The Network Time Protocol in its newest version (NTP4) allows to add extension fields beyond their standard header.

So we are going to shamelessly use it for our own profit, which means I am integrating NTP4 into fraud-bridge to have another protocol at hand when someone is blocking traffic.

Some tests in Germany showed that large providers block NTP packets larger than 256 bytes (presumably "DoS protection"?), so I made the MSS option configurable in fraud-bridge so that the TCP stack is sending segments small enough to fit. It still allows for good enough performance to tunnel web-sessions and messengers.