Commit graph

1338 commits

Author SHA1 Message Date
David Fifield
ab34f8e889 Use chunk.byteLength as appropriate for ArrayBuffers.
Without this, running with non-dummy rate limiter (e.g. ?ratelimit=1000)
would try to add undefined to a number resulting in NaN.
2018-12-19 21:30:39 -07:00
David Fifield
297ae7b1b8 Test ProxyPair with ArrayBuffers, not strings. 2018-12-19 21:30:39 -07:00
David Fifield
7c519b2975 Log WebSocket→WebRTC messages in debug mode.
Same as the other direction.
2018-12-19 21:30:39 -07:00
David Fifield
f06104d182 Only console.log the number of bytes, not the literal message.
It doesn't really help to have a bunch TLS application records
interpreted as a string written to the console.
2018-12-19 21:30:39 -07:00
David Fifield
aa668bdc92 Set binaryType="arraybuffer" for RTCDataChannel, just as with WebSocket.
The binaryType can be "arraybuffer" or "blob", and "blob" is the
default. The code is only aware of "arraybuffer": I discovered a problem
while running snowflake.html in debug mode; this code fails:
    if DEBUG
      # Go sends only raw bytes...
      if '[object ArrayBuffer]' == recv.toString()
        bytes = new Uint8Array recv
        line = String.fromCharCode.apply(null, bytes)
      line = line.trim()
      log 'WebRTC --> websocket data: ' + line
with the error:
	TypeError: line.trim is not a function[Learn More] snowflake.js:497:16
because recv is of type Blob, not ArrayBuffer.

Despite the unexpected type, the code seemed to work as expected when
not in debug mode. Though the two types provide different interfaces,
they are both valid to pass on to WebSocket.send. The only other thing
we did with it was try to read the .length member for rate-limiting
purposes:
        @rateLimit.update chunk.length
but .length is incorrect for either type: Blob uses .size and
ArrayBuffer uses .byteLength. It worked anyway, because
DummyRateLimit.update doesn't actually look at its argument.

We were already setting binaryType="arraybuffer" for WebSocket
connections.
2018-12-19 21:30:39 -07:00
David Fifield
a554439370 Link to #26360 for why we blackhole logs without -log.
Maybe we'll able to remove this in the far future.
2018-12-18 21:24:32 -07:00
David Fifield
a48b704788 Remove "broker" and "relay" query params in proxy/README.
Addendum to #28727.
2018-12-05 13:40:17 -07:00
David Fifield
52e79a4b43 Bump last updated date. 2018-12-05 13:39:01 -07:00
David Fifield
debe9c3748 Bug 28727: remove "broker" and "relay" query string parameters.
These could be misused to cause Snowflake proxies to attempt connect to
unsuspecting third parties.
https://bugs.torproject.org/28727
2018-12-05 13:35:03 -07:00
David Fifield
5817c257c1 Fix a local variable reference in BucketRateLimit.when.
ReferenceError: age is not defined	snowflake.js:265:7
        BucketRateLimit.prototype.when	snowflake/proxy/build/snowflake.js:265:7
        ProxyPair.prototype.flush	snowflake/proxy/build/snowflake.js:558:63
        bind/<	snowflake/proxy/build/snowflake.js:10:56
        ProxyPair.prototype.onClientToRelayMessage	snowflake/proxy/build/snowflake.js:495:14
        bind/<	snowflake/proxy/build/snowflake.js:10:56
2018-12-04 17:14:35 -07:00
David Fifield
9545be1c9f '//' is not a CSS comment.
I got the warning:
	Expected declaration but found ‘/’.  Skipped to next declaration.
2018-12-04 15:46:12 -07:00
David Fifield
3cd8519ec9 Fix the ProxyPair tests exposed by the previous commit.
This was mainly a matter of more complete mocking.
2018-12-04 15:09:53 -07:00
David Fifield
fce32bf292 Fix nested Jasmine tests.
You can nest a "describe" in a "describe":
  describe
    describe
      it

But you can't nest an "it" in an "it":
  describe
    it
      it

The nested "it"s were not getting run (or getting run, but their output
ignored, I'm not sure).

Before this change:
	41 specs, 0 failures
After:
	44 specs, 5 failures
2018-12-04 15:09:53 -07:00
David Fifield
261ef8f5bc Remove duplicate ProxyPair tests from util.spec.coffee. 2018-12-04 15:09:53 -07:00
Arlo Breault
596d28b576 Change go_import_path in travis since we have relative imports 2018-11-26 12:51:40 -05:00
Arlo Breault
d821846cc4 Bump version of golang in travis to v1.10
The http2 package removed support for v1.8 in,
22700d5518

and it says 1.9 isn't actively tested.
2018-11-26 12:43:56 -05:00
Arlo Breault
cce7ee64a7 Start refactoring out a client and library 2018-11-20 22:38:02 -05:00
David Fifield
7662ccb00c Rename context_→ctx. 2018-11-05 16:40:16 -07:00
David Fifield
ff34e01e9c Add "auth login" to the gcloud steps. 2018-11-05 16:26:40 -07:00
David Fifield
6077141f4a Log to io.Discard if no log file is set.
https://bugs.torproject.org/25600#comment:14

Snowflake in Tor Browser has been hanging after surfing for a while.
(Tor reports "no running bridges".) It only began happening after commit
12922a232b, which caused snowflake-client not to log to a file by
default (leaving it to log to its default stderr). What seems to be
happening is that tor doesn't read from its PT clients' stderr, leaving
a buffer to fill up that eventually causes a hang.
2018-06-10 16:41:32 -07:00
Hans-Christoph Steiner
25b304a9a8 first stab at gitlab CI build 2018-05-08 10:10:07 +02:00
David Fifield
88ea7a5083 Switch to an Azure domain front.
https://bugs.torproject.org/22782
2018-04-30 09:52:38 -07:00
David Fifield
fd9efa1001 Fix text-shadow CSS.
The semicolons made it look like the end of a declaration. I got these
errors in the Firefox console:

Expected declaration but found ‘1px’.  Skipped to next declaration. 1 embed.html:29:17
Expected declaration but found ‘-1px’.  Skipped to next declaration. 1 embed.html:30:17
2018-04-17 17:21:46 -07:00
Arlo Breault
433a47fdf7 Only unset the header for the page being rendered 2018-04-17 16:43:01 -04:00
Arlo Breault
b441ae4bf4 Add an .htaccess file to unset X-Frame-Options 2018-04-17 16:05:39 -04:00
David Fifield
947636ae81 Change to standalone broker.
https://snowflake-reg-test.appspot.com/ for the client (needs domain fronting)
https://snowflake-broker.bamsoftware.com/ for the proxies (no fronting)

Note that fronting to App Engine doesn't currently actually work because
of https://bugs.torproject.org/25804; this commit doesn't change that.
2018-04-16 10:24:00 -07:00
David Fifield
a9630a8234 keroserene.net/snowflake → snowflake.torproject.org 2018-04-16 10:24:00 -07:00
David Fifield
a762becbaa Link to wiki page rather than github source code.
I'm intuiting that the purpose of linking to github was to show the
README, not to link to the source code per se, so I changed the link to
point to the wiki page rather than gitweb.torproject.org/....

https://bugs.torproject.org/23947#comment:15
2018-04-16 10:24:00 -07:00
David Fifield
9f1c7b12c8 Link to Snowflake wiki page rather than mailing list post.
The wiki page in turn links to the post.
2018-04-15 17:36:53 -07:00
David Fifield
933c117a48 Declare utf-8 in index.html. 2018-04-15 17:32:36 -07:00
David Fifield
5a1dffcceb Update "last updated" date; remove "~Serene" signoff. 2018-04-15 17:25:10 -07:00
David Fifield
bcef2ee7fb Add <title> to index.html and snowflake.html. 2018-04-15 17:23:16 -07:00
David Fifield
01d1f951e5 Add the cake build hint to proxy/README.md.
It was already in the root README.md, but proxy/README.md is where I
always look for it.
2018-04-15 17:13:26 -07:00
David Fifield
2e59838faf Documentation fix: current default relay.
Was missed in 3fe10f3e7c.
2018-04-15 17:07:32 -07:00
David Fifield
07291a0136 Add a 5s delay between polls in proxy-go.
https://bugs.torproject.org/25344

5s matches DEFAULT_BROKER_POLL_INTERVAL in the JavaScript proxy.

This is set up so as long as the actual HTTPS requests take less time
than pollInterval, there will a steady one poll per pollInterval. If the
HTTPS requests take longer than that, there will be no delay between
polls.
2018-03-21 22:52:30 -07:00
David Fifield
019e2cea23 Update server shutdown procedure.
Ignore SIGINT, honor TOR_PT_EXIT_ON_STDIN_CLOSE.
2018-03-21 00:53:31 -07:00
David Fifield
bdc1798adb Exit immediately after SIGTERM is there are no signals running.
Cf. https://bugs.torproject.org/24875
2018-03-21 00:51:04 -07:00
David Fifield
6a9c2bf951 Don't log "SOCKS accepted" if there was an Accept error.
This actually caused a nil pointer dereference panic when Accept
returned an error, because conn was nil.
2018-03-21 00:43:17 -07:00
Arlo Breault
1114acbcb4 Add synchronization around destroying DataChannels and PeerConnections
From https://trac.torproject.org/projects/tor/ticket/21312#comment:33
2018-03-20 15:08:36 -04:00
Arlo Breault
40bf7664d4 Fetch http2 dep in travis
Since 19b317e
2018-03-15 15:39:02 -04:00
Arlo Breault
28138b327a Ignore proxy-go bin 2018-03-15 15:11:47 -04:00
Arlo Breault
f2abf5b60c Try to protect against crash from dereferencing a NULL in go-proxy
Follow up to ff8f385

Similar to c834c76
2018-03-14 00:15:13 -04:00
David Fifield
c834c76fc5 Call explicit frees in server-webrtc.
https://bugs.torproject.org/21312

Cf. corresponding change for proxy-go:
https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=ff8f3851082e8f7f8b4c8b99b161be35020aeb67
2018-03-14 00:13:02 -04:00
Arlo Breault
42ec097a58 Allow broker base url to have a path 2018-03-14 00:04:59 -04:00
David Fifield
44ab82bc61 Add a "starting" log line to proxy-go. 2018-03-13 19:25:41 -07:00
David Fifield
ea7b9c0223 Wait briefly after calling ListenAndServe{TLS} to see if it errors.
This is a port of commit e3f3054f8b74caa639a6d9be09702693af9a70e7 from
meek.

In the previous commit, we changed from separate Listen and Serve steps
to always calling ListenAndServe. However, we would really like to
immediately get feedback if any errors happen in the Listen step inside
the call, because it's much better for debugging if those errors get
reported to tor through SMETHOD-ERROR--rather than reporting success to
tor and actually logging an error only in the snowflake log. So we wait
100 ms for an error to occur before deciding that the Listen succeeded.

We don't need to apply this hack to the ACME HTTP-01 listener, because
it's a plaintext listener. Unlike in the TLS case, there isn't any
internal magic that the net library does that we have to rely on. We
just call net.ListenTCP and check for an error.
2018-03-13 19:18:52 -07:00
David Fifield
19b317e781 Use ListenAndServe{TLS} rather than separate Listen and Serve.
This is a port of commit cea86c937dc278ba6b2100c238b1d5206bbae2f0 from
meek. Its purpose is to remove the need to copy-paste parts of
net/http.Server.ListenAndServeTLS. Here is a copy of the commit message
from meek:

    The net/http package provides ListenAndServe and ListenAndServeTLS
    functions, but it doesn't provide a way to set up a listener without
    also entering an infinite serve loop. This matters for
    ListenAndServeTLS, which sets up a lot of magic behind the scenes for
    TLS and HTTP/2 support. Formerly, we had copy-pasted code from
    ListenAndServeTLS, but that code has only gotten more complicated in
    upstream net/http.

    The price we pay for this is that it's no longer possible for a server
    bindaddr to ask to listen on port 0 (i.e., a random ephemeral port).
    That's because we never get a change to find out what the listening
    address is, before entering the serve loop.

    What we gain is HTTP/2 support; formerly our copy-pasted code had the
    side effect of disabling HTTP/2, because it was copied from an older
    version and did things like
            config.NextProtos = []string{"http/1.1"}

    The new code calls http2.ConfigureServer first, but that's not what's
    providing HTTP/2 support. HTTP/2 support happens by default. The reason
    we call http2.ConfigureServer is because we need to set
    TLSConfig.GetCertificate, and http2.ConfigureServer is a convenient way
    to initialize TLSConfig in a way that is guaranteed to work with HTTP/2.
2018-03-13 19:18:52 -07:00
David Fifield
c61336c897 Use ResolveReference to construct the /client URL.
This way works when the base URL lacks a path, e.g.
"http://127.0.0.1:8080".
https://bugs.torproject.org/25472
2018-03-13 15:37:50 -04:00
Arlo Breault
8a31312ca1 Provide a flag to Log to state dir 2018-03-13 15:00:58 -04:00
Arlo Breault
ff8f385108 Call explicit frees in proxy-go 2018-03-08 13:46:55 -05:00