Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T16:48:14Zhttps://gitlab.torproject.org/legacy/trac/-/issues/11954Give yawning push access to /pluggable-transports/goptlib.git.2020-06-13T16:48:14ZDavid Fifielddcf@torproject.orgGive yawning push access to /pluggable-transports/goptlib.git.I'd like yawning to be able to commit to goptlib.I'd like yawning to be able to commit to goptlib.Sebastian HahnSebastian Hahnhttps://gitlab.torproject.org/legacy/trac/-/issues/12087goptlib could provide IsClient()/IsServer().2020-06-13T18:34:54ZYawning Angelgoptlib could provide IsClient()/IsServer().Currently goptlib only provides ClientSetup()/ServerSetup() that will break the pt config protocol if the desired mode happens to not be a client or server.
This makes it somewhat annoying to write obfsproxy style apps with goptlib as t...Currently goptlib only provides ClientSetup()/ServerSetup() that will break the pt config protocol if the desired mode happens to not be a client or server.
This makes it somewhat annoying to write obfsproxy style apps with goptlib as the application must peek at `TOR_PT_[CLIENT,SERVER]_TRANSPORTS` themselves.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/12088goptlib should provide a method for querying the state location.2020-06-13T18:34:55ZYawning Angelgoptlib should provide a method for querying the state location.The only place pluggable transports are allowed to write to is the `TOR_PT_STATE_LOCATION`. goptlib should support querying (and maybe optionally) creating the directory.The only place pluggable transports are allowed to write to is the `TOR_PT_STATE_LOCATION`. goptlib should support querying (and maybe optionally) creating the directory.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/12125Proposal 232 (TOR_PT_PROXY) support for goptlib2020-06-13T18:34:56ZDavid Fifielddcf@torproject.orgProposal 232 (TOR_PT_PROXY) support for goptlibWe should support [proposal 232](https://gitweb.torproject.org/torspec.git/blob/23b94e24f3089ba1a4bcafcc5c92c3753df0f17d:/proposals/232-pluggable-transports-through-proxy.txt)/#8402 (TOR_PT_PROXY) in goptlib.We should support [proposal 232](https://gitweb.torproject.org/torspec.git/blob/23b94e24f3089ba1a4bcafcc5c92c3753df0f17d:/proposals/232-pluggable-transports-through-proxy.txt)/#8402 (TOR_PT_PROXY) in goptlib.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/12535goptlib should expose a SOCKS5 server instead of SOCKS4a.2020-06-15T23:25:22ZYawning Angelgoptlib should expose a SOCKS5 server instead of SOCKS4a.Title says it all.
As far as I am aware goptlib based PTs are the last thing that remains that uses SOCKS4(a), and this is a nice to have for IPv6 and eventual Prop. 229 support.Title says it all.
As far as I am aware goptlib based PTs are the last thing that remains that uses SOCKS4(a), and this is a nice to have for IPv6 and eventual Prop. 229 support.Yawning AngelYawning Angelhttps://gitlab.torproject.org/legacy/trac/-/issues/12930Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" argum...2022-06-17T18:05:55ZYawning AngelSomeone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.Per pt-spec.txt:
```
- ARGS:K=V,K=V,K=V
If this option is set, the K=V arguments are added to Tor's
extrainfo document. Equal signs and commas must be escaped
with a backslash.
```
All of obfs4's server (e...Per pt-spec.txt:
```
- ARGS:K=V,K=V,K=V
If this option is set, the K=V arguments are added to Tor's
extrainfo document. Equal signs and commas must be escaped
with a backslash.
```
All of obfs4's server (extra info) document arguments end with a number of equal signs because they are Base64 strings.
goptlib does the right thing here and escapes the args, so the trailing Base64 padding passed to tor as part of SMETHOD ARGS ends with `\\=`. The fun here is that, tor does not unescape the ARGS line, so `\\=` is what ends up in the extrainfo document on BridgeDB.
The arguments that appear on obfs4 bridge lines should not be escaped, so someone, somewhere between little-t tor, and the place where the arguments appear on whatever BridgeDB frontend the end user sees, needs to unescape the arguments.https://gitlab.torproject.org/legacy/trac/-/issues/13370goptlib double-escapes with backslashes2020-06-13T18:35:07ZDavid Fifielddcf@torproject.orggoptlib double-escapes with backslashesThe [escape function](https://gitweb.torproject.org/pluggable-transports/goptlib.git/blob/refs/tags/0.2:/pt.go#l205) is meant to prevent problematic bytes (specifically \x00 and \x0a) from being emitted in a PT→Tor output line. Because, ...The [escape function](https://gitweb.torproject.org/pluggable-transports/goptlib.git/blob/refs/tags/0.2:/pt.go#l205) is meant to prevent problematic bytes (specifically \x00 and \x0a) from being emitted in a PT→Tor output line. Because, according to [pt-spec.txt](https://gitweb.torproject.org/torspec.git/blob/c6c7404547e0e431232dd1674ff11023a2d6f6bf:/pt-spec.txt#l362),
```
<ArgChar> ::= <any US-ASCII character but NUL or NL>
```
However, the way the function does escaping (prepending with backslashes) conflicts with the established use of backslash to escape [SMETHOD ARGS](https://gitweb.torproject.org/torspec.git/blob/c6c7404547e0e431232dd1674ff11023a2d6f6bf:/pt-spec.txt#l443). As noted in comment:1:ticket:12930, any string that needs escaping in SMETHOD args, like a base64 string that ends with '=', is getting double-escaped.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/14135Incorrect SocksListener temporary error check2020-06-13T18:35:09ZTracIncorrect SocksListener temporary error checkYou can see the code in question -- in `acceptLoop()` -- here:
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-client/meek-client.go#n300
The existing code will treat an error that is not a `net.Error` as temporary...You can see the code in question -- in `acceptLoop()` -- here:
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-client/meek-client.go#n300
The existing code will treat an error that is not a `net.Error` as temporary, which is the reverse of how it should be. See the diff to fix it below.
Note that it is highly unlikely (impossible?) that the existing code would have caused an actual problem.
(The code in question is probably based on [the example](https://github.com/Yawning/goptlib/blob/master/socks.go#L76) in the goptlib code. I have also submitted a [pull request](https://github.com/Yawning/goptlib/pull/1) to fix that example.)
```
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 280ab1b..bb6c0b1 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -303,10 +303,11 @@ func acceptLoop(ln *pt.SocksListener) error {
conn, err := ln.AcceptSocks()
if err != nil {
log.Printf("error in AcceptSocks: %s", err)
- if e, ok := err.(net.Error); ok && !e.Temporary() {
- return err
+ if e, ok := err.(net.Error); ok && e.Temporary() {
+
+ continue
}
- continue
+ return err
}
go func() {
err := handler(conn)
```
**Trac**:
**Username**: adam-pDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/15240Tor starts PTs before creating the extended_orport_auth_cookie file they need2020-06-13T14:44:14ZJens KubiezielTor starts PTs before creating the extended_orport_auth_cookie file they needI'm using 0.2.5.10-1~d70.wheezy+1 from Debian and obfs4proxy 0.0.4-1 to set up a some bridges. My torrc looks like:
```
Address 192.0.2.23
OutboundBindAddress 192.0.2.23
OutboundBindAddress 2001:db8::94de
ORPort 56527
ExtORPort 55009
ORL...I'm using 0.2.5.10-1~d70.wheezy+1 from Debian and obfs4proxy 0.0.4-1 to set up a some bridges. My torrc looks like:
```
Address 192.0.2.23
OutboundBindAddress 192.0.2.23
OutboundBindAddress 2001:db8::94de
ORPort 56527
ExtORPort 55009
ORListenAddress 192.0.2.23:56527
ORListenAddress [2001:db8::94de]:56527
DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
Log notice file /var/log/tor/notices.log
ServerTransportPlugin scramblesuit exec /usr/bin/obfsproxy managed
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy -enableLogging -logLevel=INFO
ServerTransportListenAddr obfs3 192.0.2.23:33027
ServerTransportListenAddr obfs3 [2001:db8::94de]:33027
ServerTransportListenAddr obfs4 192.0.2.23:47131
ServerTransportListenAddr obfs4 [2001:db8::94de]:47131
ServerTransportListenAddr scramblesuit 192.0.2.23:16428
ServerTransportListenAddr scramblesuit [2001:db8::94de]:16428
ContactInfo me@example.org
User debian-tor
RunAsDaemon 1
NumCPUs 1
PublishServerDescriptor 1
SocksPort 0
BridgeRelay 1
Exitpolicy reject *:*
Exitpolicy reject6 *:*
BridgeRecordUsageByCountry 1
ConnDirectionStatistics 1
EntryStatistics 1
ExtraInfoStatistics 1
DynamicDHGroups 1
HardwareAccel 1
```
When I enter the bridge line in TBB 4.5a4, I can't get a connection. Looking at the obfs4proxy.log, I see the message:
> 2015/03/11 22:19:25 [ERROR]: obfs4([scrubbed]:58915) - failed to connect to ORPort: mismatch in server hash
When I comment out the `ExtORPort` line and restart Tor, I can connect to the bridge. If I set `ExtORPort auto` I can't get a connection. Later I'll provide a more detailed log.Tor: 0.2.6.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/15826Check and return error values in goptlib2020-06-13T18:35:14ZSathyanarayanan GunasekaranCheck and return error values in goptlibMake goptlib check and return error values of functions, instead of silently ignoring them.
```
git.torproject.org/pluggable-transports/goptlib.git/pt.go:557:15 defer f.Close()
git.torproject.org/pluggable-transports/goptlib.git/...Make goptlib check and return error values of functions, instead of silently ignoring them.
```
git.torproject.org/pluggable-transports/goptlib.git/pt.go:557:15 defer f.Close()
git.torproject.org/pluggable-transports/goptlib.git/pt.go:629:16 io.WriteString(h, "ExtORPort authentication server-to-client hash")
git.torproject.org/pluggable-transports/goptlib.git/pt.go:630:9 h.Write(clientNonce)
git.torproject.org/pluggable-transports/goptlib.git/pt.go:631:9 h.Write(serverNonce)
git.torproject.org/pluggable-transports/goptlib.git/pt.go:638:16 io.WriteString(h, "ExtORPort authentication client-to-server hash")
git.torproject.org/pluggable-transports/goptlib.git/pt.go:639:9 h.Write(clientNonce)
git.torproject.org/pluggable-transports/goptlib.git/pt.go:640:9 h.Write(serverNonce)
git.torproject.org/pluggable-transports/goptlib.git/pt.go:857:15 s.SetDeadline(time.Now().Add(5 * time.Second))
git.torproject.org/pluggable-transports/goptlib.git/pt.go:868:15 s.SetDeadline(time.Time{})
```https://gitlab.torproject.org/legacy/trac/-/issues/21261goptlib should enforce the `TOR_PT_SERVER_BINDADDR` restriction.2020-06-13T18:35:23ZYawning Angelgoptlib should enforce the `TOR_PT_SERVER_BINDADDR` restriction.Followup from #21136.
`TOR_PT_SERVER_BINDADDR` by spec is limited to one address+port per transport. goptlib should enforce this, and raise an `ENV-ERROR` if anyone tries to specify more than one.
I could add code in obfs4proxy to che...Followup from #21136.
`TOR_PT_SERVER_BINDADDR` by spec is limited to one address+port per transport. goptlib should enforce this, and raise an `ENV-ERROR` if anyone tries to specify more than one.
I could add code in obfs4proxy to check for this, but it's a spec restriction, so goptlib doing the enforcement seems more appropriate.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/25065goptlib doesn't allow optimistic SOCKS data2020-06-13T18:35:25ZDavid Fifielddcf@torproject.orggoptlib doesn't allow optimistic SOCKS datagoptlib [wraps its socket](https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/socks.go?id=a3ad5df6c9e7dc8117f55958b4ce99bf1e0fe291#n203) in a [bufio.ReadWriter](https://golang.org/pkg/bufio/#ReadWriter) while processing ...goptlib [wraps its socket](https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/socks.go?id=a3ad5df6c9e7dc8117f55958b4ce99bf1e0fe291#n203) in a [bufio.ReadWriter](https://golang.org/pkg/bufio/#ReadWriter) while processing the SOCKS handshake. Before returning the socket back to the application, [it makes sure](https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/socks.go?id=a3ad5df6c9e7dc8117f55958b4ce99bf1e0fe291#n437) there is no unread data sitting in the buffer (which would otherwise be lost).
In #24432, we're trying to have Tor Browser use meek-client as a proxy directly, not going through Tor. The problem (comment:19:ticket:24432) is that Tor Browser has a special optimistic data SOCKS patch that causes it to send data exactly where goptlib checks to make sure there isn't any.
A mild rewrite of goptlib's SOCKS code could eliminate the internal buffer and enable Tor Browser's optimistic data.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/26389Remove `handlerChan`, shut down immediately on SIGTERM2020-06-13T18:32:40ZcypherpunksRemove `handlerChan`, shut down immediately on SIGTERMDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/28936Use Travis CI for goptlib.git repositories on Github2020-06-13T18:35:28ZAlexander Færøyahf@torproject.orgUse Travis CI for goptlib.git repositories on GithubMembers on the network team have been happy to use the Travis CI for `tor.git` in the past year or so.
Let's have the same for `goptlib.git` if some people are going to do development there and have their repositories located on Github.Members on the network team have been happy to use the Travis CI for `tor.git` in the past year or so.
Let's have the same for `goptlib.git` if some people are going to do development there and have their repositories located on Github.Tor: unspecifiedDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/28940Add support for LOG to goptlib2020-06-13T18:35:29ZDavid Fifielddcf@torproject.orgAdd support for LOG to goptlibsee:
* #28179 (code changes)
* #28181 (pt-spec changes) _[doesn't seem to be committed yet?]_
ahf made a branch here:
https://github.com/ahf/goptlib/commits/features/loggingsee:
* #28179 (code changes)
* #28181 (pt-spec changes) _[doesn't seem to be committed yet?]_
ahf made a branch here:
https://github.com/ahf/goptlib/commits/features/loggingDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/32056`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowf...2020-06-16T01:08:26ZTrac`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowflakeTBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not...TBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.816 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.948 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: goroutine 1 [running]:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.formatline(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1, 0x1, 0x1)
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:250 +0x267
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.line(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:266 +0x45
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.doError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:271
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.ProxyError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:302
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: main.main()
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/build/snowflake-49a899be452a/client/snowflake.go:158 +0xd81
10/14/19, 10:22:10.951 [WARN] Pluggable Transport process terminated with status code 512
```
TBB version:tor-browser-linux32-9.0a7_en-US.tar.xz
**Trac**:
**Username**: omlnnucihttps://gitlab.torproject.org/legacy/trac/-/issues/32076Update goptlib to v1.1.02020-06-16T01:08:25ZDavid Fifielddcf@torproject.orgUpdate goptlib to v1.1.0Tor Browser currently includes version 0.5. #32056 is caused by a bug that was fixed in goptlib 0.7. Here is a patch to upgrade to the latest v1.1.0.
Here is the diff in goptlib. The most notable change is that it uses SOCKS 5 since ver...Tor Browser currently includes version 0.5. #32056 is caused by a bug that was fixed in goptlib 0.7. Here is a patch to upgrade to the latest v1.1.0.
Here is the diff in goptlib. The most notable change is that it uses SOCKS 5 since version 0.6, not SOCKS 4a.
https://gitweb.torproject.org/pluggable-transports/goptlib.git/diff/?id=v1.1.0&id2=0.5