Snowflake issueshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues2021-05-20T19:41:13Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31423Improve building documentation2021-05-20T19:41:13ZTracImprove building documentationIn the snowflake monorepo it isn't clear which project does what.
For example the server-webrtc's readme doesn't specify clearly what it is nor what it does, it also has some config and bash lines without much explanation of why.
It wo...In the snowflake monorepo it isn't clear which project does what.
For example the server-webrtc's readme doesn't specify clearly what it is nor what it does, it also has some config and bash lines without much explanation of why.
It would be useful to be more detailed in this kind of documentation for those interested in running a broker, snowflake/proxy or server.
**Trac**:
**Username**: sernaSponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31425Snowflake broker is sluggish and sometimes fails2022-07-09T04:20:15ZCecylia BocovichSnowflake broker is sluggish and sometimes failsThis morning while trying to deploy a change I noticed that my SSH connection is extremely sluggish.
I'm also getting a lot of timeouts at the client:
```
2019/08/16 15:37:54 Negotiating via BrokerChannel...
Target URL: snowflake-broke...This morning while trying to deploy a change I noticed that my SSH connection is extremely sluggish.
I'm also getting a lot of timeouts at the client:
```
2019/08/16 15:37:54 Negotiating via BrokerChannel...
Target URL: snowflake-broker.azureedge.net
Front URL: ajax.aspnetcdn.com
2019/08/16 15:38:05 BrokerChannel Response:
504 Gateway Timeout
2019/08/16 15:38:05 BrokerChannel Error: Unexpected error, no answer.
2019/08/16 15:38:05 Failed to retrieve answer. Retrying in 10 seconds
```
Some requests go through, but the timeouts seem to be occurring more frequently. At first glance, this doesn't seem to be a CPU or memory resources consumption problem. Maybe there's a data transfer limit we're hitting?David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31453Are the @2x and @3x graphics doing anything?2020-06-27T13:40:22ZDavid Fifielddcf@torproject.orgAre the @2x and @3x graphics doing anything?The [proxy/static/assets](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/static/assets?id=f9173f61a2c90fbc2979f8f73ab79a1a5bc90eee) directory contains @2x and @3x hi-res versions of the status-off, status-on,...The [proxy/static/assets](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/static/assets?id=f9173f61a2c90fbc2979f8f73ab79a1a5bc90eee) directory contains @2x and @3x hi-res versions of the status-off, status-on, and status-running icons.
But the @2x and @3x filenames are not referred to anywhere. I suspect they were intended to be included in a [resolution @media query](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/resolution), but they are not.
Rather than adding the @media queries, could we just delete all the PNGs and use only SVGs in the popup? In the toolbar icon we cannot use SVG, but those graphics are separate from the popup ones.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31454Rebuild and redeploy broker and bridge using Go 1.11.13+ / 1.12.8+2020-06-27T13:40:22ZDavid Fifielddcf@torproject.orgRebuild and redeploy broker and bridge using Go 1.11.13+ / 1.12.8+These versions fix a denial-of-service vulnerability in the HTTP/2 server code.
https://groups.google.com/d/msg/golang-announce/65QixT3tcmg/DrFiG6vvCwAJ
> We have just released Go 1.12.8 and Go 1.11.13 to address recently reported secur...These versions fix a denial-of-service vulnerability in the HTTP/2 server code.
https://groups.google.com/d/msg/golang-announce/65QixT3tcmg/DrFiG6vvCwAJ
> We have just released Go 1.12.8 and Go 1.11.13 to address recently reported security issues. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.12.8).
> * net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
>
> net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages.
>
> The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue [golang.org/issue/33606](https://golang.org/issue/33606).
>
> This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2.
>
> * net/url: parsing validation issue
>
> url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse.
>
> The issue is CVE-2019-14809 and Go issue [golang.org/issue/29098](https://golang.org/issue/29098).Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31460Don't reveal proxy IDs in broker /debug2020-06-27T13:40:22ZPhilipp Winterphw@torproject.orgDon't reveal proxy IDs in broker /debugWe just had the following discussion on IRC.
```
serna> If there are two proxies with the same sessionID
serna> When the broker does the proxyAnswers it does the idToSnowflake which proxy would it return?
serna> Suppose I'm an attacker...We just had the following discussion on IRC.
```
serna> If there are two proxies with the same sessionID
serna> When the broker does the proxyAnswers it does the idToSnowflake which proxy would it return?
serna> Suppose I'm an attacker, I would go to the broker's /debug page, scrape all the IDs and start sending requests to /proxy with those IDs continuously
phw> cohosh, dcf1: ^
phw> that's an interesting point. i'm not familiar enough with the code to answer this question but i'll forward it to snowflake's maintainers
serna> phw: I did a little PoC with two proxies sending the same id and the broker didnt care, but the dangerous part is when an offer is accepted by the proxy and it sends the answer
[...]
phw> serna: this would effectively be a DoS issue, right? it may allow you to disable a given proxy.
serna> phw: yes I believe it would be. If it works like I think it could disable every proxy connected to the broker
```
Is this an issue in our broker implementation?Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31493Add a version to the metrics output2020-06-27T13:40:21ZCecylia BocovichAdd a version to the metrics outputAs discussed in legacy/trac#29461, it would be a good idea to add a version number to the snowflake broker metrics spec.
Here's the new spec with the version number included in "snowflake-stats-end": https://github.com/cohosh/snowflake/...As discussed in legacy/trac#29461, it would be a good idea to add a version number to the snowflake broker metrics spec.
Here's the new spec with the version number included in "snowflake-stats-end": https://github.com/cohosh/snowflake/compare/specCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31496Mixed file ownership prevents updating snowflake.torproject.org files2020-06-27T13:40:21ZDavid Fifielddcf@torproject.orgMixed file ownership prevents updating snowflake.torproject.org filesI was just now trying to redeploy the badge using the instructions at
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/README.md?id=0ef7c6f1fa6abc5ffeff455be0143efce0adb207#n44
But the `rsync` fails with "Pe...I was just now trying to redeploy the badge using the instructions at
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/README.md?id=0ef7c6f1fa6abc5ffeff455be0143efce0adb207#n44
But the `rsync` fails with "Permission denied" errors:
```
snowflake/proxy$ rsync --delete -crv build/ staticiforme:/srv/snowflake.torproject.org/htdocs/
sending incremental file list
embed.css
embed.html
embed.js
index.html
popup.js
rsync: delete_file: unlink(assets/status-running.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on@3x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on@2x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off@3x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off@2x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off.png) failed: Permission denied (13)
_locales/
_locales/en_US/
_locales/en_US/messages.json
assets/arrowhead-right-12.svg
assets/arrowhead-right-dark-12.svg
assets/status-off-dark.svg
assets/status-off.svg
assets/status-on-dark.svg
assets/status-on.svg
assets/status-running.svg
assets/toolbar-off-48.png
assets/toolbar-off-96.png
assets/toolbar-off.svg
assets/toolbar-on-48.png
assets/toolbar-on-96.png
assets/toolbar-on.svg
assets/toolbar-running-48.png
assets/toolbar-running-96.png
assets/toolbar-running.svg
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.arrowhead-right-12.svg.g5Axz0" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.arrowhead-right-dark-12.svg.pik9X3" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-off-dark.svg.eqlLm7" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-off.svg.th1nLa" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-on-dark.svg.4BnmGe" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-on.svg.91elBi" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-running.svg.SA0kwm" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off-48.png.lZblrq" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off-96.png.sTslmu" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off.svg.le4ZFy" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on-48.png.wWbFZC" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on-96.png.5ZCkjH" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on.svg.slN0CL" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running-48.png.DSmHWP" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running-96.png.ux2BhU" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running.svg.7UlxCY" failed: Permission denied (13)
```
The problem is that some files/directories are owned by arlo and some are owned by dcf, and we cannot overwrite each other's files.
```
dcf@staticiforme:/srv/snowflake.torproject.org/htdocs$ ls -l
total 784
drwxr-sr-x 2 arlo snowflake 4096 Jul 31 22:01 assets
-rw-r--r-- 1 arlo snowflake 5321 Jul 13 15:32 chrome150.jpg
-rw-r--r-- 1 dcf snowflake 2912 Aug 24 00:35 embed.css
-rw-r--r-- 1 dcf snowflake 851 Aug 24 00:35 embed.html
-rw-r--r-- 1 dcf snowflake 30183 Aug 24 00:35 embed.js
-rw-r--r-- 1 arlo snowflake 44930 Jul 13 15:32 firefox150.jpg
-rw-r--r-- 1 arlo snowflake 1255 Jul 31 19:51 index.css
-rw-rw-r-- 1 dcf snowflake 3913 Aug 24 00:35 index.html
drwxr-sr-x 3 dcf snowflake 4096 Aug 24 00:35 _locales
-rw-r--r-- 1 dcf snowflake 1396 Aug 24 00:35 popup.js
-rw-r--r-- 1 arlo snowflake 377507 Jul 13 15:32 screenshot.png
-rw-r--r-- 1 arlo snowflake 293516 Jul 13 15:32 SourceSansPro-Regular.ttf
-rw-r--r-- 1 arlo snowflake 10042 Jul 13 15:32 tor-logo@2x.png
```
For now, I've made all the files owned by dcf group-writable using `chmod -R g+w /srv/snowflake.torproject.org/htdocs`, so at least also will be able to update. arlo, if you can make your files group-writable as well, that will solve the immediate problem. Then we need to find out how to make the files group-writable by default, or something.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31497Link Cupcake from snowflake.torproject.org2020-06-27T13:40:21ZDavid Fifielddcf@torproject.orgLink Cupcake from snowflake.torproject.orghttps://snowflake.torproject.org/#extension links to the snowflake.git extensions, but not Cupcake. We should link to Cupcake as well. We can say that all the options are equivalent in functionality; they are alternative user interfaces;...https://snowflake.torproject.org/#extension links to the snowflake.git extensions, but not Cupcake. We should link to Cupcake as well. We can say that all the options are equivalent in functionality; they are alternative user interfaces; Cupcake is only for Chrome; and Cupcake can run as a background app (legacy/trac#31288).
I believe this is the correct link to Cupcake on the Chrome web store:
https://chrome.google.com/webstore/detail/cupcake/dajjbehmbnbppjkcnpdkaniapgdppdncDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31503Hello, currently, in China, I can't open any webpage in 9.0a4 version Tor bro...2023-08-01T23:43:21ZTracHello, currently, in China, I can't open any webpage in 9.0a4 version Tor browser through snowflake bridgeHello, currently, in China, I can't open any webpage in 9.0a4 version Tor browser through snowflake bridge. I can connect to Tor network through snowflake bridge. But I can't open any webpage in 9.0a4 version Tor browser. I upload my tor...Hello, currently, in China, I can't open any webpage in 9.0a4 version Tor browser through snowflake bridge. I can connect to Tor network through snowflake bridge. But I can't open any webpage in 9.0a4 version Tor browser. I upload my torrc-defaults file, my torrc file and my state file. Thank you so much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31522Update broker/bridge to torproject.net domains in source code2023-07-29T22:34:29ZDavid Fifielddcf@torproject.orgUpdate broker/bridge to torproject.net domains in source codeTag [webext-0.0.10](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tag/?h=webext-0.0.10) is still using bamsoftware.com domains in proxy-go/, and freehaven.net domains (from legacy/trac#31250) in proxy/. Is it desired a...Tag [webext-0.0.10](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tag/?h=webext-0.0.10) is still using bamsoftware.com domains in proxy-go/, and freehaven.net domains (from legacy/trac#31250) in proxy/. Is it desired at this point to make them use the torproject.net domains from comment:13:ticket:31232 instead?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31537snowflake.tp.o could use a favicon2020-06-27T13:40:21Zcypherpunkssnowflake.tp.o could use a faviconhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31685Snowflake : ON/OFF switch2020-06-27T13:40:21ZcypherpunksSnowflake : ON/OFF switchThe ON/OFF switch is not user friendly,
Maybe change the "Turn on" by "State : off" & "Turn off" by "State : on" ?
Or just setup a static string with "State" ?
Thanks
G.The ON/OFF switch is not user friendly,
Maybe change the "Turn on" by "State : off" & "Turn off" by "State : on" ?
Or just setup a static string with "State" ?
Thanks
G.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31765Join the Recommended Extensions program2020-06-27T13:40:20ZcypherpunksJoin the Recommended Extensions programhttps://support.mozilla.org/en-US/kb/recommended-extensions-program
with
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Security_best_practiceshttps://support.mozilla.org/en-US/kb/recommended-extensions-program
with
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Security_best_practiceshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31794Errors swallowed2020-06-27T13:40:20ZTracErrors swallowedI've run golangci-lint against the current code and there are a number of errcheck, golint, and govet issues raised.
An example is in the directory snowflake/server-webrtc and is pasted below. The error messages are trivial to update to...I've run golangci-lint against the current code and there are a number of errcheck, golint, and govet issues raised.
An example is in the directory snowflake/server-webrtc and is pasted below. The error messages are trivial to update to meet with conventions.
But I have a query about how to deal with the errors not being handled.
For example pw.CloseWithError(err) can generate an error, should that error merely be logged, or should some other action take place (an error sent to the user perhaps?)
```
http.go:26:10: Error return value of `w.Write` is not checked (errcheck)
w.Write([]byte(`HTTP signaling channel
^
http.go:60:9: Error return value of `w.Write` is not checked (errcheck)
w.Write([]byte(pc.LocalDescription().Serialize()))
^
snowflake.go:32:10: Error return value of `io.Copy` is not checked (errcheck)
io.Copy(b, a)
^
snowflake.go:36:10: Error return value of `io.Copy` is not checked (errcheck)
io.Copy(a, b)
^
snowflake.go:144:22: Error return value of `pw.CloseWithError` is not checked (errcheck)
pw.CloseWithError(err)
^
snowflake.go:156:13: Error return value of `pc.Destroy` is not checked (errcheck)
pc.Destroy()
^
snowflake.go:164:13: Error return value of `pc.Destroy` is not checked (errcheck)
pc.Destroy()
^
snowflake.go:169:13: Error return value of `pc.Destroy` is not checked (errcheck)
pc.Destroy()
^
snowflake.go:225:19: Error return value of `pt.SmethodError` is not checked (errcheck)
pt.SmethodError(bindaddr.MethodName, "no such method")
^
snowflake.go:239:11: Error return value of `io.Copy` is not checked (errcheck)
io.Copy(ioutil.Discard, os.Stdin)
^
snowflake.go:82:20: error strings should not be capitalized or end with punctuation or a newline (golint)
return fmt.Errorf("SetDeadline not implemented")
^
snowflake.go:86:20: error strings should not be capitalized or end with punctuation or a newline (golint)
return fmt.Errorf("SetReadDeadline not implemented")
^
snowflake.go:90:20: error strings should not be capitalized or end with punctuation or a newline (golint)
return fmt.Errorf("SetWriteDeadline not implemented")
^
snowflake.go:230:24: should drop = 0 from declaration of var numHandlers; it is the zero value (golint)
var numHandlers int = 0
^
snowflake.go:142:7: shadow: declaration of "err" shadows declaration at line 116 (govet)
n, err := pw.Write(msg)
^
snowflake.go:193:6: shadow: declaration of "err" shadows declaration at line 183 (govet)
f, err := os.OpenFile(logFilename, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
```
**Trac**:
**Username**: sahhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/30579Add more STUN servers to the default snowflake configuration in Tor Browser2023-08-02T00:02:28ZCecylia BocovichAdd more STUN servers to the default snowflake configuration in Tor BrowserRight now snowflake blocking in China is happening in the client's connection to the default STUN server (which is set to Google's STUN servers). We should add more STUN servers, including ones that are popular in regions that are trying...Right now snowflake blocking in China is happening in the client's connection to the default STUN server (which is set to Google's STUN servers). We should add more STUN servers, including ones that are popular in regions that are trying to block snowflake so that blocking this stage causes more collateral damage.Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31818Hello, today after about two hours, I can't open any webpage in Tor browser t...2023-08-01T23:58:38ZTracHello, today after about two hours, I can't open any webpage in Tor browser through Snowflake bridge.Hello, today after about two hours, I can't open any webpage in Tor browser through Snowflake bridge. Today, at first, I can normally open webpages in Tor browser through Snowflake bridge. After about two hours, I can't open any webpage ...Hello, today after about two hours, I can't open any webpage in Tor browser through Snowflake bridge. Today, at first, I can normally open webpages in Tor browser through Snowflake bridge. After about two hours, I can't open any webpage in Tor browser through Snowflake bridge. I don't know whether China's firewall can detect the Snowflake bridge that I use. I upload my state file and my torrc file. Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31843Make safelogger thread safe2020-06-27T13:40:20ZCecylia BocovichMake safelogger thread safeIt would be nice to pass the output of the safe logger to libraries so that we can log errors that occur in library functions. Right now the safelogger is not thread safe. Multiple calls to Write from different threads results in race co...It would be nice to pass the output of the safe logger to libraries so that we can log errors that occur in library functions. Right now the safelogger is not thread safe. Multiple calls to Write from different threads results in race conditions.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31889Rebuild and redeploy broker and bridge using Go 1.12.10+ / 1.13.1+2020-06-27T13:40:20ZDavid Fifielddcf@torproject.orgRebuild and redeploy broker and bridge using Go 1.12.10+ / 1.13.1+https://groups.google.com/d/msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
> We have just released Go 1.13.1 and Go 1.12.10 to address a recently reported security issue. We recommend that all affected users update to one of these releases...https://groups.google.com/d/msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
> We have just released Go 1.13.1 and Go 1.12.10 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you’re not sure which, choose Go 1.13.1).
>
> net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or [request smuggling](https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn), the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications.
>
> The issue is CVE-2019-16276 and Go issue https://golang.org/issue/34540.
It doesn't look like this is urgent for us, given the details of our deployment.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31902Add a short FAQ to snowflake.tp.o2021-07-09T18:26:26ZArlo BreaultAdd a short FAQ to snowflake.tp.oThis should include explanations for the missing feature error messages. See comment:13:ticket:31391This should include explanations for the missing feature error messages. See comment:13:ticket:31391https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31930Hello, Currently, Tor Browser 9.0a7 can't connect to Tor network through Snow...2023-08-02T00:00:14ZTracHello, Currently, Tor Browser 9.0a7 can't connect to Tor network through Snowflake bridge.Hello, Currently, Tor Browser 9.0a7 can't connect to Tor network through Snowflake bridge.
Below are Tor log messages.
```
10/2/19, 08:04:51.299 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connection...Hello, Currently, Tor Browser 9.0a7 can't connect to Tor network through Snowflake bridge.
Below are Tor log messages.
```
10/2/19, 08:04:51.299 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:04:56.280 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:04:56.280 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:04:56.280 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:04:56.280 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/2/19, 08:04:56.280 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/2/19, 08:04:57.267 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/2/19, 08:04:57.269 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/2/19, 08:05:22.368 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/2/19, 08:05:52.390 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/2/19, 08:05:52.390 [WARN] 1 connections have failed:
10/2/19, 08:05:52.391 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/2/19, 08:05:52.405 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/2/19, 08:05:52.405 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:05:52.405 [WARN] Pluggable Transport process terminated with status code 0
10/2/19, 08:06:00.472 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:06:00.473 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:06:00.473 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:06:00.473 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/2/19, 08:06:00.473 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/2/19, 08:06:51.913 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 2; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/2/19, 08:06:51.914 [WARN] 2 connections have failed:
10/2/19, 08:06:51.914 [WARN] 2 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/2/19, 08:06:51.925 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/2/19, 08:06:51.925 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/2/19, 08:06:51.925 [WARN] Pluggable Transport process terminated with status code 0
```
stun.ekiga.net is not blocked by China's firewall.
Below are the Ping results of stun.ekiga.net.
```
ping stun.ekiga.net
PING stun.ekiga.net (216.93.246.18) 56(84) bytes of data.
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=1 ttl=48 time=268 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=2 ttl=48 time=257 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=3 ttl=48 time=240 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=4 ttl=48 time=287 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=5 ttl=48 time=278 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=6 ttl=48 time=282 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=7 ttl=48 time=258 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=8 ttl=48 time=284 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=9 ttl=48 time=283 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=10 ttl=48 time=276 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=11 ttl=48 time=278 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=12 ttl=48 time=252 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=13 ttl=48 time=279 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=14 ttl=48 time=266 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=15 ttl=48 time=273 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=16 ttl=48 time=238 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=17 ttl=48 time=281 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=18 ttl=48 time=266 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=19 ttl=48 time=270 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=20 ttl=48 time=267 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=21 ttl=48 time=248 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=22 ttl=48 time=267 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=23 ttl=48 time=261 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=24 ttl=48 time=272 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=25 ttl=48 time=231 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=26 ttl=48 time=261 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=27 ttl=48 time=283 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=28 ttl=48 time=282 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=29 ttl=48 time=274 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=30 ttl=48 time=270 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=31 ttl=48 time=254 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=32 ttl=48 time=269 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=33 ttl=48 time=251 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=34 ttl=48 time=223 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=35 ttl=48 time=258 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=36 ttl=48 time=279 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=37 ttl=48 time=269 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=38 ttl=48 time=272 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=40 ttl=48 time=262 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=41 ttl=48 time=252 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=42 ttl=48 time=252 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=43 ttl=48 time=256 ms
64 bytes from 216.93.246.18 (216.93.246.18): icmp_seq=44 ttl=48 time=269 ms
^C
--- stun.ekiga.net ping statistics ---
44 packets transmitted, 43 received, 2% packet loss, time 48162ms
rtt min/avg/max/mdev = 223.962/265.583/287.125/14.651 ms
```
I will upload my state file.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31960Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor n...2023-08-01T23:59:57ZTracHello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridgeHello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge
Below are the Tor log messages.
```
10/4/19, 04:44:38.869 [NOTICE] DisableNetwork is set. Tor will not make or acc...Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge
Below are the Tor log messages.
```
10/4/19, 04:44:38.869 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/4/19, 04:44:44.387 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/4/19, 04:44:45.248 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/4/19, 04:44:45.250 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/4/19, 04:45:08.319 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/4/19, 04:45:38.337 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/4/19, 04:45:38.338 [WARN] 1 connections have failed:
10/4/19, 04:45:38.338 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/4/19, 04:45:38.357 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/4/19, 04:45:38.357 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:45:38.358 [WARN] Pluggable Transport process terminated with status code 0
```
snowflake-broker.azureedge.net are not blocked by China's firewall.
ajax.aspnetcdn.com are not blocked by China's firewall.
stun.ekiga.net are not blocked by China's firewall.
I will upload my state file.
Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31971Snowflake is *consistently* extremely slow when using the Windows build2020-06-27T13:40:19ZcypherpunksSnowflake is *consistently* extremely slow when using the Windows buildSnowflake is *consistently* extremely slow when using the Windows build, I tried 5 times by restarting the browser and I always get 20kb/s max. In my Linux machine it works normally.Snowflake is *consistently* extremely slow when using the Windows build, I tried 5 times by restarting the browser and I always get 20kb/s max. In my Linux machine it works normally.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32046Stop counting handlers2020-06-27T13:40:19ZDavid Fifielddcf@torproject.orgStop counting handlersThe transport programs (client, server, and server-webrtc) have some obsolete handler-counting code that tries to keep the process alive until all ongoing connections have terminated. This is a remnant of an earlier version of pt-spec th...The transport programs (client, server, and server-webrtc) have some obsolete handler-counting code that tries to keep the process alive until all ongoing connections have terminated. This is a remnant of an earlier version of pt-spec that prescribed different handling of SIGINT and SIGTERM, and required this behavior on SIGTERM. pt-spec has since changed to no longer mention SIGINT, and prescribe immediate shutdown (terminating ongoing handlers) on SIGTERM.
Here's background: comment:5:ticket:26389.
Here's the corresponding change in meek: https://gitweb.torproject.org/pluggable-transports/meek.git/commit/?id=c7541223c704f76cb45a4e20bd20d963ea8d1fc7David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32129Increase Snowflake proxy poll interval to 300 s2023-08-01T23:48:32ZDavid Fifielddcf@torproject.orgIncrease Snowflake proxy poll interval to 300 sThe Snowflake proxies are polling the broker more frequently than necessary for the number of clients we have. The broker reports about 500 proxies currently, which at the current poll interval of 20 s, is 25 polls/s.
At the [anti-censo...The Snowflake proxies are polling the broker more frequently than necessary for the number of clients we have. The broker reports about 500 proxies currently, which at the current poll interval of 20 s, is 25 polls/s.
At the [anti-censorship meeting today](http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-10-17-16.59.log.html) we talked about increasing the interval to 300 s, which would still give us an expected time-to-proxy-assignment of less than 1 s.
```
17:41:02 <dcf1> A few weeks ago I tailed the log of the broker, and requests were coming in furiously.
17:41:23 <dcf1> Lately those particular log lines have been removed, so it's not as apparent, but according to https://snowflake-broker.bamsoftware.com/debug there's 500 proxies,
17:41:39 <dcf1> and with a poll interval of 20 s, that's 25 incoming proxy requests per second.
17:41:42 <arma2> i liked the idea of having the broker tell each snowflake when to come back
17:41:59 <dcf1> Something on the order of 1 or 2 per second is probably adequate.
17:42:07 <cohosh> arma2: serna has started on that ticket
17:42:14 <cohosh> i agree
17:42:23 <dcf1> arma2: yeah that's #25598, serna ran into some trouble with that.
17:42:42 <cohosh> we have metrics of how many idle proxies we have: https://metrics.torproject.org/collector/archive/snowflakes/
17:42:57 <cohosh> and it is orders of magnitude more than the the number of client matches
17:43:31 <dcf1> Anyway, I think an interval of around 300 seconds would be workable.
17:43:37 <cohosh> sounds good
```https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32131`SetDeadline not implemented` errors in proxy-go output2020-06-27T13:40:19ZDavid Fifielddcf@torproject.org`SetDeadline not implemented` errors in proxy-go outputAt da8b98d09089e32d53573a1cabcb450aa290b4c8, running proxy-go and getting assigned a client (as in comment:13:ticket:29258) causes a lot of output of this nature:
```
2019/10/17 19:47:02 connected to relay
2019/10/17 19:47:02 calling Set...At da8b98d09089e32d53573a1cabcb450aa290b4c8, running proxy-go and getting assigned a client (as in comment:13:ticket:29258) causes a lot of output of this nature:
```
2019/10/17 19:47:02 connected to relay
2019/10/17 19:47:02 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:02 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:02 calling SetDeadline in Write returned the following error: SetDeadline not implemented
2019/10/17 19:47:02 Write 751 bytes --> WebRTC
2019/10/17 19:47:02 OnMessage <--- 126 bytes
2019/10/17 19:47:02 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:02 calling SetDeadline in Write returned the following error: SetDeadline not implemented
2019/10/17 19:47:02 Write 51 bytes --> WebRTC
2019/10/17 19:47:02 OnMessage <--- 40 bytes
2019/10/17 19:47:02 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:03 calling SetDeadline in Write returned the following error: SetDeadline not implemented
2019/10/17 19:47:03 Write 1508 bytes --> WebRTC
2019/10/17 19:47:03 OnMessage <--- 1057 bytes
2019/10/17 19:47:03 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:03 calling SetDeadline in Write returned the following error: SetDeadline not implemented
2019/10/17 19:47:03 Write 543 bytes --> WebRTC
2019/10/17 19:47:03 OnMessage <--- 1057 bytes
2019/10/17 19:47:03 calling SetDeadline in Read returned the following error: SetDeadline not implemented
2019/10/17 19:47:03 calling SetDeadline in Write returned the following error: SetDeadline not implemented
```
I suppose the immediate cause is the changes from legacy/trac#31794.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32300Improve snowflake server test coverage2020-06-27T13:40:18ZCecylia BocovichImprove snowflake server test coverageSplitting legacy/trac#29259 into smaller tickets.
As of writing this, the snowflake server unit test coverage is 3%.Splitting legacy/trac#29259 into smaller tickets.
As of writing this, the snowflake server unit test coverage is 3%.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32465Use gorilla websocket instead of x/net websocket in proxy-go2020-06-27T13:40:18ZArlo BreaultUse gorilla websocket instead of x/net websocket in proxy-goSee ticket:31028#comment:5See ticket:31028#comment:5Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32484Now need go version 1.13 to build latest versions of pion/webrtc2020-06-27T13:40:18ZCecylia BocovichNow need go version 1.13 to build latest versions of pion/webrtcCI is failing with the error as are new builds of snowflake that pull the latest version of pion/dtls (v1.5.4 and later)
` package crypto/ed25519: unrecognized import path "crypto/ed25519" (import path does not begin with hostname)`
We ...CI is failing with the error as are new builds of snowflake that pull the latest version of pion/dtls (v1.5.4 and later)
` package crypto/ed25519: unrecognized import path "crypto/ed25519" (import path does not begin with hostname)`
We don't have to deal with this at the client side at the moment since versions of go libraries are hard-coded into the build, but we should update .travis.yml to use Go 1.13.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32499Add a build step / documentation for code reuse in Cupcake2020-06-27T13:40:18ZArlo BreaultAdd a build step / documentation for code reuse in CupcakeArlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32502Decommission the non-IPv6 broker2020-06-27T13:40:18ZDavid Fifielddcf@torproject.orgDecommission the non-IPv6 brokerWe switched the the Snowflake broker to an IPv6-capable host in comment:16:ticket:29258. Once it's established, we need to shut down the old one.
I propose to do the shutdown on or before 2019-12-01.
I think cohosh wanted to take some ...We switched the the Snowflake broker to an IPv6-capable host in comment:16:ticket:29258. Once it's established, we need to shut down the old one.
I propose to do the shutdown on or before 2019-12-01.
I think cohosh wanted to take some special care with the metrics log from the old broker.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32576Fix race condition in snowflake broker2022-07-09T04:20:15ZCecylia BocovichFix race condition in snowflake brokerThere is a race condition with the snowflake heap that has been causing the broker to crash several times a day. This race condition has existed in the broker for several years, but some recent updates as well as the host migration manag...There is a race condition with the snowflake heap that has been causing the broker to crash several times a day. This race condition has existed in the broker for several years, but some recent updates as well as the host migration managed to shake it loose.
----
This race condition is causing the snowflake broker to crash repeatedly and often since the migration. We noticed because CollecTor stopped collecting metrics since the restart on 14 November 2019.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32589Update the logos of Firefox and Chrome in https://snowflake.torproject.org/2020-06-30T16:02:33ZcypherpunksUpdate the logos of Firefox and Chrome in https://snowflake.torproject.org/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32590Remove the "Experimental" label on the AMO listing of the Snowflake WebExt2020-06-27T13:40:18ZcypherpunksRemove the "Experimental" label on the AMO listing of the Snowflake WebExtYou can see an "Experimental" label when you go to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/You can see an "Experimental" label when you go to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32597Hello, currently, in China, Tor Browser 9.5a2 still can't connect to Tor netw...2023-08-02T00:08:34ZTracHello, currently, in China, Tor Browser 9.5a2 still can't connect to Tor network through snowflake bridgeHello, currently, in China, Tor Browser 9.5a2 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
11/25/19, 08:23:20.915 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control...Hello, currently, in China, Tor Browser 9.5a2 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
11/25/19, 08:23:20.915 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/25/19, 08:23:29.953 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/25/19, 08:23:29.953 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/25/19, 08:23:29.953 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/25/19, 08:23:29.953 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/25/19, 08:23:29.953 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/25/19, 08:23:30.818 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/25/19, 08:23:30.820 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/25/19, 08:23:33.925 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
11/25/19, 08:24:03.923 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/25/19, 08:24:03.923 [WARN] 1 connections have failed:
11/25/19, 08:24:03.923 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/25/19, 08:24:03.939 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/25/19, 08:24:03.939 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/25/19, 08:24:03.958 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file.
Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32653Yesterday, in China, I tried to connect to Tor network through snowflake brid...2023-08-02T00:08:34ZTracYesterday, in China, I tried to connect to Tor network through snowflake bridge for 10 times. But all of the connections failedYesterday, in China, I tried to connect to Tor network through snowflake bridge for 10 times. But all of the connections failed.
Below is Tor log message.
```
11/30/19, 05:31:12.347 [NOTICE] DisableNetwork is set. Tor will not make or...Yesterday, in China, I tried to connect to Tor network through snowflake bridge for 10 times. But all of the connections failed.
Below is Tor log message.
```
11/30/19, 05:31:12.347 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:31:18.328 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:31:18.328 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:31:18.328 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:31:18.328 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:31:18.328 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:31:19.237 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/30/19, 05:31:19.239 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/30/19, 05:31:27.660 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
11/30/19, 05:31:57.600 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:31:57.610 [WARN] 1 connections have failed:
11/30/19, 05:31:57.610 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:31:57.760 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:31:57.760 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:31:57.770 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:35:38.791 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:35:38.791 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:35:38.791 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:35:38.791 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:35:38.791 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:36:16.809 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 2; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:36:16.809 [WARN] 2 connections have failed:
11/30/19, 05:36:16.809 [WARN] 2 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:36:16.814 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:36:16.814 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:36:16.814 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:38:04.197 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:38:04.197 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:38:04.197 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:38:04.197 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:38:04.197 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:38:37.581 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 3; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:38:37.581 [WARN] 3 connections have failed:
11/30/19, 05:38:37.581 [WARN] 3 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:38:37.604 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:38:37.604 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:38:37.604 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:44:27.113 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:44:27.113 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:44:27.113 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:44:27.113 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:44:27.113 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:44:59.460 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 4; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:44:59.460 [WARN] 4 connections have failed:
11/30/19, 05:44:59.470 [WARN] 4 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:44:59.660 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:44:59.660 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:44:59.670 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:47:08.573 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:47:08.573 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:47:08.573 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:47:08.573 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:47:08.573 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:47:40.509 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 5; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:47:40.509 [WARN] 5 connections have failed:
11/30/19, 05:47:40.510 [WARN] 5 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:47:40.530 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:47:40.530 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:47:40.530 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:49:45.670 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:49:45.670 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:49:45.670 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:49:45.670 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:49:45.671 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:50:18.695 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 6; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:50:18.695 [WARN] 6 connections have failed:
11/30/19, 05:50:18.696 [WARN] 6 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:50:18.701 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:50:18.701 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:50:18.701 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 05:59:05.577 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:59:05.577 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:59:05.577 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:59:05.577 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 05:59:05.577 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 05:59:38.487 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 7; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 05:59:38.488 [WARN] 7 connections have failed:
11/30/19, 05:59:38.488 [WARN] 7 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 05:59:38.508 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 05:59:38.508 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 05:59:38.509 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 06:02:14.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:02:14.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:02:14.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:02:14.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 06:02:14.800 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 06:03:07.717 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 8; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 06:03:07.717 [WARN] 8 connections have failed:
11/30/19, 06:03:07.718 [WARN] 8 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 06:03:07.729 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 06:03:07.730 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:03:07.730 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 06:07:10.810 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:07:10.810 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:07:10.810 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:07:10.810 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 06:07:10.810 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 06:07:42.794 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 9; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 06:07:42.794 [WARN] 9 connections have failed:
11/30/19, 06:07:42.794 [WARN] 9 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 06:07:42.808 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 06:07:42.808 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:07:42.808 [WARN] Pluggable Transport process terminated with status code 0
11/30/19, 06:12:30.361 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:12:30.361 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:12:30.361 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:12:30.361 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/30/19, 06:12:30.361 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/30/19, 06:13:03.539 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 10; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/30/19, 06:13:03.539 [WARN] 10 connections have failed:
11/30/19, 06:13:03.539 [WARN] 10 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/30/19, 06:13:03.545 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/30/19, 06:13:03.545 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/30/19, 06:13:03.545 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file. Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32833Hello, currently, in China, Tor Browser 9.5a3 still can't connect to Tor netw...2023-08-02T00:07:43ZTracHello, currently, in China, Tor Browser 9.5a3 still can't connect to Tor network through snowflake bridge.Hello, currently, in China, Tor Browser 9.5a3 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
12/21/19, 08:33:41.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control ...Hello, currently, in China, Tor Browser 9.5a3 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
12/21/19, 08:33:41.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12/21/19, 08:33:41.914 [NOTICE] Switching to guard context "bridges" (was using "default")
12/21/19, 08:33:41.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12/21/19, 08:33:41.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12/21/19, 08:33:41.914 [NOTICE] Opening Socks listener on 127.0.0.1:9150
12/21/19, 08:33:41.914 [NOTICE] Opened Socks listener on 127.0.0.1:9150
12/21/19, 08:33:41.914 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a3_en-US.tar.xz 2019 12 21/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
12/21/19, 08:33:42.725 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
12/21/19, 08:33:42.727 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
12/21/19, 08:33:51.780 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
12/21/19, 08:34:21.865 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
12/21/19, 08:34:21.866 [WARN] 1 connections have failed:
12/21/19, 08:34:21.866 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
12/21/19, 08:34:21.889 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
12/21/19, 08:34:21.890 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12/21/19, 08:34:21.890 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file.
Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32930Hello, currently, in China, Tor Browser 9.5a4 still can't connect to Tor netw...2023-08-02T00:09:14ZTracHello, currently, in China, Tor Browser 9.5a4 still can't connect to Tor network through snowflake bridge.Hello, currently, in China, Tor Browser 9.5a4 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages
```
1/13/20, 09:19:32.686 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control n...Hello, currently, in China, Tor Browser 9.5a4 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages
```
1/13/20, 09:19:32.686 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
1/13/20, 09:19:32.686 [NOTICE] Switching to guard context "bridges" (was using "default")
1/13/20, 09:19:32.686 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
1/13/20, 09:19:32.686 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
1/13/20, 09:19:32.686 [NOTICE] Opening Socks listener on 127.0.0.1:9150
1/13/20, 09:19:32.686 [NOTICE] Opened Socks listener on 127.0.0.1:9150
1/13/20, 09:19:32.686 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a4_en-US.tar.xz 2020 1 13/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
1/13/20, 09:19:33.209 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
1/13/20, 09:19:33.212 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
1/13/20, 09:19:57.607 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
1/13/20, 09:20:27.651 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
1/13/20, 09:20:27.651 [WARN] 1 connections have failed:
1/13/20, 09:20:27.652 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
1/13/20, 09:20:27.675 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
1/13/20, 09:20:27.675 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
1/13/20, 09:20:27.676 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file. Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/32964Redeploy Snowflake bridge with ACMEv2 by 2020-06-012020-06-27T13:40:17ZDavid Fifielddcf@torproject.orgRedeploy Snowflake bridge with ACMEv2 by 2020-06-01I got this email today. 2a00:c6c0:0:151:4:8f94:69f5:7c01 is snowflake.bamsoftware.com.
Most likely, resolving this is just a matter of `go get -u` to pull an updated [golang.org/x/crypto/acme/autocert](https://godoc.org/golang.org/x/cry...I got this email today. 2a00:c6c0:0:151:4:8f94:69f5:7c01 is snowflake.bamsoftware.com.
Most likely, resolving this is just a matter of `go get -u` to pull an updated [golang.org/x/crypto/acme/autocert](https://godoc.org/golang.org/x/crypto/acme/autocert)
> According to our records, the software client you're using to get Let's Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate in the past two weeks using the ACMEv1 protocol. Your client's IP address was:
>
> 2a00:c6c0:0:151:4:8f94:69f5:7c01
>
> Beginning June 1, 2020, we will stop allowing new domains to validate using the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before then, or certificate issuance will fail. For most people, simply upgrading to the latest version of your existing client will suffice. You can view the client list at: https://letsencrypt.org/docs/client-options/
>
> If you're unsure how your certificate is managed, get in touch with the person who installed the certificate for you. If you don't know who to contact, please view the help section in our community forum at https://community.letsencrypt.org/c/help and use the search bar to check if there's an existing solution for your question. If there isn't, please create a new topic and fill out the help template.
>
> ACMEv1 API deprecation details can be found in our community forum: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1
>
> As a reminder: In the future, Let's Encrypt will be performing multiple domain validation requests for each domain name when you issue a certificate. While you're working on migrating to ACMEv2, please check that your system configuration will not block validation requests made by new Let's Encrypt IP addresses, or block multiple matching requests. Per our FAQ (https://letsencrypt.org/docs/faq/), we don't publish a list of IP addresses we use to validate, and this list may change at any time.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33011Remove erroneous logging around pt.*Error calls2020-06-27T13:40:16ZDavid Fifielddcf@torproject.orgRemove erroneous logging around pt.*Error callslegacy/trac#31794 added logging around every function call that returns an `error` type; but this is the wrong thing to do in the case of functions like [pt.CmethodError](https://godoc.org/git.torproject.org/pluggable-transports/goptlib....legacy/trac#31794 added logging around every function call that returns an `error` type; but this is the wrong thing to do in the case of functions like [pt.CmethodError](https://godoc.org/git.torproject.org/pluggable-transports/goptlib.git#CmethodError), [pt.SmethodError](https://godoc.org/git.torproject.org/pluggable-transports/goptlib.git#SmethodError), and [pt.ProxyError](https://godoc.org/git.torproject.org/pluggable-transports/goptlib.git#ProxyError). These functions are called for their side effect of sending a PT error message on stdout; it happens that they also return a representation of the error message as an `error` object for the caller to use if it wishes. They _always_ return a non-`nil` `error` object; a non-`nil` error is not an exceptional event to be logged.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33038Represent timeouts using time.Duration2020-06-27T13:40:16ZDavid Fifielddcf@torproject.orgRepresent timeouts using time.DurationRepresenting these constants in `time.Duration` form is more semantic, and allows rewriting
```
if time.Since(start).Seconds() > myTimeout {
```
as
```
if time.Since(start) > myTimeout {
```
One side effect is that `Printf` formatting [...Representing these constants in `time.Duration` form is more semantic, and allows rewriting
```
if time.Since(start).Seconds() > myTimeout {
```
as
```
if time.Since(start) > myTimeout {
```
One side effect is that `Printf` formatting [renders](https://golang.org/pkg/time/#Duration.String) a `time.Duration` as a string like `10s` or `100ms`, which changes some log messages slightly. If we need compatibility of log message formats, we could use `.Seconds()` in those places.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33040Minor Snowflake refactoring2020-06-27T13:40:16ZDavid Fifielddcf@torproject.orgMinor Snowflake refactoringThese are some minor improvements I made while reading through the code.
* Removal of dead code and impossible conditional checks
* Move logging to higher levels
* Swap some yoda conditionals
* Code and comment formatting
* Channel ...These are some minor improvements I made while reading through the code.
* Removal of dead code and impossible conditional checks
* Move logging to higher levels
* Swap some yoda conditionals
* Code and comment formatting
* Channel `close` instead of `<-` to broadcast a signalDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33100Minor Snowflake code quality improvements2020-06-27T13:40:16ZDavid Fifielddcf@torproject.orgMinor Snowflake code quality improvementsMore minor changes I made while working on integrating turbo tunnel code.
* initialize a global variable only once
* apply [naming conventions](https://blog.golang.org/package-names#TOC_3%2e) to the `websocketconn` package
* make `websoc...More minor changes I made while working on integrating turbo tunnel code.
* initialize a global variable only once
* apply [naming conventions](https://blog.golang.org/package-names#TOC_3%2e) to the `websocketconn` package
* make `websocketconn.New` return a pointer, to directly satisfy the `io.ReadWriteCloser` interface without needing `&`
* allow more than one simultaneous SOCKS request in the client (tor never uses more than one, but it's how the [example code](https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/examples/dummy-client/dummy-client.go?h=v1.1.0#n61) and all other pluggable transport clients work)David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33112snowflake-webextension "Could not connect to the bridge."2021-07-09T18:26:25Zcypherpunkssnowflake-webextension "Could not connect to the bridge."My snowflake webextension has been working well up to this point but recently started having the error "Could not connect to the bridge." for the past few days. I'm not sure if this is something on my end or something with Snowflake.My snowflake webextension has been working well up to this point but recently started having the error "Could not connect to the bridge." for the past few days. I'm not sure if this is something on my end or something with Snowflake.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33126Snowflake Extension bug2020-06-27T13:40:16ZTracSnowflake Extension bugI downloaded the Snowflake Tor extension on my Google Chrome desktop browser to serve as a proxy, and it's off now because it can't connect to the bridge. I don't know why that is.
**Trac**:
**Username**: eddytorres96I downloaded the Snowflake Tor extension on my Google Chrome desktop browser to serve as a proxy, and it's off now because it can't connect to the bridge. I don't know why that is.
**Trac**:
**Username**: eddytorres96https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33127Snowflake Extension proxy bug2020-06-27T13:40:16ZTracSnowflake Extension proxy bugI downloaded the snowflake tor extension on my Google Chrome desktop browser to serve as a proxy, and it's off now because it can't connect to the bridge. I don't know why that is.
**Trac**:
**Username**: t&i1976I downloaded the snowflake tor extension on my Google Chrome desktop browser to serve as a proxy, and it's off now because it can't connect to the bridge. I don't know why that is.
**Trac**:
**Username**: t&i1976https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33144Overhaul websocketconn.Conn; implement net.Conn2020-06-27T13:40:15ZDavid Fifielddcf@torproject.orgOverhaul websocketconn.Conn; implement net.ConnIn the turbotunnel branch I found it convenient to have `websocketconn.Conn` implement `net.Conn`, not only `io.ReadWriteCloser`. While implementing the additional methods, I found some ways that `websocketconn.Conn`'s existing methods d...In the turbotunnel branch I found it convenient to have `websocketconn.Conn` implement `net.Conn`, not only `io.ReadWriteCloser`. While implementing the additional methods, I found some ways that `websocketconn.Conn`'s existing methods do not satisfy the requirements of `net.Conn`:
* there are data races when multiple goroutines call `Read` or `Write`.
* this is partly because `Read` assigns to the shared field `conn.r`, and partly because [the underlying websocket.Conn doesn't permit concurrent access](https://godoc.org/github.com/gorilla/websocket#hdr-Concurrency).
* when a websocketconn.Conn is closed, it starts returning some kind of [websocket.CloseError](https://godoc.org/github.com/gorilla/websocket#CloseError), not `io.EOF`.
This branch
1. adds tests that expose the above issues
2. rewrites `websocketconn.Conn` to serialize `Read`s and `Write`s using my favorite `io.Pipe`-with-goroutine trick
3. transforms [websocket.CloseError](https://godoc.org/github.com/gorilla/websocket#CloseError) with code `CloseNormalClosure` or `CloseNoStatusReceived` to `io.EOF`
4. implements the remaining `net.Conn` methodsDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33157Client generates SDP with "IN IP4 0.0.0.0", causing proxy to send "client_ip=...2020-10-13T01:21:11ZDavid Fifielddcf@torproject.orgClient generates SDP with "IN IP4 0.0.0.0", causing proxy to send "client_ip=0.0.0.0" and bridge to send "USERADDR 0.0.0.0:1"There is a pipeline of relaying the client IP address:
* The proxy infers the client's IP address by grepping it out of the SDP during ICE negotiation ([proxy](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/...There is a pipeline of relaying the client IP address:
* The proxy infers the client's IP address by grepping it out of the SDP during ICE negotiation ([proxy](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/proxypair.js?h=webext-0.2.1#n108), [proxy-go](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy-go/snowflake.go?h=webext-0.2.1#n112)) and attaches it to the WebSocket connection as a URL query parameter `?client_ip=A.B.C.D`.
* The bridge [parses](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server/server.go?h=webext-0.2.1#n110) the `client_ip` query parameter and passes it on to tor with a `USERADDR A.B.C.D:1` command on the [ExtORPort](https://gitweb.torproject.org/torspec.git/tree/proposals/196-transport-control-ports.txt?id=8f094d7485ff87bb1e62f5854c9972c3e5c9e15f#n97).
* tor does geoip lookups and aggregates statistics and ultimately sends them to Tor Metrics for [country-specific graphs](https://metrics.torproject.org/userstats-bridge-country.html).
It looks like the pion SDP code puts `0.0.0.0` in the place where proxy and proxy-go look for the remote IP address. This causes the proxy to send `?client_ip=0.0.0.0` to the bridge, and the bridge to send `USERADDR 0.0.0.0:1` to tor. I'm not sure that this happens every time; see below for bridge-extra-infos output.
I found it while testing proxy-go with a localhost client and a patch like:
```
--- a/proxy-go/snowflake.go
+++ b/proxy-go/snowflake.go
@@ -22,3 +22,3 @@ import (
"git.torproject.org/pluggable-transports/snowflake.git/common/messages"
- "git.torproject.org/pluggable-transports/snowflake.git/common/safelog"
+ _ "git.torproject.org/pluggable-transports/snowflake.git/common/safelog"
"git.torproject.org/pluggable-transports/snowflake.git/common/websocketconn"
@@ -93,3 +93,3 @@ func (c *webRTCConn) Write(b []byte) (int, error) {
// log.Printf("webrtc Write %d %+q", len(b), string(b))
- log.Printf("Write %d bytes --> WebRTC", len(b))
+ // log.Printf("Write %d bytes --> WebRTC", len(b))
if c.dc != nil {
@@ -114,2 +114,3 @@ func (c *webRTCConn) RemoteAddr() net.Addr {
clientIP := remoteIPFromSDP(c.pc.RemoteDescription().SDP)
+ log.Printf("RemoteAddr %+q", c.pc.RemoteDescription().SDP)
if clientIP == nil {
@@ -322,3 +323,3 @@ func makePeerConnectionFromOffer(sdp *webrtc.SessionDescription, config webrtc.C
dc.OnMessage(func(msg webrtc.DataChannelMessage) {
- log.Printf("OnMessage <--- %d bytes", len(msg.Data))
+ // log.Printf("OnMessage <--- %d bytes", len(msg.Data))
var n int
@@ -432,3 +433,4 @@ func main() {
//We want to send the log output through our scrubber first
- log.SetOutput(&safelog.LogScrubber{Output: logOutput})
+ // log.SetOutput(&safelog.LogScrubber{Output: logOutput})
+ log.SetOutput(logOutput)
```
For example, the beginning of an SDP string for me is
```
v=0
o=- 34318359 1580881353 IN IP4 0.0.0.0
s=-
t=0 0
a=fingerprint:sha-256 80:EE:E6:8D:55:07:CB:52:58:7A:CC:61:70:F9:F3:65:DB:4B:D3:69:CB:F9:68:C8:5F:E3:06:3D:D3:90:C1:E6
a=group:BUNDLE 0
m=application 9 DTLS/SCTP 5000
c=IN IP4 0.0.0.0
```
The client IP address inference, implemented in legacy/trac#18628, was always a bit of a hack, but it was effective enough, as evidenced by country counts in comment:4:ticket:29734. I just now looked at [bridge-extra-infos-2020-02.tar.xz](https://collector.torproject.org/archive/bridge-descriptors/extra-infos/bridge-extra-infos-2020-02.tar.xz) and it seems that we are still sometimes getting identified countries, but the largest count belongs to `??`.
```
$ tar -O -xf bridge-extra-infos-2020-02.tar.xz | grep -A 24 '^extra-info flakey 5481936581E23D2D178105D44DB6915AB06BFB7F$' | grep -E '^dirreq-v3-reqs '
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=48,tr=16,ar=8,ca=8,eg=8,gb=8,ir=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=48,tr=16,ar=8,ca=8,eg=8,gb=8,ir=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=48,tr=16,ar=8,ca=8,eg=8,gb=8,ir=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=48,tr=16,ar=8,ca=8,eg=8,gb=8,ir=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=24,cn=8,es=8,fr=8,ir=8,tr=8
dirreq-v3-reqs ??=24,tr=16,fr=8,om=8,ru=8,us=8
dirreq-v3-reqs ??=16,tr=16,cn=8,de=8,eg=8,in=8,ir=8,ph=8,us=8
dirreq-v3-reqs ??=48,tr=16,ar=8,ca=8,eg=8,gb=8,ir=8,us=8
```
Maybe it happens only intermittently. pion/sdp [sets](https://github.com/pion/sdp/blob/06fd9e503a8f545f663a757afb09b1e1833c7b2d/jsep.go#L56) `UnicastAddress: "0.0.0.0"` unconditionally and I don't see where it is ever modified. Maybe the others are older non-pion clients?
A little searching indicates that `IN IP4 0.0.0.0` has something to do with trickle ICE:
* https://bugzilla.mozilla.org/show_bug.cgi?id=1192813#c14
It seems that ultimately, we need a more reliable way for the proxy to infer the client's external IP address.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33211proxy-go sometimes gets into a 100+% CPU state2021-07-09T18:26:26ZDavid Fifielddcf@torproject.orgproxy-go sometimes gets into a 100+% CPU stateproxy-go sometimes works itself into a state where it is still running and working, but using more than 100% CPU. I have had it happen locally a couple of times while testing turbotunnel stuff, and it's currently happening with proxy-go-...proxy-go sometimes works itself into a state where it is still running and working, but using more than 100% CPU. I have had it happen locally a couple of times while testing turbotunnel stuff, and it's currently happening with proxy-go-restartless:
```
$ top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13844 snowfla+ 20 0 551292 320692 8844 R 161.1 15.6 129356:18 proxy-go
```
Or looking at single threads:
```
$ top -H
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24628 snowfla+ 20 0 551292 320692 8844 R 39.7 15.6 15219:01 proxy-go
13844 snowfla+ 20 0 551292 320692 8844 R 35.4 15.6 15431:52 proxy-go
1637 snowfla+ 20 0 551292 320692 8844 R 34.8 15.6 16057:40 proxy-go
13848 snowfla+ 20 0 551292 320692 8844 S 27.5 15.6 13669:02 proxy-go
13846 snowfla+ 20 0 551292 320692 8844 S 22.5 15.6 17021:57 proxy-go
```
I caught it once and attached to the process with GDB, but didn't know what to make of it. `thread apply all bt` seemed to show all the threads being somewhere in the Go runtime; the thread that wasn't was not one of the threads using a lot of CPU. (Matching up the `PID` field from `top -H` with the `LWP` identifiers in gdb.)
I had the idea to make proxy-go emit profiling output, and then exmine the call chain that was resulting the in the most CPU using [profiling tools](https://blog.golang.org/profiling-go-programs). A patch to do that is [proxy-go-profile.patch.](None/proxy-go-profile.patch.) But I haven't been able to reproduce the high CPU usage yet.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33330Use Go modules for Snowflake2020-06-27T13:40:15ZCecylia BocovichUse Go modules for SnowflakeSnowflake CI is currently failing because we use the latest version of all libraries, the master branch of pion/dtls in particular is not compatable with its usage by other libraries.
We should add a go.mod and go.sum to snowflakeSnowflake CI is currently failing because we use the latest version of all libraries, the master branch of pion/dtls in particular is not compatable with its usage by other libraries.
We should add a go.mod and go.sum to snowflakeCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33336Trial deployment of Snowflake with Turbo Tunnel2022-06-09T16:33:28ZDavid Fifielddcf@torproject.orgTrial deployment of Snowflake with Turbo TunnelWe now have a [turbotunnel branch](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel) of Snowflake that uses an inner transport protocol to migrate session across multiple proxies.
* https://lists.torproject.org/pi...We now have a [turbotunnel branch](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel) of Snowflake that uses an inner transport protocol to migrate session across multiple proxies.
* https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000059.html
And some first-draft Tor Browser builds that can use it:
* https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000069.html
I want to deploy a bridge that supports Turbo Tunnel, then make Tor Browser builds and invite testers to test them.
There's the question of whether to run the Turbo Tunnel code on the existing public bridge, or to set up a second bridge reserved for the Turbo Tunnel experiment. I propose to run the Turbo Tunnel code on the existing public bridge (i.e., snowflake.torproject.net). This is because (1) the Turbo Tunnel server is [backward-compatible](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000062.html) with non–Turbo Tunnel clients, and (2) we would need to somehow provide proxy capacity for the second bridge, which our current proxy code cannot easily handle. Running a separate bridge would have the advantage, though, that because we would have to run our own special proxy-go instances to support it, we could closely control the proxy environment; but part of my goal in an experimental deployment is to see how the Turbo Tunnel code fares with the organic proxies we have now.
I've have versions of the code using two different session/reliability protocol libraries: kcp-go and quic-go. Other than to note that the two libraries are [basically equivalent in features](https://github.com/net4people/bbs/issues/14), I haven't done much to compare them as to performance. kcp-go is more mature and stable, while quic-go [adds fewer dependencies to the Tor Browser build](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000069.html).
We could make use of this opportunity to compare the two options. We set up a triple-mode bridge: supporting legacy, KCP, and QUIC clients. We make two Tor Browser builds, one with KCP and one with QUIC, and invite testing of both. Based on the results of user testing, we decide which we like better, and finally deploy only that option (and the backward-compatible mode). The only thing is, giving people two options to test is more confusing than giving them one.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33363Snowflake seems to be down2020-06-27T13:40:15ZcypherpunksSnowflake seems to be downI can't connect using Snowflake starting from this morning, has anything happened on your front?I can't connect using Snowflake starting from this morning, has anything happened on your front?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33364Could not connect to the bridge.2020-06-27T13:40:15ZcypherpunksCould not connect to the bridge.Console error message:
Firefox can’t establish a connection to the server at wss://snowflake.freehaven.net/.
Relevant code at: snowflake.js:867:9
A ping from the command prompt to this subdomain succeeds. It's just Firefox that can't ...Console error message:
Firefox can’t establish a connection to the server at wss://snowflake.freehaven.net/.
Relevant code at: snowflake.js:867:9
A ping from the command prompt to this subdomain succeeds. It's just Firefox that can't connect.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33365Probe Snowflake bridge from proxy 1x a day2021-07-09T18:26:25ZCecylia BocovichProbe Snowflake bridge from proxy 1x a dayWe're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps ...We're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps we can do the probe check 1x a day (e.g., when we do the stats refresh)?Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33367Goroutine leak in websocketconn2022-07-09T04:20:16ZDavid Fifielddcf@torproject.orgGoroutine leak in websocketconnThinking about legacy/trac#33364, I found that snowflake-server is chewing a lot of memory. It may be some memory leak or something.
```
$ top -o%MEM
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
26910 debi...Thinking about legacy/trac#33364, I found that snowflake-server is chewing a lot of memory. It may be some memory leak or something.
```
$ top -o%MEM
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
26910 debian-+ 20 0 1916628 1.522g 0 S 0.0 77.8 58:51.37 snowflake-serve
```
The memory use seems to be inhibiting other processes. `runsvdir` puts status messages in its own `argv` so you can inspect them with `ps`. Currently it's reflecting `xz` not being able to allocate memory to compress logs:
```
$ ps ax | grep runsvdir
1358 ? Ss 94:01 runsvdir -P /etc/service log: locate memory \
svlogd: warning: processor failed, restart: /home/snowflake-proxy/snowflake-proxy-standalone-17h.log.d xz: (stdin): Cannot allocate memory \
svlogd: warning: processor failed, restart: /home/snowflake-proxy/snowflake-proxy-standalone-17h.log.d xz: (stdin): Cannot allocate memory \
svlogd: warning: processor failed, restart: /home/snowflake-proxy/snowflake-proxy-standalone-17h.log.d
```
I even got it just now trying to run a diagnostic command (it doesn't always happen):
```
$ ps ax | grep standal
-bash: fork: Cannot allocate memory
```
In the short term, looks like we need to restart the server. Then we need to figure out what's causing it to use so much memory.
The server was last restarted 2020-02-10 18:57 (one week ago) at [ca9ae12c383405bc9a755e1bc902e9755495c1f1](https://gitweb.torproject.org/pluggable-transports/snowflake.git/log/?id=ca9ae12c383405bc9a755e1bc902e9755495c1f1) for legacy/trac#32964.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33385In server, treat a purported client IP address of 0.0.0.0 as missing2022-06-01T19:27:31ZDavid Fifielddcf@torproject.orgIn server, treat a purported client IP address of 0.0.0.0 as missingIn legacy/trac#33157, proxies sometimes fail to extract a meaningful client IP address from the client's SDP and send `?client_ip=0.0.0.0` to the bridge. The bridge [counts](https://gitweb.torproject.org/pluggable-transports/snowflake.gi...In legacy/trac#33157, proxies sometimes fail to extract a meaningful client IP address from the client's SDP and send `?client_ip=0.0.0.0` to the bridge. The bridge [counts](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server/server.go?h=webext-0.2.1#n113) an address of 0.0.0.0 as a client that had an IP address, which inflates the numerator in the ["in the past %.f s, %d/%d connections had client_ip"](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server/stats.go?h=webext-0.2.1#n35) log line.
This is a patch to treat a client address of `0.0.0.0` or `[::]` as if it were not present at all.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33401turbotunnel-quic snowflake-client occasionally uses lots of CPU2022-07-09T04:20:15ZDavid Fifielddcf@torproject.orgturbotunnel-quic snowflake-client occasionally uses lots of CPUAs originally noted at comment:7:ticket:33211, the quic-go turbotunnel client sometimes uses 100+% CPU for a few minutes before returning to normal operation. It is specific to the quic-go implementation; it doesn't happen with the kcp-g...As originally noted at comment:7:ticket:33211, the quic-go turbotunnel client sometimes uses 100+% CPU for a few minutes before returning to normal operation. It is specific to the quic-go implementation; it doesn't happen with the kcp-go implementation nor the non-turbotunnel client.
As best I can figure, the cause has something to do with timers created under `(*session) maybeResetTimer`.
[profile001.png](None/profile001.png)David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33405Bug in interaction between uMatrix and Snowflake (snowflake-webextension)2020-06-27T13:40:14ZcypherpunksBug in interaction between uMatrix and Snowflake (snowflake-webextension)Error in Snowflake debug console, caused by a line in vapi-background.js in uMatrix:
`Unchecked lastError value: Error: First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set.`
The uMatrix setting c...Error in Snowflake debug console, caused by a line in vapi-background.js in uMatrix:
`Unchecked lastError value: Error: First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set.`
The uMatrix setting causing this error is:
`Spoof HTTP referrer string of third-party requests`, when set to true.
This is a bug either in Snowflake, or uMatrix.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33429Decommission the snowflake-reg-test.appspot.com reflector2020-06-27T13:40:14ZDavid Fifielddcf@torproject.orgDecommission the snowflake-reg-test.appspot.com reflectorsnowflake-reg-test.appspot.com is a frontend for snowflake-broker.bamsoftware.com, briefly used with a Google domain front. It never actually worked, because this was around the time that Google stopped domain fronting.
* 2018-04-15 [Ch...snowflake-reg-test.appspot.com is a frontend for snowflake-broker.bamsoftware.com, briefly used with a Google domain front. It never actually worked, because this was around the time that Google stopped domain fronting.
* 2018-04-15 [Change to standalone broker.](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=947636ae817fdb393b4fcb2901bf52bca36cef65)
* 2018-04-30 [Switch to an Azure domain front.](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=88ea7a50835008debcc9e37886a604aa4210b9f2)
On 2020-02-05, arlolra and I got an email saying that we needed to [upgrade the deployment to the Go 1.11 runtime](https://cloud.google.com/appengine/docs/standard/go111/go-differences) by 2020-05-01. I tried doing that today, but got the error
```
ERROR: (gcloud.app.deploy) Error Response: [7] Access Not Configured.
Cloud Build has not been used in project snowflake-reg-test before or
it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/cloudbuild.googleapis.com/overview?project=snowflake-reg-test
then retry. If you enabled this API recently, wait a few minutes for the
action to propagate to our systems and retry.
```
I tried doing that, but apparently [there is no truly free tier anymore](https://techtudor.blogspot.com/2019/11/google-app-engine-gae-will-no-longer.html) and you can't deploy or redeploy apps without setting up a billing account. Rather than go through with that, I propose that we just disable the unused service.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33519Support multiple simultaneous SOCKS connections2022-03-14T05:36:27ZDavid Fifielddcf@torproject.orgSupport multiple simultaneous SOCKS connectionsThe Snowflake client accepts multiple simultaneous SOCKS connections from tor, but it only tries to collect one proxy at a time, and each proxy can service only one SOCKS connection (this is true in the turbotunnel branch as well). One o...The Snowflake client accepts multiple simultaneous SOCKS connections from tor, but it only tries to collect one proxy at a time, and each proxy can service only one SOCKS connection (this is true in the turbotunnel branch as well). One of the SOCKS connections gets the only available proxy, while the others starve.
I can think of a few ways to approach this.
1. Dynamically adjust the `max` parameter according to how many SOCKS connections there are currently. If there's one SOCKS connection, we need only one proxy. If there's another SOCKS connection, raise the limit to allow the proxy-collecting thread to pick up another one, and lower the limit again if the number of SOCKS connections drops back down.
2. Start up a separate proxy-collecting thread for each SOCKS connection, as suggested at comment:12:ticket:21314. Each SOCKS connection will make its own broker requests and collect its own proxies, not interacting with those of any other SOCKS connection. A downside of this is that the number of Snowflake proxies you are contacting leaks the number of SOCKS connections you have ongoing. (Which can also be seen as a benefit in that if there are zero SOCKS connections, you don't even bother to contact the broker.)
3. Make it possible for multiple SOCKS connections to share the same proxy. Continue using a global proxy-collecting thread, and make there be a single shared `RedialPacketConn` instead of a separate one for each SOCKS connection. As things work now, this would require tagging _every packet_ with the ClientID, instead of [sending the ClientID once](https://gitweb.torproject.org/user/dcf/snowflake.git/tree/client/lib/snowflake.go?h=turbotunnel&id=47312dd1eccc8456652853bd66f8ed396e9ba6ec#n52) and letting it be the same implicitly for all packets that follow.
4. Make it possible for multiple SOCKS connections to share the same proxy, and use a single KCP/QUIC connection for all SOCKS connections. Separate SOCKS connections go into separate streams within the KCP/QUIC connection. In other words, rather than doing both `sess = kcp.NewConn2/quic.Dial` and `sess.OpenStream` in the SOCKS handler, we do `sess = kcp.NewConn2/quic.Dial` in `main` and then `sess.OpenStream` in the SOCKS handler. This way we could continue tagging the ClientID just once, because the program would only ever work with one ClientID at a time. However this way would make it harder to do the "stop using the network when not being used" of legacy/trac#21314, because that single KCP/QUIC connection would try to keep itself alive all the time and would contact the broker every time it needed a new proxy. Perhaps we could make it so that if there are zero streams, we close the KCP/QUIC connection, and lazily create a new one if and when we get another SOCKS connection.
| |= status quo=|= 1=|= 2=|= 3=|= 4=|
|---------------------------|--------------|--------------|--------------|--------------|--------------|
|= proxy-collecting threads=| one global| one global| one per SOCKS| one global| one global|
|= proxy limit per thread=| 1| # of SOCKS| 1| 1| 1|
|= proxies shared between SOCKSes?=| dedicated| dedicated| dedicated| shared| shared|
|= `PacketConn`s=| one per SOCKS| one per SOCKS| one per SOCKS| one global| one global|
|= KCP/QUIC connections=| one per SOCKS| one per SOCKS| one per SOCKS| one per SOCKS| one global|
|= KCP/QUIC streams=| one per SOCKS| one per SOCKS| one per SOCKS| one per SOCKS| one per SOCKS|
|= ClientID on every packet?=| no| no| no| yes| no|https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33532Snowflake website does not display all available languages2020-06-27T13:40:14ZCecylia BocovichSnowflake website does not display all available languagesI just updated the snowflake website with new translations and noticed that some locales are not displayed (such as ru) even though the translations for this locale are available.
I think this is due to how `index.js` pulls languages fr...I just updated the snowflake website with new translations and noticed that some locales are not displayed (such as ru) even though the translations for this locale are available.
I think this is due to how `index.js` pulls languages from `availableLangs`. Should be a quick fix.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33593Create versions and changelogs for Snowflake pieces2020-06-27T13:40:13ZCecylia BocovichCreate versions and changelogs for Snowflake piecesThis is a prerequisite for packaging Snowflake for Debian (legacy/trac#19409).
We already have versions for the snowflake browser proxy. It could make sense to version different pieces of snowflake (client, browser proxy, proxy-go) sepa...This is a prerequisite for packaging Snowflake for Debian (legacy/trac#19409).
We already have versions for the snowflake browser proxy. It could make sense to version different pieces of snowflake (client, browser proxy, proxy-go) separately since these pieces are largely distinct. That would be more work though. I'm ok with having one version/changelog for all the pieces and then just bumping the version number whenever it's convenient.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33636Remove go-webrtc dependency from snowflake2020-06-27T13:40:13ZCecylia BocovichRemove go-webrtc dependency from snowflakeWe still depend on go-webrtc because of the testing code in server-webrtc. Let's migrate this to pion or get rid of this testing code. go-webrtc is now officially unmaintained, and this will make it easier for us to package Snowflake for...We still depend on go-webrtc because of the testing code in server-webrtc. Let's migrate this to pion or get rid of this testing code. go-webrtc is now officially unmaintained, and this will make it easier for us to package Snowflake for legacy/trac#19409Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33637Update license for Snowflake2020-06-27T13:40:13ZCecylia BocovichUpdate license for SnowflakeWorking on packaging Snowflake for debian, and perhaps our license needs an update? We should make sure we have all our ducks in a row here because Debian will care.Working on packaging Snowflake for debian, and perhaps our license needs an update? We should make sure we have all our ducks in a row here because Debian will care.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33638Refactor (De)SerializeSessionDescription as common utils2020-06-27T13:40:13ZArlo BreaultRefactor (De)SerializeSessionDescription as common utilshttps://github.com/keroserene/snowflake/commit/7b761d4c8d0e56b9148f106eb01667a7ec5c0424
from https://trac.torproject.org/projects/tor/ticket/33636#comment:12https://github.com/keroserene/snowflake/commit/7b761d4c8d0e56b9148f106eb01667a7ec5c0424
from https://trac.torproject.org/projects/tor/ticket/33636#comment:12https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33644Upgrade tor on Snowflake bridge for TROVE-2020-0022020-06-27T13:40:13ZDavid Fifielddcf@torproject.orgUpgrade tor on Snowflake bridge for TROVE-2020-002[New stable Tor releases: 0.3.5.10, 0.4.1.9, and 0.4.2.7](https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html)
> These releases fix a couple of denial-of-service vulnerabilities. Everybody running an older version ...[New stable Tor releases: 0.3.5.10, 0.4.1.9, and 0.4.2.7](https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html)
> These releases fix a couple of denial-of-service vulnerabilities. Everybody running an older version should upgrade as packages become available.
Upgrading tor may require an [OS upgrade](https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html) from Debian stretch (oldstable) to buster (stable), and/or a switch to the [torproject.org package repository](https://support.torproject.org/apt/tor-deb-repo/). Currently the bridge is on stretch, whose available version is [0.2.9.16-1](https://packages.debian.org/stretch/tor).David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33665Add command-line options for unsafe logging2020-06-27T13:40:13ZDavid Fifielddcf@torproject.orgAdd command-line options for unsafe loggingMoved from comment:4:ticket:33157
>>> Something like that patch was useful when working on legacy/trac#19026 so would you consider merging, https://github.com/keroserene/snowflake/commit/dbd733e4b1430c046ec11e8052efdbac6010e58a
>>>
>> I...Moved from comment:4:ticket:33157
>>> Something like that patch was useful when working on legacy/trac#19026 so would you consider merging, https://github.com/keroserene/snowflake/commit/dbd733e4b1430c046ec11e8052efdbac6010e58a
>>>
>> It's okay with me but I would call the option --unsafe-logging instead of --unsafeLogging to match the style of the other options.
>>
> In `broker/broker.go`, yes, dashes are used (ex. `disable-tls`, `acme-email`, etc), however, in `client/snowflake.go` we have camel casing (ex. `logToStateDir`, `keepLocalAddresses`, etc)
>
> We should probably consolidate this now. I imagine your preference is for the former?Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33744Remove local LAN address ICE candidates from JS proxy answer2021-07-09T18:26:25ZArlo BreaultRemove local LAN address ICE candidates from JS proxy answerThis is a follow up from legacy/trac#19026 where it was done for the clients and golang proxies.This is a follow up from legacy/trac#19026 where it was done for the clients and golang proxies.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33745Merge a turbotunnel branch2022-09-27T15:51:26ZDavid Fifielddcf@torproject.orgMerge a turbotunnel branchSnowflake turbo tunnel features have now been through a test deployment (tpo/anti-censorship/pluggable-transports/snowflake#33336) and a few iterations of Tor Browser packages. There haven't been as many test reports as I'd like, but wha...Snowflake turbo tunnel features have now been through a test deployment (tpo/anti-censorship/pluggable-transports/snowflake#33336) and a few iterations of Tor Browser packages. There haven't been as many test reports as I'd like, but what testing there has been has been mostly positive. Turbo tunnel–like features are a dependency of some of the tasks for a stable release of Snowflake (tpo/anti-censorship/pluggable-transports/snowflake#19001). So we should merge it.
Some sub-tasks:
* Decide between the [KCP](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-kcp) and [QUIC branch](https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-quic).
* Test without `LearnCircuitBuildTimeout 0` and find another workaround, if necessary. See https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33336#note_2595075.
* Rebase and clean history of the chosen branch.
* Redeploy bridge from master.
Summary of turbo tunnel development history till now:
* [Turbo Tunnel in Snowflake](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000059.html)
* [Second draft of Turbo Tunnel Snowflake packages](https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/000074.html)
* [Third draft of Turbo Tunnel Snowflake packages](https://lists.torproject.org/pipermail/anti-censorship-team/2020-March/000075.html)
* [Trial deployment of Snowflake with Turbo Tunnel](tpo/anti-censorship/pluggable-transports/snowflake#33336)
* [Support multiple simultaneous SOCKS connections](tpo/anti-censorship/pluggable-transports/snowflake#33519)
One bug that may or not be snowflake's fault:
* ["Pluggable Transport process terminated" but Tor keeps on going (and of course doesn't work)](tpo/core/tor#33669)David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33756Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor netw...2023-08-02T00:04:39ZTracHello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control ne...Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge.
Below are Tor log messages.
```
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] Switching to guard context "bridges" (was using "default")
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:12.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
3/29/20, 06:55:12.400 [NOTICE] Opened Socks listener on 127.0.0.1:9150
3/29/20, 06:55:12.400 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a8_en-US.tar.xz/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
3/29/20, 06:55:12.943 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
3/29/20, 06:55:12.945 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
3/29/20, 06:55:21.537 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/29/20, 06:55:51.792 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
3/29/20, 06:55:51.793 [WARN] 1 connections have failed:
3/29/20, 06:55:51.793 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
3/29/20, 06:55:51.814 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
3/29/20, 06:55:51.814 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
3/29/20, 06:55:51.815 [WARN] Pluggable Transport process terminated with status code 0
```
I upload my state file. Thank you very much for your help. I really appreciate it.
**Trac**:
**Username**: amiableclarity2011https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33800Remove uniuri dependency2021-08-17T03:50:46ZDavid Fifielddcf@torproject.orgRemove uniuri dependencyuniuri is only used in a minor way, to generate a random string for local identification of a snowflake client.uniuri is only used in a minor way, to generate a random string for local identification of a snowflake client.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33884Meek-Azure and SnowFlake are still broken2020-06-27T13:40:12ZTracMeek-Azure and SnowFlake are still brokenMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33897Remove buffering from WebRTCPeer2022-11-14T14:28:29ZDavid Fifielddcf@torproject.orgRemove buffering from WebRTCPeer`WebRTCPeer` has a `buffer` that is used to hold bytes until the data channel is connected. We should remove it after the turbotunnel changes are merged (legacy/trac#33745). What ends up happening is the reliability layer ends up retrans...`WebRTCPeer` has a `buffer` that is used to hold bytes until the data channel is connected. We should remove it after the turbotunnel changes are merged (legacy/trac#33745). What ends up happening is the reliability layer ends up retransmitting packets as they sit in the buffer, and when the data channel is finally established, all those old useless packets get sent in a mass. It's better to just drop those packets on the floor before the data channel exists.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33982Simplify and refactor BytesSyncLogger2020-06-27T13:40:12ZDavid Fifielddcf@torproject.orgSimplify and refactor BytesSyncLoggerhttps://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141
https://gitweb.torproject.org/user/dcf/snowflake.git/diff/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7...https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141
https://gitweb.torproject.org/user/dcf/snowflake.git/diff/?h=refactor-byteslogger&id=73173cb6987dbf26fdb1036e4b7710c200f87141&id2=65ecb798ca8842a431214c2aa5133620e576c5f3
No longer needs a separate `go logger.Log()` in the caller.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33984Disable trickle ICE in client2020-06-27T13:40:12ZDavid Fifielddcf@torproject.orgDisable trickle ICE in clienthttps://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h=no-trickle-ice&id=8bb114471572dea0c313d039626cc306a8b92cc8
As mentioned at
https://bugs.torproject.org/28942#comment:28
https://bugs.torproject.org/33157#comment:2https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h=no-trickle-ice&id=8bb114471572dea0c313d039626cc306a8b92cc8
As mentioned at
https://bugs.torproject.org/28942#comment:28
https://bugs.torproject.org/33157#comment:2David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33994Remove now-unused Resetter interface2020-06-27T13:40:12ZDavid Fifielddcf@torproject.orgRemove now-unused Resetter interfaceThe `WaitForReset` method is unused since legacy/trac#33745 was merged.The `WaitForReset` method is unused since legacy/trac#33745 was merged.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33995Move pc.CreateOffer and pc.SetLocalDescription out of a goroutine2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgMove pc.CreateOffer and pc.SetLocalDescription out of a goroutineThis code was formerly the `OnNegotiationNeeded` handler before the switch on pion (comment:28:ticket:28942). We are blocking on `offerChannel` anyway, so we may as well run these operations synchronously and use a normal error return.This code was formerly the `OnNegotiationNeeded` handler before the switch on pion (comment:28:ticket:28942). We are blocking on `offerChannel` anyway, so we may as well run these operations synchronously and use a normal error return.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33996Simplify Peers.Pop2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgSimplify Peers.PopA minor refactoring that came up while working on legacy/trac#33897.A minor refactoring that came up while working on legacy/trac#33897.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/33997Don't do a separate check for a short write2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgDon't do a separate check for a short writeMinor refactoring in the course of doing legacy/trac#33897.Minor refactoring in the course of doing legacy/trac#33897.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34002Remove Snowflake interface, use *WebRTCPeer directly2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgRemove Snowflake interface, use *WebRTCPeer directlyThe other interfaces in client/lib/interfaces.go exist for the purpose of running tests, but not `Snowflake`. Existing code would not have worked with other types anyway, because it does unchecked `.(*WebRTCPeer)` conversions.The other interfaces in client/lib/interfaces.go exist for the purpose of running tests, but not `Snowflake`. Existing code would not have worked with other types anyway, because it does unchecked `.(*WebRTCPeer)` conversions.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34042Reduce DataChannelTimeout2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgReduce DataChannelTimeoutSince legacy/trac#33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can ...Since legacy/trac#33897 we have separate timeout controls for first establishing the data channel (`DataChannelTimeout`) and deciding a once-working data channel has died (`SnowflakeTimeout`). They are both currently set to 30 s. We can lower `DataChannelTimeout` to discard non-working proxies more quickly.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34049Fix proxy calls to session description serialization utils2020-06-27T13:40:11ZCecylia BocovichFix proxy calls to session description serialization utilsWhoops, the proxy code wasn't updated after legacy/trac#33897Whoops, the proxy code wasn't updated after legacy/trac#33897Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34050Restore check for nil writePipe in WebRTCPeer.Close2020-06-27T13:40:11ZDavid Fifielddcf@torproject.orgRestore check for nil writePipe in WebRTCPeer.CloseI removed this check in [047d3214bfb46de07e5d9f223e4fb1ba24584c8a](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=047d3214bfb46de07e5d9f223e4fb1ba24584c8a) because `NewWebRTCPeer` always initializes `writePip...I removed this check in [047d3214bfb46de07e5d9f223e4fb1ba24584c8a](https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=047d3214bfb46de07e5d9f223e4fb1ba24584c8a) because `NewWebRTCPeer` always initializes `writePipe`, and it is never reset to `nil`. However tests used `&WebRTCPeer{}` which bypasses `NewWebRTCPeer` and leaves `writePipe` set to `nil`.
From comment:3:ticket:34049.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34053Update version of wrtc packate for web proxies2020-06-27T13:40:11ZCecylia BocovichUpdate version of wrtc packate for web proxiesWe're currently using version `0.0.62`. I tried an update to the current version `0.4.4` and it works. Let's update to make these a bit more secure.We're currently using version `0.0.62`. I tried an update to the current version `0.4.4` and it works. Let's update to make these a bit more secure.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34080Avoid double delays from ReconnectTimeout2022-07-09T04:20:16ZDavid Fifielddcf@torproject.orgAvoid double delays from ReconnectTimeout[ReconnectTimeout](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/snowflake.go?id=72cfb96edeb7c9a3c93d38539bc31a51e30dbe8d#n18) is used in 2 places:
* In [exchangeSDP](https://gitweb.torproject.org/plug...[ReconnectTimeout](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/snowflake.go?id=72cfb96edeb7c9a3c93d38539bc31a51e30dbe8d#n18) is used in 2 places:
* In [exchangeSDP](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/webrtc.go?id=72cfb96edeb7c9a3c93d38539bc31a51e30dbe8d#n223), where it is a delay inserted between calls to `broker.Negotiate` until one of them succeeds.
`Failed to retrieve answer. Retrying in 10s`
* In the main [ConnectLoop](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/snowflake.go?id=72cfb96edeb7c9a3c93d38539bc31a51e30dbe8d#n27), where it is a delay inserted between every check for getting a new snowflake.
```
WebRTC: <errmsg> Retrying in 10s...
```
The broker itself also terminates requests after 10s when the chosen proxy doesn't respond: `BrokerChannel Response: 504 Gateway Timeout`.
This situation sometimes results in double delays. Here are two cases I've identified.
* The client requests a proxy, the broker responds immediately with an answer, but the proxy doesn't work. After waiting the `DataChannelTimeout` to decide that the proxy doesn't work, the client waits an _additional_ `ReconnectTimeout` in `ConnectLoop`.
Here, I've set `DataChannelTimeout` to 10s. Notice that between `DataChannel created` and `Collecting a new Snowflake` there are 20s (which is `DataChannelTimeout` + `ReconnectTimeout`), when it really should only be 10s.
```
2020/04/30 22:38:29 Received Answer.
2020/04/30 22:38:29 WebRTC: DataChannel created.
2020/04/30 22:38:39 establishDataChannel: timeout waiting for DataChannel.OnOpen
2020/04/30 22:38:39 WebRTC: closing PeerConnection
2020/04/30 22:38:39 WebRTC: Closing
2020/04/30 22:38:39 WebRTC: WebRTC: Could not establish DataChannel Retrying in 10s...
2020/04/30 22:38:49 WebRTC: Collecting a new Snowflake. Currently at [0/1]
```
* The client requests a proxy, and the broker waits for 10s to respond with a 504 Gateway Timeout (indicating that the chosen proxy did not return an answer to the broker in time). The client waits 10s for the broker to respond, then waits another `ReconnectTimeout` in exchangeSDP before trying the broker again.
```
2020/04/30 22:39:30 Negotiating via BrokerChannel...
2020/04/30 22:39:41 BrokerChannel Response: 504 Gateway Timeout
2020/04/30 22:39:41 BrokerChannel Error: Unexpected error, no answer.
2020/04/30 22:39:41 Failed to retrieve answer. Retrying in 10s
2020/04/30 22:39:51 Negotiating via BrokerChannel...
```
Both these cases can probably be fixed by running the timer in parallel with the periodic operation they are rate limiting. That is, instead of
```
for {
operation()
<-time.After(ReconnectTimeout)
}
```
it can be
```
for {
timer := time.After(ReconnectTimeout)
operation()
<-timer
}
```
That way, if the operation itself takes more than 10s, `ReconnectTimeout` doesn't impose any additional delay.Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34092Snowflake no longer working on Google Chrome2020-06-30T15:49:08ZcypherpunksSnowflake no longer working on Google ChromeExtension icon disappeared and cannot enable Snowflake in Google Chrome.Extension icon disappeared and cannot enable Snowflake in Google Chrome.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34124snowflake funktioniert nicht2020-06-27T13:40:10Zcypherpunkssnowflake funktioniert nichtAnzeige: WebRTC-Fähigkeit nicht erkannt.
Was soll ich tun?Anzeige: WebRTC-Fähigkeit nicht erkannt.
Was soll ich tun?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34126Handle onicecandidate firing after connection closed2020-06-27T13:40:10ZArlo BreaultHandle onicecandidate firing after connection closedThis may just be an issue with node-webrtc, but `Broker.sendAnswer` fires when waiting on an offer times out.
https://github.com/arlolra/snowflake-webext/commit/529a789bfcb9539176288f6659e7f2a60c2d6271This may just be an issue with node-webrtc, but `Broker.sendAnswer` fires when waiting on an offer times out.
https://github.com/arlolra/snowflake-webext/commit/529a789bfcb9539176288f6659e7f2a60c2d6271https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34127npm publish as part of the release process2020-06-27T13:40:10ZArlo Breaultnpm publish as part of the release processConsider `npm publish`ing when a new release is made.
The patch here makes updating the package.json part of the release process,
https://github.com/arlolra/snowflake-webext/commit/7231928c56ad509419c20ed1bb9be5645373c86cConsider `npm publish`ing when a new release is made.
The patch here makes updating the package.json part of the release process,
https://github.com/arlolra/snowflake-webext/commit/7231928c56ad509419c20ed1bb9be5645373c86chttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34128The badge should have a version number discoverable in the source2020-06-27T13:40:10ZArlo BreaultThe badge should have a version number discoverable in the sourceIt's not clear if https://snowflake.torproject.org/embed.html is running `0.3.0`
Was it published after the most recent release?It's not clear if https://snowflake.torproject.org/embed.html is running `0.3.0`
Was it published after the most recent release?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34132Fix running an npm globally installed snowflake2020-06-27T13:40:10ZArlo BreaultFix running an npm globally installed snowflakeSnowflake is now an [npm published package](https://www.npmjs.com/package/snowflake-pt) that can install a global bin with `npm i -g`
It seems to be missing a `#!/usr/bin/env node` at the top of the script thoughSnowflake is now an [npm published package](https://www.npmjs.com/package/snowflake-pt) that can install a global bin with `npm i -g`
It seems to be missing a `#!/usr/bin/env node` at the top of the script thoughhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34140Require semicolons2020-06-27T13:40:09ZArlo BreaultRequire semicolonshttps://eslint.org/docs/rules/semi
From https://github.com/arlolra/snowflake-webext/commit/d0fc6aa10cc6a8cc85b9037d780e53282ae83bea#r38995051https://eslint.org/docs/rules/semi
From https://github.com/arlolra/snowflake-webext/commit/d0fc6aa10cc6a8cc85b9037d780e53282ae83bea#r38995051https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34146localize screenshots on snowflake page2020-06-30T16:04:59ZRoger Dingledinelocalize screenshots on snowflake pagehttps://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34147Remove redundant languages from snowflake page2021-07-09T18:26:26ZRoger DingledineRemove redundant languages from snowflake pagehttps://snowflake.torproject.org/
offers me en, en_GB, and en_US in the language drop-down menu. We should have one English, not three.
More generally, I bet we have a policy somewhere about which languages we want to be sure to include...https://snowflake.torproject.org/
offers me en, en_GB, and en_US in the language drop-down menu. We should have one English, not three.
More generally, I bet we have a policy somewhere about which languages we want to be sure to include when we have translated something, and we should see if we're missing any of those; and also I hope we have a policy about which languages to *not* include (and ideally we should go back to transifex and remove those from the set that people can translate, to avoid giving people the impression that they will be doing something useful if they e.g. translate en_US to en_GB).
I'm sorry I don't know more -- I bet Emma or Antonela or Gus will know more about whether we have languages policies and habits in place. :)https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34151Readme needs update2020-06-27T13:40:09ZHashikDReadme needs updateFor testing, according to ReadMe.md...
''Unit testing with Jasmine are available with: npm install npm test
To run locally, start an HTTP server in build/ and navigate to /embed.html''
_npm run build_ needs to be a prerequisite before...For testing, according to ReadMe.md...
''Unit testing with Jasmine are available with: npm install npm test
To run locally, start an HTTP server in build/ and navigate to /embed.html''
_npm run build_ needs to be a prerequisite before starting the server and navigating to /embed.html.HashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34198Include full broker messaging spec in /doc2020-06-27T13:40:09ZCecylia BocovichInclude full broker messaging spec in /docThis adds information about the broker API, with the messaging protocol and the endpoints used by clients and proxies.
This is a prerequisite for our work to implement a Snowflake proxy on Android.This adds information about the broker API, with the messaging protocol and the endpoints used by clients and proxies.
This is a prerequisite for our work to implement a Snowflake proxy on Android.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34263Library selection for using WebRTC for the project.2020-06-27T13:40:09ZHashikDLibrary selection for using WebRTC for the project.Selecting a good and resilient library with frequent updates is imperative, these are the libraries available:
\\
Google's official library that we have to compile to use in our project: http://webrtc.github.io/webrtc-org/native-code/an...Selecting a good and resilient library with frequent updates is imperative, these are the libraries available:
\\
Google's official library that we have to compile to use in our project: http://webrtc.github.io/webrtc-org/native-code/android/
\\
~~Ant Server's library: https://github.com/ant-media/Ant-Media-Server/wiki/WebRTC-Android-SDK-Documentation - Here they used "Ant Media Server" as signaling server we can change that.~~
Ant Media Server uses WebRTC library on top of that they added their own functionality to make it work with Ant Media Server. Which is not very useful for our project.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34264Discussion on using a library for HTTP requests.2020-06-27T13:40:09ZHashikDDiscussion on using a library for HTTP requests.Since we are using POST request in long polling fashion to get the SDP offer from the broker and sending an answer. Since this is only a two-time use, do we need Retrofit library or if OkHttp is suffice. Retrofit uses OkHttp and it is a ...Since we are using POST request in long polling fashion to get the SDP offer from the broker and sending an answer. Since this is only a two-time use, do we need Retrofit library or if OkHttp is suffice. Retrofit uses OkHttp and it is a little bit bloated but feature-rich as compared to OkHttp.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34265Library selection for WebSocket communication with Tor relay.2020-06-30T15:52:42ZHashikDLibrary selection for WebSocket communication with Tor relay.For WebSocket libraries here are some mentions: \\
https://github.com/Tinder/Scarlet - Designed for Android, hence preferred.\\
https://github.com/TooTallNate/Java-WebSocket - Popular Java lib.\\
https://github.com/facundofarias/awesome-...For WebSocket libraries here are some mentions: \\
https://github.com/Tinder/Scarlet - Designed for Android, hence preferred.\\
https://github.com/TooTallNate/Java-WebSocket - Popular Java lib.\\
https://github.com/facundofarias/awesome-websockets - Curated list of WS.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34266Creating and setting up the libraries and the project.2020-06-27T13:40:09ZHashikDCreating and setting up the libraries and the project.Discussion about the packages, supported API versions (Android versions), etc. can be discussed here. Things about before getting the app started and off the ground.Discussion about the packages, supported API versions (Android versions), etc. can be discussed here. Things about before getting the app started and off the ground.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/34267Compiling the WebRTC Google library.2020-06-27T13:40:08ZHashikDCompiling the WebRTC Google library.Compiling the library for our project using Google's documentation.\\
http://webrtc.github.io/webrtc-org/native-code/android/Compiling the library for our project using Google's documentation.\\
http://webrtc.github.io/webrtc-org/native-code/android/