Cecylia Bocovich
08d1c6d655
Bump minimum required version of go
...
The version of x/sys we're using requires go1.17 or later
2023-06-20 14:52:09 -04:00
Cecylia Bocovich
2fa8fd9188
Update version to v2.6.0
2023-06-19 12:52:25 -04:00
Vort
ea01c92cf1
Implement DataChannel flow control
2023-06-19 17:44:45 +01:00
Cecylia Bocovich
f8eb86f24d
Append Let's Encrypt ISRG Root X1 to cert pool
...
This is a workaround for older versions of android that do not trust
the Let's Encrypt root certificate.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40087
2023-06-14 18:12:29 -04:00
David Fifield
9edaee6547
Use IP_BIND_ADDRESS_NO_PORT when dialing the ORPort on Linux.
...
When the orport-srcaddr option is set, we bind to a source IP address
before dialing the ORPort/ExtORPort. tor similarly binds to a source IP
address when OutboundBindAddress is set in torrc. Since tor 0.4.7.13,
tor sets IP_BIND_ADDRESS_NO_PORT, and because problems arise when some
programs use IP_BIND_ADDRESS_NO_PORT and some do not, we also have to
start using IP_BIND_ADDRESS_NO_PORT when we upgrade tor
(tpo/anti-censorship/pluggable-transports/snowflake#40270).
Related: tpo/anti-censorship/pluggable-transports/snowflake#40198
2023-06-08 13:24:22 -06:00
itchyonion
130b63ccdd
use debian buster and bullseye as base images
2023-06-08 00:51:42 -07:00
meskio
82cc0f38f7
Move the development to gitlab
...
Related: tpo/anti-censorship/team#86
2023-05-31 10:01:47 +02:00
itchyonion
88608ad44a
Broker: add warning log when proxy couldn't mach with client
2023-05-29 10:12:48 -07:00
itchyonion
6c431800b0
Broker: update unit tests after adding SDP validation
2023-05-29 10:12:48 -07:00
itchyonion
255cee69ed
Broker: soften non-critical log from error to warning
2023-05-29 10:12:48 -07:00
itchyonion
07b5f07452
Validate SDP offers and answers
2023-05-29 10:12:48 -07:00
David Fifield
8e5ea82611
Add a scanner error check to ClusterCounter.Count.
...
It was silently exiting at the "recordingStart":"2022-09-23T17:06:59.680537075Z"
line, the first line whose length (66873) exceeds
bufio.MaxScanTokenSize. Now distinctcounter exits with an error status
instead of reporting partial results.
$ ./distinctcounter -from 2023-01-01T00:00:00Z -to 2023-01-10T00:00:00Z -in metrics-ip-salted.jsonl
2023/04/20 13:54:11 unable to count:bufio.Scanner: token too long
2023-04-20 11:28:58 -04:00
meskio
f723cf52e8
Merge remote-tracking branch 'gitlab/main'
2023-04-20 16:37:52 +02:00
meskio
297ca91b1d
Use goptlib from gitlab.torproject.org
2023-04-19 17:15:35 +02:00
David Fifield
c097d5f3bc
Use a sync.Pool to reuse packet buffers in QueuePacketConn.
...
This is meant to reduce overall allocations. See past discussion at
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260#note_2885524 ff.
2023-04-04 20:22:32 -06:00
David Fifield
97c930013b
Fix loop termination in TestQueuePacketConnWriteToKCP.
...
The noise-generating goroutine was meant to stop when the parent
function returned and closed the `done` channel. The `break` in the loop
was wrongly exiting only from the `select`, not from the `for`.
This was the cause of banchmark anomalies in
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260#note_2885832 .
The noise-generating loop from the test was continuing to run while the
benchmarks were running.
2023-04-04 19:12:22 -06:00
David Fifield
6bae31f077
Use a static array in benchmarks.
...
Since d2858aeb7e
2023-04-04 18:56:55 -06:00
David Fifield
590d158df8
Comment typo.
2023-04-04 18:46:35 -06:00
David Fifield
6bdd48c006
Restore ListenAndServe error return in Transport.Listen.
...
This error return was lost in 11f0846264!31 .
Fixes #40043 .
2023-04-03 00:18:26 -06:00
David Fifield
17829d80d5
Comment typo.
2023-03-29 09:49:24 -06:00
Shelikhoo
47dd253a37
Update CI test targets
2023-03-22 12:19:06 +00:00
KokaKiwi
1ef43a0dde
Use latest Pion WebRTC libs version
...
- webrtc and dtls libs got the "Skip Hello Verify" patches applied
Link: https://github.com/pion/dtls/pull/513
Link: https://github.com/pion/webrtc/pull/2433
2023-03-22 12:19:03 +00:00
itchyonion
5dd0a31d95
Add comments and improve logging
2023-03-14 12:43:00 -07:00
itchyonion
fb35e80b0a
Proxy: add outbound-address config
2023-03-14 12:42:59 -07:00
David Fifield
36d5d2dd83
Fix comment typo on NewRedialPacketConn.
2023-03-13 15:10:35 -06:00
David Fifield
ef51f2063e
Merge branch '40260-revert-queuepacketconn-ownership' into 'main'
...
Revert "Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo"
See merge request tpo/anti-censorship/pluggable-transports/snowflake!140
2023-03-13 19:36:09 +00:00
David Fifield
d2858aeb7e
Revert "Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo."
...
This reverts commit 839d221883#40187 and #40199 .
The analysis in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40199
was wrong; kcp-go does reuse the buffers it passes to
QueuePacketConn.WriteTo. This led to unsynchronized reuse of packet
buffers and mangled packets observable at the client:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260 .
Undoing the change in QueuePacketConn.QueueIncoming as well, for
symmetry, even though it is not implicated in any correctness problems.
2023-03-13 12:57:35 -06:00
David Fifield
b63d2272bf
Test for data race with QueuePacketConn.WriteTo and kcp-go.
...
For #40260 .
2023-03-13 11:42:44 -06:00
Shelikhoo
473cc45987
Add utls-imitate, utls-nosni doc to README: fix style
2023-03-13 14:13:50 +00:00
Shelikhoo
39d906b380
Add utls-imitate, utls-nosni doc to README
2023-03-10 15:25:15 +00:00
WofWca
5cc849e186
fix: up/down traffic stats being mixed up
2023-02-09 11:45:09 -08:00
itchyonion
990fcb4127
Filter out non stun: server addresses in ParseIceServers
2023-01-30 09:10:15 -08:00
itchyonion
66269c07d8
Update README to correctly reflec the type of ICE servers we currently support
2023-01-30 09:10:15 -08:00
itchyonion
a6a18c1a9b
Parse ICE servers with pion/ice library function
2023-01-30 09:10:15 -08:00
David Fifield
b443e99417
Bring client torrc up to date with Tor Browser fc89e8b1.
...
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commits/fc89e8b10c3ff30db2079b2fb327d05b2b5f3c80/projects/common/bridges_list.snowflake.txt
* Use port 80 in placeholder IP addresses
tpo/applications/tor-browser-build!516
* Enable uTLS
tpo/applications/tor-browser-build!540
* Shorten bridge line (remove stun.voip.blackberry.com)
tpo/applications/tor-browser-build!558
* Add snowflake-02 bridge
tpo/applications/tor-browser-build!571
2023-01-19 11:37:23 -07:00
Shelikhoo
7b77001eaa
Update version to v2.5.1
2023-01-18 14:37:05 +00:00
Shelikhoo
44c76ce3ad
Fix helloverify remove patch not applied
2023-01-18 14:36:18 +00:00
Shelikhoo
daa9b535c8
Update Version to v2.5.0
2023-01-18 11:27:31 +00:00
Shelikhoo
10fd000685
Apply Skip Hello Verify Migration
...
Backported from https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-skiphelloverify-backup
2023-01-17 12:47:32 +00:00
Cecylia Bocovich
4895a32fd3
Bump version to v2.4.3
2023-01-16 11:55:31 -05:00
Cecylia Bocovich
086bbb4a63
Bump version to v2.4.2
2023-01-13 13:45:17 -05:00
Cecylia Bocovich
7db2568448
Remove duplicate stun.sonetel.net entry
2023-01-03 10:32:03 -05:00
Cecylia Bocovich
8c775562c1
Remove two suggested STUN servers from client docs
...
Removed stun.stunprotocol.org after a discussion with the operator, and
stun.altar.com.pl after noticing it has gone offline.
https://lists.torproject.org/pipermail/anti-censorship-team/2022-December/000272.html
https://lists.torproject.org/pipermail/anti-censorship-team/2022-December/000276.html
2022-12-31 12:23:29 -05:00
Cecylia Bocovich
f6fa51d749
Switch default proxy STUN server to stun.l.google.com
...
This is the same default that the web-based proxies use. Proxies do not
need RFC 5780 compatible STUN servers.
2022-12-31 12:23:27 -05:00
David Fifield
936a1f8138
Add a num-turbotunnel server transport option.
...
Replaces the hardcoded numKCPInstances.
2022-12-14 23:02:26 -07:00
David Fifield
c6fabb212d
Use multiple parallel KCP state machines in the server.
...
To distribute CPU load.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40200
2022-12-14 23:02:26 -07:00
itchyonion
53e381e45d
Fix server flag name
2022-12-13 09:23:34 -08:00
Flo418
11c3333856
add some more test for URL encoded IPs (safelog)
2022-12-12 19:56:59 +01:00
David Fifield
839d221883
Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo.
...
This design is easier to misuse, because it allows the caller to modify
the contents of the slice after queueing it, but it avoids an extra
allocation + memmove per incoming packet.
Before:
$ go test -bench='Benchmark(QueueIncoming|WriteTo)' -benchtime=2s -benchmem
BenchmarkQueueIncoming-4 7001494 342.4 ns/op 1024 B/op 2 allocs/op
BenchmarkWriteTo-4 3777459 627 ns/op 1024 B/op 2 allocs/op
After:
$ go test -bench=BenchmarkWriteTo -benchtime 2s -benchmem
BenchmarkQueueIncoming-4 13361600 170.1 ns/op 512 B/op 1 allocs/op
BenchmarkWriteTo-4 6702324 373 ns/op 512 B/op 1 allocs/op
Despite the benchmark results, the change in QueueIncoming turns out not
to have an effect in practice. It appears that the compiler had already
been optimizing out the allocation and copy in QueueIncoming.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40187
The WriteTo change, on the other hand, in practice reduces the frequency
of garbage collection.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40199
2022-12-08 08:03:54 -07:00
David Fifield
d4749d2c1d
Reduce turbotunnel queueSize from 2048 to 512.
...
This is to reduce heap usage.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40179
Past discussion of queueSize:
https://lists.torproject.org/pipermail/anti-censorship-team/2021-July/000188.html
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/48#note_2744619
2022-12-08 08:03:54 -07:00
