[Pkg-privacy-commits] [Git][pkg-privacy-team/snowflake][debian/sid] 160 commits: fix(client/snowflake.go): prevent wg.Add race condition

meskio (@meskio-guest) gitlab at salsa.debian.org
Fri May 27 09:34:32 BST 2022 


meskio pushed to branch debian/sid at Privacy Maintainers / snowflake


Commits:
aefabe68 by Simone Basso at 2021-06-14T10:10:02+02:00
fix(client/snowflake.go): prevent wg.Add race condition

In VSCode, the staticcheck tool emits this warning:

> should call wg.Add(1) before starting the goroutine to
> avoid a race (SA2000)go-staticcheck

To avoid this warning, just move wg.Add outside.

- - - - -
6634f2be by Cecylia Bocovich at 2021-06-19T11:16:38-04:00
Store net.Addr in clientIDAddrMap

This fixes a stats collection bug where we were converting client
addresses between a string and net.Addr using the clientAddr function
multiple times, resulting in an empty string for all addresses.

- - - - -
e84bc81e by Cecylia Bocovich at 2021-06-23T19:41:03-04:00
Bump version of kcp and smux libraries

- - - - -
ed2d5df8 by Simone Basso at 2021-06-24T11:16:24-04:00
Fix datarace for WebRTCPeer.lastReceive

The race condition occurs because concurrent goroutines are
intermixing reads and writes of `WebRTCPeer.lastReceive`.

Spotted when integrating Snowflake inside OONI in
https://github.com/ooni/probe-cli/pull/373.

- - - - -
ddcdfc4f by Cecylia Bocovich at 2021-06-24T11:16:24-04:00
Fix datarace for WebRTCPeer.closed

The race condition occurs because concurrent goroutines are intermixing
reads and writes of `WebRTCPeer.closed`.

Spotted when integrating Snowflake inside OONI in
https://github.com/ooni/probe-cli/pull/373.

- - - - -
bb7ff618 by Cecylia Bocovich at 2021-06-24T11:16:24-04:00
Fix datarace for Peers.melted

Using the boolean value was unnecessary since we already have a channel
we can check for closure.

- - - - -
95cbe365 by Cecylia Bocovich at 2021-06-24T11:16:24-04:00
Add unit tests to check for webrtc peer data races

- - - - -
e3351cb0 by Cecylia Bocovich at 2021-06-24T11:16:24-04:00
Fix data race for Peers.collection

We used a WaitGroup to prevent a call to Peers.End from melting
snowflakes while a new one is being collected. However, calls to
WaitGroup.Add are in a race with WaitGroup.Wait. To fix this, we use a
Mutex instead.

- - - - -
10b6075e by Cecylia Bocovich at 2021-06-24T11:20:44-04:00
Refactor checkForStaleness to take time.Duration

- - - - -
53a23656 by Cecylia Bocovich at 2021-06-24T13:32:55-04:00
Fix leak in server acceptLoop

Refactor out a separate handleStream function and ensure that all
connections are closed and the references are out of scope.

- - - - -
74bdb85b by Cecylia Bocovich at 2021-06-24T13:46:11-04:00
Update example torrc file for client

Remove the -max 3 option because we only use one snowflake. Add
SocksPort auto because many testers have a tor process already bound to
port 9050.

- - - - -
7a1857c4 by meskio at 2021-07-07T19:36:20+02:00
Make the proxy to report the number of clients to the broker

So the assignment of proxies is based on the load. The number of clients
is ronded down to 8. Existing proxies that doesn't report the number
of clients will be distributed equaly to new proxies until they get 8
clients, that is okish as the existing proxies do have a maximum
capacity of 10.

Fixes #40048

- - - - -
ced539f2 by meskio at 2021-07-07T19:36:24+02:00
Refactor webRTCConn to its own file

- - - - -
015958fb by Arlo Breault at 2021-07-08T12:32:35-04:00
Intermediary refactor teasing apart http / ipc

Introduces an IPC struct and moves the logic out of the http handlers
and into methods on that.

- - - - -
0ced1cc3 by Arlo Breault at 2021-07-08T12:32:37-04:00
Move http handlers to a separate file

- - - - -
87ad06a5 by Arlo Breault at 2021-07-08T12:32:37-04:00
Get rid of legacy version

Move the logic for the legacy version into the http handlers and use a
shim when doing ipc.

- - - - -
c3c84fdb by Arlo Breault at 2021-07-08T12:47:23-04:00
Use variables for string matching

The legacy code does case matching on these exact strings so it's better
to ensure they're constant.

- - - - -
dfb68d7c by Arlo Breault at 2021-07-08T15:32:25-04:00
Fix race is broker test reported by `go test -race`

- - - - -
2c2f93c0 by Arlo Breault at 2021-07-08T15:35:04-04:00
Remove and restore some comments, after review

- - - - -
4f7833b3 by Cecylia Bocovich at 2021-07-13T17:50:44-04:00
Version bump to v1.1.0

- - - - -
d9a83e26 by David Fifield at 2021-07-18T13:11:29-06:00
Remove unused FakePeers.

Unused since 1364d7d45bbec9de605a266a84ea60cdfa6676db.

- - - - -
2d7cd3f2 by David Fifield at 2021-07-18T16:25:09-06:00
Use the readLimit constant in a test.

Instead of copying the value.

- - - - -
c1b0fdd8 by Cecylia Bocovich at 2021-07-19T10:16:26-04:00
Cleaned up and reorganized READMEs

- - - - -
b4e964c6 by Cecylia Bocovich at 2021-07-19T10:16:26-04:00
Added some Snowflake library documentation

- - - - -
099f4127 by meskio at 2021-07-21T16:38:27+02:00
Refactor the poll offer to use a ticker

Simplify the code to use a ticker. Using a pattern to allow a first run
of the loop before hitting the ticker:
https://github.com/golang/go/issues/17601#issuecomment-311955879

- - - - -
e3d376ca by meskio at 2021-07-21T16:38:29+02:00
Wait pollInterval between proxy offers

Closes: #40055

- - - - -
191510c4 by David Fifield at 2021-08-05T16:13:24-06:00
Use a URL with a Host component in BrokerChannel tests.

The tests were using a broker URL of "test.broker" (i.e., a schema-less,
host-less, relative path), and running assertions on the value of
b.url.Path. This is strange, especially in tests regarding domain
fronting, where we care about b.url.Host, not b.url.Path. This commit
changes the broker URL to "http://test.broker" and changes tests to
check b.url.Host. I also added an additional assertion for an empty
b.Host in the non-domain-fronted case.

- - - - -
55f4814d by David Fifield at 2021-08-05T16:13:24-06:00
Change the representation of domain fronting in HTTP rendezvous.

Formerly, BrokerChannel represented the broker URL and possible domain
fronting as
	bc.url  *url.URL
        bc.Host string
That is, bc.url is the URL of the server which we contact directly, and
bc.Host is the Host header to use in the request. With no domain
fronting, bc.url points directly at the broker itself, and bc.Host is
blank. With domain fronting, we do the following reshuffling:
	if front != "" {
		bc.Host = bc.url.Host
		bc.url.Host = front
	}
That is, we alter bc.url to reflect that the server to which we send
requests directly is the CDN, not the broker, and store the broker's own
URL in the HTTP Host header.

The above representation was always confusing to me, because in my
mental model, we are always conceptually communicating with the broker;
but we may optionally be using a CDN proxy in the middle. The new
representation is
	bc.url   *url.URL
        bc.front string
bc.url is the URL of the broker itself, and never changes. bc.front is
the optional CDN front domain, and likewise never changes after
initialization. When domain fronting is in use, we do the swap in the
http.Request struct, not in BrokerChannel itself:
	if bc.front != "" {
		request.Host = request.URL.Host
		request.URL.Host = bc.front
	}

Compare to the representation in meek-client:

https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-client/meek-client.go?h=v0.35.0#n94
	var options struct {
		URL       string
		Front     string
	}
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-client/meek-client.go?h=v0.35.0#n308
	if ok { // if front is set
		info.Host = info.URL.Host
		info.URL.Host = front
	}

- - - - -
0f34a777 by David Fifield at 2021-08-05T16:13:24-06:00
Factor out httpRendezvous separate from BrokerChannel.

Makes BrokerChannel abstract over a rendezvousMethod. BrokerChannel
itself is responsible for keepLocalAddresses and the NAT type state, as
well as encoding and decoding client poll messages. rendezvousMethod is
only responsible for delivery of encoded messages.

- - - - -
c9e0dd28 by David Fifield at 2021-08-05T16:13:24-06:00
amp package.

This package contains a CacheURL function that modifies a URL to be
accessed through an AMP cache, and the "AMP armor" data encoding scheme
for encoding data into the AMP subset of HTML.

- - - - -
c1381019 by David Fifield at 2021-08-05T16:13:24-06:00
Skeleton of ampCacheRendezvous.

Currently the same as httpRendezvous, but activated using the -ampcache
command-line option.

- - - - -
5adb9940 by David Fifield at 2021-08-05T16:13:24-06:00
Implement ampCacheRendezvous.

- - - - -
e833119b by David Fifield at 2021-08-05T16:13:24-06:00
Broker /amp/client route (AMP cache client registration).

- - - - -
521eb4d4 by David Fifield at 2021-08-05T16:13:24-06:00
Add info about rendezvous methods to client README.

- - - - -
f2dc41d7 by David Fifield at 2021-08-05T16:13:24-06:00
Document /amp/client in broker-spec.txt.

- - - - -
b203a75c by David Fifield at 2021-08-05T16:13:24-06:00
Document -ampcache in snowflake-client man page.

- - - - -
e6715cb4 by Cecylia Bocovich at 2021-08-10T15:38:11-04:00
Increase smux and QueuePacketConn buffer sizes

This should increase the maximum amount of inflight data and hopefully
the performance of Snowflake, especially for clients geographically
distant from proxies and the server.

- - - - -
4acc08cc by Cecylia Bocovich at 2021-08-19T21:20:34-04:00
Use a config struct for snowflake client options

- - - - -
e762f58a by Cecylia Bocovich at 2021-08-19T21:20:34-04:00
Parse SOCKS arguments and prefer over command line options

Parsing the Snowflake client options from SOCKS allow us to specify
snowflake client settings in the bridge lines.

- - - - -
97175a91 by Cecylia Bocovich at 2021-08-19T21:20:34-04:00
Modify torrc example to pass client args in bridge line

- - - - -
a39d6693 by Cecylia Bocovich at 2021-08-19T21:31:51-04:00
Call conn.Reject() if SOCKS arguments are invalid

- - - - -
ace8df37 by Cecylia Bocovich at 2021-08-24T10:27:24-04:00
Fix compile bug in client, caught by CI

- - - - -
cbd863d6 by meskio at 2021-09-02T12:49:00+02:00
Fix proxy test

The broker is a global object.

- - - - -
c8136f45 by Cecylia Bocovich at 2021-09-10T16:57:53-04:00
Update version of go used in .gitlab-ci.yml

- - - - -
8c6f0dba by Cecylia Bocovich at 2021-09-30T11:46:39-04:00
Check error for calls to preparePeerConnection

- - - - -
4396d505 by meskio at 2021-10-04T12:24:55+02:00
Use tpo geoip library

Now the geoip implmentation has being moved to it's own library to be
shared between projects.

- - - - -
624750d5 by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Stop exporting code that should be internal

- - - - -
99887cd0 by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Add package functions to define and set the rendezvous method

Add exported functions to the snowflake client library to allow calling
programs to define and set their own custom broker rendezvous methods.

- - - - -
638ec6c2 by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Update Snowflake client library documentation

Follow best practices for documenting the exported pieces of the
Snowflake client library.

- - - - -
767c07dc by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Update client library usage documentation

- - - - -
6c6a2e44 by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Change package name and add a package comment

- - - - -
5927c2bd by Cecylia Bocovich at 2021-10-04T10:17:37-04:00
Default to a maximum value of 1 Snowflake peer

- - - - -
5339ed2d by Cecylia Bocovich at 2021-10-07T11:01:33-04:00
Stop exporting internal code

- - - - -
4623c7d3 by Cecylia Bocovich at 2021-10-07T11:01:33-04:00
Add documentation where necessary for exported items

- - - - -
04ba50a5 by Cecylia Bocovich at 2021-10-07T11:01:33-04:00
Change package name and add a package comment

- - - - -
54ab7938 by Cecylia Bocovich at 2021-10-14T11:14:22-04:00
Unify broker/bridge domains to torproject.net

- - - - -
50e4f4fd by idk at 2021-10-26T14:15:44-04:00
Turn the proxy code into a library

Allow other go programs to easily import the snowflake proxy library and
start/stop a snowflake proxy.

- - - - -
b2edf948 by Cecylia Bocovich at 2021-10-26T14:52:17-04:00
Remove BytesLoggers from exported functions

- - - - -
84e8a183 by Cecylia Bocovich at 2021-10-26T15:49:46-04:00
Comment package and minor changes exports

- - - - -
0e8d41ba by Cecylia Bocovich at 2021-10-28T10:05:01-04:00
Update comments for exported items

- - - - -
3caa83d8 by Cecylia Bocovich at 2021-10-28T10:05:01-04:00
Modify handling of misconfigurations and defaults

- - - - -
0a2598a1 by Cecylia Bocovich at 2021-10-28T10:05:01-04:00
Export ability to change the URL of NAT probe

- - - - -
f6b6342a by Cecylia Bocovich at 2021-11-04T10:34:34-04:00
Update ChangeLog for v2 release

- - - - -
ead5a960 by Cecylia Bocovich at 2021-11-11T10:14:49-05:00
Bump snowflake library imports and go.mod to v2

- - - - -
04bc471a by Shelikhoo at 2021-11-12T10:48:14+00:00
Support recurring NAT Type measurement

currentNATType will from now on be guarded by currentNATTypeAccess for any access.

NAT Type update rule is flattened into state transfer lookup table to assist reading.

- - - - -
4c8a1661 by Shelikhoo at 2021-11-12T10:48:14+00:00
Port V2Ray periodic task standard library to snowflake

This is a mature implementation of periodic task that run a function at given interval. It allows task to be stopped, and deals with edge case like interval too short gracefully.

V2Ray/V2Fly is MIT licensed.

- - - - -
ac97ce71 by Shelikhoo at 2021-11-12T10:48:15+00:00
Add NAT Type measurement command line flag

It is important to include unit in flag name to prevent user from making mistake.

- - - - -
a6a53ff8 by Shelikhoo at 2021-11-12T10:49:30+00:00
Add NAT Type test periodic task

- - - - -
2547883c by Shelikhoo at 2021-11-12T10:49:32+00:00
Extract function getCurrentNATType()

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2759900

- - - - -
59af9927 by Shelikhoo at 2021-11-12T10:49:32+00:00
Refactor state transfer logic to simplify it

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2760514

- - - - -
1b79962c by Shelikhoo at 2021-11-12T10:49:32+00:00
Rename flag to nat-retest-seconds and retest daily by default

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2759816

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2760512

- - - - -
d4fdb35e by Shelikhoo at 2021-11-12T10:56:57+00:00
Add in source indicator of file origin

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2759815

- - - - -
9bdb87ea by Shelikhoo at 2021-11-16T11:20:27+00:00
Update nat-retest-seconds format to time.ParseDuration form

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2761382

- - - - -
efdb850d by Shelikhoo at 2021-11-16T11:22:44+00:00
Update nat-retest-interval flag name to reflect the change

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2761382

- - - - -
c49f72eb by Shelikhoo at 2021-11-16T15:58:57+00:00
Update nat-retest-interval type to duration

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2761438

- - - - -
0c62d806 by Shelikhoo at 2021-11-16T19:25:27+00:00
Represent NATTypeMeasurementInterval in time.Duration

Adopted the change in according to the recommendation from

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/62#note_2761566

- - - - -
40f44d62 by Shelikhoo at 2021-11-19T15:55:30+00:00
Add V2Ray/V2Fly License for task

- - - - -
c9399da5 by Hans-Christoph Steiner at 2021-12-01T11:09:57+01:00
gitlab-ci: expire artifacts in 1 week, improve gradle caching, etc.

- - - - -
1318b6a9 by Hans-Christoph Steiner at 2021-12-01T11:48:03+01:00
stripped down Android build process for gitlab-ci and Vagrant

- - - - -
51f2c026 by Hans-Christoph Steiner at 2021-12-01T11:48:06+01:00
gitlab-ci: include flags to make reproducible builds

* https://github.com/golang/go/issues/33772

- - - - -
221f1c41 by Hans-Christoph Steiner at 2021-12-01T11:48:08+01:00
gitlab-ci: include job number in the artfacts zipball filename

- - - - -
738bd464 by Cecylia Bocovich at 2021-12-10T10:39:44-05:00
Update version of DTLS library

Make sure we use a version of the DTLS library that contains the
following fingerprinting fixes:

Only send supported_groups extension in ClientHello
Do not include IP addresses as SNI values

These changes have been merged upstream into pion/dtls.

- - - - -
9c11e479 by Cecylia Bocovich at 2021-12-10T10:43:47-05:00
Update go versions in CI tests

Debian packages Go 1.15 and 1.17, and we use 1.16 in Tor Browser.

- - - - -
aeb0794d by David Fifield at 2021-12-16T09:46:55-07:00
Use `require` rather than `replace` for dtls version.

go mod edit -dropreplace=github.com/pion/dtls/v2
go get github.com/pion/dtls/v2 at v2.0.12

This is an update to
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/66.

- - - - -
b35a79ac by Cecylia Bocovich at 2022-01-12T11:30:41-05:00
Validate client and proxy supplied strings

Malicious clients and proxies can provide potentially malicious strings
in the polls. This validates the NAT type and proxy type strings to
ensure that malformed strings are not displayed on a web page
or passed to any of our monitoring infrastructure.

If a client or proxy supplies an invalid NAT type, we return an error
message. If a proxy supplies an unknown proxy type, we set the proxy
type to unknown.

- - - - -
50646698 by Shelikhoo at 2022-01-18T14:33:27-05:00
Suppress connection end log output

This is an amendment of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/30

- - - - -
d2f6ea54 by Shelikhoo at 2022-01-18T14:33:34-05:00
increase clientIDAddrMapCapacity

See also:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40084

- - - - -
75f77015 by Shelikhoo at 2022-01-25T12:49:51+00:00
Add Snowflake Event API interface

- - - - -
5f03f88d by Shelikhoo at 2022-01-25T12:49:56+00:00
Add Event Bus Implementation

This event bus implementation favours simplicity over efficiency and is not suitable for frequent addition and removal of listeners.

- - - - -
b5ef1880 by Shelikhoo at 2022-01-25T12:49:57+00:00
Add Event Bus Test

- - - - -
cd6d837d by Shelikhoo at 2022-01-25T12:49:57+00:00
Add snowflake event handler to client config

- - - - -
c3f09994 by Shelikhoo at 2022-01-25T12:49:57+00:00
Add Snowflake Event Reporter for Broker Communication

- - - - -
9a7fcdec by Shelikhoo at 2022-01-25T12:49:57+00:00
Add Snowflake Event Reporter for Peer Communication

- - - - -
36ca610d by Shelikhoo at 2022-01-25T12:49:58+00:00
Add NewWebRTCPeer3E Initializer

This name includes [E]vent to reduce merge conflict with forward proxy change set.

- - - - -
ac64d177 by Shelikhoo at 2022-01-25T12:49:58+00:00
Add PT Event Logger

- - - - -
128936c8 by Shelikhoo at 2022-01-25T12:49:58+00:00
Enable PT Event Logger

- - - - -
8d2f662c by Shelikhoo at 2022-01-25T12:49:58+00:00
Emit non-pointer type event

- - - - -
7536dd6f by Shelikhoo at 2022-01-25T12:49:59+00:00
Add Propagate EventLogger Setting

- - - - -
55bf117d by Shelikhoo at 2022-01-25T12:49:59+00:00
Reduce PT Event Logger Verbosity

- - - - -
657aaa6b by Shelikhoo at 2022-01-25T12:49:59+00:00
Refactor event logger setting into function call

See also:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/67#note_2770482

- - - - -
6cb82618 by Shelikhoo at 2022-01-25T12:49:59+00:00
Refactor WebRTC Peer,Dialer's name to be readable

See also:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/67#note_2771666

- - - - -
91379a42 by Shelikhoo at 2022-01-25T13:03:14+00:00
Add Raw Data Output for bytesLogger

- - - - -
d64af313 by Shelikhoo at 2022-01-25T13:03:18+00:00
Add EventOnProxyConnectionOver Event

- - - - -
e4305a4d by Shelikhoo at 2022-01-25T13:03:18+00:00
Add EventOnProxyConnectionOver Reporting

- - - - -
f12cfe6a by Shelikhoo at 2022-01-25T13:03:18+00:00
Add proxy event logger state propagate

- - - - -
92083644 by Shelikhoo at 2022-01-25T13:03:19+00:00
Extract traffic formatter

- - - - -
1116bc81 by Shelikhoo at 2022-01-25T13:03:19+00:00
Add Proxy Event Logger

- - - - -
88af9da4 by Shelikhoo at 2022-01-25T13:03:19+00:00
Fix ProxyEventLogger output

- - - - -
eb229d51 by Shelikhoo at 2022-01-25T13:03:19+00:00
Fix ProxyEventLogger output

- - - - -
bf3bd635 by Shelikhoo at 2022-01-26T13:39:12+00:00
Fix build break in Go 1.16 for missing import

See also:
https://gitlab.torproject.org/shelikhoo/snowflake/-/jobs/86751

- - - - -
e828b060 by Shelikhoo at 2022-01-28T14:46:45+00:00
Use log instead of fmt in proxy event logger

See also:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/72#note_2772839

- - - - -
00e8415d by Shelikhoo at 2022-02-03T13:38:48+00:00
Add verbosity switch to suppress diagnostic output

- - - - -
c0b35076 by Cecylia Bocovich at 2022-02-07T11:39:23-05:00
Remove support for oneshot mode

Due to a bug (#40098), legacy oneshot connections have not worked for
awhile. Connections without the turbotunnel token would cause the server
to crash. This fixes that bug by removing support altogether and simply
closes the connection.

- - - - -
e6e5e20a by Cecylia Bocovich at 2022-02-08T10:56:19-05:00
Update ChangeLog for v2.1.0 release

- - - - -
bcc16289 by Cecylia Bocovich at 2022-02-08T13:00:43-05:00
Initialize SnowflakeListener.closed

Fixes a bug where an uninitialized channel causes a panic when closed
(#40099).

- - - - -
2c008d65 by Cecylia Bocovich at 2022-02-14T14:00:01-05:00
Add connection failure events for proxy timeouts

This change adds two new connection failure events for snowflake
proxies. One fires when the datachannel times out and another fires when
the connection to the proxy goes stale.

- - - - -
3547b284 by Cecylia Bocovich at 2022-02-14T14:09:16-05:00
Make all snowflake events LogSeverityNotice

Let's reserve Tor error logs for more severe events that indicate
a client-side bug or absolute failure. By default, tor logs at severity
level notice (and above).

- - - - -
01ae5b56 by Cecylia Bocovich at 2022-02-14T15:11:41-05:00
Fix client library test

Initialize eventsLogger for WebRTCPeer in client library test.

- - - - -
e18a4ac1 by Anna “CyberTailor” at 2022-02-27T10:01:50+05:00
Generate tarballs in release CI

The `generate_tarball` job vendors all Go modules to make packaging for
distributions easier.

- - - - -
df22114f by pjsier at 2022-02-28T18:38:17-06:00
Fix proxy logging verb tense

- - - - -
99eb794a by Jake Vossen at 2022-03-02T11:27:33-05:00
Fixed up/downstream metrics

- - - - -
19e9e384 by meskio at 2022-03-11T19:58:17+01:00
Merge remote-tracking branch 'gitlab/mr/78'

- - - - -
006abdea by Shelikhoo at 2022-03-16T09:13:25+00:00
Add utls roundtripper

- - - - -
44478606 by Shelikhoo at 2022-03-16T09:13:28+00:00
Add repeated test for utls roundtripper

- - - - -
c1b0f763 by Shelikhoo at 2022-03-16T09:13:28+00:00
Add reformat for utls roundtripper

- - - - -
c1c3596c by Max Bittman at 2022-03-16T09:13:28+00:00
Add name to utls client hello id

- - - - -
9af0ad11 by Shelikhoo at 2022-03-16T09:13:29+00:00
Add utls imitate setting to snowflake client

- - - - -
ccfdcab8 by Shelikhoo at 2022-03-16T09:13:29+00:00
Add uTLS remove SNI to snowflake client

- - - - -
1573502e by Shelikhoo at 2022-03-16T09:13:29+00:00
Use uTLS aware broker channel constructor

- - - - -
f5254900 by Shelikhoo at 2022-03-16T09:13:29+00:00
Update utls test to match uTLS Round Tripper constructor

- - - - -
e3aeb5fe by Shelikhoo at 2022-03-16T09:13:29+00:00
Add line wrap to NewBrokerChannelWithUTlsSettings

- - - - -
8d5998b7 by Shelikhoo at 2022-03-16T09:13:29+00:00
Harmonize identifiers to uTLS

- - - - -
3132f680 by Shelikhoo at 2022-03-16T09:13:29+00:00
Add connection expire time for uTLS pendingConn

- - - - -
ab960447 by Shelikhoo at 2022-03-16T09:13:30+00:00
Move uTLS configuration to socks5 arg

- - - - -
6e29dc67 by Shelikhoo at 2022-03-16T09:13:30+00:00
Add document for NewUTLSHTTPRoundTripper

- - - - -
6fd0f1ae by Arlo Breault at 2022-03-16T15:43:10-04:00
Rename *PollRequest methods to distinguish client/proxy

- - - - -
829cacac by Arlo Breault at 2022-03-16T15:43:10-04:00
Parse ClientPollRequest version in DecodeClientPollRequest

Instead of IPC.ClientOffers.  This makes things consistent with
EncodeClientPollRequest which adds the version while serializing.

- - - - -
bd636a13 by Arlo Breault at 2022-03-16T16:33:24-04:00
Introduce an unexported newBrokerChannelFromConfig

A follow-up wants to pass in a new property from the ClientConfig but it
would be an API breaking change to NewBrokerChannel.

However, it's unclear why NewBrokerChannel is exported at all.  No other
package in the repo depends on it and the known users of the library
probably wouldn't be construct them.

While this patch was being reviewed, a new constructor was added,
NewBrokerChannelWithUTLSSettings, with effectively the same issue.
Both of those exported ones are deleted here.

- - - - -
b265bd30 by meskio at 2022-03-21T19:23:49+01:00
Make easier to extend the list of known proxy types

And include iptproxy as a valid proxy type.

- - - - -
b73add15 by meskio at 2022-03-21T19:24:51+01:00
Make the proxy type configurable for users of the library

Closes: #40104

- - - - -
281d917b by Arlo Breault at 2022-03-21T15:06:05-04:00
Stop storing version in ClientPollRequest

This continues to asserts the known version while decoding.  The client
will only ever generate the latest version while encoding and if the
response needs to change, the impetus will be a new feature, set in the
deserialized request, which can be used as a distinguisher.

- - - - -
b563141c by Arlo Breault at 2022-03-21T15:06:05-04:00
Forward bridge fingerprint

gitlab 28651

- - - - -
fa2f6824 by Arlo Breault at 2022-03-21T15:31:02-04:00
Add some test cases for client poll requests

- - - - -
2f89fbc2 by Arlo Breault at 2022-03-31T11:28:00-04:00
Represent fingerprint internally as byte array

- - - - -
d807e9d3 by Cecylia Bocovich at 2022-04-11T11:38:52-04:00
Move tor-specific code outside of client library

- - - - -
aab80642 by Cecylia Bocovich at 2022-04-11T11:50:36-04:00
Fix gitlab CI to work with multiple client .go files

- - - - -
e2838201 by itchyonion at 2022-04-12T11:52:21-04:00
Scrub ptEvent logs

- - - - -
b6875c6a by Cecylia Bocovich at 2022-04-12T12:10:01-04:00
Bump webrtc library version

go get github.com/pion/webrtc/v3 at latest
go mod tidy

- - - - -
dd83b68e by Cecylia Bocovich at 2022-05-24T11:45:47-04:00
Bump version of pion/webrtc to v3.1.41

This bumps the version of pion/dtls to v2.1.5 to fix three CVEs:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29190
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29222

- - - - -
9757784c by itchyonion at 2022-05-25T11:01:01-04:00
Wait some time before displaying the proxy usage log

- - - - -
1d592b06 by meskio at 2022-05-25T18:09:06+02:00
Implement String() method on events

To make it safe for logging safelog.Scrub function is now public.

Closes: #40141

- - - - -
3473b438 by meskio at 2022-05-25T18:09:09+02:00
Move ptEventLogger into the client/snowflake.go

Remove client/pt_event_logger.go file as is very minimal.

- - - - -
ae5a71e6 by Cecylia Bocovich at 2022-05-25T12:17:54-04:00
Updated ChangeLog for v2.2.0 release

- - - - -
c176df67 by meskio at 2022-05-26T15:47:42+02:00
Update upstream source from tag 'upstream/2.2.0'

Update to upstream version '2.2.0'
with Debian dir f8ff773494db83544efc7f3651d0b7d31e344ce7
- - - - -
952879de by meskio at 2022-05-26T16:43:37+02:00
Update vendored code that solves several CVEs

Add gitlab.torproject.org/tpo/anti-censorship/geoip library to the
vendored libs.

Fixes: CVE-2022-29189, CVE-2022-29190, CVE-2022-29222

- - - - -
cec1a5df by meskio at 2022-05-26T16:44:26+02:00
Remove upstreamed proxy patch

- - - - -
1aa1a446 by meskio at 2022-05-27T10:27:22+02:00
Update dependencies

- - - - -
485460c9 by meskio at 2022-05-27T10:27:28+02:00
Update changelog for 2.2.0

- - - - -
d697b625 by meskio at 2022-05-27T10:27:32+02:00
Update copyright

- - - - -
7e2ac5e0 by meskio at 2022-05-27T10:27:33+02:00
fixup! Update vendored code that solves several CVEs

- - - - -


30 changed files:

- .gitignore
- .gitlab-ci.yml
- .travis.yml
- ChangeLog
- README.md
- + Vagrantfile
- broker/README.md
- + broker/amp.go
- broker/broker.go
- broker/http.go
- broker/ipc.go
- broker/metrics.go
- broker/snowflake-broker_test.go
- client/README.md
- client/lib/interfaces.go
- client/lib/lib_test.go
- client/lib/peers.go
- client/lib/rendezvous.go
- + client/lib/rendezvous_ampcache.go
- + client/lib/rendezvous_http.go
- + client/lib/rendezvous_test.go
- client/lib/snowflake.go
- client/lib/turbotunnel.go
- client/lib/util.go
- client/lib/webrtc.go
- client/snowflake.go
- client/torrc
- − client/torrc-localhost
- + client/torrc.localhost
- + common/amp/armor_decoder.go


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/685924a916cf58c162eab5a804fee82677e11f69...7e2ac5e054fc46777da48dc58a7cecdb553d2a41

-- 
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/685924a916cf58c162eab5a804fee82677e11f69...7e2ac5e054fc46777da48dc58a7cecdb553d2a41
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20220527/dd39631d/attachment-0001.htm>

More information about the Pkg-privacy-commits mailing list