Bypassing DPI with eBPF sock_ops: Linux kernel tricks to outsmart middleboxes (with macOS and Windows comparisons)
Summary
The article outlines a cross-platform approach to bypass DPI middleboxes by manipulating TLS handshakes and DNS resolution, using Linux eBPF sock_ops to inject a fake ClientHello and clamping MSS, with macOS and Windows equivalents via TUN and raw packet injection. It provides architecture, code-level details, and discusses tradeoffs and limitations across platforms. The content is technically deep but involves potentially dangerous techniques that should be treated with caution.