GrapheneOS on Nostr: Synproxy uses Linux SipHash-based SYN cookies for stateless establishment of TCP ...
Synproxy uses Linux SipHash-based SYN cookies for stateless establishment of TCP connections, but unlike typical SYN cookies it happens at the firewall layer. On success, it injects an ESTABLISHED state connection into conntrack and spoofs the TCP handshake to backend server.
Published at
2024-04-16 17:19:53Event JSON
{
"id": "c8831583e8b178a1736ca5e2b8a4de89a91b5f6484dd9e3d6b62d3de04452dfa",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1713287993,
"kind": 1,
"tags": [
[
"e",
"c837724fef842f7d9a7ddcd29026ff55892b77b169cfde4e23d8989864f27b6c",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/112282041929642219",
"activitypub"
]
],
"content": "Synproxy uses Linux SipHash-based SYN cookies for stateless establishment of TCP connections, but unlike typical SYN cookies it happens at the firewall layer. On success, it injects an ESTABLISHED state connection into conntrack and spoofs the TCP handshake to backend server.",
"sig": "d48ee19e5d814ec9e06cae6098a27d5cfd4cbbec90ec958220bdf093acb53b1bdc5b864dba61256169276d6c6f599105a5eaa4b8317d10dc46fc1ee2df8ed7f0"
}
