Skip to content

Allow UNmanaged instance of pluggable transport

Summary

Currently on Android apps like Orbot or OnionShare, we use UNmanaged instances of pluggable transports which we run ourselves using IPtProxy. IPtProxy runs the instance of Obfs4Proxy, Snowflake, etc. in-process as true libraries, and not as executables pretending to be libraries.

This means that we configure C-Tor to use Snowflake like this:

ClientTransportPlugin snowflake socks5 127.0.0.1:9999 Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72

instead of giving it a path to the executable.

For these existing apps, and the Tor VPN Android app, this will be required moving forward, as Android OS is increasingly hostile to applications bundling/hiding executables inside of them.

What is the expected behavior?

Regarding documentation here: https://gitlab.torproject.org/tpo/core/arti/-/blob/main/doc/bridges.md we would hope to allow support for the following kind of configuration, either via the toml, or via the future FFI.

[[bridges.transports]]
protocols = ["snowflake"]
uri = "socks5://127.0.0.1:9999"
#path = "/PATH/TO/snowflake-client"
#arguments = ["-log-to-state-dir", "-log", "snowflake.log"]
arguments = []
run_on_startup = false
[bridges]

enabled = true
bridges = [
  "Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72"
]