Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T18:22:00Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34053Update version of wrtc packate for web proxies2020-06-13T18:22:00ZCecylia BocovichUpdate version of wrtc packate for web proxiesWe're currently using version `0.0.62`. I tried an update to the current version `0.4.4` and it works. Let's update to make these a bit more secure.We're currently using version `0.0.62`. I tried an update to the current version `0.4.4` and it works. Let's update to make these a bit more secure.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/34050Restore check for nil writePipe in WebRTCPeer.Close2020-06-13T18:22:00ZDavid Fifielddcf@torproject.orgRestore check for nil writePipe in WebRTCPeer.CloseI removed this check in [047d3214bfb46de07e5d9f223e4fb1ba24584c8a](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=047d3214bfb46de07e5d9f223e4fb1ba24584c8a) because `NewWebRTCPeer` always initializes `writePip...I removed this check in [047d3214bfb46de07e5d9f223e4fb1ba24584c8a](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=047d3214bfb46de07e5d9f223e4fb1ba24584c8a) because `NewWebRTCPeer` always initializes `writePipe`, and it is never reset to `nil`. However tests used `&WebRTCPeer{}` which bypasses `NewWebRTCPeer` and leaves `writePipe` set to `nil`.
From comment:3:ticket:34049.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/34049Fix proxy calls to session description serialization utils2020-06-13T18:21:59ZCecylia BocovichFix proxy calls to session description serialization utilsWhoops, the proxy code wasn't updated after #33897Whoops, the proxy code wasn't updated after #33897Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/34042Reduce DataChannelTimeout2020-06-16T01:12:51ZDavid Fifielddcf@torproject.orgReduce DataChannelTimeoutSince #33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can lower `Data...Since #33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can lower `DataChannelTimeout` to discard non-working proxies more quickly.https://gitlab.torproject.org/legacy/trac/-/issues/34002Remove Snowflake interface, use *WebRTCPeer directly2020-06-13T18:21:58ZDavid Fifielddcf@torproject.orgRemove Snowflake interface, use *WebRTCPeer directlyThe other interfaces in client/lib/interfaces.go exist for the purpose of running tests, but not `Snowflake`. Existing code would not have worked with other types anyway, because it does unchecked `.(*WebRTCPeer)` conversions.The other interfaces in client/lib/interfaces.go exist for the purpose of running tests, but not `Snowflake`. Existing code would not have worked with other types anyway, because it does unchecked `.(*WebRTCPeer)` conversions.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33997Don't do a separate check for a short write2020-06-13T18:21:58ZDavid Fifielddcf@torproject.orgDon't do a separate check for a short writeMinor refactoring in the course of doing #33897.Minor refactoring in the course of doing #33897.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33996Simplify Peers.Pop2020-06-13T18:21:57ZDavid Fifielddcf@torproject.orgSimplify Peers.PopA minor refactoring that came up while working on #33897.A minor refactoring that came up while working on #33897.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33995Move pc.CreateOffer and pc.SetLocalDescription out of a goroutine2020-06-13T18:21:57ZDavid Fifielddcf@torproject.orgMove pc.CreateOffer and pc.SetLocalDescription out of a goroutineThis code was formerly the `OnNegotiationNeeded` handler before the switch on pion (comment:28:ticket:28942). We are blocking on `offerChannel` anyway, so we may as well run these operations synchronously and use a normal error return.This code was formerly the `OnNegotiationNeeded` handler before the switch on pion (comment:28:ticket:28942). We are blocking on `offerChannel` anyway, so we may as well run these operations synchronously and use a normal error return.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33994Remove now-unused Resetter interface2020-06-13T18:21:57ZDavid Fifielddcf@torproject.orgRemove now-unused Resetter interfaceThe `WaitForReset` method is unused since #33745 was merged.The `WaitForReset` method is unused since #33745 was merged.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33984Disable trickle ICE in client2020-06-13T18:21:56ZDavid Fifielddcf@torproject.orgDisable trickle ICE in clienthttps://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h=no-trickle-ice&id=8bb114471572dea0c313d039626cc306a8b92cc8
As mentioned at
https://bugs.torproject.org/28942#comment:28
https://bugs.torproject.org/33157#comment:2https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h=no-trickle-ice&id=8bb114471572dea0c313d039626cc306a8b92cc8
As mentioned at
https://bugs.torproject.org/28942#comment:28
https://bugs.torproject.org/33157#comment:2David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33982Simplify and refactor BytesSyncLogger2020-06-13T18:21:56ZDavid Fifielddcf@torproject.orgSimplify and refactor BytesSyncLoggerhttps://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141
https://gitweb.torproject.org/user/dcf/snowflake.git/diff/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7...https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141
https://gitweb.torproject.org/user/dcf/snowflake.git/diff/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141&id2=65ecb798ca8842a431214c2aa5133620e576c5f3
No longer needs a separate `go logger.Log()` in the caller.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33897Remove buffering from WebRTCPeer2020-06-16T01:12:51ZDavid Fifielddcf@torproject.orgRemove buffering from WebRTCPeer`WebRTCPeer` has a `buffer` that is used to hold bytes until the data channel is connected. We should remove it after the turbotunnel changes are merged (#33745). What ends up happening is the reliability layer ends up retransmitting pac...`WebRTCPeer` has a `buffer` that is used to hold bytes until the data channel is connected. We should remove it after the turbotunnel changes are merged (#33745). What ends up happening is the reliability layer ends up retransmitting packets as they sit in the buffer, and when the data channel is finally established, all those old useless packets get sent in a mass. It's better to just drop those packets on the floor before the data channel exists.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33884Meek-Azure and SnowFlake are still broken2020-06-13T18:21:54ZTracMeek-Azure and SnowFlake are still brokenMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zhttps://gitlab.torproject.org/legacy/trac/-/issues/33800Remove uniuri dependency2020-06-13T18:21:53ZDavid Fifielddcf@torproject.orgRemove uniuri dependencyuniuri is only used in a minor way, to generate a random string for local identification of a snowflake client.uniuri is only used in a minor way, to generate a random string for local identification of a snowflake client.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33756Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor netw...2020-06-13T18:21:53ZTracHello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control ne...Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] Switching to guard context "bridges" (was using "default")
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
3/29/20, 06:55:12.400 [NOTICE] Opened Socks listener on 127.0.0.1:9150
3/29/20, 06:55:12.400 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a8_en-US.tar.xz/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
3/29/20, 06:55:12.943 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
3/29/20, 06:55:12.945 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
3/29/20, 06:55:21.537 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/29/20, 06:55:51.792 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
3/29/20, 06:55:51.793 [WARN] 1 connections have failed:
3/29/20, 06:55:51.793 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
3/29/20, 06:55:51.814 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
3/29/20, 06:55:51.814 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:51.815 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file. Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/legacy/trac/-/issues/33745Merge a turbotunnel branch2022-06-01T19:48:57ZDavid Fifielddcf@torproject.orgMerge a turbotunnel branchSnowflake turbo tunnel features have now been through a test deployment (#33336) and a few iterations of Tor Browser packages. There haven't been as many test reports as I'd like, but what testing there has been has been mostly positive....Snowflake turbo tunnel features have now been through a test deployment (#33336) and a few iterations of Tor Browser packages. There haven't been as many test reports as I'd like, but what testing there has been has been mostly positive. Turbo tunnel–like features are a dependency of some of the tasks for a stable release of Snowflake (#19001). So we should merge it.
Some sub-tasks:
* Decide between the [KCP](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-kcp) and [QUIC branch](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-quic).
* Test without `LearnCircuitBuildTimeout 0` and find another workaround, if necessary. See comment:15:ticket:33336.
* Rebase and clean history of the chosen branch.
* Redeploy bridge from master.
Summary of turbo tunnel development history till now:
* [Turbo Tunnel in Snowflake](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000059.html)
* [Second draft of Turbo Tunnel Snowflake packages](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000074.html)
* [Third draft of Turbo Tunnel Snowflake packages](https://lists.torproject.org/pipermail/anti-censorship-team/2020-March/000075.html)
* [[ticket:33336|Trial deployment of Snowflake with Turbo Tunnel]]
* [[ticket:33519|Support multiple simultaneous SOCKS connections]]
One bug that may or not be snowflake's fault:
* [[#33669|"Pluggable Transport process terminated" but Tor keeps on going (and of course doesn't work)]]David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33744Remove local LAN address ICE candidates from JS proxy answer2020-06-13T18:21:50ZArlo BreaultRemove local LAN address ICE candidates from JS proxy answerThis is a follow up from #19026 where it was done for the clients and golang proxies.This is a follow up from #19026 where it was done for the clients and golang proxies.https://gitlab.torproject.org/legacy/trac/-/issues/33666Investigate Snowflake proxy failures2020-06-13T18:21:49ZCecylia BocovichInvestigate Snowflake proxy failuresSometimes a client will get a useless proxy from the broker. At times this happens occasionally, and at times more often. It could be a NAT problem.Sometimes a client will get a useless proxy from the broker. At times this happens occasionally, and at times more often. It could be a NAT problem.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/33665Add command-line options for unsafe logging2020-06-13T18:21:48ZDavid Fifielddcf@torproject.orgAdd command-line options for unsafe loggingMoved from comment:4:ticket:33157
>>> Something like that patch was useful when working on #19026 so would you consider merging, https://github.com/keroserene/snowflake/commit/dbd733e4b1430c046ec11e8052efdbac6010e58a
>>>
>> It's okay wi...Moved from comment:4:ticket:33157
>>> Something like that patch was useful when working on #19026 so would you consider merging, https://github.com/keroserene/snowflake/commit/dbd733e4b1430c046ec11e8052efdbac6010e58a
>>>
>> It's okay with me but I would call the option --unsafe-logging instead of --unsafeLogging to match the style of the other options.
>>
> In `broker/broker.go`, yes, dashes are used (ex. `disable-tls`, `acme-email`, etc), however, in `client/snowflake.go` we have camel casing (ex. `logToStateDir`, `keepLocalAddresses`, etc)
>
> We should probably consolidate this now. I imagine your preference is for the former?Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/legacy/trac/-/issues/33644Upgrade tor on Snowflake bridge for TROVE-2020-0022020-06-13T18:21:47ZDavid Fifielddcf@torproject.orgUpgrade tor on Snowflake bridge for TROVE-2020-002[New stable Tor releases: 0.3.5.10, 0.4.1.9, and 0.4.2.7](https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html)
> These releases fix a couple of denial-of-service vulnerabilities. Everybody running an older version ...[New stable Tor releases: 0.3.5.10, 0.4.1.9, and 0.4.2.7](https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html)
> These releases fix a couple of denial-of-service vulnerabilities. Everybody running an older version should upgrade as packages become available.
Upgrading tor may require an [OS upgrade](https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html) from Debian stretch (oldstable) to buster (stable), and/or a switch to the [torproject.org package repository](https://support.torproject.org/apt/tor-deb-repo/). Currently the bridge is on stretch, whose available version is [0.2.9.16-1](https://packages.debian.org/stretch/tor).David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.org