Update vendored github.com/sergeyfrolov/gotapdance

vendor/github.com/sergeyfrolov/gotapdance/README.md

@@ -0,0 +1,80 @@
+<p align="center">
+<a href="https://refraction.network"><img src="https://user-images.githubusercontent.com/5443147/30133006-7c3019f4-930f-11e7-9f60-3df45ee13d9d.png" alt="refract"></a>
+<h1 class="header-title" align="center">TapDance Client</h1>
+
+<p align="center">TapDance is a free-to-use anti-censorship technology, protected from enumeration attacks.</p>
+<p align="center">
+<a href="https://travis-ci.org/sergeyfrolov/gotapdance"><img src="https://travis-ci.org/sergeyfrolov/gotapdance.svg?branch=master"></a>
+<a href="https://godoc.org/github.com/sergeyfrolov/gotapdance/tapdance"><img src="https://img.shields.io/badge/godoc-reference-blue.svg"></a>
+	<a href="https://goreportcard.com/report/github.com/sergeyfrolov/gotapdance"><img src="https://goreportcard.com/badge/github.com/sergeyfrolov/gotapdance"></a>
+</p>
+
+# Build
+## Download Golang and TapDance and dependencies
+0. Install [Golang](https://golang.org/dl/) (currently tested against version 1.10 and latest).
+
+1. Get source code for Go TapDance and all dependencies:
+
+ ```bash
+go get -d -u -t github.com/sergeyfrolov/gotapdance/...
+```
+Ignore the "no buildable Go source files" warning.
+
+If you have outdated versions of libraries used, you might want to do `go get -u all`.
+
+## Usage
+
+ There are 3 supported ways to use TapDance:
+
+ * [Command Line Interface client](cli)
+
+ * [Psiphon](https://psiphon.ca/) Android app integrated TapDance as one of their transports.
+
+ * Use tapdance directly from other Golang program:
+
+```Golang
+package main
+
+import (
+	"github.com/sergeyfrolov/gotapdance/tapdance"
+	"fmt"
+)
+
+func main() {
+    // first, copy ClientConf and roots files into assets directory
+    // make sure assets directory is writable (only) by the td process
+    tapdance.AssetsSetDir("./path/to/assets/dir/")
+
+    tdConn, err := tapdance.Dial("tcp", "censoredsite.com:80")
+    if err != nil {
+        fmt.Printf("tapdance.Dial() failed: %+v\n", err)
+        return
+    }
+    // tdConn implements standard net.Conn, allowing to use it like any other Golang conn with
+    // Write(), Read(), Close() etc. It also allows to pass tdConn to functions that expect
+    // net.Conn, such as tls.Client() making it easy to do tls handshake over TapDance conn.
+    _, err = tdConn.Write([]byte("GET / HTTP/1.1\nHost: censoredsite.com\n\n"))
+    if err != nil {
+        fmt.Printf("tdConn.Write() failed: %+v\n", err)
+        return
+    }
+    buf := make([]byte, 16384)
+    _, err = tdConn.Read(buf)
+    // ...
+}
+```
+
+ * [CURRENTLY NOT MAINTAINED] Standalone TapDance mobile applications that use [Golang Bindings](gobind) as a shared library.
+
+   * [Android application in Java](android)
+
+
+ # Links
+
+ [Refraction Networking](https://refraction.network) is an umberlla term for the family of similarly working technnologies.
+
+ TapDance station code released for FOCI'17 on github: [refraction-networking/tapdance](https://github.com/refraction-networking/tapdance)
+
+ Original 2014 paper: ["TapDance: End-to-Middle Anticensorship without Flow Blocking"](https://ericw.us/trow/tapdance-sec14.pdf)
+
+ Newer(2017) paper that shows TapDance working at high-scale: ["An ISP-Scale Deployment of TapDance"](https://sfrolov.io/papers/foci17-paper-frolov_0.pdf)

vendor/github.com/sergeyfrolov/gotapdance/protobuf/signalling.pb.go

@@ -1,6 +1,22 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
+// Code generated by protoc-gen-go.
 // source: signalling.proto
-
+// DO NOT EDIT!
+
+/*
+Package tdproto is a generated protocol buffer package.
+
+It is generated from these files:
+	signalling.proto
+
+It has these top-level messages:
+	PubKey
+	TLSDecoySpec
+	ClientConf
+	DecoyList
+	StationToClient
+	ClientToStation
+	SessionStats
+*/
 package tdproto
 
 import proto "github.com/golang/protobuf/proto"
@@ -50,16 +66,15 @@ func (x *KeyType) UnmarshalJSON(data []byte) error {
 	*x = KeyType(value)
 	return nil
 }
-func (KeyType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{0}
-}
+func (KeyType) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
 
 // State transitions of the client
 type C2S_Transition int32
 
 const (
-	C2S_Transition_C2S_NO_CHANGE C2S_Transition = 0
-	// C2S_SESSION_INIT = 1; // Currently MSG_INIT is NOT protobuf
+	C2S_Transition_C2S_NO_CHANGE                C2S_Transition = 0
+	C2S_Transition_C2S_SESSION_INIT             C2S_Transition = 1
+	C2S_Transition_C2S_SESSION_COVERT_INIT      C2S_Transition = 11
 	C2S_Transition_C2S_EXPECT_RECONNECT         C2S_Transition = 2
 	C2S_Transition_C2S_SESSION_CLOSE            C2S_Transition = 3
 	C2S_Transition_C2S_YIELD_UPLOAD             C2S_Transition = 4
@@ -70,6 +85,8 @@ const (
 
 var C2S_Transition_name = map[int32]string{
 	0:   "C2S_NO_CHANGE",
+	1:   "C2S_SESSION_INIT",
+	11:  "C2S_SESSION_COVERT_INIT",
 	2:   "C2S_EXPECT_RECONNECT",
 	3:   "C2S_SESSION_CLOSE",
 	4:   "C2S_YIELD_UPLOAD",
@@ -79,6 +96,8 @@ var C2S_Transition_name = map[int32]string{
 }
 var C2S_Transition_value = map[string]int32{
 	"C2S_NO_CHANGE":                0,
+	"C2S_SESSION_INIT":             1,
+	"C2S_SESSION_COVERT_INIT":      11,
 	"C2S_EXPECT_RECONNECT":         2,
 	"C2S_SESSION_CLOSE":            3,
 	"C2S_YIELD_UPLOAD":             4,
@@ -103,18 +122,17 @@ func (x *C2S_Transition) UnmarshalJSON(data []byte) error {
 	*x = C2S_Transition(value)
 	return nil
 }
-func (C2S_Transition) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{1}
-}
+func (C2S_Transition) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
 
 // State transitions of the server
 type S2C_Transition int32
 
 const (
-	S2C_Transition_S2C_NO_CHANGE         S2C_Transition = 0
-	S2C_Transition_S2C_SESSION_INIT      S2C_Transition = 1
-	S2C_Transition_S2C_CONFIRM_RECONNECT S2C_Transition = 2
-	S2C_Transition_S2C_SESSION_CLOSE     S2C_Transition = 3
+	S2C_Transition_S2C_NO_CHANGE           S2C_Transition = 0
+	S2C_Transition_S2C_SESSION_INIT        S2C_Transition = 1
+	S2C_Transition_S2C_SESSION_COVERT_INIT S2C_Transition = 11
+	S2C_Transition_S2C_CONFIRM_RECONNECT   S2C_Transition = 2
+	S2C_Transition_S2C_SESSION_CLOSE       S2C_Transition = 3
 	// TODO should probably also allow EXPECT_RECONNECT here, for DittoTap
 	S2C_Transition_S2C_ERROR S2C_Transition = 255
 )
@@ -122,16 +140,18 @@ const (
 var S2C_Transition_name = map[int32]string{
 	0:   "S2C_NO_CHANGE",
 	1:   "S2C_SESSION_INIT",
+	11:  "S2C_SESSION_COVERT_INIT",
 	2:   "S2C_CONFIRM_RECONNECT",
 	3:   "S2C_SESSION_CLOSE",
 	255: "S2C_ERROR",
 }
 var S2C_Transition_value = map[string]int32{
-	"S2C_NO_CHANGE":         0,
-	"S2C_SESSION_INIT":      1,
-	"S2C_CONFIRM_RECONNECT": 2,
-	"S2C_SESSION_CLOSE":     3,
-	"S2C_ERROR":             255,
+	"S2C_NO_CHANGE":           0,
+	"S2C_SESSION_INIT":        1,
+	"S2C_SESSION_COVERT_INIT": 11,
+	"S2C_CONFIRM_RECONNECT":   2,
+	"S2C_SESSION_CLOSE":       3,
+	"S2C_ERROR":               255,
 }
 
 func (x S2C_Transition) Enum() *S2C_Transition {
@@ -150,9 +170,7 @@ func (x *S2C_Transition) UnmarshalJSON(data []byte) error {
 	*x = S2C_Transition(value)
 	return nil
 }
-func (S2C_Transition) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{2}
-}
+func (S2C_Transition) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
 
 // Should accompany all S2C_ERROR messages.
 type ErrorReasonS2C int32
@@ -205,42 +223,19 @@ func (x *ErrorReasonS2C) UnmarshalJSON(data []byte) error {
 	*x = ErrorReasonS2C(value)
 	return nil
 }
-func (ErrorReasonS2C) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{3}
-}
+func (ErrorReasonS2C) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
 
 type PubKey struct {
 	// A public key, as used by the station.
-	Key                  []byte   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
-	Type                 *KeyType `protobuf:"varint,2,opt,name=type,enum=tapdance.KeyType" json:"type,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PubKey) Reset()         { *m = PubKey{} }
-func (m *PubKey) String() string { return proto.CompactTextString(m) }
-func (*PubKey) ProtoMessage()    {}
-func (*PubKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{0}
-}
-func (m *PubKey) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PubKey.Unmarshal(m, b)
-}
-func (m *PubKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PubKey.Marshal(b, m, deterministic)
-}
-func (dst *PubKey) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PubKey.Merge(dst, src)
-}
-func (m *PubKey) XXX_Size() int {
-	return xxx_messageInfo_PubKey.Size(m)
-}
-func (m *PubKey) XXX_DiscardUnknown() {
-	xxx_messageInfo_PubKey.DiscardUnknown(m)
+	Key              []byte   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
+	Type             *KeyType `protobuf:"varint,2,opt,name=type,enum=tapdance.KeyType" json:"type,omitempty"`
+	XXX_unrecognized []byte   `json:"-"`
 }
 
-var xxx_messageInfo_PubKey proto.InternalMessageInfo
+func (m *PubKey) Reset()                    { *m = PubKey{} }
+func (m *PubKey) String() string            { return proto.CompactTextString(m) }
+func (*PubKey) ProtoMessage()               {}
+func (*PubKey) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
 
 func (m *PubKey) GetKey() []byte {
 	if m != nil {
@@ -286,35 +281,14 @@ type TLSDecoySpec struct {
 	// TODO: the default is based on the current heuristic of only
 	// using decoys that permit windows of 15KB or larger.  If this
 	// heuristic changes, then this default doesn't make sense.
-	Tcpwin               *uint32  `protobuf:"varint,5,opt,name=tcpwin" json:"tcpwin,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *TLSDecoySpec) Reset()         { *m = TLSDecoySpec{} }
-func (m *TLSDecoySpec) String() string { return proto.CompactTextString(m) }
-func (*TLSDecoySpec) ProtoMessage()    {}
-func (*TLSDecoySpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{1}
-}
-func (m *TLSDecoySpec) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_TLSDecoySpec.Unmarshal(m, b)
-}
-func (m *TLSDecoySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_TLSDecoySpec.Marshal(b, m, deterministic)
-}
-func (dst *TLSDecoySpec) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_TLSDecoySpec.Merge(dst, src)
-}
-func (m *TLSDecoySpec) XXX_Size() int {
-	return xxx_messageInfo_TLSDecoySpec.Size(m)
-}
-func (m *TLSDecoySpec) XXX_DiscardUnknown() {
-	xxx_messageInfo_TLSDecoySpec.DiscardUnknown(m)
+	Tcpwin           *uint32 `protobuf:"varint,5,opt,name=tcpwin" json:"tcpwin,omitempty"`
+	XXX_unrecognized []byte  `json:"-"`
 }
 
-var xxx_messageInfo_TLSDecoySpec proto.InternalMessageInfo
+func (m *TLSDecoySpec) Reset()                    { *m = TLSDecoySpec{} }
+func (m *TLSDecoySpec) String() string            { return proto.CompactTextString(m) }
+func (*TLSDecoySpec) ProtoMessage()               {}
+func (*TLSDecoySpec) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
 
 func (m *TLSDecoySpec) GetHostname() string {
 	if m != nil && m.Hostname != nil {
@@ -352,37 +326,16 @@ func (m *TLSDecoySpec) GetTcpwin() uint32 {
 }
 
 type ClientConf struct {
-	DecoyList            *DecoyList `protobuf:"bytes,1,opt,name=decoy_list" json:"decoy_list,omitempty"`
-	Generation           *uint32    `protobuf:"varint,2,opt,name=generation" json:"generation,omitempty"`
-	DefaultPubkey        *PubKey    `protobuf:"bytes,3,opt,name=default_pubkey" json:"default_pubkey,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
-	XXX_unrecognized     []byte     `json:"-"`
-	XXX_sizecache        int32      `json:"-"`
-}
-
-func (m *ClientConf) Reset()         { *m = ClientConf{} }
-func (m *ClientConf) String() string { return proto.CompactTextString(m) }
-func (*ClientConf) ProtoMessage()    {}
-func (*ClientConf) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{2}
-}
-func (m *ClientConf) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ClientConf.Unmarshal(m, b)
-}
-func (m *ClientConf) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ClientConf.Marshal(b, m, deterministic)
-}
-func (dst *ClientConf) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ClientConf.Merge(dst, src)
-}
-func (m *ClientConf) XXX_Size() int {
-	return xxx_messageInfo_ClientConf.Size(m)
-}
-func (m *ClientConf) XXX_DiscardUnknown() {
-	xxx_messageInfo_ClientConf.DiscardUnknown(m)
+	DecoyList        *DecoyList `protobuf:"bytes,1,opt,name=decoy_list" json:"decoy_list,omitempty"`
+	Generation       *uint32    `protobuf:"varint,2,opt,name=generation" json:"generation,omitempty"`
+	DefaultPubkey    *PubKey    `protobuf:"bytes,3,opt,name=default_pubkey" json:"default_pubkey,omitempty"`
+	XXX_unrecognized []byte     `json:"-"`
 }
 
-var xxx_messageInfo_ClientConf proto.InternalMessageInfo
+func (m *ClientConf) Reset()                    { *m = ClientConf{} }
+func (m *ClientConf) String() string            { return proto.CompactTextString(m) }
+func (*ClientConf) ProtoMessage()               {}
+func (*ClientConf) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
 
 func (m *ClientConf) GetDecoyList() *DecoyList {
 	if m != nil {
@@ -406,35 +359,14 @@ func (m *ClientConf) GetDefaultPubkey() *PubKey {
 }
 
 type DecoyList struct {
-	TlsDecoys            []*TLSDecoySpec `protobuf:"bytes,1,rep,name=tls_decoys" json:"tls_decoys,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *DecoyList) Reset()         { *m = DecoyList{} }
-func (m *DecoyList) String() string { return proto.CompactTextString(m) }
-func (*DecoyList) ProtoMessage()    {}
-func (*DecoyList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{3}
-}
-func (m *DecoyList) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_DecoyList.Unmarshal(m, b)
-}
-func (m *DecoyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_DecoyList.Marshal(b, m, deterministic)
-}
-func (dst *DecoyList) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DecoyList.Merge(dst, src)
-}
-func (m *DecoyList) XXX_Size() int {
-	return xxx_messageInfo_DecoyList.Size(m)
-}
-func (m *DecoyList) XXX_DiscardUnknown() {
-	xxx_messageInfo_DecoyList.DiscardUnknown(m)
+	TlsDecoys        []*TLSDecoySpec `protobuf:"bytes,1,rep,name=tls_decoys" json:"tls_decoys,omitempty"`
+	XXX_unrecognized []byte          `json:"-"`
 }
 
-var xxx_messageInfo_DecoyList proto.InternalMessageInfo
+func (m *DecoyList) Reset()                    { *m = DecoyList{} }
+func (m *DecoyList) String() string            { return proto.CompactTextString(m) }
+func (*DecoyList) ProtoMessage()               {}
+func (*DecoyList) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
 
 func (m *DecoyList) GetTlsDecoys() []*TLSDecoySpec {
 	if m != nil {
@@ -459,35 +391,14 @@ type StationToClient struct {
 	// Sent in SESSION_INIT, identifies the station that picked up
 	StationId *string `protobuf:"bytes,6,opt,name=station_id" json:"station_id,omitempty"`
 	// Random-sized junk to defeat packet size fingerprinting.
-	Padding              []byte   `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *StationToClient) Reset()         { *m = StationToClient{} }
-func (m *StationToClient) String() string { return proto.CompactTextString(m) }
-func (*StationToClient) ProtoMessage()    {}
-func (*StationToClient) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{4}
-}
-func (m *StationToClient) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_StationToClient.Unmarshal(m, b)
-}
-func (m *StationToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_StationToClient.Marshal(b, m, deterministic)
-}
-func (dst *StationToClient) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_StationToClient.Merge(dst, src)
-}
-func (m *StationToClient) XXX_Size() int {
-	return xxx_messageInfo_StationToClient.Size(m)
-}
-func (m *StationToClient) XXX_DiscardUnknown() {
-	xxx_messageInfo_StationToClient.DiscardUnknown(m)
+	Padding          []byte `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
+	XXX_unrecognized []byte `json:"-"`
 }
 
-var xxx_messageInfo_StationToClient proto.InternalMessageInfo
+func (m *StationToClient) Reset()                    { *m = StationToClient{} }
+func (m *StationToClient) String() string            { return proto.CompactTextString(m) }
+func (*StationToClient) ProtoMessage()               {}
+func (*StationToClient) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
 
 func (m *StationToClient) GetProtocolVersion() uint32 {
 	if m != nil && m.ProtocolVersion != nil {
@@ -548,38 +459,26 @@ type ClientToStation struct {
 	// The position in the overall session's upload sequence where the current
 	// YIELD=>ACQUIRE switchover is happening.
 	UploadSync *uint64 `protobuf:"varint,4,opt,name=upload_sync" json:"upload_sync,omitempty"`
-	//
-	FailedDecoys []string `protobuf:"bytes,10,rep,name=failed_decoys" json:"failed_decoys,omitempty"`
+	// List of decoys that client have unsuccessfully tried in current session.
+	// Could be sent in chunks
+	FailedDecoys []string      `protobuf:"bytes,10,rep,name=failed_decoys" json:"failed_decoys,omitempty"`
+	Stats        *SessionStats `protobuf:"bytes,11,opt,name=stats" json:"stats,omitempty"`
+	// Station is only required to check this variable during session initialization.
+	// If set, station must facilitate connection to said target by itself, i.e. write into squid
+	// socket an HTTP/SOCKS/any other connection request.
+	// covert_address must have exactly one ':' colon, that separates host (literal IP address or
+	// resolvable hostname) and port
+	// TODO: make it required for initialization, and stop connecting any client straight to squid?
+	CovertAddress *string `protobuf:"bytes,20,opt,name=covert_address" json:"covert_address,omitempty"`
 	// Random-sized junk to defeat packet size fingerprinting.
-	Padding              []byte   `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ClientToStation) Reset()         { *m = ClientToStation{} }
-func (m *ClientToStation) String() string { return proto.CompactTextString(m) }
-func (*ClientToStation) ProtoMessage()    {}
-func (*ClientToStation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_signalling_8a11dc154e264fe5, []int{5}
-}
-func (m *ClientToStation) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ClientToStation.Unmarshal(m, b)
-}
-func (m *ClientToStation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ClientToStation.Marshal(b, m, deterministic)
-}
-func (dst *ClientToStation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ClientToStation.Merge(dst, src)
-}
-func (m *ClientToStation) XXX_Size() int {
-	return xxx_messageInfo_ClientToStation.Size(m)
-}
-func (m *ClientToStation) XXX_DiscardUnknown() {
-	xxx_messageInfo_ClientToStation.DiscardUnknown(m)
+	Padding          []byte `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
+	XXX_unrecognized []byte `json:"-"`
 }
 
-var xxx_messageInfo_ClientToStation proto.InternalMessageInfo
+func (m *ClientToStation) Reset()                    { *m = ClientToStation{} }
+func (m *ClientToStation) String() string            { return proto.CompactTextString(m) }
+func (*ClientToStation) ProtoMessage()               {}
+func (*ClientToStation) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
 
 func (m *ClientToStation) GetProtocolVersion() uint32 {
 	if m != nil && m.ProtocolVersion != nil {
@@ -616,6 +515,20 @@ func (m *ClientToStation) GetFailedDecoys() []string {
 	return nil
 }
 
+func (m *ClientToStation) GetStats() *SessionStats {
+	if m != nil {
+		return m.Stats
+	}
+	return nil
+}
+
+func (m *ClientToStation) GetCovertAddress() string {
+	if m != nil && m.CovertAddress != nil {
+		return *m.CovertAddress
+	}
+	return ""
+}
+
 func (m *ClientToStation) GetPadding() []byte {
 	if m != nil {
 		return m.Padding
@@ -623,6 +536,57 @@ func (m *ClientToStation) GetPadding() []byte {
 	return nil
 }
 
+type SessionStats struct {
+	FailedDecoysAmount *uint32 `protobuf:"varint,20,opt,name=failed_decoys_amount" json:"failed_decoys_amount,omitempty"`
+	// Applicable to whole session:
+	TotalTimeToConnect *uint32 `protobuf:"varint,31,opt,name=total_time_to_connect" json:"total_time_to_connect,omitempty"`
+	// Last (i.e. successful) decoy:
+	RttToStation     *uint32 `protobuf:"varint,33,opt,name=rtt_to_station" json:"rtt_to_station,omitempty"`
+	TlsToDecoy       *uint32 `protobuf:"varint,38,opt,name=tls_to_decoy" json:"tls_to_decoy,omitempty"`
+	TcpToDecoy       *uint32 `protobuf:"varint,39,opt,name=tcp_to_decoy" json:"tcp_to_decoy,omitempty"`
+	XXX_unrecognized []byte  `json:"-"`
+}
+
+func (m *SessionStats) Reset()                    { *m = SessionStats{} }
+func (m *SessionStats) String() string            { return proto.CompactTextString(m) }
+func (*SessionStats) ProtoMessage()               {}
+func (*SessionStats) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
+
+func (m *SessionStats) GetFailedDecoysAmount() uint32 {
+	if m != nil && m.FailedDecoysAmount != nil {
+		return *m.FailedDecoysAmount
+	}
+	return 0
+}
+
+func (m *SessionStats) GetTotalTimeToConnect() uint32 {
+	if m != nil && m.TotalTimeToConnect != nil {
+		return *m.TotalTimeToConnect
+	}
+	return 0
+}
+
+func (m *SessionStats) GetRttToStation() uint32 {
+	if m != nil && m.RttToStation != nil {
+		return *m.RttToStation
+	}
+	return 0
+}
+
+func (m *SessionStats) GetTlsToDecoy() uint32 {
+	if m != nil && m.TlsToDecoy != nil {
+		return *m.TlsToDecoy
+	}
+	return 0
+}
+
+func (m *SessionStats) GetTcpToDecoy() uint32 {
+	if m != nil && m.TcpToDecoy != nil {
+		return *m.TcpToDecoy
+	}
+	return 0
+}
+
 func init() {
 	proto.RegisterType((*PubKey)(nil), "tapdance.PubKey")
 	proto.RegisterType((*TLSDecoySpec)(nil), "tapdance.TLSDecoySpec")
@@ -630,61 +594,70 @@ func init() {
 	proto.RegisterType((*DecoyList)(nil), "tapdance.DecoyList")
 	proto.RegisterType((*StationToClient)(nil), "tapdance.StationToClient")
 	proto.RegisterType((*ClientToStation)(nil), "tapdance.ClientToStation")
+	proto.RegisterType((*SessionStats)(nil), "tapdance.SessionStats")
 	proto.RegisterEnum("tapdance.KeyType", KeyType_name, KeyType_value)
 	proto.RegisterEnum("tapdance.C2S_Transition", C2S_Transition_name, C2S_Transition_value)
 	proto.RegisterEnum("tapdance.S2C_Transition", S2C_Transition_name, S2C_Transition_value)
 	proto.RegisterEnum("tapdance.ErrorReasonS2C", ErrorReasonS2C_name, ErrorReasonS2C_value)
 }
 
-func init() { proto.RegisterFile("signalling.proto", fileDescriptor_signalling_8a11dc154e264fe5) }
-
-var fileDescriptor_signalling_8a11dc154e264fe5 = []byte{
-	// 751 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x52, 0x4f, 0x6f, 0xe3, 0x44,
-	0x14, 0x5f, 0x37, 0xd9, 0xb4, 0x7d, 0x69, 0x9c, 0xe9, 0xb4, 0x5d, 0x19, 0x09, 0x44, 0x94, 0x0b,
-	0xa1, 0xa0, 0x4a, 0x58, 0xb0, 0x70, 0x8d, 0x26, 0xc3, 0x12, 0xad, 0xeb, 0x09, 0xf6, 0x14, 0x51,
-	0x38, 0x8c, 0xdc, 0x78, 0x12, 0xac, 0x75, 0x3d, 0x96, 0x3d, 0x59, 0x14, 0xf1, 0x95, 0x38, 0x72,
-	0xe3, 0x5b, 0xf1, 0x05, 0x40, 0x63, 0x3b, 0x8d, 0xc9, 0xae, 0xf6, 0xe8, 0x9f, 0xdf, 0xfc, 0xfe,
-	0xbd, 0x07, 0xa8, 0x4c, 0xd6, 0x59, 0x94, 0xa6, 0x49, 0xb6, 0xbe, 0xc9, 0x0b, 0xa5, 0x15, 0x3e,
-	0xd1, 0x51, 0x1e, 0x47, 0xd9, 0x52, 0x8e, 0x5f, 0x42, 0x6f, 0xb1, 0x79, 0x78, 0x2d, 0xb7, 0xb8,
-	0x0f, 0x9d, 0x37, 0x72, 0xeb, 0x58, 0x23, 0x6b, 0x72, 0x86, 0x3f, 0x85, 0xae, 0xde, 0xe6, 0xd2,
-	0x39, 0x1a, 0x59, 0x13, 0xdb, 0x3d, 0xbf, 0xd9, 0xcd, 0xdf, 0xbc, 0x96, 0x5b, 0xbe, 0xcd, 0xe5,
-	0x78, 0x03, 0x67, 0xdc, 0x0b, 0x67, 0x72, 0xa9, 0xb6, 0x61, 0x2e, 0x97, 0x18, 0xc1, 0xc9, 0x6f,
-	0xaa, 0xd4, 0x59, 0xf4, 0x28, 0x2b, 0x8a, 0x53, 0x83, 0x24, 0xf9, 0xdb, 0xaf, 0xa3, 0x38, 0x2e,
-	0x2a, 0x9a, 0x63, 0x3c, 0x82, 0x5e, 0xbe, 0x79, 0x30, 0x22, 0x9d, 0x91, 0x35, 0xe9, 0xbb, 0x68,
-	0x4f, 0xdb, 0x78, 0x18, 0xc2, 0xb1, 0x4e, 0x1e, 0xa5, 0xda, 0x68, 0xa7, 0x3b, 0xb2, 0x26, 0x03,
-	0x6c, 0x43, 0x4f, 0x2f, 0xf3, 0xdf, 0x93, 0xcc, 0x79, 0x6e, 0xbe, 0xc7, 0x25, 0x00, 0x49, 0x13,
-	0x99, 0x69, 0xa2, 0xb2, 0x15, 0xfe, 0x0c, 0x20, 0x36, 0x0e, 0x44, 0x9a, 0x94, 0xba, 0x92, 0xed,
-	0xbb, 0x17, 0x7b, 0xd2, 0xca, 0x9d, 0x97, 0x94, 0x1a, 0x63, 0x80, 0xb5, 0xcc, 0x64, 0x11, 0xe9,
-	0x44, 0x65, 0x95, 0x9b, 0x01, 0x9e, 0x80, 0x1d, 0xcb, 0x55, 0xb4, 0x49, 0xb5, 0xf8, 0xb0, 0xab,
-	0xf1, 0xb7, 0x70, 0xba, 0xa7, 0xba, 0x06, 0xd0, 0x69, 0x29, 0x2a, 0xdd, 0xd2, 0xb1, 0x46, 0x9d,
-	0x49, 0xdf, 0x7d, 0xb1, 0x7f, 0xd2, 0x2e, 0x65, 0xfc, 0x8f, 0x05, 0xc3, 0x50, 0x57, 0xa2, 0x5c,
-	0xd5, 0xbe, 0xb1, 0x03, 0xa8, 0xda, 0xc1, 0x52, 0xa5, 0xe2, 0xad, 0x2c, 0x4a, 0x63, 0xc8, 0xaa,
-	0x0c, 0xb9, 0x80, 0x4a, 0x1d, 0x69, 0x29, 0x74, 0x11, 0x65, 0x65, 0xf2, 0x64, 0xd5, 0x76, 0x9d,
-	0x3d, 0x7f, 0xe8, 0x12, 0xc1, 0x9f, 0xfe, 0xe3, 0xcf, 0xa1, 0xbf, 0x54, 0xd9, 0x2a, 0x59, 0x8b,
-	0x24, 0x5b, 0xa9, 0x26, 0xc1, 0xe5, 0x7e, 0xbc, 0x55, 0xd6, 0x97, 0x00, 0xb2, 0x28, 0x44, 0x21,
-	0xa3, 0x52, 0x65, 0x55, 0xbd, 0xff, 0x23, 0xa6, 0x45, 0xa1, 0x8a, 0xa0, 0xfa, 0x19, 0xba, 0x04,
-	0x5f, 0x40, 0x5f, 0x3f, 0xe6, 0xe2, 0x21, 0x5a, 0xbe, 0x51, 0xab, 0x55, 0xdd, 0xbe, 0xa9, 0xb1,
-	0xac, 0xe3, 0x88, 0x24, 0x76, 0x7a, 0xd5, 0x9a, 0x87, 0x70, 0x9c, 0x47, 0x71, 0x9c, 0x64, 0x6b,
-	0x27, 0x36, 0xa7, 0x33, 0xfe, 0xdb, 0x82, 0x61, 0x2d, 0xcb, 0x55, 0x13, 0xfe, 0x03, 0xa1, 0x3f,
-	0x81, 0xab, 0xfd, 0x0a, 0xc5, 0x3b, 0x4b, 0x7a, 0x5f, 0x27, 0x9d, 0x43, 0xeb, 0xc4, 0x0d, 0xdb,
-	0x9d, 0x5c, 0x40, 0x7f, 0x93, 0xa7, 0x2a, 0x8a, 0x45, 0xb9, 0xcd, 0x96, 0x55, 0xd2, 0x2e, 0xbe,
-	0x82, 0xc1, 0x2a, 0x4a, 0x52, 0x19, 0xef, 0x36, 0x07, 0xa3, 0xce, 0x7b, 0xdc, 0x5f, 0x7f, 0x01,
-	0xc7, 0xcd, 0x89, 0xe3, 0x21, 0xf4, 0xa7, 0x34, 0x14, 0xaf, 0xc8, 0xad, 0xf8, 0xca, 0xfd, 0x0e,
-	0xfd, 0xd2, 0x06, 0xdc, 0x6f, 0x5e, 0xa2, 0x5f, 0xaf, 0xff, 0xb2, 0xc0, 0x3e, 0x10, 0x3f, 0x87,
-	0x81, 0x41, 0x7c, 0x26, 0xc8, 0x0f, 0x53, 0xff, 0x15, 0x45, 0xcf, 0xb0, 0x03, 0x97, 0x06, 0xa2,
-	0x3f, 0x2f, 0x28, 0xe1, 0x22, 0xa0, 0x84, 0xf9, 0x3e, 0x25, 0x1c, 0x1d, 0xe1, 0x2b, 0x38, 0x37,
-	0x7f, 0x42, 0x1a, 0x86, 0x73, 0xe6, 0x0b, 0xe2, 0xb1, 0x90, 0xa2, 0x0e, 0xbe, 0x04, 0x64, 0xe0,
-	0xfb, 0x39, 0xf5, 0x66, 0xe2, 0x6e, 0xe1, 0xb1, 0xe9, 0x0c, 0x75, 0xf1, 0x0b, 0xc0, 0x06, 0x9d,
-	0x92, 0x1f, 0xef, 0xe6, 0x01, 0xdd, 0xe1, 0xcf, 0xf1, 0x08, 0x3e, 0x6e, 0xd1, 0xd7, 0x30, 0xf3,
-	0xbd, 0xfb, 0x46, 0x09, 0xf5, 0xb0, 0x0d, 0xa7, 0xd5, 0x44, 0x10, 0xb0, 0x00, 0xfd, 0x6b, 0x5d,
-	0xff, 0x01, 0xf6, 0xc1, 0x19, 0x9d, 0xc3, 0xc0, 0x20, 0x6d, 0xd7, 0x97, 0x80, 0x0c, 0xb4, 0xf3,
-	0x36, 0xf7, 0xe7, 0x1c, 0x59, 0xf8, 0x23, 0xb8, 0x32, 0x28, 0x61, 0xfe, 0xf7, 0xf3, 0xe0, 0xf6,
-	0x30, 0x4c, 0xfb, 0xc1, 0x2e, 0x8c, 0x0d, 0xa7, 0x06, 0x7e, 0x12, 0xff, 0xd3, 0x02, 0xfb, 0xe0,
-	0xd6, 0xce, 0xe0, 0xc4, 0x67, 0xcd, 0xc4, 0xb3, 0xaa, 0x41, 0xf6, 0x13, 0x0d, 0xb8, 0x08, 0x79,
-	0x40, 0xa7, 0xb7, 0xc8, 0xc2, 0x17, 0x30, 0x24, 0xde, 0x9c, 0xfa, 0xa6, 0xbd, 0x05, 0x0b, 0x38,
-	0x9d, 0xa1, 0xa3, 0x16, 0xb8, 0x08, 0x18, 0x67, 0x84, 0x79, 0x75, 0x75, 0x21, 0x9f, 0xf2, 0xda,
-	0x31, 0xa7, 0x81, 0x3f, 0xf5, 0x50, 0x17, 0x63, 0xb0, 0x67, 0x94, 0xb0, 0x7b, 0x61, 0x78, 0x9b,
-	0xda, 0x8c, 0x4c, 0xfd, 0xbc, 0x91, 0x89, 0xcd, 0x58, 0x03, 0xf1, 0xf9, 0x2d, 0x65, 0x77, 0x1c,
-	0xc9, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x62, 0x2e, 0x52, 0xe5, 0x3c, 0x05, 0x00, 0x00,
+func init() { proto.RegisterFile("signalling.proto", fileDescriptor0) }
+
+var fileDescriptor0 = []byte{
+	// 867 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x7c, 0x53, 0x4d, 0x6f, 0xe3, 0x44,
+	0x18, 0x5e, 0x37, 0x69, 0xda, 0xbc, 0x4e, 0x9c, 0xe9, 0x34, 0x2d, 0x46, 0x2c, 0xda, 0x10, 0x09,
+	0x36, 0x14, 0x54, 0x09, 0x0b, 0x16, 0xae, 0x91, 0x63, 0x96, 0x68, 0x53, 0x3b, 0xd8, 0x2e, 0xa2,
+	0x70, 0x18, 0xb9, 0xf6, 0x24, 0x58, 0xeb, 0x7a, 0x2c, 0xcf, 0xa4, 0x28, 0xbf, 0x82, 0x2b, 0x3f,
+	0x82, 0xff, 0xc5, 0x9d, 0x23, 0x17, 0xd0, 0x8c, 0xdd, 0xe6, 0x63, 0x57, 0x3d, 0xfa, 0x99, 0x79,
+	0x9f, 0xaf, 0x77, 0x0c, 0x88, 0xa7, 0xcb, 0x3c, 0xca, 0xb2, 0x34, 0x5f, 0x5e, 0x16, 0x25, 0x13,
+	0x0c, 0x1f, 0x8b, 0xa8, 0x48, 0xa2, 0x3c, 0xa6, 0xc3, 0x57, 0xd0, 0x9a, 0xaf, 0x6e, 0xdf, 0xd0,
+	0x35, 0xd6, 0xa1, 0xf1, 0x96, 0xae, 0x4d, 0x6d, 0xa0, 0x8d, 0x3a, 0xf8, 0x05, 0x34, 0xc5, 0xba,
+	0xa0, 0xe6, 0xc1, 0x40, 0x1b, 0x19, 0xd6, 0xc9, 0xe5, 0xc3, 0xfd, 0xcb, 0x37, 0x74, 0x1d, 0xae,
+	0x0b, 0x3a, 0x5c, 0x41, 0x27, 0x9c, 0x05, 0x13, 0x1a, 0xb3, 0x75, 0x50, 0xd0, 0x18, 0x23, 0x38,
+	0xfe, 0x8d, 0x71, 0x91, 0x47, 0x77, 0x54, 0x51, 0xb4, 0x25, 0x92, 0x16, 0xf7, 0x5f, 0x47, 0x49,
+	0x52, 0x2a, 0x9a, 0x23, 0x3c, 0x80, 0x56, 0xb1, 0xba, 0x95, 0x22, 0x8d, 0x81, 0x36, 0xd2, 0x2d,
+	0xb4, 0xa1, 0xad, 0x3d, 0xf4, 0xe0, 0x48, 0xa4, 0x77, 0x94, 0xad, 0x84, 0xd9, 0x1c, 0x68, 0xa3,
+	0x2e, 0x36, 0xa0, 0x25, 0xe2, 0xe2, 0xf7, 0x34, 0x37, 0x0f, 0xe5, 0xf7, 0x90, 0x03, 0xd8, 0x59,
+	0x4a, 0x73, 0x61, 0xb3, 0x7c, 0x81, 0x5f, 0x02, 0x24, 0xd2, 0x01, 0xc9, 0x52, 0x2e, 0x94, 0xac,
+	0x6e, 0x9d, 0x6e, 0x48, 0x95, 0xbb, 0x59, 0xca, 0x05, 0xc6, 0x00, 0x4b, 0x9a, 0xd3, 0x32, 0x12,
+	0x29, 0xcb, 0x95, 0x9b, 0x2e, 0x1e, 0x81, 0x91, 0xd0, 0x45, 0xb4, 0xca, 0x04, 0x79, 0xda, 0xd5,
+	0xf0, 0x5b, 0x68, 0x6f, 0xa8, 0x2e, 0x00, 0x44, 0xc6, 0x89, 0xd2, 0xe5, 0xa6, 0x36, 0x68, 0x8c,
+	0x74, 0xeb, 0x7c, 0x33, 0xb2, 0x5d, 0xca, 0xf0, 0x1f, 0x0d, 0x7a, 0x81, 0x50, 0xa2, 0x21, 0xab,
+	0x7c, 0x63, 0x13, 0x90, 0xda, 0x41, 0xcc, 0x32, 0x72, 0x4f, 0x4b, 0x2e, 0x0d, 0x69, 0xca, 0x90,
+	0x05, 0x88, 0x8b, 0x48, 0x50, 0x22, 0xca, 0x28, 0xe7, 0xe9, 0xa3, 0x55, 0xc3, 0x32, 0x37, 0xfc,
+	0x81, 0x65, 0x93, 0xf0, 0xf1, 0x1c, 0x7f, 0x0e, 0x7a, 0xcc, 0xf2, 0x45, 0xba, 0x24, 0x69, 0xbe,
+	0x60, 0x75, 0x82, 0xfe, 0xe6, 0xfa, 0x56, 0x59, 0x5f, 0x02, 0xd0, 0xb2, 0x24, 0x25, 0x8d, 0x38,
+	0xcb, 0x55, 0xbd, 0x3b, 0xc4, 0x4e, 0x59, 0xb2, 0xd2, 0x57, 0x87, 0x81, 0x65, 0xe3, 0x53, 0xd0,
+	0xc5, 0x5d, 0x41, 0x6e, 0xa3, 0xf8, 0x2d, 0x5b, 0x2c, 0xaa, 0xf6, 0x65, 0x8d, 0xbc, 0x8a, 0x43,
+	0xd2, 0xc4, 0x6c, 0xa9, 0x35, 0xf7, 0xe0, 0xa8, 0x88, 0x92, 0x24, 0xcd, 0x97, 0x66, 0x22, 0x9f,
+	0xce, 0xf0, 0x5f, 0x0d, 0x7a, 0x95, 0x6c, 0xc8, 0xea, 0xf0, 0x4f, 0x84, 0xfe, 0x18, 0xce, 0x36,
+	0x2b, 0x24, 0xef, 0x2c, 0xe9, 0x7d, 0x9d, 0x34, 0xf6, 0xad, 0xdb, 0x56, 0xb0, 0xdd, 0xc9, 0x29,
+	0xe8, 0xab, 0x22, 0x63, 0x51, 0x42, 0xf8, 0x3a, 0x8f, 0x55, 0xd2, 0x26, 0x3e, 0x83, 0xee, 0x22,
+	0x4a, 0x33, 0x9a, 0x3c, 0x6c, 0x0e, 0x06, 0x8d, 0x51, 0x1b, 0x7f, 0x0a, 0x87, 0x92, 0x9f, 0x9b,
+	0xba, 0x6a, 0x6e, 0x6b, 0x91, 0x01, 0xe5, 0xd2, 0xa6, 0x4c, 0xc0, 0xf1, 0x39, 0x18, 0x31, 0xbb,
+	0xa7, 0xa5, 0x20, 0xf2, 0x39, 0x53, 0xce, 0xcd, 0xfe, 0xfb, 0xc3, 0xff, 0xa1, 0x41, 0x67, 0x67,
+	0xf2, 0x39, 0xf4, 0x77, 0x74, 0x49, 0x74, 0xc7, 0x56, 0xb9, 0x50, 0xf3, 0x2a, 0xbd, 0x60, 0x22,
+	0xca, 0x88, 0x7c, 0xf5, 0x44, 0x30, 0x12, 0xb3, 0x3c, 0xa7, 0xb1, 0x30, 0x5f, 0xa8, 0xe3, 0x73,
+	0x30, 0x4a, 0x21, 0x24, 0x5e, 0xd7, 0x6e, 0x7e, 0xa2, 0xf0, 0x3e, 0x74, 0xe4, 0x1b, 0x14, 0xac,
+	0x22, 0x35, 0x3f, 0x7b, 0x44, 0xe3, 0x62, 0x83, 0xbe, 0x94, 0xe8, 0xc5, 0x17, 0x70, 0x54, 0xff,
+	0xb3, 0xb8, 0x07, 0xfa, 0xd8, 0x09, 0xc8, 0x6b, 0xfb, 0x8a, 0x7c, 0x65, 0x7d, 0x87, 0x7e, 0xd9,
+	0x06, 0xac, 0x6f, 0x5e, 0xa1, 0x5f, 0x2f, 0xfe, 0xd6, 0xc0, 0xd8, 0x6b, 0xf3, 0x04, 0xba, 0x12,
+	0x71, 0x3d, 0x62, 0xff, 0x30, 0x76, 0x5f, 0x3b, 0xe8, 0x19, 0xee, 0x03, 0x92, 0x50, 0xe0, 0x04,
+	0xc1, 0xd4, 0x73, 0xc9, 0xd4, 0x9d, 0x86, 0x48, 0xc3, 0x1f, 0xc1, 0x07, 0xdb, 0xa8, 0xed, 0xfd,
+	0xe4, 0xf8, 0x61, 0x75, 0xa8, 0x63, 0x13, 0xfa, 0xf2, 0xd0, 0xf9, 0x79, 0xee, 0xd8, 0x21, 0xf1,
+	0x1d, 0xdb, 0x73, 0x5d, 0xc7, 0x0e, 0xd1, 0x01, 0x3e, 0x83, 0x93, 0x9d, 0xb1, 0x99, 0x17, 0x38,
+	0xa8, 0xf1, 0xa0, 0x71, 0x33, 0x75, 0x66, 0x13, 0x72, 0x3d, 0x9f, 0x79, 0xe3, 0x09, 0x6a, 0xe2,
+	0x73, 0xc0, 0x12, 0x1d, 0xdb, 0x3f, 0x5e, 0x4f, 0x7d, 0xe7, 0x01, 0x3f, 0xc4, 0x03, 0x78, 0xbe,
+	0x45, 0x5f, 0xc1, 0x9e, 0x3b, 0xbb, 0xa9, 0x95, 0x50, 0x0b, 0x1b, 0xd0, 0x56, 0x37, 0x7c, 0xdf,
+	0xf3, 0xd1, 0x7f, 0xda, 0xc5, 0x9f, 0x1a, 0x18, 0x7b, 0xff, 0xd2, 0x09, 0x74, 0x25, 0xb2, 0x97,
+	0x54, 0x42, 0xef, 0x26, 0xdd, 0x46, 0x77, 0x93, 0x7e, 0x08, 0x67, 0xf2, 0xd0, 0xf6, 0xdc, 0xef,
+	0xa7, 0xfe, 0xd5, 0x7e, 0xd4, 0x9d, 0xb9, 0x3a, 0xaa, 0x01, 0x6d, 0x09, 0x3f, 0x5a, 0xfb, 0x4b,
+	0x03, 0x63, 0xef, 0x6f, 0xec, 0xc0, 0xb1, 0xeb, 0xd5, 0x37, 0x9e, 0xa9, 0x95, 0x54, 0x9a, 0x41,
+	0xe8, 0x3b, 0xe3, 0x2b, 0xa4, 0xe1, 0x53, 0xe8, 0xd9, 0xb3, 0xa9, 0xe3, 0xca, 0x6e, 0xe7, 0x9e,
+	0x1f, 0x3a, 0x13, 0x74, 0xb0, 0x05, 0xce, 0x7d, 0x2f, 0xf4, 0x6c, 0x6f, 0x56, 0x15, 0x1b, 0x84,
+	0xe3, 0xb0, 0x8a, 0x13, 0x3a, 0xbe, 0x3b, 0x9e, 0xa1, 0x26, 0xc6, 0x60, 0x4c, 0x1c, 0xdb, 0xbb,
+	0x21, 0x92, 0xb7, 0x2e, 0x55, 0xca, 0x54, 0xe3, 0xb5, 0x4c, 0x22, 0xaf, 0xd5, 0x50, 0x38, 0xbd,
+	0x72, 0xbc, 0xeb, 0x10, 0xd1, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0x37, 0x58, 0xdc, 0xae, 0x5e,
+	0x06, 0x00, 0x00,
 }

vendor/github.com/sergeyfrolov/gotapdance/protobuf/signalling.proto

@@ -89,7 +89,8 @@ message DecoyList {
 // State transitions of the client
 enum C2S_Transition {
     C2S_NO_CHANGE = 0;
-    // C2S_SESSION_INIT = 1; // Currently MSG_INIT is NOT protobuf
+    C2S_SESSION_INIT = 1; // connect me to squid
+    C2S_SESSION_COVERT_INIT = 11; // connect me to provided covert
     C2S_EXPECT_RECONNECT = 2;
     C2S_SESSION_CLOSE = 3;
     C2S_YIELD_UPLOAD = 4;
@@ -101,7 +102,8 @@ enum C2S_Transition {
 // State transitions of the server
 enum S2C_Transition {
     S2C_NO_CHANGE = 0;
-    S2C_SESSION_INIT = 1;
+    S2C_SESSION_INIT = 1; // connected to squid
+    S2C_SESSION_COVERT_INIT = 11; // connected to covert host
     S2C_CONFIRM_RECONNECT = 2;
     S2C_SESSION_CLOSE = 3;
     // TODO should probably also allow EXPECT_RECONNECT here, for DittoTap
@@ -160,10 +162,36 @@ message ClientToStation {
     // YIELD=>ACQUIRE switchover is happening.
     optional uint64 upload_sync = 4;
 
-    // 
+
+    // List of decoys that client have unsuccessfully tried in current session.
+    // Could be sent in chunks
     repeated string failed_decoys = 10;
 
+    optional SessionStats stats = 11;
+
+    // Station is only required to check this variable during session initialization.
+    // If set, station must facilitate connection to said target by itself, i.e. write into squid
+    // socket an HTTP/SOCKS/any other connection request.
+    // covert_address must have exactly one ':' colon, that separates host (literal IP address or
+    // resolvable hostname) and port
+    // TODO: make it required for initialization, and stop connecting any client straight to squid?
+    optional string covert_address = 20;
+
     // Random-sized junk to defeat packet size fingerprinting.
     optional bytes padding = 100;
 }
 
+message SessionStats {
+    optional uint32 failed_decoys_amount = 20; // how many decoys were tried before success
+
+    // Timings below are in milliseconds
+
+    // Applicable to whole session:
+    optional uint32 total_time_to_connect = 31; // includes failed attempts
+
+    // Last (i.e. successful) decoy:
+    optional uint32 rtt_to_station = 33; // measured during initial handshake
+    optional uint32 tls_to_decoy = 38; // includes tcp to decoy
+    optional uint32 tcp_to_decoy = 39; // measured when establishing tcp connection to decot
+}
+

vendor/github.com/sergeyfrolov/gotapdance/tapdance/common.go

@@ -1,9 +1,11 @@
 package tapdance
 
 import (
+	"encoding/hex"
 	"errors"
+	"fmt"
 	"github.com/refraction-networking/utls"
-	"math"
+	"os"
 	"strconv"
 	"time"
 )
@@ -116,6 +118,37 @@ func EnableProxyProtocol() {
 	default_flags |= tdFlagProxyHeader
 }
 
+var tlsSecretLog string
+
+func SetTlsLogFilename(filename string) error {
+	tlsSecretLog = filename
+	// Truncate file
+	f, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	return f.Close()
+}
+
+func WriteTlsLog(clientRandom, masterSecret []byte) error {
+	if tlsSecretLog != "" {
+		f, err := os.OpenFile(tlsSecretLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return err
+		}
+
+		_, err = fmt.Fprintf(f, "CLIENT_RANDOM %s %s\n",
+			hex.EncodeToString(clientRandom),
+			hex.EncodeToString(masterSecret))
+		if err != nil {
+			return err
+		}
+
+		return f.Close()
+	}
+	return nil
+}
+
 // List of actually supported ciphers(not a list of offered ciphers!)
 // Essentially all working AES_GCM_128 ciphers
 var tapDanceSupportedCiphers = []uint16{
@@ -129,9 +162,8 @@ var tapDanceSupportedCiphers = []uint16{
 
 // How much time to sleep on trying to connect to decoys to prevent overwhelming them
 func sleepBeforeConnect(attempt int) (waitTime <-chan time.Time) {
-	if attempt >= 2 { // return nil for first 2 attempts
-		waitTime = time.After(time.Second *
-			time.Duration(math.Pow(3, float64(attempt-1))))
+	if attempt >= 6 { // return nil for first 6 attempts
+		waitTime = time.After(time.Second * 1)
 	}
 	return
 }

vendor/github.com/sergeyfrolov/gotapdance/tapdance/conn_dual.go

@@ -2,7 +2,6 @@ package tapdance
 
 import (
 	"context"
-	"crypto/rand"
 	"errors"
 	"net"
 	"strconv"
@@ -20,16 +19,12 @@ type DualConn struct {
 }
 
 // returns TapDance connection that utilizes 2 flows underneath: reader and writer
-func dialSplitFlow(ctx context.Context, customDialer func(context.Context, string, string) (net.Conn, error)) (net.Conn, error) {
+func dialSplitFlow(ctx context.Context, customDialer func(context.Context, string, string) (net.Conn, error),
+	covert string) (net.Conn, error) {
 	dualConn := DualConn{sessionId: sessionsTotal.GetAndInc()}
 	stationPubkey := Assets().GetPubkey()
 
-	remoteConnId := make([]byte, 16)
-	rand.Read(remoteConnId[:])
-
-	rawRConn := makeTdRaw(tagHttpGetIncomplete,
-		stationPubkey[:],
-		remoteConnId[:])
+	rawRConn := makeTdRaw(tagHttpGetIncomplete, stationPubkey[:])
 	if customDialer != nil {
 		rawRConn.TcpDialer = customDialer
 	}
@@ -37,7 +32,7 @@ func dialSplitFlow(ctx context.Context, customDialer func(context.Context, strin
 	rawRConn.strIdSuffix = "R"
 
 	var err error
-	dualConn.readerConn, err = makeTdFlow(flowReadOnly, rawRConn)
+	dualConn.readerConn, err = makeTdFlow(flowReadOnly, rawRConn, covert)
 	if err != nil {
 		return nil, err
 	}
@@ -58,8 +53,7 @@ func dialSplitFlow(ctx context.Context, customDialer func(context.Context, strin
 	}
 
 	rawWConn := makeTdRaw(tagHttpPostIncomplete,
-		stationPubkey[:],
-		remoteConnId[:])
+		stationPubkey[:])
 	if customDialer != nil {
 		rawRConn.TcpDialer = customDialer
 	}
@@ -68,7 +62,7 @@ func dialSplitFlow(ctx context.Context, customDialer func(context.Context, strin
 	rawWConn.decoySpec = rawRConn.decoySpec
 	rawWConn.pinDecoySpec = true
 
-	dualConn.writerConn, err = makeTdFlow(flowUpload, rawWConn)
+	dualConn.writerConn, err = makeTdFlow(flowUpload, rawWConn, covert)
 	if err != nil {
 		dualConn.readerConn.closeWithErrorOnce(err)
 		return nil, err

vendor/github.com/sergeyfrolov/gotapdance/tapdance/conn_flow.go

@@ -12,13 +12,14 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
-	"github.com/golang/protobuf/proto"
-	"github.com/sergeyfrolov/bsbuffer"
-	pb "github.com/sergeyfrolov/gotapdance/protobuf"
 	"io"
 	"net"
 	"sync"
 	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/sergeyfrolov/bsbuffer"
+	pb "github.com/sergeyfrolov/gotapdance/protobuf"
 )
 
 // TapdanceFlowConn represents single TapDance flow.
@@ -58,19 +59,19 @@ type TapdanceFlowConn struct {
 
 // NewTapDanceConn returns TapDance connection, that is ready to be Dial'd
 func NewTapDanceConn() (net.Conn, error) {
-	return makeTdFlow(flowBidirectional, nil)
+	return makeTdFlow(flowBidirectional, nil, "")
 }
 
 // Prepares TD flow: does not make any network calls nor sets up engines
-func makeTdFlow(flow flowType, tdRaw *tdRawConn) (*TapdanceFlowConn, error) {
+func makeTdFlow(flow flowType, tdRaw *tdRawConn, covert string) (*TapdanceFlowConn, error) {
 	if tdRaw == nil {
 		// raw TapDance connection is not given, make a new one
 		stationPubkey := Assets().GetPubkey()
 		remoteConnId := make([]byte, 16)
 		rand.Read(remoteConnId[:])
 		tdRaw = makeTdRaw(tagHttpGetIncomplete,
-			stationPubkey[:],
-			remoteConnId[:])
+			stationPubkey[:])
+		tdRaw.covert = covert
 		tdRaw.sessionId = sessionsTotal.GetAndInc()
 	}
 
@@ -552,8 +553,8 @@ func (flowConn *TapdanceFlowConn) processProto(msg pb.StationToClient) error {
 
 		_err := Assets().SetClientConf(conf)
 		if _err != nil {
-			Logger().Errorln(flowConn.idStr() +
-				"Could not save Setpb.ClientConf():" + _err.Error())
+			Logger().Warningln(flowConn.idStr() +
+				" could not persistently set ClientConf: " + _err.Error())
 		}
 	}
 	Logger().Debugln(flowConn.idStr() + " processing incoming protobuf: " + msg.String())
@@ -562,7 +563,7 @@ func (flowConn *TapdanceFlowConn) processProto(msg pb.StationToClient) error {
 		handleConfigInfo(confInfo)
 		// TODO: if we ever get a ``safe'' decoy rotation - code below has to be rewritten
 		if !Assets().IsDecoyInList(flowConn.tdRaw.decoySpec) {
-			Logger().Warningln(flowConn.idStr() + ": current decoy is no " +
+			Logger().Warningln(flowConn.idStr() + " current decoy is no " +
 				"longer in the list, changing it! Read flow probably will break!")
 			// if current decoy is no longer in the list
 			flowConn.tdRaw.decoySpec = Assets().GetDecoy()

vendor/github.com/sergeyfrolov/gotapdance/tapdance/conn_raw.go

@@ -2,10 +2,13 @@ package tapdance
 
 import (
 	"bytes"
+	"context"
+	"crypto/rand"
+	"encoding/base64"
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
-	pb "github.com/sergeyfrolov/gotapdance/protobuf"
+	"fmt"
 	"io"
 	"net"
 	"strconv"
@@ -13,47 +16,50 @@ import (
 	"sync"
 	"time"
 
-	"context"
 	"github.com/golang/protobuf/proto"
 	"github.com/refraction-networking/utls"
+	pb "github.com/sergeyfrolov/gotapdance/protobuf"
 )
 
 // Simply establishes TLS and TapDance connection.
 // Both reader and writer flows shall have this underlying raw connection.
 // Knows about but doesn't keep track of timeout and upload limit
 type tdRawConn struct {
-	tcpConn closeWriterConn
-	tlsConn *tls.UConn
+	tcpConn closeWriterConn // underlying TCP connection with CloseWrite() function that sends FIN
+	tlsConn *tls.UConn      // TLS connection to decoy (and station)
 
-	flowId      uint64
-	sessionId   uint64
-	strIdSuffix string
+	covert string // hostname that tapdance station will connect client to
 
 	TcpDialer func(context.Context, string, string) (net.Conn, error)
 
 	decoySpec     pb.TLSDecoySpec
-	establishedAt time.Time
 	pinDecoySpec  bool // don't ever change decoy (still changeable from outside)
-
-	remoteConnId  []byte
+	initialMsg    pb.StationToClient
 	stationPubkey []byte
+	tagType       tdTagType
 
-	failedDecoys []string
-	initialMsg   pb.StationToClient
-	tagType      tdTagType
+	remoteConnId []byte // 32 byte ID of the connection to station, used for reconnection
 
-	UploadLimit int // used only in POST-based tags
+	establishedAt time.Time // right after TLS connection to decoy is established, but not to station
+	UploadLimit   int       // used only in POST-based tags
 
 	closed    chan struct{}
 	closeOnce sync.Once
+
+	// stats to report
+	sessionStats pb.SessionStats
+	failedDecoys []string
+
+	// purely for logging and stats reporting purposes:
+	flowId      uint64 // id of the flow within the session (=how many times reconnected)
+	sessionId   uint64 // id of the local session
+	strIdSuffix string // suffix for every log string (e.g. to mark upload-only flows)
 }
 
-func makeTdRaw(handshakeType tdTagType,
-	stationPubkey []byte,
-	remoteConnId []byte) *tdRawConn {
+func makeTdRaw(handshakeType tdTagType, stationPubkey []byte) *tdRawConn {
 	tdRaw := &tdRawConn{tagType: handshakeType,
 		stationPubkey: stationPubkey,
-		remoteConnId:  remoteConnId}
+	}
 	tdRaw.flowId = 0
 	tdRaw.closed = make(chan struct{})
 	return tdRaw
@@ -72,20 +78,18 @@ func (tdRaw *tdRawConn) dial(ctx context.Context, reconnect bool) error {
 	var maxConnectionAttempts int
 	var err error
 
-	/*
-		// Randomize tdConn.maxSend to avoid heuristics
-		tdConn.maxSend = getRandInt(sendLimitMin, sendLimitMax)
-		tdConn.maxSend -= transitionMsgSize // reserve space for transition msg
-		tdConn.maxSend -= 2                 // reserve 2 bytes for transition msg header
-	*/
+	dialStartTs := time.Now()
 	var expectedTransition pb.S2C_Transition
 	if reconnect {
-		maxConnectionAttempts = 2
+		maxConnectionAttempts = 5
 		expectedTransition = pb.S2C_Transition_S2C_CONFIRM_RECONNECT
 		tdRaw.tlsConn.Close()
 	} else {
-		maxConnectionAttempts = 6
+		maxConnectionAttempts = 20
 		expectedTransition = pb.S2C_Transition_S2C_SESSION_INIT
+		if len(tdRaw.covert) > 0 {
+			expectedTransition = pb.S2C_Transition_S2C_SESSION_COVERT_INIT
+		}
 	}
 
 	for i := 0; i < maxConnectionAttempts; i++ {
@@ -115,12 +119,24 @@ func (tdRaw *tdRawConn) dial(ctx context.Context, reconnect bool) error {
 			}
 		}
 
+		if !reconnect {
+			// generate a new remove conn ID for each attempt to dial
+			// keep same remote conn ID for reconnect, since that's what it is for
+			tdRaw.remoteConnId = make([]byte, 16)
+			rand.Read(tdRaw.remoteConnId[:])
+		}
+
 		err = tdRaw.tryDialOnce(ctx, expectedTransition)
 		if err == nil {
-			return err
+			tdRaw.sessionStats.TotalTimeToConnect = durationToU32ptrMs(time.Since(dialStartTs))
+			return nil
 		}
 		tdRaw.failedDecoys = append(tdRaw.failedDecoys,
 			tdRaw.decoySpec.GetHostname()+" "+tdRaw.decoySpec.GetIpv4AddrStr())
+		if tdRaw.sessionStats.FailedDecoysAmount == nil {
+			tdRaw.sessionStats.FailedDecoysAmount = new(uint32)
+		}
+		*tdRaw.sessionStats.FailedDecoysAmount += uint32(1)
 	}
 	return err
 }
@@ -128,15 +144,19 @@ func (tdRaw *tdRawConn) dial(ctx context.Context, reconnect bool) error {
 func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S2C_Transition) (err error) {
 	Logger().Infoln(tdRaw.idStr() + " Attempting to connect to decoy " +
 		tdRaw.decoySpec.GetHostname() + " (" + tdRaw.decoySpec.GetIpv4AddrStr() + ")")
+
+	tlsToDecoyStartTs := time.Now()
 	err = tdRaw.establishTLStoDecoy(ctx)
+	tlsToDecoyTotalTs := time.Since(tlsToDecoyStartTs)
 	if err != nil {
 		Logger().Errorf(tdRaw.idStr() + " establishTLStoDecoy(" +
 			tdRaw.decoySpec.GetHostname() + "," + tdRaw.decoySpec.GetIpv4AddrStr() +
 			") failed with " + err.Error())
 		return err
 	}
-	Logger().Infof(tdRaw.idStr() + " Connected to decoy " +
-		tdRaw.decoySpec.GetHostname() + " (" + tdRaw.decoySpec.GetIpv4AddrStr() + ")")
+	tdRaw.sessionStats.TlsToDecoy = durationToU32ptrMs(tlsToDecoyTotalTs)
+	Logger().Infof("%s Connected to decoy %s(%s) in %s", tdRaw.idStr(), tdRaw.decoySpec.GetHostname(),
+		tdRaw.decoySpec.GetIpv4AddrStr(), tlsToDecoyTotalTs.String())
 
 	if tdRaw.IsClosed() {
 		// if connection was closed externally while in establishTLStoDecoy()
@@ -163,9 +183,6 @@ func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S
 		return err
 	}
 
-	tdRaw.tlsConn.SetDeadline(time.Now().Add(
-		getRandomDuration(deadlineConnectTDStationMin, deadlineConnectTDStationMax)))
-
 	var tdRequest string
 	tdRequest, err = tdRaw.prepareTDRequest(tdRaw.tagType)
 	if err != nil {
@@ -179,6 +196,7 @@ func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S
 	Logger().Infoln(tdRaw.idStr() + " Attempting to connect to TapDance Station" +
 		" with connection ID: " + hex.EncodeToString(tdRaw.remoteConnId[:]) + ", method: " +
 		tdRaw.tagType.Str())
+	rttToStationStartTs := time.Now()
 	_, err = tdRaw.tlsConn.Write([]byte(tdRequest))
 	if err != nil {
 		Logger().Errorf(tdRaw.idStr() +
@@ -187,9 +205,14 @@ func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S
 		return
 	}
 
+	// Give up waiting for the station pretty quickly (2x handshake time == ~4RTT)
+	tdRaw.tlsConn.SetDeadline(time.Now().Add(tlsToDecoyTotalTs * 2))
+
 	switch tdRaw.tagType {
 	case tagHttpGetIncomplete:
 		tdRaw.initialMsg, err = tdRaw.readProto()
+		rttToStationTotalTs := time.Since(rttToStationStartTs)
+		tdRaw.sessionStats.RttToStation = durationToU32ptrMs(rttToStationTotalTs)
 		if err != nil {
 			if errIsTimeout(err) {
 				Logger().Errorf("%s %s: %v", tdRaw.idStr(),
@@ -218,6 +241,8 @@ func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S
 			err = errors.New("Init error: state transition mismatch!" +
 				" Received: " + tdRaw.initialMsg.GetStateTransition().String() +
 				" Expected: " + expectedTransition.String())
+			Logger().Infof("%s Failed to connect to TapDance Station [%s]: %s",
+				tdRaw.idStr(), tdRaw.initialMsg.GetStationId(), err.Error())
 			// this exceptional error implies that station has lost state, thus is fatal
 			return err
 		}
@@ -230,15 +255,10 @@ func (tdRaw *tdRawConn) tryDialOnce(ctx context.Context, expectedTransition pb.S
 
 	// TapDance should NOT have a timeout, timeouts have to be handled by client and server
 	tdRaw.tlsConn.SetDeadline(time.Time{}) // unsets timeout
-	/*
-		if !reconnect && len(tdConn.failedDecoys) > 0 {
-			tdConn.writeListFailedDecoys()
-		}*/
 	return nil
 }
 
-func (tdRaw *tdRawConn) establishTLStoDecoy(ctx context.Context) (err error) {
-	var dialConn net.Conn
+func (tdRaw *tdRawConn) establishTLStoDecoy(ctx context.Context) error {
 	deadline, deadlineAlreadySet := ctx.Deadline()
 	if !deadlineAlreadySet {
 		deadline = time.Now().Add(getRandomDuration(deadlineTCPtoDecoyMin, deadlineTCPtoDecoyMax))
@@ -246,25 +266,28 @@ func (tdRaw *tdRawConn) establishTLStoDecoy(ctx context.Context) (err error) {
 	childCtx, childCancelFunc := context.WithDeadline(ctx, deadline)
 	defer childCancelFunc()
 
-	if tdRaw.TcpDialer != nil {
-		dialConn, err = tdRaw.TcpDialer(childCtx, "tcp", tdRaw.decoySpec.GetIpv4AddrStr())
-		if err != nil {
-			return err
-		}
-	} else {
+	tcpDialer := tdRaw.TcpDialer
+	if tcpDialer == nil {
+		// custom dialer is not set, use default
 		d := net.Dialer{}
-		dialConn, err = d.DialContext(childCtx, "tcp", tdRaw.decoySpec.GetIpv4AddrStr())
-		if err != nil {
-			return err
-		}
+		tcpDialer = d.DialContext
 	}
+
+	tcpToDecoyStartTs := time.Now()
+	dialConn, err := tcpDialer(childCtx, "tcp", tdRaw.decoySpec.GetIpv4AddrStr())
+	tcpToDecoyTotalTs := time.Since(tcpToDecoyStartTs)
+	if err != nil {
+		return err
+	}
+	tdRaw.sessionStats.TcpToDecoy = durationToU32ptrMs(tcpToDecoyTotalTs)
+
 	config := tls.Config{ServerName: tdRaw.decoySpec.GetHostname()}
 	if config.ServerName == "" {
 		// if SNI is unset -- try IP
 		config.ServerName, _, err = net.SplitHostPort(tdRaw.decoySpec.GetIpv4AddrStr())
 		if err != nil {
 			dialConn.Close()
-			return
+			return err
 		}
 		Logger().Infoln(tdRaw.idStr() + ": SNI was nil. Setting it to" +
 			config.ServerName)
@@ -274,25 +297,25 @@ func (tdRaw *tdRawConn) establishTLStoDecoy(ctx context.Context) (err error) {
 	err = tdRaw.tlsConn.BuildHandshakeState()
 	if err != nil {
 		dialConn.Close()
-		return
+		return err
 	}
 	err = tdRaw.tlsConn.MarshalClientHello()
 	if err != nil {
 		dialConn.Close()
-		return
+		return err
 	}
 	tdRaw.tlsConn.SetDeadline(deadline)
 	err = tdRaw.tlsConn.Handshake()
 	if err != nil {
 		dialConn.Close()
-		return
+		return err
 	}
 	closeWriter, ok := dialConn.(closeWriterConn)
 	if !ok {
 		return errors.New("dialConn is not a closeWriter")
 	}
 	tdRaw.tcpConn = closeWriter
-	return
+	return nil
 }
 
 func (tdRaw *tdRawConn) Close() error {
@@ -316,7 +339,7 @@ func (tdRaw *tdRawConn) closeWrite() error {
 }
 
 func (tdRaw *tdRawConn) prepareTDRequest(handshakeType tdTagType) (string, error) {
-	// Generate initial TapDance request
+	// Generate tag for the initial TapDance request
 	buf := new(bytes.Buffer) // What we have to encrypt with the shared secret using AES
 
 	masterKey := tdRaw.tlsConn.HandshakeState.MasterSecret
@@ -338,15 +361,46 @@ func (tdRaw *tdRawConn) prepareTDRequest(handshakeType tdTagType) (string, error
 	buf.Write(tdRaw.tlsConn.HandshakeState.Hello.Random)
 	buf.Write(tdRaw.remoteConnId[:]) // connection id for persistence
 
-	tag, err := obfuscateTag(buf.Bytes(), tdRaw.stationPubkey) // What we encode into the ciphertext
+	err := WriteTlsLog(tdRaw.tlsConn.HandshakeState.Hello.Random,
+		tdRaw.tlsConn.HandshakeState.MasterSecret)
+	if err != nil {
+		Logger().Warningf("Failed to write TLS secret log: %s", err)
+	}
+
+	// Generate and marshal protobuf
+	transition := pb.C2S_Transition_C2S_SESSION_INIT
+	var covert *string
+	if len(tdRaw.covert) > 0 {
+		transition = pb.C2S_Transition_C2S_SESSION_COVERT_INIT
+		covert = &tdRaw.covert
+	}
+	currGen := Assets().GetGeneration()
+	initProto := &pb.ClientToStation{
+		CovertAddress:       covert,
+		StateTransition:     &transition,
+		DecoyListGeneration: &currGen,
+	}
+	initProtoBytes, err := proto.Marshal(initProto)
 	if err != nil {
 		return "", err
 	}
-	return tdRaw.genHTTP1Tag(tag)
+	Logger().Debugln(tdRaw.idStr()+" Initial protobuf", initProto)
+
+	// Obfuscate/encrypt tag and protobuf
+	tag, encryptedProtoMsg, err := obfuscateTagAndProtobuf(buf.Bytes(), initProtoBytes, tdRaw.stationPubkey)
+	if err != nil {
+		return "", err
+	}
+	return tdRaw.genHTTP1Tag(tag, encryptedProtoMsg)
 }
 
 // mutates tdRaw: sets tdRaw.UploadLimit
-func (tdRaw *tdRawConn) genHTTP1Tag(tag []byte) (string, error) {
+func (tdRaw *tdRawConn) genHTTP1Tag(tag, encryptedProtoMsg []byte) (string, error) {
+	sharedHeaders := `Host: ` + tdRaw.decoySpec.GetHostname() +
+		"\nUser-Agent: TapDance/1.2 (+https://refraction.network/info)"
+	if len(encryptedProtoMsg) > 0 {
+		sharedHeaders += "\nX-Proto: " + base64.StdEncoding.EncodeToString(encryptedProtoMsg)
+	}
 	var httpTag string
 	switch tdRaw.tagType {
 	// for complete copy http generator of golang
@@ -354,26 +408,22 @@ func (tdRaw *tdRawConn) genHTTP1Tag(tag []byte) (string, error) {
 		fallthrough
 	case tagHttpGetIncomplete:
 		tdRaw.UploadLimit = int(tdRaw.decoySpec.GetTcpwin()) - getRandInt(1, 1045)
-		httpTag = `GET / HTTP/1.1
-Host: ` + tdRaw.decoySpec.GetHostname() + `
-User-Agent: TapDance/1.2 (+https://refraction.network/info)
-Accept-Encoding: None
-X-Ignore: ` + getRandPadding(7, 612, 10)
+		httpTag = fmt.Sprintf(`GET / HTTP/1.1
+%s
+X-Ignore: %s`, sharedHeaders, getRandPadding(7, maxInt(612-len(sharedHeaders), 7), 10))
 		httpTag = strings.Replace(httpTag, "\n", "\r\n", -1)
 	case tagHttpPostIncomplete:
 		ContentLength := getRandInt(900000, 1045000)
 		tdRaw.UploadLimit = ContentLength - 1
-		httpTag = `POST / HTTP/1.1
+		httpTag = fmt.Sprintf(`POST / HTTP/1.1
+%s
 Accept-Encoding: None
-Host: ` + tdRaw.decoySpec.GetHostname() + `
-User-Agent: TapDance/1.2 (+https://refraction.network/info)
-X-Padding: ` + getRandPadding(1, 461, 10) + `
+X-Padding: %s
 Content-Type: application/zip; boundary=----WebKitFormBoundaryaym16ehT29q60rUx
-Content-Length: ` + strconv.Itoa(ContentLength) + `
-
+Content-Length: %s
 ----WebKitFormBoundaryaym16ehT29q60rUx
 Content-Disposition: form-data; name=\"td.zip\"
-`
+`, sharedHeaders, getRandPadding(1, maxInt(461-len(sharedHeaders), 1), 10), strconv.Itoa(ContentLength))
 		httpTag = strings.Replace(httpTag, "\n", "\r\n", -1)
 	}
 
@@ -400,71 +450,52 @@ func (tdRaw *tdRawConn) idStr() string {
 
 // Simply reads and returns protobuf
 // Returns error if it's not a protobuf
+// TODO: redesign it pb, data, err
 func (tdRaw *tdRawConn) readProto() (msg pb.StationToClient, err error) {
-	var readBytes int
-	var readBytesTotal uint32 // both header and body
-	headerSize := uint32(2)
+	var readBuffer bytes.Buffer
 
-	var msgLen uint32 // just the body(e.g. raw data or protobuf)
 	var outerProtoMsgType msgType
+	var msgLen int64 // just the body (e.g. raw data or protobuf)
 
-	headerBuffer := make([]byte, 6) // TODO: allocate once at higher level?
-
-	for readBytesTotal < headerSize {
-		readBytes, err = tdRaw.tlsConn.Read(headerBuffer[readBytesTotal:headerSize])
-		readBytesTotal += uint32(readBytes)
-		if err != nil {
-			return
-		}
+	// Get TIL
+	_, err = io.CopyN(&readBuffer, tdRaw.tlsConn, 2)
+	if err != nil {
+		return
 	}
 
-	// Get TIL
-	typeLen := uint16toInt16(binary.BigEndian.Uint16(headerBuffer[0:2]))
+	typeLen := uint16toInt16(binary.BigEndian.Uint16(readBuffer.Next(2)))
 	if typeLen < 0 {
 		outerProtoMsgType = msgRawData
-		msgLen = uint32(-typeLen)
+		msgLen = int64(-typeLen)
 	} else if typeLen > 0 {
 		outerProtoMsgType = msgProtobuf
-		msgLen = uint32(typeLen)
+		msgLen = int64(typeLen)
 	} else {
 		// protobuf with size over 32KB, not fitting into 2-byte TL
 		outerProtoMsgType = msgProtobuf
-		headerSize += 4
-		for readBytesTotal < headerSize {
-			readBytes, err = tdRaw.tlsConn.Read(headerBuffer[readBytesTotal:headerSize])
-
-			readBytesTotal += uint32(readBytes)
-			if err == io.EOF && readBytesTotal == headerSize {
-				break
-			}
-			if err != nil {
-				return
-			}
+		_, err = io.CopyN(&readBuffer, tdRaw.tlsConn, 4)
+		if err != nil {
+			return
 		}
-		msgLen = binary.BigEndian.Uint32(headerBuffer[2:6])
+		msgLen = int64(binary.BigEndian.Uint32(readBuffer.Next(4)))
 	}
+
 	if outerProtoMsgType == msgRawData {
 		err = errors.New("Received data message in uninitialized flow")
 		return
 	}
 
-	totalBytesToRead := headerSize + msgLen
-	readBuffer := make([]byte, msgLen)
-
 	// Get the message itself
-	for readBytesTotal < totalBytesToRead {
-		readBytes, err = tdRaw.tlsConn.Read(readBuffer[readBytesTotal-headerSize : msgLen])
-		readBytesTotal += uint32(readBytes)
-
-		if err != nil {
-			return
-		}
+	_, err = io.CopyN(&readBuffer, tdRaw.tlsConn, msgLen)
+	if err != nil {
+		return
 	}
 
-	err = proto.Unmarshal(readBuffer[:], &msg)
+	err = proto.Unmarshal(readBuffer.Bytes(), &msg)
 	if err != nil {
 		return
 	}
+
 	Logger().Debugln(tdRaw.idStr() + " INIT: received protobuf: " + msg.String())
 	return
 }
@@ -472,11 +503,40 @@ func (tdRaw *tdRawConn) readProto() (msg pb.StationToClient, err error) {
 // Generates padding and stuff
 // Currently guaranteed to be less than 1024 bytes long
 func (tdRaw *tdRawConn) writeTransition(transition pb.C2S_Transition) (n int, err error) {
+	const paddingMinSize = 250
+	const paddingMaxSize = 800
+	const paddingSmoothness = 5
+	paddingDecrement := 0 // reduce potential padding size by this value
+
 	currGen := Assets().GetGeneration()
-	msg := pb.ClientToStation{Padding: []byte(getRandPadding(150, 900, 10)),
+	msg := pb.ClientToStation{
 		DecoyListGeneration: &currGen,
 		StateTransition:     &transition,
 		UploadSync:          new(uint64)} // TODO: remove
+	if tdRaw.flowId == 0 {
+		// we have stats for each reconnect, but only send stats for the initial connection
+		msg.Stats = &tdRaw.sessionStats
+	}
+
+	if len(tdRaw.failedDecoys) > 0 {
+		failedDecoysIdx := 0 // how many failed decoys to report now
+		for failedDecoysIdx < len(tdRaw.failedDecoys) {
+			if paddingMinSize < proto.Size(&pb.ClientToStation{
+				FailedDecoys: tdRaw.failedDecoys[:failedDecoysIdx+1]}) {
+				// if failedDecoys list is too big to fit in place of min padding
+				// then send the rest on the next reconnect
+				break
+			}
+			failedDecoysIdx += 1
+		}
+		paddingDecrement = proto.Size(&pb.ClientToStation{
+			FailedDecoys: tdRaw.failedDecoys[:failedDecoysIdx]})
+
+		msg.FailedDecoys = tdRaw.failedDecoys[:failedDecoysIdx]
+		tdRaw.failedDecoys = tdRaw.failedDecoys[failedDecoysIdx:]
+	}
+	msg.Padding = []byte(getRandPadding(paddingMinSize-paddingDecrement,
+		paddingMaxSize-paddingDecrement, paddingSmoothness))
 
 	msgBytes, err := proto.Marshal(&msg)
 	if err != nil {

vendor/github.com/sergeyfrolov/gotapdance/tapdance/dialer.go

@@ -1,12 +1,8 @@
 package tapdance
 
 import (
-	"bufio"
 	"context"
-	"errors"
-	"fmt"
 	"net"
-	"net/http"
 )
 
 var sessionsTotal CounterUint64
@@ -50,31 +46,22 @@ func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.
 	if network != "tcp" {
 		return nil, &net.OpError{Op: "dial", Net: network, Err: net.UnknownNetworkError(network)}
 	}
-	_, _, err := net.SplitHostPort(address)
-	if err != nil {
-		return nil, err
-	}
-
-	flow, err := d.DialProxyContext(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = fmt.Fprintf(flow, "CONNECT %s HTTP/1.1\r\nHost: %s\r\nX-Padding:%s\r\n\r\n",
-		address, address, getRandPadding(450, 780, 5))
-	if err != nil {
-		return nil, err
+	if len(address) > 0 {
+		_, _, err := net.SplitHostPort(address)
+		if err != nil {
+			return nil, err
+		}
 	}
 
-	resp, err := http.ReadResponse(bufio.NewReader(flow), nil)
-	if err != nil {
-		return nil, err
-	}
-	if resp.StatusCode != http.StatusOK {
-		return nil, errors.New("TapDance station responded with " + resp.Status)
+	if !d.SplitFlows {
+		flow, err := makeTdFlow(flowBidirectional, nil, address)
+		if err != nil {
+			return nil, err
+		}
+		flow.tdRaw.TcpDialer = d.TcpDialer
+		return flow, flow.DialContext(ctx)
 	}
-
-	return flow, nil
+	return dialSplitFlow(ctx, d.TcpDialer, address)
 }
 
 // DialProxy establishes direct connection to TapDance station proxy.
@@ -86,13 +73,5 @@ func (d *Dialer) DialProxy() (net.Conn, error) {
 // DialProxy establishes direct connection to TapDance station proxy using the provided context.
 // Users are expected to send HTTP CONNECT request next.
 func (d *Dialer) DialProxyContext(ctx context.Context) (net.Conn, error) {
-	if !d.SplitFlows {
-		flow, err := makeTdFlow(flowBidirectional, nil)
-		if err != nil {
-			return nil, err
-		}
-		flow.tdRaw.TcpDialer = d.TcpDialer
-		return flow, flow.DialContext(ctx)
-	}
-	return dialSplitFlow(ctx, d.TcpDialer)
+	return d.DialContext(ctx, "tcp", "")
 }

vendor/github.com/sergeyfrolov/gotapdance/tapdance/logger.go

@@ -19,11 +19,14 @@ var initLoggerOnce sync.Once
 
 // Logger is an access point for TapDance-wide logger
 func Logger() *logrus.Logger {
+	const build string = "[BUILD]"
+
 	initLoggerOnce.Do(func() {
 		logrusLogger = logrus.New()
 		logrusLogger.Formatter = new(formatter)
 		logrusLogger.Level = logrus.InfoLevel
 		//logrusLogger.Level = logrus.DebugLevel
+		logrusLogger.Infof("Running gotapdance build %s", build)
 	})
 	return logrusLogger
 }

vendor/github.com/sergeyfrolov/gotapdance/tapdance/utils.go

@@ -1,21 +1,21 @@
 package tapdance
 
 import (
+	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
-	"github.com/agl/ed25519/extra25519"
-	"golang.org/x/crypto/curve25519"
-	mrand "math/rand"
-
-	"bytes"
 	"encoding/binary"
 	"errors"
+	mrand "math/rand"
 	"net"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/agl/ed25519/extra25519"
+	"golang.org/x/crypto/curve25519"
 )
 
 // The key argument should be the AES key, either 16 or 32 bytes
@@ -85,18 +85,29 @@ func getRandString(length int) string {
 	return string(randString)
 }
 
-func obfuscateTag(stegoPayload []byte, stationPubkey []byte) (tag []byte, err error) {
+// obfuscateTagAndProtobuf() generates key-pair and combines it /w stationPubkey to generate
+// sharedSecret. Client will use Eligator to find and send uniformly random representative for its
+// public key (and avoid sending it directly over the wire, as points on ellyptic curve are
+// distinguishable)
+// Then the sharedSecret will be used to encrypt stegoPayload and protobuf slices:
+//  - stegoPayload is encrypted with AES-GCM KEY=sharedSecret[0:16], IV=sharedSecret[16:28]
+//  - protobuf is encrypted with AES-GCM KEY=sharedSecret[0:16], IV={new random IV}, that will be
+//    prepended to encryptedProtobuf and eventually sent out together
+// Returns
+//  - tag(concatenated representative and encrypted stegoPayload),
+//  - encryptedProtobuf(concatenated 12 byte IV + encrypted protobuf)
+//  - error
+func obfuscateTagAndProtobuf(stegoPayload []byte, protobuf []byte, stationPubkey []byte) ([]byte, []byte, error) {
 	if len(stationPubkey) != 32 {
-		err = errors.New("Unexpected station pubkey length. Expected: 32." +
+		return nil, nil, errors.New("Unexpected station pubkey length. Expected: 32." +
 			" Received: " + strconv.Itoa(len(stationPubkey)) + ".")
-		return
 	}
 	var sharedSecret, clientPrivate, clientPublic, representative [32]byte
 	for ok := false; ok != true; {
 		var sliceKeyPrivate []byte = clientPrivate[:]
-		_, err = rand.Read(sliceKeyPrivate)
+		_, err := rand.Read(sliceKeyPrivate)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 
 		ok = extra25519.ScalarBaseMult(&clientPublic, &representative, &clientPrivate)
@@ -109,9 +120,9 @@ func obfuscateTag(stegoPayload []byte, stationPubkey []byte) (tag []byte, err er
 	// Other implementations of elligator may have up to 2 non-random bits.
 	// Here we randomize the bit, expecting it to be flipped back to 0 on station
 	randByte := make([]byte, 1)
-	_, err = rand.Read(randByte)
+	_, err := rand.Read(randByte)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	representative[31] |= (0x80 & randByte[0])
 
@@ -120,17 +131,29 @@ func obfuscateTag(stegoPayload []byte, stationPubkey []byte) (tag []byte, err er
 
 	stationPubkeyHash := sha256.Sum256(sharedSecret[:])
 	aesKey := stationPubkeyHash[:16]
-	aesIv := stationPubkeyHash[16:28]
+	aesIvTag := stationPubkeyHash[16:28] // 12 bytes for stegoPayload nonce
 
-	encryptedData, err := aesGcmEncrypt(stegoPayload, aesKey, aesIv)
+	encryptedStegoPayload, err := aesGcmEncrypt(stegoPayload, aesKey, aesIvTag)
 	if err != nil {
-		return
+		return nil, nil, err
 	}
 
-	tagBuf.Write(encryptedData)
-	tag = tagBuf.Bytes()
-	Logger().Debugf("len(tag)", tagBuf.Len())
-	return
+	tagBuf.Write(encryptedStegoPayload)
+	tag := tagBuf.Bytes()
+
+	if len(protobuf) == 0 {
+		return tag, nil, err
+	}
+
+	// probably could have used all zeros as IV here, but better to err on safe side
+	aesIvProtobuf := make([]byte, 12)
+	_, err = rand.Read(aesIvProtobuf)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	encryptedProtobuf, err := aesGcmEncrypt(protobuf, aesKey, aesIvProtobuf)
+	return tag, append(aesIvProtobuf, encryptedProtobuf...), err
 }
 
 func getMsgWithHeader(msgType msgType, msgBytes []byte) []byte {
@@ -228,6 +251,21 @@ func minInt(a, b int) int {
 	return a
 }
 
+func maxInt(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
+
+// Converts provided duration to raw milliseconds.
+// Returns a pointer to u32, because protobuf wants pointers.
+// Max valid input duration (that fits into uint32): 49.71 days.
+func durationToU32ptrMs(d time.Duration) *uint32 {
+	i := uint32(d.Nanoseconds() / int64(time.Millisecond))
+	return &i
+}
+
 func readAndClose(c net.Conn, readDeadline time.Duration) {
 	tinyBuf := []byte{0}
 	c.SetReadDeadline(time.Now().Add(readDeadline))

vendor/vendor.json

@@ -484,16 +484,22 @@
 			"revisionTime": "2018-09-03T21:38:11Z"
 		},
 		{
-			"checksumSHA1": "dOVMxadkUJFjdc8Ed9vbfYwvZzE=",
+			"checksumSHA1": "bwonlVmjpR4hyzaTtBBYD+m+Sdo=",
+			"path": "github.com/sergeyfrolov/gotapdance",
+			"revision": "b09bd1ad4d881814cc5b8c70865a8303911893c1",
+			"revisionTime": "2018-10-25T16:48:02Z"
+		},
+		{
+			"checksumSHA1": "Ltd4VPMeRiXP4bpEqPKVkBZLMDM=",
 			"path": "github.com/sergeyfrolov/gotapdance/protobuf",
-			"revision": "2ceeda9fef5bf3609cd3d1b04d4785ffac83d87c",
-			"revisionTime": "2018-09-05T22:38:24Z"
+			"revision": "b09bd1ad4d881814cc5b8c70865a8303911893c1",
+			"revisionTime": "2018-10-25T16:48:02Z"
 		},
 		{
-			"checksumSHA1": "6PTbPuGiX2bJxURtlm4LCLzwZwk=",
+			"checksumSHA1": "IZpRxPuwF/m9ZKW61R6pi3PIKC8=",
 			"path": "github.com/sergeyfrolov/gotapdance/tapdance",
-			"revision": "2ceeda9fef5bf3609cd3d1b04d4785ffac83d87c",
-			"revisionTime": "2018-09-05T22:38:24Z"
+			"revision": "b09bd1ad4d881814cc5b8c70865a8303911893c1",
+			"revisionTime": "2018-10-25T16:48:02Z"
 		},
 		{
 			"checksumSHA1": "Egp3n8yTaAuVtrA14LJrTWDgkO4=",