archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 11:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
1490 commits 18 branches 42 tags 3.8 MiB
Commit graph

165 commits

Author SHA1 Message Date
Cecylia Bocovich
8343bbc336
Add context with timeout for client requests 
Client timeouts are currently counted from when the client is matched
with a proxy. Instead, count client timeouts from the moment when the
request is received.

Closes #40449
 2025-03-26 13:30:59 -04:00
Cecylia Bocovich
6472bd86cd
Bump verison of Snowflake to 2.11.0 2025-03-18 14:37:02 -04:00
WofWca
f3e040bbd8
improvement: less scary failed conn logs & metrics 
...and adjust the `totalFailedConnections` metric name
and description.

This commit should make the periodic stats log messages
and the relevant metric look less scary to users:
P2P connection failures are relatively frequent and are usually
not indicative of the proxy operator having done something wrong.
So let's tone the wording down.

See the discussion: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/516#note_3173677.
 2025-03-15 11:15:22 -04:00
WofWca
1923803124 fix: potential race conditions with non-local err 
Some of the changes do not appear to have a potential race condition,
so there it is purely a refactor,
while in others (e.g. in broker.go and in proxy/lib/snowflake.go)
we do use the same variable from multiple threads / functions.
 2025-03-12 00:47:07 +04:00
WofWca
583178f4f2
feat(proxy): add failed connection count stats 
For the summary log and for Prometheus metrics.

Log output example:

> In the last 1h0m0s, there were 7 completed successful connections. 2 connections failed. Traffic Relayed ↓ 321 KB (0.10 KB/s), ↑ 123 KB (0.05 KB/s).
 2025-03-11 13:12:44 +00:00
meskio
e345c3bac9
proxy: add country to prometheus metrics 2025-02-13 12:44:23 +01:00
WofWca
cb0fb02cd5
fix(proxy): not answering before client timeout 
This is related to
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40230.

The initial MR that closed that issue,
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/391,
was not semantically correct, because `DataChannelTimeout`
starts after the client has already received the answer.

After
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/498#note_3156256
the code became not only semantically incorrect,
but also functionally incorrect because now if this timeout is hit
by the proxy, the client is guaranteed to be gone already.
This commit fixes it, by lowering the timeout.

This addresses a suggestion in
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40447.

This also closes
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40381
and supersedes
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/415.
 2025-02-12 10:17:08 -05:00
onyinyang
26f7ee4b06
Remove utls library from snowflake and Use ptuil/utls 2025-01-29 13:01:33 -05:00
Cecylia Bocovich
eedac71a3a
Add self-signed ISRG Root X1 to cert pool 
Replace the expired DST Root CA X3 signed ISRG Root X1 cert with the
self-signed cert.

Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40440
 2025-01-15 10:56:17 -05:00
WofWca
5e7b35bf12
refactor: use named returns for some funcs 
This should make the functions easier to use,
harder to confuse the return values with the same type.
 2024-12-03 12:51:42 +00:00
WofWca
ae5bd52821
improvement: use SetIPFilter for local addrs 
Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40271.
Supersedes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/417.

This simplifies the code and (probably) removes the need for
`StripLocalAddresses`, although makes us more dependent on Pion.

Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>
 2024-11-28 10:56:40 -05:00
WofWca
f65f1d850f improvement: use IsLinkLocalUnicast in IsLocal 
Looking at the code, this commit appears to change behavior,
because `IsLocal` will now return `true` for IPv6 link-local unicast
addresses.
 2024-11-21 17:31:56 +04:00
WofWca
387096b2a1 refactor: rewrite IsLocal with ip.IsPrivate() 
The referenced MR has been implemented.
The extra checks have been added in 8467c01e9e.

With this rewrite the checks are exactly the same as of Go 1.23.3.
 2024-11-18 20:49:16 +04:00
Shelikhoo
239357509f
update snowflake to use pion webrtc v4 2024-11-13 14:58:53 +00:00
Renovate Bot
290be512e3 chore(deps): update module github.com/pion/webrtc/v3 to v4 2024-11-11 18:45:36 +00:00
Cecylia Bocovich
8b2e12c96d
Bump version of Snowflake to 2.10.1 2024-11-11 13:15:48 -05:00
Cecylia Bocovich
aaf8826560
Add proxy event for when client has connected 
This enables the usage of callbacks that will be called when a client
has opened a data channel connection to the proxy.
 2024-11-06 10:31:33 -05:00
Waldemar Zimpel
93f5d1ef7f Log average transfer rate 
Adds the average transfer rate for the summary interval to the summary log lines
 2024-10-23 03:25:26 +02:00
Cecylia Bocovich
443c633aab
Revert "Move time.Sleep call in turbotunnel test" 
This reverts commit 4497d68d6f.
 2024-09-24 13:12:23 -04:00
Cecylia Bocovich
4497d68d6f
Move time.Sleep call in turbotunnel test 
An update the the kcp-go library removes the guarantee that all data
written to a KCP connection will be flushed before the connection is
closed. Moving the sleep call has no impact on the integrity of the
tests, and gives the connection time to flush data before the connection
is closed.

See https://github.com/xtaci/kcp-go/issues/273
 2024-09-23 10:08:18 -04:00
Renovate Bot
97e21e3a29
chore(deps): update module github.com/pion/stun to v3 2024-08-27 09:43:08 -04:00
Arlo Breault
ffdda1358a
Indicate modified in version string 
issue 40365
 2024-07-11 11:46:57 +01:00
itchyonion
4ed5da7f2f
Simplify proxy NAT checking logic 2024-05-28 12:30:44 -07:00
meskio
a9df5dd71a
Use ptutil for safelog and prometheus rounded metrics 
* Related: #40354
 2024-05-09 16:24:33 +02:00
Cecylia Bocovich
05a95802c1
Bump version to v2.9.2 2024-03-18 14:47:44 -04:00
meskio
f502eca67d
Merge remote-tracking branch 'origin/mr/258' 2024-03-12 08:28:53 -03:00
Michael Pu
b512e242e8 Implement better client IP per rendezvous method tracking for clients 
Implement better client IP per rendezvous method tracking for clients

Add tests for added code, fix existing tests

chore(deps): update module github.com/miekg/dns to v1.1.58

Implement better client IP tracking for http and ampcache

Add tests for added code, fix existing tests

Implement GetCandidateAddrs from SDP

Add getting client IP for SQS

Bug fixes

Bug fix for tests
 2024-03-09 13:36:25 -05:00
Michael Pu
9fe2ca58a0 Switch to sqscreds param for passing in SQS credentials 2024-03-09 13:35:16 -05:00
Cecylia Bocovich
b130151b24
Bump version to v2.9.1 2024-02-27 11:32:09 -05:00
am3o
acce1f1fd9
refactor: change deprecated "io/ioutil" package to recommended "io" package 2024-02-17 12:47:22 +01:00
Cecylia Bocovich
38352b22ad
Bump version to v2.9.0 2024-02-05 12:00:05 -05:00
Anthony Chang
dbecefa7d2
Move RendezvousMethod field to messages.Arg 2024-01-31 14:34:29 -05:00
Anthony Chang
f3b062ddb2
Add mocks and interfaces for testing SQS rendezvous 
Co-authored-by: Michael Pu <michael.pu@uwaterloo.ca>
 2024-01-22 13:10:56 -05:00
Arlo Breault
e4c818be76
Scrub space separated ip addresses 
The issue with ReplaceAllFunc is that it's capturing the leading and
trailing spaces in the regexp, so successive ips don't match.  From the
docstring,

> If 'All' is present, the routine matches successive non-overlapping
> matches of the entire expression.

For #40306
 2024-01-08 10:03:35 -05:00
Arlo Breault
0d8261c46e Add vcs revision to version string 
For #40285
 2024-01-04 00:31:08 -05:00
Cecylia Bocovich
a0e3e871c4
Bump version to v2.8.1 2023-12-21 15:54:54 -05:00
David Fifield
aa06e7bef3 Merge branch 'encapsulation-readdata-buffer' 2023-11-21 03:46:46 +00:00
Cecylia Bocovich
a88f73b0ff
Bump version to 2.8.0 2023-11-20 11:43:07 -05:00
David Fifield
d99f31d881 Have encapsulation.ReadData return an error when the buffer is short. 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/154#note_2919109

Still ignoring the io.ErrShortBuffer at the callers, which retains
current behavior.
 2023-11-07 05:51:35 +00:00
David Fifield
001f691b47 Have encapsulation.ReadData read into a provided buffer. 
Instead of unconditionally allocating its own.
 2023-11-07 05:51:35 +00:00
Cecylia Bocovich
caa2b36463
Process and properly log connection closure stats 2023-10-31 10:02:31 -04:00
Cecylia Bocovich
5c5eb2c339
Modify EventOnProxyStats to include summary data 2023-10-30 12:42:45 -04:00
Cecylia Bocovich
354cb65432
Move creation of periodic stats task inside proxy library 
This adds a new type of SnowflakeEvent. EventOnProxyStats is triggered
by the periodic task run at SummaryInterval and produces an event with a
proxy stats output string.
 2023-10-30 12:42:45 -04:00
Shelikhoo
5df7a06eee
Add outbound proxy configuration propagation 2023-10-24 17:47:25 +01:00
Shelikhoo
f43da1d2d2
Add transport wrapper 2023-10-24 17:43:32 +01:00
Shelikhoo
8b46e60553
Add common proxy utilities 2023-10-24 17:42:46 +01:00
Shelikhoo
bd7391d678
update version to 2.7.0 2023-10-16 15:14:51 +01:00
David Fifield
6393af6bab
Remove proxy churn measurements from broker. 
We've done the analysis we planned to do on these measurements.

A program to analyze the proxy churn and extract hour-by-hour
intersections is available at:
https://github.com/turfed/snowflake-paper/tree/main/figures/proxy-churn

Closes #40280.
 2023-10-09 16:16:05 +01:00
Cecylia Bocovich
3a050c6bb3
Use ShouldBeNil to check for nil values 2023-09-20 12:34:51 -04:00
Shelikhoo
b5d702f483
update version to v2.6.1 2023-09-11 14:30:00 +01:00