0.9933
"^[a-z0-9]{11,11}$",17,0,0.0000
"^[a-z0-9]{12,100}$",2741,2,0.0007
"^[A-Z0-9]{1,10}$",304,301,0.9901
"^[A-Z0-9]{11,11}$",26,0,0.0000
"^[A-Z0-9]{12,1000}$",29686,0,0.0000
"^[a-zA-Z0-9]{1,10}$",668,663,0.9925
"^[a-zA-Z0-9]{11,11}$",45,0,0.0000
"^[a-zA-Z0-9]{12,1000}$",69289,31,0.0004
"^[\0-\255]{1,10}$",775,749,0.9665
"^[\0-\255]{11,11}$",58,0,0.0000
"^[\0-\255]{12,1000}$",79167,32,0.0004

The result from packet receiver.

The packets sent.

Conclusion from the test:

  1. In the given test environment, a random packet will more than 10 bytes of content is likely to be dropped. If it is less than 10 bytes, it is very likely to be let through.
  2. The block seems to to let through some packets longer than 10 bytes, but more research is necessary.

Protocol Specific censorship analysis

Type of protocol tested:

  1. DNS
  2. STUN
  3. DTLS

Conclusion from the test:

  1. In the given test environment, Some DNS packets are censored.
  2. In the given test environment, STUN packets are not affected by this censorship.
  3. In the given test environment, DTLS packets are blocked.
Edited by shelikhoo