Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of Chinacore

The computational cost of decrypting QUIC Initial packets limits the GFW's throughput: blocking effectiveness drops measurably as cross-border QUIC traffic increases and exhibits a diurnal pattern, falling during China's peak traffic hours. In a controlled experiment, sending QUIC Initial packets at 100–1500 kpps (TTL-limited so they reach the GFW but not end-hosts) caused GFW censorship effectiveness to decrease monotonically with sending rate, while equal-rate random-payload UDP traffic produced no such degradation—confirming the bottleneck is QUIC decryption, not raw bandwidth. A related availability attack using IP-spoofed QUIC Initials from one machine can cause the GFW to drop all UDP traffic between arbitrary Chinese hosts and any foreign endpoint for the 180-second residual window.

§3.4 / §5 detection http3-quic-blockdpi cn

Since April 7, 2024, the GFW decrypts every QUIC client Initial packet at China's national border and blocks connections whose TLS ClientHello SNI matches a QUIC-specific blocklist. Blocking takes the form of dropping all subsequent UDP packets sharing the same (src-IP, dst-IP, dst-port) 3-tuple for 180 seconds—with no RST injection. The GFW applies a source-port heuristic: packets with src-port ≤ dst-port are not inspected, capturing >92% of real QUIC client Initials while processing only ~30% of all UDP traffic. The QUIC blocklist contains 58,207 unique FQDNs (Tranco, Oct 2024– Jan 2025), approximately 60% of the DNS blocklist in size; 33% of blocked FQDNs do not actually support QUIC, suggesting the list was derived from an existing domain-name blocklist rather than live QUIC service discovery.

§3 / §3.1 / §3.3 / §4 detection http3-quic-blockdpisni-blocking cn

The GFW's QUIC censor does not reassemble QUIC client Initial packets that are split across multiple UDP datagrams, nor does it reassemble QUIC CRYPTO frames split within a single datagram. Three practical bypasses follow: (1) send any UDP datagram with a random payload before the QUIC Initial—the GFW uses 60-second UDP flow state and won't inspect a mid-flow packet; (2) fragment the TLS ClientHello SNI across multiple QUIC CRYPTO frames; (3) use an unknown QUIC version number in the first packet (Version Negotiation bypass, payload undecryptable). Chrome independently exploits (2) through its Chaos Protection feature (since 2021) and post-quantum Kyber key-agreement (since v124, Sep 2024), whose larger key sizes force fragmentation across UDP datagrams. As of January 2025, the GFW also does not block ECH-containing QUIC payloads unless the outer (cleartext) SNI is on the blocklist.

§3.2 / §7 defense http3-quic-blockdpi cn