Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2023-08-02T14:37:24Zhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/23Lox bridge_table HashMaps should find the next available key2023-08-02T14:37:24ZonyinyangLox bridge_table HashMaps should find the next available keyAs a follow up to the discussion in !11, we need some way to find the next available key for Lox bridge_table's HashMaps.
This issue tracks the implementation of a `find_next_available_key` function.As a follow up to the discussion in !11, we need some way to find the next available key for Lox bridge_table's HashMaps.
This issue tracks the implementation of a `find_next_available_key` function.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/22Lox Distributor not properly parsing empty ResourceDiff2023-06-29T18:26:24ZCecylia BocovichLox Distributor not properly parsing empty ResourceDiffAfter trying a deployment of the lox distributor with no resources allocated to it (#19), the distributor crashed when trying to marshall the received json from the rdsys backend into a ResourceDiff struct.
I got the following error:
``...After trying a deployment of the lox distributor with no resources allocated to it (#19), the distributor crashed when trying to marshall the received json from the rdsys backend into a ResourceDiff struct.
I got the following error:
```
$ RUST_BACKTRACE=1 ./bin/lox-distributor conf/lox-config.json
Listening on 127.0.0.1:8001
thread 'tokio-runtime-worker' panicked at 'called `Option::unwrap()` on a `None` value', crates/lox-distributor/src/main.rs:91:44
stack backtrace:
0: rust_begin_unwind
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:578:5
1: core::panicking::panic_fmt
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:67:14
2: core::panicking::panic
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:117:5
3: lox_distributor::main::{{closure}}::{{closure}}
4: tokio::runtime::task::raw::poll
5: tokio::runtime::scheduler::multi_thread::worker::Context::run_task
6: tokio::runtime::task::raw::poll
7: tokio::runtime::task::UnownedTask<S>::run
```
And the received json looked like this:
```
{
"new": {
"obfs4": null,
"scramblesuit": []
},
"changed": null,
"gone": null,
"full_update": true
}
```
I suspect the problem lies with the list of `obfs4` bridges being `null` rather than an empty list `[]`. The difference between obfs4 and scramblesuit here is that the lox distributor was configured to receive obfs4 only but requested both obfs4 and scramblesuit bridges.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/21Store Lox bridge table and spent credential tables in a disk-backed database2023-10-23T18:11:04ZonyinyangStore Lox bridge table and spent credential tables in a disk-backed databaseAs part of #6, the Lox distributor, particularly the context manager, needs to keep a record of the Lox bridge table and the spent credential ids for each of the Lox credential types on some kind of disk-backed database that can be read ...As part of #6, the Lox distributor, particularly the context manager, needs to keep a record of the Lox bridge table and the spent credential ids for each of the Lox credential types on some kind of disk-backed database that can be read in at start up in the case of a catastrophic failure and potentially be used to restore from a previous state. This might be needed if, for example, all of the bridges in an area got blocked due to a censor's new technique that could identify all of a certain type of bridge by protocol (by no fault of Lox users). In such a case, many users will be locked out of their trust buckets and some users may have already attempted to migrate to new bridges and had their credentials updated with a penalty. If the bridges blocked by protocol could be replaced with a new type of bridge, it might be desirable to roll back the spent credential id tables to an earlier state and allow users to replay credentials used after a certain date.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168Change labelling of resources failing tests from `gone`2023-11-07T00:20:13ZonyinyangChange labelling of resources failing tests from `gone`After discussing with @meskio about how rdsys sends updates (every time there is a reconnect) and how often these will occur (possibly as often as every 10 minutes), we may need to reconsider the previous changes to indicate `gone` resou...After discussing with @meskio about how rdsys sends updates (every time there is a reconnect) and how often these will occur (possibly as often as every 10 minutes), we may need to reconsider the previous changes to indicate `gone` resources. Since `changed` and `gone` resources are not sent in full updates and are only sent in between full updates, it seems that it might make more sense to keep resources that changed or are failing tests in the list that will be sent as `new` bridges during a full update, since otherwise they might get missed. Then, instead of using the `gone` or `changed` label to decide what to do with these resources, determine what to do with them based on the `LastPassed` time or changed values (OID?). This should only require minor changes to rdsys as well as changes to the [lox-distributor](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/tree/main/crates/lox-distributor) to check the `lastPassed` field in resources to make sure that it isn't older than a specified amount of time and handle it as `gone` resources are currently handled if so.
@cohosh do you have any thoughts on this?onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167Add lox distributor type with no allocated bridges2023-11-09T03:49:09ZCecylia BocovichAdd lox distributor type with no allocated bridgesLet's add a new distributor type called "lox" that doesn't take any bridges but has it's own authentication token and will accept bridges that specify `BridgeDistribution lox` in their torrc file.
We'll need to do the following things
-...Let's add a new distributor type called "lox" that doesn't take any bridges but has it's own authentication token and will accept bridges that specify `BridgeDistribution lox` in their torrc file.
We'll need to do the following things
- [x] Add a lox distributor to rdsys's config file
- [x] Create a service for the lox distributor so it is restarted if `rdsys-frontend-01` goes down
- [x] Add the lox distributor binary to /srv/rdsys.torproject.org/bin on `rdsys-frontend-01`
- [x] Add the lox distributor config file to /srv/rdsys.torproject.org/conf on `rdsys-frontend-01`
- [x] Generate and add an API token for the lox distributorCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/166gettor-updater: Error fetching downloads.json2023-06-28T15:02:01Zmeskiomeskio@torproject.orggettor-updater: Error fetching downloads.jsonSince TB 12.5 gettor updater is failing.
```
Error fetching downloads.json: json: cannot unmarshal number into Go struct field downloadsLinks.version of type string
```Since TB 12.5 gettor updater is failing.
```
Error fetching downloads.json: json: cannot unmarshal number into Go struct field downloadsLinks.version of type string
```Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40276Try reducing allocations in encapsulation.ReadData2023-11-21T04:19:58ZDavid Fifielddcf@torproject.orgTry reducing allocations in encapsulation.ReadDataIn the branch https://gitlab.torproject.org/dcf/snowflake/-/commits/encapsulation-readdata-buffer
(commit https://gitlab.torproject.org/dcf/snowflake/-/commit/9ac64239b4bff07cb016d7c2609eae66a92483c8)
I have a patch to make `encapsulatio...In the branch https://gitlab.torproject.org/dcf/snowflake/-/commits/encapsulation-readdata-buffer
(commit https://gitlab.torproject.org/dcf/snowflake/-/commit/9ac64239b4bff07cb016d7c2609eae66a92483c8)
I have a patch to make `encapsulation.ReadData` fill a provided buffer rather than allocate a new buffer on every call.
This function is part of the hot read loop and is probably respondible
for a large part of garbage collection pressure.
I am going to test this change on a production bridge to see if it helps.
/cc @linusDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/20Documentation about server file2023-10-25T15:46:06ZJacobo NájeraDocumentation about server fileI am trying to install a webtunnel server. I am not understand the following instruction in the documentation:
### Get Environment Ready
```
#copy server file to server
scp server root@$SERVER_ADDRESS:/var/lib/torwebtunnel/webtunnel
`...I am trying to install a webtunnel server. I am not understand the following instruction in the documentation:
### Get Environment Ready
```
#copy server file to server
scp server root@$SERVER_ADDRESS:/var/lib/torwebtunnel/webtunnel
```
Where is server file? whe i tried it:
ssh: connect to host ip port 22: Connection timed out
lost connection
Thanks, Jacoboshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/127Some links in the wiki go to .onion when being on .org2023-06-28T09:53:32Zcomputer_freakSome links in the wiki go to .onion when being on .orgBeing on https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home#projects-that-the-team-maintains but all links except the last one try to send me to the `.onion` version.Being on https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home#projects-that-the-team-maintains but all links except the last one try to send me to the `.onion` version.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/20Figure out how to serve the encrypted bridge table to users2023-08-01T17:07:20ZCecylia BocovichFigure out how to serve the encrypted bridge table to usersLox credentials only contain an index into an encrypted table of bridge lines. Users must download the entire encrypted bridge table periodically in order to find and decrypt their bridges to preserve their anonymity and prevent the Lox ...Lox credentials only contain an index into an encrypted table of bridge lines. Users must download the entire encrypted bridge table periodically in order to find and decrypt their bridges to preserve their anonymity and prevent the Lox distributor from learning which users were assigned which bridges.
This can be a rather large download, and for obvious reasons must be done automatically and in a censorship-resistant way.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40067webtunnel bridges are only distributed if 'I need IPv6' box is ticked2023-07-04T14:10:16Zmeskiomeskio@torproject.orgwebtunnel bridges are only distributed if 'I need IPv6' box is tickedAs bridges have IPv6 addresses webtunnel only distribute them if the user specifically ask for IPv6 bridges. Let's fix that.As bridges have IPv6 addresses webtunnel only distribute them if the user specifically ask for IPv6 bridges. Let's fix that.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/5Add Conjoure Pluggable Transport Support2023-08-01T17:05:38ZshelikhooAdd Conjoure Pluggable Transport SupportConjure is a new pluggable transport based on refraction routing.
This issue track the support for conjure in WebTunnel.
(See also: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33)Conjure is a new pluggable transport based on refraction routing.
This issue track the support for conjure in WebTunnel.
(See also: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33)shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/19Deploy the lox distributor in a staging environment2023-10-23T18:42:33ZCecylia BocovichDeploy the lox distributor in a staging environmentIt would be helpful to have the lox distributor deployed so that we can more easily test the client and work on the UX, as well as give the server side some stress testing before it goes into production.
Related: https://gitlab.torproje...It would be helpful to have the lox distributor deployed so that we can more easily test the client and work on the UX, as well as give the server side some stress testing before it goes into production.
Related: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/93Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/-/issues/12build and upload docker-hub image for 2.6.02023-06-26T09:11:45Ztrinity-1686abuild and upload docker-hub image for 2.6.0`thetorproject/snowflake-proxy:latest` is currently 2.5.1, and there is no 2.6.0 tag available.`thetorproject/snowflake-proxy:latest` is currently 2.5.1, and there is no 2.6.0 tag available.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/53Not updating after a release2023-10-16T18:37:23Zmeskiomeskio@torproject.orgNot updating after a releaseAfter 12.5 release onionsproutsbot keeps distributing 12.0.6. I don't see any evident error in the logs. Restarting the service doesn't change anything, and if I remove the db it keeps trying to get 12.0.6 and fails because the installer...After 12.5 release onionsproutsbot keeps distributing 12.0.6. I don't see any evident error in the logs. Restarting the service doesn't change anything, and if I remove the db it keeps trying to get 12.0.6 and fails because the installers are not in the downloads page anymore.
I'm not sure how this is happening, I'm checking and the url configured to fecth the json releases is https://aus1.torproject.org/torbrowser/update_3/release/ which seems to contain only links to 12.5.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/18Change lox-library functionality to replenish open-invitation bucket pool fro...2023-08-01T17:07:14ZonyinyangChange lox-library functionality to replenish open-invitation bucket pool from hot-spare poolHot spares could replenish open-invitation buckets but currently are only reallocated to be migrated to after a blocking event.
Perhaps the current functionality is the desired functionality, but if we're more likely to have open-invitat...Hot spares could replenish open-invitation buckets but currently are only reallocated to be migrated to after a blocking event.
Perhaps the current functionality is the desired functionality, but if we're more likely to have open-invitation bridges blocked than user migrate to trusted buckets when their bridges become blocked, this might be something to consider.
At the very least it could satisfy a condition in the case that there are no remaining open-invitation buckets. We should probably also flag that scenario so we can do something to get more bridges into the pool (hopefully).https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40275Bump verison of snowflake to v2.6.02023-06-20T18:48:10ZCecylia BocovichBump verison of snowflake to v2.6.0Let's do a library version bump and update the version shipped in Tor BrowserLet's do a library version bump and update the version shipped in Tor BrowserCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/34Crash after hang on android2023-06-16T13:55:39ZGedshCrash after hang on androidThe easiest way to reproduce the issue is to turn off the internet connection completely. But it happens every time Tor tries to reconnect to the PT.
Tor log:
```
Tor version 0.4.7.13-dev
Jun 16 00:45:10.000 [notice] Tor 0.4.7.13-dev (...The easiest way to reproduce the issue is to turn off the internet connection completely. But it happens every time Tor tries to reconnect to the PT.
Tor log:
```
Tor version 0.4.7.13-dev
Jun 16 00:45:10.000 [notice] Tor 0.4.7.13-dev (git-aef76beccc6b7422) opening log file.
Jun 16 00:45:10.555 [notice] We compiled with OpenSSL 1010113f: OpenSSL 1.1.1s 1 Nov 2022 and we are running with OpenSSL 1010113f: 1.1.1s. These two versions should be binary compatible.
Jun 16 00:45:10.606 [notice] Tor 0.4.7.13-dev (git-aef76beccc6b7422) running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1s, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.4.9 and Unknown N/A as libc.
Jun 16 00:45:10.606 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jun 16 00:45:10.607 [notice] Read configuration file "/data/user/0/pan.alexander.tordnscrypt/app_data/tor/tor.conf".
Jun 16 00:45:10.621 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 16 00:45:10.621 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Jun 16 00:45:10.621 [notice] Opening Socks listener on [::1]:9050
Jun 16 00:45:10.621 [notice] Opened Socks listener connection (ready) on [::1]:9050
Jun 16 00:45:10.621 [notice] Opening DNS listener on 127.0.0.1:5400
Jun 16 00:45:10.622 [notice] Opened DNS listener connection (ready) on 127.0.0.1:5400
Jun 16 00:45:10.622 [notice] Opening DNS listener on [::1]:5400
Jun 16 00:45:10.622 [notice] Opened DNS listener connection (ready) on [::1]:5400
Jun 16 00:45:10.622 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Jun 16 00:45:10.622 [notice] Opened Transparent pf/netfilter listener connection (ready) on 127.0.0.1:9040
Jun 16 00:45:10.622 [notice] Opening HTTP tunnel listener on 127.0.0.1:8118
Jun 16 00:45:10.622 [notice] Opened HTTP tunnel listener connection (ready) on 127.0.0.1:8118
Jun 16 00:45:10.000 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Jun 16 00:45:10.000 [notice] Parsing GEOIP IPv4 file /data/user/0/pan.alexander.tordnscrypt/app_data/tor/geoip.
Jun 16 00:45:12.000 [notice] Parsing GEOIP IPv6 file /data/user/0/pan.alexander.tordnscrypt/app_data/tor/geoip6.
Jun 16 00:45:14.000 [notice] Bootstrapped 0% (starting): Starting
Jun 16 00:45:17.000 [notice] Starting with guard context "bridges"
Jun 16 00:45:17.000 [notice] Delaying directory fetches: No running bridges
Jun 16 00:45:17.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:45:17.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:45:17.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:45:18.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Jun 16 00:45:18.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Jun 16 00:45:18.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:20.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:26.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:32.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:47:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:48:02.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:48:32.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:49:02.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:49:32.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:49:45.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:02.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:18.000 [warn] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 0000000000000000000000000000000000000000 at 143.110.214.222:80)
Jun 16 00:50:18.000 [warn] 1 connections have failed:
Jun 16 00:50:18.000 [warn] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
Jun 16 00:50:18.000 [warn] Pluggable Transport process terminated with status code 512
Jun 16 00:50:22.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:22.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:22.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:22.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:22.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Jun 16 00:50:32.000 [notice] Tried for 120 seconds to get a connection to www.torproject.org:0. Giving up. (waiting for circuit)
```
Conjure log:
```
[21:45:10] Redirecting log to file
2023/06/15 21:45:10 Started SOCKS listener at 127.0.0.1:59441
2023/06/15 21:45:18 SOCKS accepted: {143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api;front=cdn.sstatic.net map[front:[cdn.sstatic.net] url:[https://registration.refraction.network.global.prod.fastly.net/api]]}
2023/06/15 21:45:18 Attempting to connect to bridge at 143.110.214.222:80
2023/06/15 21:45:18 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[21:45:18] [0-ca5a5c] Shared Secret - ca5a5c3e20d8af12d75eff69a518dc40a4e44cb6640069f5cce3f15793ed4254
[21:45:18] [0-ca5a5c] covert 143.110.214.222:80
[21:45:18] [0-ca5a5c] Representative - e07b93b28f5276dc1bbe337ff64aaa999d596ad11126efaed064d99fecd3aaa1
2023/06/15 21:45:18 Performing a Conjure registration with domain fronting...
2023/06/15 21:45:18 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/15 21:45:18 Domain front: cdn.sstatic.net
2023/06/15 21:45:18 Buffering 517 bytes to send later
[21:45:22] [0-ca5a5c] Attempting to Connect ...
[21:45:23] [0-ca5a5c] failed to dial phantom 141.219.183.52: dial tcp 141.219.183.52:443: i/o timeout
```
Android logcat:
```
00:50:18.407 E panic: runtime error: invalid memory address or nil pointer dereference
00:50:18.407 E [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb34c89f8]
00:50:18.407 E
00:50:18.407 E goroutine 13 [running]:
00:50:18.407 E main.(*BufferedConn).Close(0x89e3b3b0)
00:50:18.408 E gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/client/bufferedconn.go:44 +0x1c
00:50:18.408 E main.proxy.func2()
00:50:18.408 E gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/client/conjure.go:135 +0x180
00:50:18.408 E created by main.proxy
00:50:18.408 E gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/client/conjure.go:130 +0x184
```
Version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/commit/0a7df066c2bdfee194bf81e4f726e2b7e79b52a2
If the line conjure.go:135 is removed, the crash no longer occurs.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33Add Conjure to logcollector to test censorship resistance2024-02-14T17:00:13ZCecylia BocovichAdd Conjure to logcollector to test censorship resistanceWe're getting reports that conjure doesn't work in some places https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815/14
Let's run some tests from vantage points to figure out why ...We're getting reports that conjure doesn't work in some places https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815/14
Let's run some tests from vantage points to figure out why so we can prioritize improvements.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/32Failed to verify TLS certificate on older android versions2023-06-24T14:44:26ZGedshFailed to verify TLS certificate on older android versionsI am testing conjure PT on android. Looks like older android versions can't use it due to outdated system CA certificates. They cannot be updated on android. I can confirm that conjure PT does not work on android versions: 4.4.2, 6 and 7...I am testing conjure PT on android. Looks like older android versions can't use it due to outdated system CA certificates. They cannot be updated on android. I can confirm that conjure PT does not work on android versions: 4.4.2, 6 and 7. Also I can confirm that it works well on android 10.
I can't test it on all android versions, but in my experience it should work starting from android 8. The solution might be to use another server certificate that uses a different CA certificate chain that can work on older android versions.
Tor logs:
```
Tor version 0.4.7.13-dev
Jun 12 13:52:55.000 [notice] Tor 0.4.7.13-dev (git-aef76beccc6b7422) opening log file.
Jun 12 13:52:55.111 [notice] We compiled with OpenSSL 1010113f: OpenSSL 1.1.1s 1 Nov 2022 and we are running with OpenSSL 1010113f: 1.1.1s. These two versions should be binary compatible.
Jun 12 13:52:55.112 [notice] Can't get entropy from getrandom(). You are running a version of Tor built to support getrandom(), but the kernel doesn't implement this function--probably because it is too old? Trying fallback method instead.
Jun 12 13:52:55.147 [notice] Tor 0.4.7.13-dev (git-aef76beccc6b7422) running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1s, Zlib 1.2.8, Liblzma 5.2.4, Libzstd 1.4.9 and Unknown N/A as libc.
Jun 12 13:52:55.147 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jun 12 13:52:55.148 [notice] Read configuration file "/data/user/0/pan.alexander.tordnscrypt/app_data/tor/tor.conf".
Jun 12 13:52:55.160 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 12 13:52:55.161 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Jun 12 13:52:55.161 [notice] Opening Socks listener on [::1]:9050
Jun 12 13:52:55.161 [notice] Opened Socks listener connection (ready) on [::1]:9050
Jun 12 13:52:55.161 [notice] Opening DNS listener on 127.0.0.1:5400
Jun 12 13:52:55.161 [notice] Opened DNS listener connection (ready) on 127.0.0.1:5400
Jun 12 13:52:55.161 [notice] Opening DNS listener on [::1]:5400
Jun 12 13:52:55.161 [notice] Opened DNS listener connection (ready) on [::1]:5400
Jun 12 13:52:55.161 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Jun 12 13:52:55.161 [notice] Opened Transparent pf/netfilter listener connection (ready) on 127.0.0.1:9040
Jun 12 13:52:55.161 [notice] Opening HTTP tunnel listener on 127.0.0.1:8118
Jun 12 13:52:55.161 [notice] Opened HTTP tunnel listener connection (ready) on 127.0.0.1:8118
Jun 12 13:52:55.000 [notice] Parsing GEOIP IPv4 file /data/user/0/pan.alexander.tordnscrypt/app_data/tor/geoip.
Jun 12 13:52:56.000 [notice] Parsing GEOIP IPv6 file /data/user/0/pan.alexander.tordnscrypt/app_data/tor/geoip6.
Jun 12 13:52:59.000 [notice] Bootstrapped 0% (starting): Starting
Jun 12 13:53:11.000 [notice] Starting with guard context "bridges"
Jun 12 13:53:11.000 [notice] Delaying directory fetches: No running bridges
Jun 12 13:53:13.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Jun 12 13:53:13.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Jun 12 13:53:13.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jun 12 13:53:14.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:53:25.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:53:37.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:53:48.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:00.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:11.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:22.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:34.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:45.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
Jun 12 13:54:57.000 [notice] Managed proxy "/data/app/pan.alexander.tordnscrypt-1/lib/arm/libconjure.so": retrying conjure registration, station is under high load.
```
Conjure logs:
```
[13:52:55] Redirecting log to file
2023/06/12 13:52:55 Started SOCKS listener at 127.0.0.1:53094
2023/06/12 13:53:13 SOCKS accepted: {143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api;front=cdn.sstatic.net map[front:[cdn.sstatic.net] url:[https://registration.refraction.network.global.prod.fastly.net/api]]}
2023/06/12 13:53:13 Attempting to connect to bridge at 143.110.214.222:80
2023/06/12 13:53:13 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:53:13] [0-5c548b] Shared Secret - 5c548bcfa3c507462c7ec8ddcc0612be24f7b4e258ac1839e1691862d623533c
[13:53:13] [0-5c548b] covert 143.110.214.222:80
[13:53:13] [0-5c548b] Representative - 08cddf001af8635e5dc3a896ebb780a32f010356f1f502985070fc0950e1e30f
2023/06/12 13:53:13 Performing a Conjure registration with domain fronting...
2023/06/12 13:53:13 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/12 13:53:13 Domain front: cdn.sstatic.net
2023/06/12 13:53:13 Buffering 517 bytes to send later
[13:53:13] https://registration.refraction.network.global.prod.fastly.net/api/register-bidirectional failed to do HTTP request to registration endpoint Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:13Z is after 2021-09-30T14:01:15Z: %!v(MISSING)
[13:53:13] error in registration attempt: Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:13Z is after 2021-09-30T14:01:15Z
[13:53:13] all registration attempt(s) failed
[13:53:14] [0-5c548b] Failed to register: registration failed
2023/06/12 13:53:14 Error registering with station: registration failed
2023/06/12 13:53:14 This may be due to high load, trying again.
2023/06/12 13:53:24 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:53:24] [1-a87390] Shared Secret - a87390c5399ab78a6fb17f09ecf3ea7444d364ee65576e8928c8a3b2dc7e8a1e
[13:53:24] [1-a87390] covert 143.110.214.222:80
[13:53:24] [1-a87390] Representative - 0b38d037950b53ecf89053cf511f758184ab3a877cf769b6688ea07c2b9aee25
2023/06/12 13:53:24 Performing a Conjure registration with domain fronting...
2023/06/12 13:53:24 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/12 13:53:24 Domain front: cdn.sstatic.net
[13:53:24] https://registration.refraction.network.global.prod.fastly.net/api/register-bidirectional failed to do HTTP request to registration endpoint Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:24Z is after 2021-09-30T14:01:15Z: %!v(MISSING)
[13:53:24] error in registration attempt: Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:24Z is after 2021-09-30T14:01:15Z
[13:53:24] all registration attempt(s) failed
[13:53:25] [1-a87390] Failed to register: registration failed
2023/06/12 13:53:25 Error registering with station: registration failed
2023/06/12 13:53:25 This may be due to high load, trying again.
2023/06/12 13:53:35 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:53:35] [2-cba7dd] Shared Secret - cba7ddaa18c1616152d244a896e592de9d2873ced08bc564cda63bcd4b94b511
[13:53:35] [2-cba7dd] covert 143.110.214.222:80
[13:53:35] [2-cba7dd] Representative - 0af1cf2edcde1dec33f039b1e04945d464bcf1c607dc3093defcf38078be820e
2023/06/12 13:53:35 Performing a Conjure registration with domain fronting...
2023/06/12 13:53:35 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/12 13:53:35 Domain front: cdn.sstatic.net
[13:53:36] https://registration.refraction.network.global.prod.fastly.net/api/register-bidirectional failed to do HTTP request to registration endpoint Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:36Z is after 2021-09-30T14:01:15Z: %!v(MISSING)
[13:53:36] error in registration attempt: Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:36Z is after 2021-09-30T14:01:15Z
[13:53:36] all registration attempt(s) failed
[13:53:37] [2-cba7dd] Failed to register: registration failed
2023/06/12 13:53:37 Error registering with station: registration failed
2023/06/12 13:53:37 This may be due to high load, trying again.
2023/06/12 13:53:47 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:53:47] [3-734a09] Shared Secret - 734a0907c1c863400745b4f63722c19b27aef09932bf6bf9aac3c519670e306c
[13:53:47] [3-734a09] covert 143.110.214.222:80
[13:53:47] [3-734a09] Representative - 441342aed9923edecdeab0c601e3dc163b58da135c817e4a9be5dcd6baaa3f8d
2023/06/12 13:53:47 Performing a Conjure registration with domain fronting...
2023/06/12 13:53:47 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/12 13:53:47 Domain front: cdn.sstatic.net
[13:53:47] https://registration.refraction.network.global.prod.fastly.net/api/register-bidirectional failed to do HTTP request to registration endpoint Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:47Z is after 2021-09-30T14:01:15Z: %!v(MISSING)
[13:53:47] error in registration attempt: Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:47Z is after 2021-09-30T14:01:15Z
[13:53:47] all registration attempt(s) failed
[13:53:48] [3-734a09] Failed to register: registration failed
2023/06/12 13:53:48 Error registering with station: registration failed
2023/06/12 13:53:48 This may be due to high load, trying again.
2023/06/12 13:53:58 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:53:58] [4-30a195] Shared Secret - 30a195ebd23fab6dfae6810fdef7f33762288ce6eb98ccca141a404c1a456b49
[13:53:58] [4-30a195] covert 143.110.214.222:80
[13:53:58] [4-30a195] Representative - 5c86fe6853e252229fb3b89759e50e32a0c57f7df05c6b1e71953a297c852228
2023/06/12 13:53:58 Performing a Conjure registration with domain fronting...
2023/06/12 13:53:58 Conjure station URL: https://registration.refraction.network.global.prod.fastly.net/api
2023/06/12 13:53:58 Domain front: cdn.sstatic.net
[13:53:59] https://registration.refraction.network.global.prod.fastly.net/api/register-bidirectional failed to do HTTP request to registration endpoint Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:58Z is after 2021-09-30T14:01:15Z: %!v(MISSING)
[13:53:59] error in registration attempt: Post "https://cdn.sstatic.net/api/register-bidirectional": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-06-12T13:53:58Z is after 2021-09-30T14:01:15Z
[13:53:59] all registration attempt(s) failed
[13:54:00] [4-30a195] Failed to register: registration failed
2023/06/12 13:54:00 Error registering with station: registration failed
2023/06/12 13:54:00 This may be due to high load, trying again.
2023/06/12 13:54:10 Using the registration API at https://registration.refraction.network.global.prod.fastly.net/api
[13:54:10] [5-791e3c] Shared Secret - 791e3cdebf38b7ea83b9ed5e79940dd76faeeea2db27c2ac265419a477f3101f
[13:54:10] [5-791e3c] covert 143.110.214.222:80
[13:54:10] [5-791e3c] Representative - 57f244948be55576ea255fd5f05588cfaa16f6e474b44a3feaef11bc35dbe2ae
2023/06/12 13:54:10 Performing a Conjure registration with domain fronting...
2023/06/12 13:54:10 Conjure station URL: https://registration.refraction.network
```
Version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/commit/0a7df066c2bdfee194bf81e4f726e2b7e79b52a2Cecylia BocovichCecylia Bocovich