Mufananidzo:
Nhasi, chikamu chakakosha chezvese zvirimo paInternet chinogoverwa uchishandisa maCDN network. Panguva imwecheteyo, tsvagurudza kuti macensor akasiyana anowedzera sei simba rawo pamanetiweki akadaro. Masayendisiti kubva kuYunivhesiti yeMassachusetts nzira dzinobvira dzekuvharisa zvinyorwa zveCDN uchishandisa muenzaniso wezviitwa zvevakuru veChinese, uye zvakare yakagadzira chishandiso chekunzvenga ichivharika.
Isu takagadzirira chinyorwa chekuongorora chine mhedziso huru uye mhedzisiro yekuedza uku.
Nhanganyaya
Censorship idambudziko repasi rose kune rusununguko rwekutaura paInternet uye nemahara kuwana ruzivo. Izvi zvinonyanya kuitika nekuda kwekuti Indaneti yakakwereta "kuguma-ku-kuguma-kukurukurirana" muenzaniso kubva kunhare dzenhare dze70s dzezana remakore rapfuura. Izvi zvinokutendera kuti uvhare kupinda kune zvemukati kana kutaurirana kwevashandisi pasina kukosha kwakanyanya kana mutengo wakavakirwa paIP kero. Pane nzira dzakati wandei pano, kubva pakuvharira kero pachayo neyakarambidzwa zvemukati kusvika pakuvhara kugona kwevashandisi kutombozviziva vachishandisa DNS manipulation.
Zvakadaro, kuvandudzwa kweInternet kwakakonzerawo kubuda kwenzira itsva dzekuparadzira ruzivo. Imwe yacho ndeye kushandiswa kwezvinhu zvakachengetwa kuvandudza mashandiro uye kukurumidzira kutaurirana. Nhasi, vanopa CDN vanogadzira huwandu hwakakosha hwese traffic munyika - Akamai, mutungamiri muchikamu chino, ega anoverengera kusvika makumi matatu muzana yepasi rose static web traffic.
A CDN network inzira yakagoverwa yekuendesa zvemukati zveInternet nekumhanya kwakanyanya. Iyo yakajairwa CDN network ine maseva munzvimbo dzakasiyana dzenzvimbo dzinochengetera zvinyorwa kuti zvishandire kune vashandisi vari padyo nesevha iyoyo. Izvi zvinokutendera kuti uwedzere zvakanyanya kukurumidza kwekutaurirana kwepamhepo.
Pamusoro pekuvandudza ruzivo rwevashandisi vekupedzisira, CDN yekutambira inobatsira vanogadzira zvemukati kuyera mapurojekiti avo nekudzikisa mutoro pazvivakwa zvavo.
Kuongorora zvinyorwa zveCDN
Kunyangwe chokwadi chekuti CDN traffic inotogadzira chikamu chakakosha chese ruzivo rwese rwunofambiswa paInternet, pachine kunge pasina tsvakiridzo yekuti ma censors munyika chaiyo anosvika sei kutonga kwayo.
Vanyori vezvidzidzo vakatanga nekuongorora nzira dzekuongorora dzinogona kushandiswa kune maCDN. Vakabva vadzidza nzira chaidzo dzinoshandiswa nevakuru veChinese.
Chekutanga, ngatitaurei nezve nzira dzinogoneka dzekuongorora uye mukana wekuvashandisa kudzora CDN.
IP kusefa
Iyi ndiyo nzira yakapfava uye isingadhure yekuongorora Indaneti. Uchishandisa nzira iyi, iyo censor inozivisa uye inobvisa mazita eIP kero yezviwanikwa zvinotambira zvinorambidzwa. Ipapo vanodzorwa vanopa Internet vanomira kuendesa mapaketi anotumirwa kumakero akadaro.
IP-based blocking ndiyo imwe yedzakajairika nzira dzekuongorora Indaneti. Zvizhinji zvekutengesa network zvishandiso zvakashongedzerwa nemabasa ekushandisa kuvharira kwakadaro pasina kwakakosha computational kuedza.
Nekudaro, iyi nzira haina kunyatso kuvharira CDN traffic nekuda kwezvimwe zvivakwa zvetekinoroji pachayo:
- Distributed caching - kuti ive nechokwadi chekuwanikwa kwakanyanya kwemukati uye kukwidziridza kuita, maCDN network cache zvemukati zvemushandisi pane nhamba huru yemaseva ekumucheto ari munzvimbo dzakagoverwa. Kusefa zvakadaro zvirimo zvichibva paIP, iyo censor yaizoda kutsvaga kero dzeese evhavha maseva uye nekuanyora. Izvi zvinokanganisa hukuru hwemaitiro eiyo nzira, nekuti iyo yakanyanya kukosha ndeyekuti mune yakajairwa chirongwa, kuvharira imwe sevha inobvumidza iwe "kubvisa" kupinda kune zvinorambidzwa zvehuwandu hwevanhu kamwechete.
- Akagovaniswa IPs - Vatengesi veCDN vanogovera zvigadzirwa zvavo (kureva maseva ekumucheto, mepu system, nezvimwewo) pakati pevatengi vakawanda. Nekuda kweizvozvo, zvakarambidzwa CDN zvemukati zvinotakurwa kubva kune imwecheteyo IP kero sezvisina kurambidzwa zvemukati. Nekuda kweizvozvo, chero kuedza kweIP kusefa kunoguma nehuwandu hukuru hwesaiti uye zvirimo izvo zvisiri zvekufarira kune censors kuvharwa.
- Yakanyanya dynamic IP basa - kukwidziridza kuyera kuyera uye kuvandudza mhando yebasa, mepu yemaseva ekumucheto uye vashandisi vekupedzisira inoitwa nekukurumidza uye zvine simba. Semuenzaniso, Akamai anogadziridza akadzorera IP kero miniti yega yega. Izvi zvichaita kuti zvisaite kuti kero dzibatanidzwe nezvinhu zvinorambidzwa.
DNS kupindira
Kunze kweIP kusefa, imwe yakakurumbira nzira yekuongorora ndeye DNS kupindira. Iyi nzira inosanganisira zviito nemacensors ane chinangwa chekudzivirira vashandisi kubva pakuziva IP kero yezviwanikwa zvine zvinorambidzwa. Ndiko kuti, kupindira kunoitika padanho rekugadzirisa zita rezita. Pane nzira dzakati wandei dzekuita izvi, kusanganisira kubira DNS kubatana, kushandisa DNS chepfu nzira, uye kuvharira zvikumbiro zveDNS kunzvimbo dzinorambidzwa.
Iyi inzira inoshanda yekuvharisa, asi inogona kupfuudzwa kana ukashandisa isiri-yakajairwa nzira dzekugadzirisa DNS, semuenzaniso, kunze-kwe-bhendi nzira. Naizvozvo, macensors anowanzo kusanganisa DNS kuvharira neIP kusefa. Asi, sezvataurwa pamusoro apa, IP kusefa hakushande pakuongorora CDN zvemukati.
Sefa neURL/Makiyi uchishandisa DPI
Yemazuva ano network yekutarisisa zviitiko inogona kushandiswa kuongorora chaiwo maURL uye mazwi makuru mumapaketi edata. Iyi tekinoroji inonzi DPI (yakadzika packet inspection). Masisitimu akadaro anowana kutaurwa kwemazwi akarambidzwa uye zviwanikwa, mushure mezvo zvinokanganisa kutaurirana kwepamhepo. Somugumisiro, mapaketi anongodonhedzwa.
Iyi nzira inoshanda, asi yakanyanya kuomarara uye ine zviwanikwa-yakanyanya nekuti inoda defragmentation yemapaketi ese e data anotumirwa mukati meimwe hova.
Zvinyorwa zveCDN zvinogona kuchengetedzwa kubva pakusefa nenzira imwechete se "nguva dzose" zvinyorwa - mune zvose zviri zviviri kushandiswa kwekunyorera (kureva HTTPS) kunobatsira.
Pamusoro pekushandisa DPI kutsvaga mazwi akakosha kana maURL ezviwanikwa zvakarambidzwa, maturusi aya anogona kushandiswa pakuongorora kwakanyanya. Idzi nzira dzinosanganisira ongororo yenhamba dzepamhepo / offline traffic uye ongororo yezvitupa zvitupa. Idzi nzira dzakanyanya kushandisa zviwanikwa uye parizvino hapana humbowo hwekushandiswa kwavo nemacensors kusvika pamwero wakakomba.
Kuzviongorora kwevanopa CDN
Kana iyo censor iri nyika, saka ine mukana wese wekurambidza iwo maCDN vanopa kushanda munyika vasingateereri mitemo yemuno inodzora kuwana kune zvirimo. Kuzvidzivirira hakugoni kudziviswa nenzira ipi zvayo - naizvozvo, kana kambani yeCDN inopa inofarira kushanda mune imwe nyika, ichamanikidzwa kutevedzera mitemo yemunharaunda, kunyange kana ichidzivisa rusununguko rwekutaura.
Iyo China inoongorora sei CDN zvemukati
Iyo Great Firewall yeChina inoonekwa seyakanyanya kushanda uye yepamusoro sisitimu yekuona Internet censorship.
Maitiro ekutsvagisa
Masayendisiti akaita ongororo vachishandisa Linux node iri mukati meChina. Vaikwanisawo kuwana makomputa akati wandei kunze kwenyika. Kutanga, vatsvakurudzi vakatarisa kuti node yakanga iri pasi pekuongororwa kwakafanana nekushandiswa kune vamwe vashandisi veChinese - kuti vaite izvi, vakaedza kuzarura nzvimbo dzakasiyana-siyana dzakarambidzwa kubva muchina uyu. Saka kuvepo kweiyo nhanho yekuongorora kwakasimbiswa.
Rondedzero yemawebhusaiti akavharirwa muChina anoshandisa maCDN akatorwa kubva kuGreatFire.org. Nzira yekuvhara munyaya imwe neimwe yakabva yaongororwa.
Zvinoenderana neruzhinji data, mutambi mukuru chete mumusika weCDN ane zvivakwa zvayo muChina ndiAkamai. Vamwe vapeji vari kutora chikamu muchidzidzo: CloudFlare, Amazon CloudFront, EdgeCast, Fastly uye SoftLayer.
Munguva yezviyedzo, vaongorori vakawana kero dzeAkamai edge maseva mukati menyika, uye ndokuedza kuwana cached inobvumirwa zvirimo kuburikidza nazvo. Zvakanga zvisingaite kuwana zvakarambidzwa (HTTP 403 Yakarambidzwa kukanganisa yakadzoserwa) - sezviri pachena kambani inozviongorora yega kuitira kuchengetedza kugona kushanda munyika. Panguva imwecheteyo, kuwana zviwanikwa izvi kwakaramba kwakavhurika kunze kwenyika.
ISPs isina zvivakwa muChina haizvitarise vashandisi venzvimbo.
Panyaya yevamwe vanopa, nzira yaiwanzo shandiswa yekuvharisa yaive DNS kusefa - zvikumbiro kumasaiti akavharika zvinogadziriswa kune isiriyo IP kero. Panguva imwecheteyo, firewall haivharidzi CDN edge maseva ivo pachavo, sezvo vachichengeta zvese zvakarambidzwa uye zvakabvumidzwa ruzivo.
Uye kana iri nyaya yetraffic isina kunyorwa zviremera zvine simba rekuvhara mapeji ega emasaiti anoshandisa DPI, saka kana vachishandisa HTTPS vanogona kungoramba kupinda kwese kwese kwese. Izvi zvinotungamirawo kuvharwa kwezvinhu zvinotenderwa.
Pamusoro pezvo, China ine vapi vayo veCDN, kusanganisira network dzakadai seChinaCache, ChinaNetCenter uye CDNetworks. Makambani ese aya anotevedzera zvizere mitemo yenyika uye anovharira zvinorambidzwa.
CacheBrowser: CDN bypass chishandiso
Sekuratidzwa kwakaratidza, zvakaoma kuti macensors avhare CDN zvemukati. Naizvozvo, vaongorori vakasarudza kuenderera mberi nekugadzira online block bypass chishandiso chisingashandisi tekinoroji.
Pfungwa yekutanga yechishandiso ndechekuti censors inofanirwa kukanganisa iyo DNS kuvharira maCDN, asi haufanirwe kushandisa zita rezita rekugadzirisa kurodha CDN zvemukati. Saka, mushandisi anogona kuwana izvo zvaanoda kuburikidza nekubata zvakananga kumucheto server, iyo yatove cached.
Dhizaini iri pazasi inoratidza dhizaini yehurongwa.
Mutengi software inoiswa pakombuta yemushandisi, uye browser yenguva dzose inoshandiswa kuwana zvirimo.
Kana URL kana chidimbu chemukati chatokumbirwa, bhurawuza rinokumbira kunharaunda yeDNS system (LocalDNS) kuti itore kero yeIP yekutambira. Yenguva dzose DNS inobvunzwa chete kune madomasi anga asiri muLocalDNS dhatabhesi. Iyo Scraper module inoramba ichipfuura neyakakumbirwa maURL uye inotsvaga iyo rondedzero yemazita anogona kuvharirwa domain. Scraper inobva yadaidza Resolver module kugadzirisa zvichangobva kuwanikwa zvakavharwa domains, iyi module inoita basa uye inowedzera kupinda kuLocalDNS. Iyo bhurawuza's DNS cache inozocheneswa kubvisa iripo DNS marekodhi eiyo yakavharwa domain.
Kana iyo Resolver module isingakwanise kuona kuti ndeipi CDN inopa iyo dura, inobvunza iyo Bootstrapper module yerubatsiro.
Iyo inoshanda sei mukuita
Iyo mutengi software yechigadzirwa yakashandisirwa Linux, asi inogona kutakurwa zviri nyore zvakare yeWindows. Regular Mozilla inoshandiswa sebrowser
Firefox. Iyo Scraper uye Resolver modules yakanyorwa muPython, uye Mutengi-ku-CDN uye CDN-toIP databases inochengetwa mu .txt mafaira. Iyo LocalDNS dhatabhesi ndiyo yakajairwa /etc/hosts faira muLinux.
Nekuda kweizvozvo, kune yakavharika URL senge Iyo script ichawana kumucheto server IP kero kubva ku /etc/hosts faira uye kutumira HTTP GET chikumbiro chekuwana YakavharwaURL.html neiyo Host HTTP musoro masimu:
blocked.com/ and User-Agent: Mozilla/5.0 (Windows
NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1Iyo Bootstrapper module inoshandiswa uchishandisa yemahara chishandiso digwebinterface.com. Iyi DNS solver haigone kuvharwa uye inopindura DNS mibvunzo panzvimbo yemaseva eDNS akawanda akagoverwa munzvimbo dzakasiyana siyana.
Vachishandisa chishandiso ichi, vaongorori vakakwanisa kuwana Facebook kubva kune yavo Chinese node, kunyangwe iyo social network yakagara yakavharwa muChina.
mhedziso
Kuedza kwakaratidza kuti kutora mukana wematambudziko anowanikwa nevanoongorora kana vachiedza kuvhara CDN zvemukati zvinogona kushandiswa kugadzira sisitimu yekupfuura mabhuroka. Ichi chishandiso chinokutendera kuti upfuure zvivharo kunyangwe muChina, iyo ine imwe yeakasimba kwazvo online censorship system.
Zvimwe zvinyorwa pamusoro penyaya yekushandisa zvebhizimisi:
Source: www.habr.com