Write reachability tests to verify if obfs4 is working or not
The main goal of this is to determine whether obfs4 bridges are being blocked due to bridge IP enumeration, or if there is something blockable about the obfs4 protocol.
These tests will use new, private (unpublished) obfs4 IP addresses that have not been used for censorship circumvention prior to these tests.
The outcome should be a script that users we reach out to in censored can run from which we can collect metrics about their ability to connect and bandwidth measurements. Before we send out the script we should figure out:
-
Whether we have all necessary metrics on the bridge side to verify if obfs4 is working and whether it is being throttled
-
How we are going to collect the client-side measurement data
Activity
Trac:
Parent Ticket: #29279 (moved)
Trac:
Summary: Add any necessary metrics to verify if obfs4 is working or not to Write reachability tests to verify if obfs4 is working or not
Description: Ensure that we have all necessary metrics to verify if obfs4 is working for users.TODO: Determine what these metrics should be, where they should be added, methods for aggregating them and analyzing them.
to
The main goal of this is to determine whether obfs4 bridges are being blocked due to bridge IP enumeration, or if there is something blockable about the obfs4 protocol.
These tests will use new, private (unpublished) obfs4 IP addresses that have not been used for censorship circumvention prior to these tests.
The outcome should be a script that users we reach out to in censored can run from which we can collect metrics about their ability to connect and bandwidth measurements. Before we send out the script we should figure out:
-
Whether we have all necessary metrics on the bridge side to verify if obfs4 is working and whether it is being throttled
-
How we are going to collect the client-side measurement data
Status: new to assigned
Type: defect to task
Owner: N/A to cohosh
-
Export of bridgetest/ at commit 79f5fd646d49d1156b8ee50ec76b7e846ce348bb of https://www.bamsoftware.com/git/repo.eecs.berkeley.edu/proxy-probe.git
We wrote some obfs4 testing scripts when we were testing in Kazakhstan. You can use them for inspiration. This is an export of the bridgetest/ directory in !https://www.bamsoftware.com/git/repo.eecs.berkeley.edu/proxy-probe.git. proxy-probe-bridgetest.tar.gz
[SITENAME] is an arbitrary identifier for the probe site that you have to choose. Add to crontab to run hourly tests: 0 */1 * * * cd ~/kz && ./bridgetest.sh [SITENAME] Generate a CSV file from logs: find log -name '*.log' | sort | ./makecsv > bridgetest.csv Make a graph: Rscript graph.R bridgetest.csvSome background is here: https://www.bamsoftware.com/proxy-probe/kz-data/ https://www.bamsoftware.com/papers/thesis/#p200 doc/OONI/censorshipwiki/CensorshipByCountry/Kazakhstan#a20348-obfs4 (shows average bootstrap percentages) The tarball I attached to this ticket is slightly newer than the bridgetest-20170525.zip linked there. kz-data-20170525.tar.xz has about 4 months of sample data from US and KZ, including pcaps.
-
Replying to dcf:
We wrote some obfs4 testing scripts when we were testing in Kazakhstan. You can use them for inspiration. This is an export of the bridgetest/ directory in !https://www.bamsoftware.com/git/repo.eecs.berkeley.edu/proxy-probe.git.
Thanks! These are very useful. I've forked this repo here: https://github.com/cohosh/bridgetest and started making modifications for these new tests.
The first thing I did was modify bridgetest to take the bridge lines from an input file since we're using private bridges for this test: https://github.com/cohosh/bridgetest/commit/9a9f6603cba878f7dbf0193be38eb957b83d76ac
And I've added a large (~100M) file download to check for throttling. This might be too large, but no matter the size I'd suggest running this test perhaps 4x a day as opposed to every hour to reduce load on the bridges and the probe sites. This commit adds the file download: https://github.com/cohosh/bridgetest/commit/dcb9daaf41c2898b714291d012e3b06449016ee5
-
Putting this in needs_review to move things along... one thing I can think of that we might want is more granular large file download information as opposed to just "the time it takes to download the entire file". We can of course get this from tcpdump if we can capture on the probe site.
Trac:
Status: assigned to needs_review 
I think the code for this looks good. As there is nothing to merge as such, I'll close the ticket for now.
I think at some point we need to remember to move this code over to the mythical Gitlab instance once that is available.
Trac:
Status: needs_review to closed
Resolution: N/A to implemented-
Replying to dcf:
Replying to cohosh:
And I've added a large (~100M) file download to check for throttling.
Does this mean that there are multiple 100 MB pcaps being produced every day? That could be a lot of data to manage. Or are you not doing full packet capture for this part?
I'm not planning on doing a full packet capture unless the overall results look suspicious, and then I will turn packet capture on to investigate more closely. Perhaps with a smaller file.
