Small example of using BPF to block TCP RST by @darkk. Works on Android, does not require root.
rstlss
is an example of an unprivileged Linux process using a BPF filter to block certain TCP packets coming to the socket.
This specific example shows how to circumvent one-sided TCP reset attack by an on-path DPI box blocking https://rutracker.org
(as Inappropriate TCP Resets Considered Harmful ).
On-path DPI box is assumed to be passive , being unable to drop packets, just being able to inject some.
One-sided TCP reset attack means that RST packet is injected only towards the “client” endpoints and the “server” does not get another RST. E.g. some networks in Uganda block OpenVPN/TCP with two-sided TCP reset attacks. One has to control the server as well to mitigate two-sided attack.