Geneva is an artificial intelligence tool that defeats censorship by exploiting bugs in censors

Overview

Geneva Build Status codecov Documentation Status

Are you using Geneva? If so, let us know! Shoot us an email at [email protected], or to use PGP, email us directly with our keys on our website.

Geneva is an artificial intelligence tool that defeats censorship by exploiting bugs in censors, such as those in China, India, and Kazakhstan. Unlike many other anti-censorship solutions which require assistance from outside the censoring regime (Tor, VPNs, etc.), Geneva runs strictly on one side of the connection (either the client or server side).

Under the hood, Geneva uses a genetic algorithm to evolve censorship evasion strategies and has found several previously unknown bugs in censors. Geneva's strategies manipulate the network stream to confuse the censor without impacting the client/server communication. This makes Geneva effective against many types of in-network censorship (though it cannot be used against IP-blocking censorship).

Geneva is composed of two high level components: its genetic algorithm (which it uses to evolve new censorship evasion strategies) and its strategy engine (which is uses to run an individual censorship evasion strategy over a network connection).

This codebase contains the Geneva's full implementation: its genetic algorithm, strategy engine, Python API, and a subset of published strategies. With these tools, users and researchers alike can evolve new strategies or leverage existing strategies to evade censorship. To learn more about how Geneva works, see How it Works or checkout our documentation.

Setup

Geneva has been developed and tested for Centos or Debian-based systems. Due to limitations of netfilter and raw sockets, Geneva does not work on OS X or Windows at this time and requires python3.6. More detailed setup instructions are available at our documentation.

Install netfilterqueue dependencies:

# sudo apt-get install build-essential python-dev libnetfilter-queue-dev libffi-dev libssl-dev iptables python3-pip

Install Python dependencies:

# python3 -m pip install -r requirements.txt

On Debian 10 systems, some users have reported needing to install netfilterqueue directly from Github:

# sudo python3 -m pip install --upgrade -U git+https://github.com/kti/python-netfilterqueue

Running a Strategy

A censorship evasion strategy is simply a description of how network traffic should be modified. A strategy is not code, it is a description that tells the engine how it should operate over traffic. For a fuller description of the DNA syntax, see Censorship Evasion Strategies.

# python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-|" --log debug
2019-10-14 16:34:45 DEBUG:[ENGINE] Engine created with strategy \/ (ID bm3kdw3r) to port 80
2019-10-14 16:34:45 DEBUG:[ENGINE] Configuring iptables rules
2019-10-14 16:34:45 DEBUG:[ENGINE] iptables -A OUTPUT -p tcp --sport 80 -j NFQUEUE --queue-num 1
2019-10-14 16:34:45 DEBUG:[ENGINE] iptables -A INPUT -p tcp --dport 80 -j NFQUEUE --queue-num 2
2019-10-14 16:34:45 DEBUG:[ENGINE] iptables -A OUTPUT -p udp --sport 80 -j NFQUEUE --queue-num 1
2019-10-14 16:34:45 DEBUG:[ENGINE] iptables -A INPUT -p udp --dport 80 -j NFQUEUE --queue-num 2

Note that if you have stale iptables rules or other rules that rely on Geneva's default queues, this will fail. To fix this, remove those rules.

Also note that if you want to specify multiple ports for Geneva to monitor, you can specify a port range using --server-port 4000:5000 to monitor all ports in the range 4000-5000, or you can specify a list like --server-port 80,443,4444 to only monitor the explicit ports given.

Strategy Library

Geneva has found dozens of strategies that work against censors in China, Kazakhstan, India, and Iran. We include several of these strategies in strategies.md. Note that this file contains success rates for each individual country; a strategy that works in one country may not work as well as other countries.

Researchers have observed that strategies may have differing success rates based on your exact location. Although we have not observed this from our vantage points, you may find that some strategies may work differently in a country we have tested. If this is the case, don't be alarmed. However, please feel free to reach out to a member of the team directly or open an issue on this page so we can track how the strategies work from other geographic locations.

Disclaimer

Running these strategies may place you at risk if you use it within a censoring regime. Geneva takes overt actions that interfere with the normal operations of a censor and its strategies are detectable on the network. During the training process, Geneva will intentionally trip censorship many times. Geneva is not an anonymity tool, nor does it encrypt any traffic. Understand the risks of running Geneva in your country before trying it.


How it Works

See our paper for an in-depth read on how Geneva works. Below is a walkthrough of the main concepts behind Geneva, the major components of the codebase, and how they can be used.

Censorship Evasion Strategies

A censorship evasion strategy is simply a description of how network traffic should be modified. A strategy is not code, it is a description that tells Geneva's stratgy engine how it should manipulate network traffic. The goal of a censorship evasion strategy is to modify the network traffic in a such a way that the censor is unable to censor it, but the client/server communication is unimpacted.

A censorship evasion strategy composed of one or more packet-level building blocks. Geneva's core building blocks are:

  1. duplicate: takes one packet and returns two copies of the packet
  2. drop: takes one packet and returns no packets (drops the packet)
  3. tamper: takes one packet and returns the modified packet
  4. fragment: takes one packet and returns two fragments or two segments

Since duplicate and fragment introduce branching, these actions are composed into a binary-tree structure called an action tree. Each tree also has a trigger. The trigger describes which packets the tree should run on, and the tree describes what should happen to each of those packets when the trigger fires. Once a trigger fires on a packet, it pulls the packet into the tree for modifications, and the packets that emerge from the tree are sent on the wire. Recall that Geneva operates at the packet level, therefore all triggers are packet-level triggers.

Multiple action trees together form a forest. Geneva handles outbound and inbound packets differently, so strategies are composed of two forests: an outbound forest and an inbound forest.

Consider the following example of a simple Geneva strategy.

                   +---------------+
                   |  TCP:flags:A  |         <-- triggers on TCP packets with the flags field set to 'ACK'
                   +-------+-------+             matching packets are captured and pulled into the tree
                           |
                 +---------v---------+
                       duplicate             <-- makes two copies of the given packet. the tree is processed 
                 +---------+---------+           with an inorder traversal, so the left side is run first
                           |
             +-------------+------------+
             |                          |
+------------v----------+               v    <-- dupilcate has no right child, so this packet will be sent on the wire unimpacted
          tamper              
  {TCP:flags:replace:R}      <-- parameters to this action describe how the packet should be tampered 
+------------+----------+
             |
+------------v----------+
          tamper
   {TCP:chksum:corrupt}
+------------+----------+
             |
             v               <-- packets that emerge from an in-order traversal of the leaves are sent on the wire

This strategy triggers on TCP packets with the flags field set to ACK. It makes a duplicate of the ACK packet; the first duplicate has its flags field changed to RST and its checksum (chksum) field corrupted; the second duplicate is unchaged. Both packets are then sent on the network.

Strategy DNA

These strategies can be arbitrarily complicated, and Geneva defines a well-formatted string syntax for unambiguously expressing strategies.

A strategy divides how it handles outbound and inbound packets: these are separated in the DNA by a "\/". Specifically, the strategy format is \/ . If \/ is not present in a strategy, all of the action trees are in the outbound forest.

Both forests are composed of action trees, and each forest is allowed an arbitrarily many trees.

Action trees always start with a trigger, which is formatted as: [ : : ] . For example, the trigger: [TCP:flags:S] will run its corresponding tree whenever it sees a TCP packet with the flags field set to SYN. If the corresponding action tree is [TCP:flags:S]-drop-|, this action tree will cause the engine to drop any SYN packets. [TCP:flags:S]-duplicate-| will cause the engine to duplicate any SYN packets.

Syntactically, action trees end with -|.

Depending on the type of action, some actions can have up to two children (such as duplicate). These are represented with the following syntax: [TCP:flags:S]-duplicate( , )-| , where and themselves are trees. If (,) is not specified, any packets that emerge from the action will be sent on the wire. If an action only has one child (such as tamper), it is always the left child. [TCP:flags:S]-tamper{ }( ,)-|

Actions that have parameters specify those parameters within {}. For example, giving parameters to the tamper action could look like: [TCP:flags:S]-tamper{TCP:flags:replace:A}-|. This strategy would trigger on TCP SYN packets and replace the TCP flags field to ACK.

Putting this all together, below is the strategy DNA representation of the above diagram:

[TCP:flags:A]-duplicate(tamper{TCP:flags:replace:R}(tamper{TCP:chksum:corrupt},),)-| \/

Geneva has code to parse this strategy DNA into strategies that can be applied to network traffic using the engine.

Note that due to limitations of Scapy and NFQueue, actions that introduce branching (fragment, duplicate) are disabled for incoming action forests.

Engine

The strategy engine (engine.py) applies a strategy to a network connection. The engine works by capturing all traffic to/from a specified port. Packets that match an active trigger are run through the associated action-tree, and packets that emerge from the tree are sent on the wire.

The engine also has a Python API for using it in your application. It can be used as a context manager or invoked in the background as a thread. For example, consider the following simple application.

import os
import engine

# Port to run the engine on
port = 80
# Strategy to use
strategy = "[TCP:flags:A]-duplicate(tamper{TCP:flags:replace:R}(tamper{TCP:chksum:corrupt},),)-| \/"

# Create the engine in debug mode
with engine.Engine(port, strategy, log_level="debug") as eng:
    os.system("curl http://example.com?q=ultrasurf")

This script creates an instance of the engine with a specified strategy, and that strategy will be running for everything within the context manager. When the context manager exits, the engine will clean itself up. See the examples/ folder for more use cases of the engine.

Due to limitations of scapy and NFQueue, the engine cannot be used to communicate with localhost.

Citation

If you like the work or plan to use it in your projects, please follow the guidelines in citation.bib.

Paper

See our paper from CCS or the rest of our papers and talks for an in-depth dive into how Geneva works and how it can be applied.

Contributors

Kevin Bock

George Hughey

Xiao Qiang

Dave Levin

Comments
  • NetfilterQueue run_socket error

    NetfilterQueue run_socket error

    I'm running NetfilterQueue git version because I couldn't get pip to install it but that shouldn't matter I think. LOG:

    ##$ sudo python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{IP:len:replace:64},)-|" --log debug
    
    2020-01-25 04:13:35 DEBUG:[ENGINE] Engine created with strategy [TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-| \/ (ID xlez5tdl) to port 80
    2020-01-25 04:13:35 DEBUG:[ENGINE] Configuring iptables rules
    2020-01-25 04:13:35 DEBUG:[ENGINE] iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 1
    2020-01-25 04:13:35 DEBUG:[ENGINE] iptables -A INPUT -p tcp --sport 80 -j NFQUEUE --queue-num 2
    2020-01-25 04:13:35 DEBUG:[ENGINE] iptables -A OUTPUT -p udp --dport 80 -j NFQUEUE --queue-num 1
    2020-01-25 04:13:35 DEBUG:[ENGINE] iptables -A INPUT -p udp --sport 80 -j NFQUEUE --queue-num 2
    2020-01-25 04:13:36 DEBUG:[ENGINE] NFQueue Initialized after 0
    2020-01-25 04:13:37 ERROR:[ENGINE] Exception out of run_nfqueue() (direction=in)
    Traceback (most recent call last):
      File "engine.py", line 115, in run_nfqueue
        nfqueue.run_socket(nfqueue_socket)
    SystemError: <method 'run_socket' of 'netfilterqueue.NetfilterQueue' objects> returned NULL without setting an error
    2020-01-25 04:13:37 ERROR:[ENGINE] Exception out of run_nfqueue() (direction=out)
    Traceback (most recent call last):
      File "engine.py", line 115, in run_nfqueue
        nfqueue.run_socket(nfqueue_socket)
    SystemError: <method 'run_socket' of 'netfilterqueue.NetfilterQueue' objects> returned NULL without setting an error ``` 
    opened by compliment 16
  • TypeError: '_sre.SRE_Match' object is not subscriptable

    TypeError: '_sre.SRE_Match' object is not subscriptable

    I can't run it.

    # python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-|" --log debug
    Traceback (most recent call last):
      File "engine.py", line 329, in main
        log_level=args["log"])
      File "engine.py", line 54, in __init__
        self.strategy = actions.utils.parse(string_strategy, self.logger)
      File "/root/geneva/actions/utils.py", line 74, in parse
        new_tree.parse(str_action, logger)
      File "/root/geneva/actions/tree.py", line 180, in parse
        if not match or not match[0]:
    TypeError: '_sre.SRE_Match' object is not subscriptable
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "engine.py", line 338, in <module>
        main(vars(get_args()))
      File "engine.py", line 334, in main
        eng.shutdown_nfqueue()
    UnboundLocalError: local variable 'eng' referenced before assignment
    

    Debian GNU/Linux 9.11 (stretch)

    opened by xhdix 7
  • listen on multi ports?

    listen on multi ports?

    i run : engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-|" --log debug

    it worked fine,so.is it possible engine.py could listen and worked as service in multi ports,such as 1000:1200?

    million TKS

    opened by sophauer 4
  • Exception out of run_nfqueue()

    Exception out of run_nfqueue()

    ubuntu@instance-20200501-0913:~/geneva$ sudo python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-|" --log debug
    2020-08-24 13:18:59 WARNING:[ENGINE] No environment ID given, one has been generated (w2rlta48)
    2020-08-24 13:18:59 DEBUG:[ENGINE] Engine created with strategy [TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-| \/ (ID w2rlta48) to port 80
    2020-08-24 13:18:59 DEBUG:[ENGINE] Configuring iptables rules
    2020-08-24 13:18:59 DEBUG:[ENGINE] iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 2
    2020-08-24 13:18:59 DEBUG:[ENGINE] iptables -A INPUT -p tcp --sport 80 -j NFQUEUE --queue-num 1
    2020-08-24 13:18:59 DEBUG:[ENGINE] iptables -A OUTPUT -p udp --dport 80 -j NFQUEUE --queue-num 2
    2020-08-24 13:18:59 DEBUG:[ENGINE] iptables -A INPUT -p udp --sport 80 -j NFQUEUE --queue-num 1
    2020-08-24 13:18:59 DEBUG:[ENGINE] NFQueue Initialized after 0
    2020-08-24 13:19:00 ERROR:[ENGINE] Exception out of run_nfqueue() (direction=in)
    Traceback (most recent call last):
      File "engine.py", line 197, in run_nfqueue
        nfqueue.run_socket(nfqueue_socket)
    SystemError: <method 'run_socket' of 'netfilterqueue.NetfilterQueue' objects> returned NULL without setting an error
    2020-08-24 13:19:00 ERROR:[ENGINE] Exception out of run_nfqueue() (direction=out)
    Traceback (most recent call last):
      File "engine.py", line 197, in run_nfqueue
        nfqueue.run_socket(nfqueue_socket)
    SystemError: <method 'run_socket' of 'netfilterqueue.NetfilterQueue' objects> returned NULL without setting an error
    

    OS: Ubuntu 20.04

    Any idea on what I can do to help to debug the issue?

    Thanks

    opened by FireMasterK 4
  • Running geneva on server side (router)

    Running geneva on server side (router)

    Hello, there are quote in your README that you can run the Geneva from the server side, but i found no docs for this case. Is there anyway to launch this on router (for example Openwrt) for avoiding DPI. How it will work as a server. May be there are some links I haven't seen.

    opened by Hi-Timofey 3
  • My Geneva is not working properly,Who can help me?

    My Geneva is not working properly,Who can help me?

    I use the following command to start geneva in Centos7: [root@localhost geneva]# python3 engine.py --server-port 80 --strategy "[TCP:flags:SA]-tamper{TCP:window:replace:4}-|" 2023-01-05 16:40:33 WARNING:[ENGINE] No environment ID given, one has been generated (biuvkyzo) 2023-01-05 16:40:33 DEBUG:[ENGINE] Engine created with strategy [TCP:flags:SA]-tamper{TCP:window:replace:4}-| / (ID biuvkyzo) to port 80 2023-01-05 16:40:33 DEBUG:[ENGINE] Configuring iptables rules 2023-01-05 16:40:33 DEBUG:[ENGINE] iptables -A OUTPUT -p tcp --match tcp --dport 80 -j NFQUEUE --queue-num 2 2023-01-05 16:40:33 DEBUG:[ENGINE] iptables -A INPUT -p tcp --match tcp --sport 80 -j NFQUEUE --queue-num 1 2023-01-05 16:40:33 DEBUG:[ENGINE] iptables -A OUTPUT -p udp --match udp --dport 80 -j NFQUEUE --queue-num 2 2023-01-05 16:40:33 DEBUG:[ENGINE] iptables -A INPUT -p udp --match udp --sport 80 -j NFQUEUE --queue-num 1 2023-01-05 16:40:33 DEBUG:[ENGINE] NFQueue Initialized after 0

    When I access and grab packets with tcpdump on another machine, it looks like this: 17:11:28.686023 IP 114.244.206.187.7440 > 172.19.52.161.http: Flags [S], seq 3706088398, win 29200, options [mss 1400,sackOK,TS val 87376608 ecr 0,nop,wscale 7], length 0 17:11:28.686074 IP 172.19.52.161.http > 114.244.206.187.7440: Flags [S.], seq 3459820145, ack 3706088399, win 1152, options [mss 1460,sackOK,TS val 13288807 ecr 87376608,nop,wscale 0], length 0 17:11:28.724237 IP 114.244.206.187.7440 > 172.19.52.161.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 87376648 ecr 13288807], length 0

    I think the returned win size in the [S.] (syn+ack) phase should be 4, but it doesn't seem to work as expected, the win is 1152

    opened by dandinw 2
  • Engine: Ability to set log file logging level

    Engine: Ability to set log file logging level

    Currently Geneva engine.py always write log to file with logging level debug regardless of --log level parameter, but it can be problem when downloading a large file or having too many connections, the log file can grow so quickly

    opened by lepz0r 2
  • run as systemd issue

    run as systemd issue

    OS: centos 7 systemd service `[Unit] Description=Geneva Server [Service] Type=simple User=root WorkingDirectory=/home/centos/geneva ExecStart=/usr/bin/python3 /home/centos/geneva/engine.py --server-port mult-ports --strategy "XXXXX"

    ExecReload=/bin/kill -HUP $MAINPID Restart=always

    [Install] WantedBy=multi-user.target`

    1st run,type iptables -L, NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2

    then,systemctl restart Geneva.service, iptbables -L NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2

    if i do it again,systemctl restart Geneva.service, iptbables -L showed NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE tcp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2 NFQUEUE udp -- anywhere anywhere multiport dports XXXX NFQUEUE num 2

    opened by sophauer 2
  • make a v2ray like proxy tools and port to golang

    make a v2ray like proxy tools and port to golang

    as the title tl;dr easy deploy and less traffic make a v2ray like proxy tools which can bypass almost network package,except dns resolv package port to golang which makes easier deploy

    opened by ghost 2
  • Pip install multiple errors on Debian 10

    Pip install multiple errors on Debian 10

    python3 -m pip install -r requirements.txt produces multiple errors when run on Debian 10.

    building 'netfilterqueue' extension
      creating build
      creating build/temp.linux-x86_64-3.7
      x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c netfilterqueue.c -o build/temp.linux-x86_64-3.7/netfilterqueue.o
      netfilterqueue.c: In function ‘__pyx_f_14netfilterqueue_6Packet_set_nfq_data’:
      netfilterqueue.c:2150:68: warning: passing argument 2 of ‘nfq_get_payload’ from incompatible pointer type [-Wincompatible-pointer-types]
         __pyx_v_self->payload_len = nfq_get_payload(__pyx_v_self->_nfa, (&__pyx_v_self->payload));
                                                                         ~^~~~~~~~~~~~~~~~~~~~~~~
      In file included from netfilterqueue.c:440:
      /usr/include/libnetfilter_queue/libnetfilter_queue.h:122:67: note: expected ‘unsigned char **’ but argument is of type ‘char **’
       extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
                                                         ~~~~~~~~~~~~~~~~^~~~
      netfilterqueue.c: In function ‘__pyx_pf_14netfilterqueue_6Packet_4get_hw’:
      netfilterqueue.c:2533:17: warning: implicit declaration of function ‘PyString_FromStringAndSize’; did you mean ‘PyBytes_FromStringAndSize’? [-Wimplicit-function-declaration]
           __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~
                       PyBytes_FromStringAndSize
      netfilterqueue.c:2533:15: warning: assignment to ‘PyObject *’ {aka ‘struct _object *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
           __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
                     ^
      netfilterqueue.c: In function ‘__Pyx_PyCFunction_FastCall’:
      netfilterqueue.c:6436:13: error: too many arguments to function ‘(PyObject * (*)(PyObject *, PyObject * const*, Py_ssize_t))meth’
           return (*((__Pyx_PyCFunctionFast)meth)) (self, args, nargs, NULL);
                  ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      netfilterqueue.c: In function ‘__Pyx__ExceptionSave’:
      netfilterqueue.c:7132:21: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
           *type = tstate->exc_type;
                           ^~~~~~~~
                           curexc_type
      netfilterqueue.c:7133:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
           *value = tstate->exc_value;
                            ^~~~~~~~~
                            curexc_value
      netfilterqueue.c:7134:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
           *tb = tstate->exc_traceback;
                         ^~~~~~~~~~~~~
                         curexc_traceback
      netfilterqueue.c: In function ‘__Pyx__ExceptionReset’:
      netfilterqueue.c:7141:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
           tmp_type = tstate->exc_type;
                              ^~~~~~~~
                              curexc_type
      netfilterqueue.c:7142:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
           tmp_value = tstate->exc_value;
                               ^~~~~~~~~
                               curexc_value
      netfilterqueue.c:7143:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
           tmp_tb = tstate->exc_traceback;
                            ^~~~~~~~~~~~~
                            curexc_traceback
      netfilterqueue.c:7144:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
           tstate->exc_type = type;
                   ^~~~~~~~
                   curexc_type
      netfilterqueue.c:7145:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
           tstate->exc_value = value;
                   ^~~~~~~~~
                   curexc_value
      netfilterqueue.c:7146:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
           tstate->exc_traceback = tb;
                   ^~~~~~~~~~~~~
                   curexc_traceback
      netfilterqueue.c: In function ‘__Pyx__GetException’:
      netfilterqueue.c:7201:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
           tmp_type = tstate->exc_type;
                              ^~~~~~~~
                              curexc_type
      netfilterqueue.c:7202:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
           tmp_value = tstate->exc_value;
                               ^~~~~~~~~
                               curexc_value
      netfilterqueue.c:7203:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
           tmp_tb = tstate->exc_traceback;
                            ^~~~~~~~~~~~~
                            curexc_traceback
      netfilterqueue.c:7204:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
           tstate->exc_type = local_type;
                   ^~~~~~~~
                   curexc_type
      netfilterqueue.c:7205:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
           tstate->exc_value = local_value;
                   ^~~~~~~~~
                   curexc_value
      netfilterqueue.c:7206:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
           tstate->exc_traceback = local_tb;
                   ^~~~~~~~~~~~~
                   curexc_traceback
      error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
      
      ----------------------------------------
      Failed building wheel for netfilterqueue
      Running setup.py clean for netfilterqueue
      Running setup.py bdist_wheel for mysql-connector ... done
      Stored in directory: /home/andy/.cache/pip/wheels/8c/83/a1/f8b6d4bb1bd6208bbde1608bbfa7557504bed9eaf2ecf8c175
      Running setup.py bdist_wheel for slackclient ... done
      Stored in directory: /home/andy/.cache/pip/wheels/b0/c7/4e/23104e3c04bf4248a1f9e24d82978e910e3ae4761e00f878e5
      Running setup.py bdist_wheel for psutil ... done
      Stored in directory: /home/andy/.cache/pip/wheels/39/a0/f5/c4fa280463e29aea07797acb5312358fefb067c1f4f98e11b1
    Successfully built scapy netifaces mysql-connector slackclient psutil
    Failed to build netfilterqueue
    slackclient 1.3.1 has requirement websocket-client<0.55.0,>=0.35, but you'll have websocket-client 0.57.0 which is incompatible.
    Installing collected packages: attrs, py, zipp, importlib-metadata, pluggy, iniconfig, pyparsing, packaging, toml, more-itertools, pytest, scapy, dnspython, websocket-client, docker, anytree, graphviz, netifaces, netfilterqueue, pycparser, cffi, cryptography, bcrypt, pynacl, paramiko, coverage, codecov, pytest-cov, tld, python-dotenv, mysql-connector, slackclient, soupsieve, beautifulsoup4, psutil, tqdm
      The scripts py.test and pytest are installed in '/home/andy/.local/bin' which is not on PATH.
      Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
      The scripts UTscapy and scapy are installed in '/home/andy/.local/bin' which is not on PATH.
      Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
      Running setup.py install for netfilterqueue ... error
        Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-s341lk2z/netfilterqueue/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-4o45wq9_/install-record.txt --single-version-externally-managed --compile --user --prefix=:
        running install
        running build
        running build_ext
        building 'netfilterqueue' extension
        creating build
        creating build/temp.linux-x86_64-3.7
        x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c netfilterqueue.c -o build/temp.linux-x86_64-3.7/netfilterqueue.o
        netfilterqueue.c: In function ‘__pyx_f_14netfilterqueue_6Packet_set_nfq_data’:
        netfilterqueue.c:2150:68: warning: passing argument 2 of ‘nfq_get_payload’ from incompatible pointer type [-Wincompatible-pointer-types]
           __pyx_v_self->payload_len = nfq_get_payload(__pyx_v_self->_nfa, (&__pyx_v_self->payload));
                                                                           ~^~~~~~~~~~~~~~~~~~~~~~~
        In file included from netfilterqueue.c:440:
        /usr/include/libnetfilter_queue/libnetfilter_queue.h:122:67: note: expected ‘unsigned char **’ but argument is of type ‘char **’
         extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
                                                           ~~~~~~~~~~~~~~~~^~~~
        netfilterqueue.c: In function ‘__pyx_pf_14netfilterqueue_6Packet_4get_hw’:
        netfilterqueue.c:2533:17: warning: implicit declaration of function ‘PyString_FromStringAndSize’; did you mean ‘PyBytes_FromStringAndSize’? [-Wimplicit-function-declaration]
             __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
                         ^~~~~~~~~~~~~~~~~~~~~~~~~~
                         PyBytes_FromStringAndSize
        netfilterqueue.c:2533:15: warning: assignment to ‘PyObject *’ {aka ‘struct _object *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
             __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
                       ^
        netfilterqueue.c: In function ‘__Pyx_PyCFunction_FastCall’:
        netfilterqueue.c:6436:13: error: too many arguments to function ‘(PyObject * (*)(PyObject *, PyObject * const*, Py_ssize_t))meth’
             return (*((__Pyx_PyCFunctionFast)meth)) (self, args, nargs, NULL);
                    ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        netfilterqueue.c: In function ‘__Pyx__ExceptionSave’:
        netfilterqueue.c:7132:21: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
             *type = tstate->exc_type;
                             ^~~~~~~~
                             curexc_type
        netfilterqueue.c:7133:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
             *value = tstate->exc_value;
                              ^~~~~~~~~
                              curexc_value
        netfilterqueue.c:7134:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
             *tb = tstate->exc_traceback;
                           ^~~~~~~~~~~~~
                           curexc_traceback
        netfilterqueue.c: In function ‘__Pyx__ExceptionReset’:
        netfilterqueue.c:7141:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
             tmp_type = tstate->exc_type;
                                ^~~~~~~~
                                curexc_type
        netfilterqueue.c:7142:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
             tmp_value = tstate->exc_value;
                                 ^~~~~~~~~
                                 curexc_value
        netfilterqueue.c:7143:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
             tmp_tb = tstate->exc_traceback;
                              ^~~~~~~~~~~~~
                              curexc_traceback
        netfilterqueue.c:7144:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
             tstate->exc_type = type;
                     ^~~~~~~~
                     curexc_type
        netfilterqueue.c:7145:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
             tstate->exc_value = value;
                     ^~~~~~~~~
                     curexc_value
        netfilterqueue.c:7146:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
             tstate->exc_traceback = tb;
                     ^~~~~~~~~~~~~
                     curexc_traceback
        netfilterqueue.c: In function ‘__Pyx__GetException’:
        netfilterqueue.c:7201:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
             tmp_type = tstate->exc_type;
                                ^~~~~~~~
                                curexc_type
        netfilterqueue.c:7202:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
             tmp_value = tstate->exc_value;
                                 ^~~~~~~~~
                                 curexc_value
        netfilterqueue.c:7203:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
             tmp_tb = tstate->exc_traceback;
                              ^~~~~~~~~~~~~
                              curexc_traceback
        netfilterqueue.c:7204:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
             tstate->exc_type = local_type;
                     ^~~~~~~~
                     curexc_type
        netfilterqueue.c:7205:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
             tstate->exc_value = local_value;
                     ^~~~~~~~~
                     curexc_value
        netfilterqueue.c:7206:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
             tstate->exc_traceback = local_tb;
                     ^~~~~~~~~~~~~
                     curexc_traceback
        error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
        
        ----------------------------------------
    Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-s341lk2z/netfilterqueue/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-4o45wq9_/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-s341lk2z/netfilterqueue/
    
    opened by andymc88 2
  • Iran Needs You

    Iran Needs You

    Hi There, Iranian people are under a heavy filtering service by gov. I myself accidentally and by chance connected to web and come here to say that, we needs you guys and your help. if you can help and get some fast tip answer this issue pls.

    Best Regards - Iranian People

    opened by zebka 1
  • Make geneva a package

    Make geneva a package

    Distributing geneva as python project is desirable because it

    • enables re-usage of code though other projects by making geneva a dependency
    • improves dependency specification through poetry
    • makes installation easier and might help with os independence
    • provides a clearer structure for imports
    • allows working-directory independent execution

    I created a draft of how this could look like at https://github.com/VwCSXg/geneva/tree/pyproject. It mostly works, however some tests are failing or not finishing at all and I didn't manage to run pytest even on the main branch which is why I can`t really pin down the problems created by refactoring geneva as a package. Help in fixing those issues would be much appreciated :)

    opened by VwCSXg 3
  • No strategies found

    No strategies found

    So i run geneva evolve with population of 300 and generation of 25 but was not able to find any working strategy. The censor basically forbids traffic by sending a RST+ACK to both directions (to client and to server). What could be the issue. Is geneva just not effective anymore?

    opened by gronget 0
  • OSError: Failed to create queue 1.

    OSError: Failed to create queue 1.

    Hi, thank you for help in advance...

    I get error OSError: Failed to create queue 1. Python: 3.10.7 Kernel: archlinux 5.19.12-arch1-1-amd64

    # python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-|" --log debug
    /usr/lib/python3.10/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated
      cipher=algorithms.Blowfish,
    /usr/lib/python3.10/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated
      cipher=algorithms.CAST5,
    WARNING:[ENGINE] No environment ID given, one has been generated (parw9j5p)
    DEBUG:[ENGINE] Engine created with strategy [TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10}(tamper{TCP:chksum:corrupt},),)-| \/ (ID parw9j5p) to port 80
    DEBUG:[ENGINE] Configuring iptables rules
    DEBUG:[ENGINE] iptables -A OUTPUT -p tcp --match tcp --dport 80 -j NFQUEUE --queue-num 2
    DEBUG:[ENGINE] iptables -A INPUT -p tcp --match tcp --sport 80 -j NFQUEUE --queue-num 1
    DEBUG:[ENGINE] iptables -A OUTPUT -p udp --match udp --dport 80 -j NFQUEUE --queue-num 2
    DEBUG:[ENGINE] iptables -A INPUT -p udp --match udp --sport 80 -j NFQUEUE --queue-num 1
    Traceback (most recent call last):
      File "/opt/anti_c/geneva-master/engine.py", line 470, in <module>
        main(vars(get_args()))
      File "/opt/anti_c/geneva-master/engine.py", line 454, in main
        with Engine(args["server_port"],
      File "/opt/anti_c/geneva-master/engine.py", line 130, in __enter__
        self.initialize_nfqueue()
      File "/opt/anti_c/geneva-master/engine.py", line 272, in initialize_nfqueue
        self.in_nfqueue.bind(self.in_queue_num, self.in_callback)
      File "netfilterqueue/_impl.pyx", line 270, in netfilterqueue._impl.NetfilterQueue.bind
    OSError: Failed to create queue 1.
    
    

    Another question:Does geneva help me on https too?!

    opened by hamedsbt 1
  • How to use it ?

    How to use it ?

    Hi, I want to know if it is possible to run this on my server and connect to the server with the android client using some protocols like Shadowsocks or OpenVPN to have free internet on my android client or not ?

    opened by jalilimmd 2
An Artificial Intelligence trying to drive a car by itself on a user created map

An Artificial Intelligence trying to drive a car by itself on a user created map

Akhil Sahukaru 17 Jan 13, 2022
Wordplay, an artificial Intelligence based crossword puzzle solver.

Wordplay, AI based crossword puzzle solver A crossword is a word puzzle that usually takes the form of a square or a rectangular grid of white- and bl

Vaibhaw 4 Nov 16, 2022
Artificial Intelligence playing minesweeper 🤖

AI playing Minesweeper ✨ Minesweeper is a single-player puzzle video game. The objective of the game is to clear a rectangular board containing hidden

Vaibhaw 8 Oct 17, 2022
Framework that uses artificial intelligence applied to mathematical models to make predictions

LiconIA Framework that uses artificial intelligence applied to mathematical models to make predictions Interface Overview Table of contents [TOC] 1 Ar

null 4 Jun 20, 2021
Artificial Intelligence search algorithm base on Pacman

Pacman Search Artificial Intelligence search algorithm base on Pacman Source The Pacman Projects by the University of California, Berkeley. Layouts Di

Day Fundora 6 Nov 17, 2022
AI Flow is an open source framework that bridges big data and artificial intelligence.

Flink AI Flow Introduction Flink AI Flow is an open source framework that bridges big data and artificial intelligence. It manages the entire machine

null 144 Dec 30, 2022
Python Rapid Artificial Intelligence Ab Initio Molecular Dynamics

Python Rapid Artificial Intelligence Ab Initio Molecular Dynamics

null 14 Nov 6, 2022
I created My own Virtual Artificial Intelligence named genesis, He can assist with my Tasks and also perform some analysis,,

Virtual-Artificial-Intelligence-genesis- I created My own Virtual Artificial Intelligence named genesis, He can assist with my Tasks and also perform

AKASH M 1 Nov 5, 2021
Randstad Artificial Intelligence Challenge (powered by VGEN). Soluzione proposta da Stefano Fiorucci (anakin87) - primo classificato

Randstad Artificial Intelligence Challenge (powered by VGEN) Soluzione proposta da Stefano Fiorucci (anakin87) - primo classificato Struttura director

Stefano Fiorucci 1 Nov 13, 2021
🔥 Cannlytics-powered artificial intelligence 🤖

Cannlytics AI ?? Cannlytics-powered artificial intelligence ?? ??️ Installation ??‍♀️ Quickstart ?? Development ?? Automation ?? Support ??️ License ?

Cannlytics 3 Nov 11, 2022
2021 Artificial Intelligence Diabetes Datathon

A.I.D.D. 2021 2021 Artificial Intelligence Diabetes Datathon A.I.D.D. 2021은 ‘2021 인공지능 학습용 데이터 구축사업’을 통해 만들어진 학습용 데이터를 활용하여 당뇨병을 효과적으로 예측할 수 있는가에 대한 A

null 2 Dec 27, 2021
CasualHealthcare's Pneumonia detection with Artificial Intelligence (Convolutional Neural Network)

CasualHealthcare's Pneumonia detection with Artificial Intelligence (Convolutional Neural Network) This is PneumoniaDiagnose, an artificially intellig

Azhaan 2 Jan 3, 2022
CS50's Introduction to Artificial Intelligence Test Scripts

CS50's Introduction to Artificial Intelligence Test Scripts ??‍♂️ What's this? ??‍♀️ This repository contains Python scripts to automate tests for mos

Jet Kan 2 Dec 28, 2022
Artificial intelligence technology inferring issues and logically supporting facts from raw text

개요 비정형 텍스트를 학습하여 쟁점별 사실과 논리적 근거 추론이 가능한 인공지능 원천기술 Artificial intelligence techno

null 6 Dec 29, 2021
Tom-the-AI - A compound artificial intelligence software for Linux systems.

Tom the AI (version 0.82) WARNING: This software is not yet ready to use, I'm still setting up the GitHub repository. Should be ready in a few days. T

null 2 Apr 28, 2022
An AI made using artificial intelligence (AI) and machine learning algorithms (ML) .

DTech.AIML An AI made using artificial intelligence (AI) and machine learning algorithms (ML) . This is created by help of some members in my team and

null 1 Jan 6, 2022
This Artificial Intelligence program can take a black and white/grayscale image and generate a realistic or plausible colorized version of the same picture.

Colorizer The point of this project is to write a program capable of taking a black and white / grayscale image, and generating a realistic or plausib

Maitri Shah 1 Jan 6, 2022
AI Virtual Calculator: This is a simple virtual calculator based on Artificial intelligence.

AI Virtual Calculator: This is a simple virtual calculator that works with gestures using OpenCV. We will use our hand in the air to click on the calc

Md. Rakibul Islam 1 Jan 13, 2022
AI Face Mesh: This is a simple face mesh detection program based on Artificial intelligence.

AI Face Mesh: This is a simple face mesh detection program based on Artificial Intelligence which made with Python. It's able to detect 468 different

Md. Rakibul Islam 1 Jan 13, 2022