[Pkg-privacy-commits] [Git][pkg-privacy-team/snowflake][debian/sid] 63 commits: Fix proxy command line help output
meskio (@meskio-guest)
gitlab at salsa.debian.org
Fri Feb 24 16:01:10 GMT 2023
meskio pushed to branch debian/sid at Privacy Maintainers / snowflake
Commits:
a8829d49 by Daniel Golle at 2022-09-26T10:37:29-04:00
Fix proxy command line help output
- - - - -
9ce1de4e by Tommaso Gragnato at 2022-09-26T08:52:23-07:00
Use Pion's Setting Engine to reduce Multicast DNS noise
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40123
The purpose of the patch is to prevent Pion from opening the mDNS port,
thus preventing snowflake from directly leaking .local candidates.
What this doesn't prevent is the resolution of .local candidates
once they are passed on to the system DNS.
- - - - -
5e564f36 by KokaKiwi at 2022-09-30T17:55:06+02:00
proxy: Add a SnowflakeProxy.makeWebRTCAPI() method
- - - - -
47f93926 by KokaKiwi at 2022-09-30T17:55:08+02:00
proxy: Add ICE ephemeral ports range setting CLI flag
- - - - -
068af087 by KokaKiwi at 2022-09-30T17:55:10+02:00
Change how ephemeral-ports-range CLI flag is handled
- - - - -
5ef5142b by trinity-1686a at 2022-10-09T21:15:50+02:00
format using go-1.19
- - - - -
56063efb by meskio at 2022-10-11T18:47:47+02:00
Merge remote-tracking branch 'gitlab/mr/102'
- - - - -
c5b291b1 by KokaKiwi at 2022-10-12T16:33:09+02:00
proxy: Fix build with golang 1.13
- - - - -
986fc826 by KokaKiwi at 2022-10-12T16:51:39+02:00
proxy: Correctly handle argument parsing error
- - - - -
31b95830 by Cecylia Bocovich at 2022-10-12T11:03:06-04:00
Bump minimum go version to 1.15
- - - - -
8b1970a3 by Cecylia Bocovich at 2022-10-12T11:30:47-04:00
Update CI tests to include latest and min go versions
- - - - -
10c81731 by KokaKiwi at 2022-10-12T19:48:24+02:00
proxy: Fix ephemeral ports range CLI flag (again)
- - - - -
21d74498 by KokaKiwi at 2022-10-14T21:40:07+02:00
proxy: Check ephemeral port range ordering at flag parsing
- - - - -
39df9b36 by David Fifield at 2022-10-16T23:14:38-06:00
Fix uTLS issue number in ChangeLog.
The right issue number is #40054.
The #40095 it referred to was for load balancing on the broker.
- - - - -
ac856280 by meskio at 2022-10-17T12:36:19+02:00
Merge remote-tracking branch 'gitlab/mr/107'
- - - - -
3185487a by luciole at 2022-11-10T15:12:46+01:00
update formatTraffic so that bandwidth unit is always KB
- - - - -
12e8de8b by David Fifield at 2022-11-15T17:21:33-07:00
Update github.com/gorilla/websocket to v1.5.0.
- - - - -
2f555810 by David Fifield at 2022-11-16T18:48:14+01:00
Reduce the smux KeepAliveTimeout on the server from 10 to 4 minutes.
To save memory, we want to more aggressively close stale connections.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40175
- - - - -
768b80db by itchyonion at 2022-11-16T10:08:10-08:00
Use event logger for proxy starting message and NAT info
- - - - -
9d72b306 by itchyonion at 2022-11-16T10:08:11-08:00
proxy: Let verbose level act on file logging
- - - - -
0780f2e8 by David Fifield at 2022-11-16T19:41:42+01:00
Add a `orport-srcaddr` server transport option.
The option controls what source address to use when dialing the
(Ext)ORPort. Using a source address other than 127.0.0.1, or a range of
addresses, can help with localhost ephemeral port exhaustion.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40198
- - - - -
8cadcaee by David Fifield at 2022-11-16T13:48:34-07:00
Benchmark for websocketconn.Conn read/write.
Current output:
$ go test -bench=BenchmarkReadWrite -benchmem -benchtime=5s
BenchmarkReadWrite/c←s_150-4 451840 13904 ns/op 10.79 MB/s 34954 B/op 4 allocs/op
BenchmarkReadWrite/s←c_150-4 452560 16134 ns/op 9.30 MB/s 36378 B/op 4 allocs/op
BenchmarkReadWrite/c←s_3000-4 202950 40846 ns/op 73.45 MB/s 69833 B/op 8 allocs/op
BenchmarkReadWrite/s←c_3000-4 189262 37930 ns/op 79.09 MB/s 69768 B/op 8 allocs/op
- - - - -
3df514ae by David Fifield at 2022-11-16T13:48:34-07:00
Call WriteMessage directly in websocketconn.Conn.Write.
In the client←server direction, this hits a fast path that avoids
allocating a messageWriter.
https://github.com/gorilla/websocket/blob/v1.5.0/conn.go#L760
Cuts the number of allocations in half in the client←server direction:
$ go test -bench=BenchmarkReadWrite -benchmem -benchtime=5s
BenchmarkReadWrite/c←s_150-4 597511 13358 ns/op 11.23 MB/s 33709 B/op 2 allocs/op
BenchmarkReadWrite/s←c_150-4 474176 13756 ns/op 10.90 MB/s 34968 B/op 4 allocs/op
BenchmarkReadWrite/c←s_3000-4 156488 36290 ns/op 82.67 MB/s 68673 B/op 5 allocs/op
BenchmarkReadWrite/s←c_3000-4 190897 34719 ns/op 86.41 MB/s 69730 B/op 8 allocs/op
- - - - -
264425a4 by David Fifield at 2022-11-16T13:48:34-07:00
Use io.CopyBuffer in websocketconn.readLoop.
This avoids io.Copy allocating a 32 KB buffer on every call.
https://cs.opensource.google/go/go/+/refs/tags/go1.19.1:src/io/io.go;l=416
$ go test -bench=BenchmarkReadWrite -benchmem -benchtime=5s
BenchmarkReadWrite/c←s_150-4 385740 15114 ns/op 9.92 MB/s 4104 B/op 3 allocs/op
BenchmarkReadWrite/s←c_150-4 347070 16824 ns/op 8.92 MB/s 4152 B/op 4 allocs/op
BenchmarkReadWrite/c←s_3000-4 190257 31581 ns/op 94.99 MB/s 8208 B/op 6 allocs/op
BenchmarkReadWrite/s←c_3000-4 163233 34821 ns/op 86.16 MB/s 8304 B/op 8 allocs/op
- - - - -
2321642f by David Fifield at 2022-11-16T13:48:34-07:00
Hoist temporary buffers outside the loop.
Otherwise the buffers are re-allocated on every iteration, which is a
surprise to me. I thought the compiler would do this transformation
itself.
Now there is just one allocation per client←server read (one
messageReader) and two allocations per server←client read (one
messageReader and one messageWriter).
$ go test -bench=BenchmarkReadWrite -benchmem -benchtime=5s
BenchmarkReadWrite/c←s_150-4 481054 12849 ns/op 11.67 MB/s 8 B/op 1 allocs/op
BenchmarkReadWrite/s←c_150-4 421809 14095 ns/op 10.64 MB/s 56 B/op 2 allocs/op
BenchmarkReadWrite/c←s_3000-4 208564 28003 ns/op 107.13 MB/s 16 B/op 2 allocs/op
BenchmarkReadWrite/s←c_3000-4 186320 30576 ns/op 98.12 MB/s 112 B/op 4 allocs/op
- - - - -
4ae63ecc by David Fifield at 2022-11-16T13:48:34-07:00
Benchmark websocket.Conn Upgrade creation.
I had thought to set a buffer size of 2048, half the websocket package
default of 4096. But it turns out when you don't set a buffer size, the
websocket package reuses the HTTP server's read/write buffers, which
empirically already have a size of 2048.
$ go test -bench=BenchmarkUpgradeBufferSize -benchmem -benchtime=5s
BenchmarkUpgradeBufferSize/0-4 25669 234566 ns/op 32604 B/op 113 allocs/op
BenchmarkUpgradeBufferSize/128-4 24739 238283 ns/op 24325 B/op 117 allocs/op
BenchmarkUpgradeBufferSize/1024-4 25352 238885 ns/op 28087 B/op 116 allocs/op
BenchmarkUpgradeBufferSize/2048-4 22660 234890 ns/op 32444 B/op 116 allocs/op
BenchmarkUpgradeBufferSize/4096-4 25668 232591 ns/op 41672 B/op 116 allocs/op
BenchmarkUpgradeBufferSize/8192-4 24908 240755 ns/op 59103 B/op 116 allocs/op
- - - - -
a579c969 by David Fifield at 2022-11-16T13:48:34-07:00
encapsulation.paddingBuffer can be statically allocated.
- - - - -
e851861e by David Fifield at 2022-11-16T13:48:34-07:00
Benchmark for encapsulation.ReadData.
- - - - -
115ba6a7 by Cecylia Bocovich at 2022-11-17T11:07:48-05:00
Add gofmt output to CI test before calling test -z
We use a call to test -z together with go fmt because it doesn't output
a non-zero exit status (triggering CI test failure). However, we lose
useful debugging output from the go fmt call because test -z swallows
it. This adds very verbose formatting output to the CI test.
- - - - -
2c599f88 by luciole at 2022-11-21T10:33:21-05:00
change bandwidth type from int to int64 to prevent overflow
- - - - -
33248f3d by Shelikhoo at 2022-11-23T12:29:51+00:00
Add Version Output Support to Snowflake
>From now on, there will be a file at common/version/version.go that includes current version number.
- - - - -
4ebd85e5 by Shelikhoo at 2022-11-23T12:29:55+00:00
add version output to log
- - - - -
90d1a567 by luciole at 2022-11-28T15:56:35-05:00
change regexes for ipv6 addresses to catch url-encoded addresses
- - - - -
6007d5e0 by Cecylia Bocovich at 2022-11-28T17:10:49-05:00
Refactor creation of webRTCConn in proxy
- - - - -
5c23fcf1 by Cecylia Bocovich at 2022-11-28T17:11:18-05:00
Add timeout for webRTCConn
- - - - -
b010de5a by Cecylia Bocovich at 2022-11-28T17:11:20-05:00
Terminate timeoutLoop when conn is closed
- - - - -
b547d449 by Cecylia Bocovich at 2022-11-28T17:30:05-05:00
Refactor timeout loop to use a context and reuse timers
- - - - -
56f15a5d by Cecylia Bocovich at 2022-11-29T09:52:09-05:00
Update ChangeLog for v2.4.0
- - - - -
d8d3e538 by Shelikhoo at 2022-11-29T15:41:49+00:00
Fix uTLS RoundTripper Inconsistent Key for host:port
This commit fixes an issue described at:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40224
This bug has been fixed, with test case describing this bug added.
- - - - -
788e3ae9 by Shelikhoo at 2022-11-29T15:41:49+00:00
Refactor utls roundtripper_test to deduplicate
- - - - -
7c154e5f by Cecylia Bocovich at 2022-12-01T11:38:22-05:00
Bump version to v2.4.1
- - - - -
cebe4a0a by Flo418 at 2022-12-02T13:37:17-08:00
enhance help for capacity flag, fix #40208
- - - - -
cbc50592 by Flo418 at 2022-12-02T13:37:17-08:00
update README.md help output, fix #40232
- - - - -
8e5af50b by David Fifield at 2022-12-03T13:39:56-07:00
Increase clientIDAddrMapCapacity to 98304.
Recent increases in usage have exhausted the capacity of the map.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40173
- - - - -
64491466 by David Fifield at 2022-12-08T08:03:54-07:00
Manually unlock the mutex in ClientMap.SendQueue.
Rather than use defer. It is only a tiny amount faster, but this
function is frequently called.
Before:
$ go test -bench=BenchmarkSendQueue -benchtime=2s
BenchmarkSendQueue-4 15901834 151 ns/op
After:
$ go test -bench=BenchmarkSendQueue -benchtime=2s
BenchmarkSendQueue-4 15859948 147 ns/op
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40177
- - - - -
77b186ae by David Fifield at 2022-12-08T08:03:54-07:00
Have SnowflakeClientConn implement io.WriterTo.
By forwarding the method to the inner smux.Stream. This is to prevent
io.Copy in the top-level proxy function from allocating a buffer per
client.
The smux.Stream WriteTo method returns io.EOF on success, contrary to
the contract of io.Copy that says it should return nil. Ignore io.EOF in
the proxy loop to avoid a log message.
/anti-censorship/pluggable-transports/snowflake/-/issues/40177
- - - - -
d4749d2c by David Fifield at 2022-12-08T08:03:54-07:00
Reduce turbotunnel queueSize from 2048 to 512.
This is to reduce heap usage.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40179
Past discussion of queueSize:
https://lists.torproject.org/pipermail/anti-censorship-team/2021-July/000188.html
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/48#note_2744619
- - - - -
839d2218 by David Fifield at 2022-12-08T08:03:54-07:00
Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo.
This design is easier to misuse, because it allows the caller to modify
the contents of the slice after queueing it, but it avoids an extra
allocation + memmove per incoming packet.
Before:
$ go test -bench='Benchmark(QueueIncoming|WriteTo)' -benchtime=2s -benchmem
BenchmarkQueueIncoming-4 7001494 342.4 ns/op 1024 B/op 2 allocs/op
BenchmarkWriteTo-4 3777459 627 ns/op 1024 B/op 2 allocs/op
After:
$ go test -bench=BenchmarkWriteTo -benchtime 2s -benchmem
BenchmarkQueueIncoming-4 13361600 170.1 ns/op 512 B/op 1 allocs/op
BenchmarkWriteTo-4 6702324 373 ns/op 512 B/op 1 allocs/op
Despite the benchmark results, the change in QueueIncoming turns out not
to have an effect in practice. It appears that the compiler had already
been optimizing out the allocation and copy in QueueIncoming.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40187
The WriteTo change, on the other hand, in practice reduces the frequency
of garbage collection.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40199
- - - - -
11c33338 by Flo418 at 2022-12-12T19:56:59+01:00
add some more test for URL encoded IPs (safelog)
- - - - -
53e381e4 by itchyonion at 2022-12-13T09:23:34-08:00
Fix server flag name
- - - - -
c6fabb21 by David Fifield at 2022-12-14T23:02:26-07:00
Use multiple parallel KCP state machines in the server.
To distribute CPU load.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40200
- - - - -
936a1f81 by David Fifield at 2022-12-14T23:02:26-07:00
Add a num-turbotunnel server transport option.
Replaces the hardcoded numKCPInstances.
- - - - -
f6fa51d7 by Cecylia Bocovich at 2022-12-31T12:23:27-05:00
Switch default proxy STUN server to stun.l.google.com
This is the same default that the web-based proxies use. Proxies do not
need RFC 5780 compatible STUN servers.
- - - - -
8c775562 by Cecylia Bocovich at 2022-12-31T12:23:29-05:00
Remove two suggested STUN servers from client docs
Removed stun.stunprotocol.org after a discussion with the operator, and
stun.altar.com.pl after noticing it has gone offline.
https://lists.torproject.org/pipermail/anti-censorship-team/2022-December/000272.html
https://lists.torproject.org/pipermail/anti-censorship-team/2022-December/000276.html
- - - - -
7db25684 by Cecylia Bocovich at 2023-01-03T10:32:03-05:00
Remove duplicate stun.sonetel.net entry
- - - - -
086bbb4a by Cecylia Bocovich at 2023-01-13T13:45:17-05:00
Bump version to v2.4.2
- - - - -
4895a32f by Cecylia Bocovich at 2023-01-16T11:55:31-05:00
Bump version to v2.4.3
- - - - -
10fd0006 by Shelikhoo at 2023-01-17T12:47:32+00:00
Apply Skip Hello Verify Migration
Backported from https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-skiphelloverify-backup
- - - - -
daa9b535 by Shelikhoo at 2023-01-18T11:27:31+00:00
Update Version to v2.5.0
- - - - -
44c76ce3 by Shelikhoo at 2023-01-18T14:36:18+00:00
Fix helloverify remove patch not applied
- - - - -
7b77001e by Shelikhoo at 2023-01-18T14:37:05+00:00
Update version to v2.5.1
- - - - -
f36135ed by meskio at 2023-02-24T13:56:17+01:00
Update upstream source from tag 'upstream/2.5.1'
Update to upstream version '2.5.1'
with Debian dir 050abeb2ab0fbac629af6ab2dd4c912ed507bd6e
- - - - -
db16115a by meskio at 2023-02-24T16:55:11+01:00
New upstream release
- - - - -
30 changed files:
- .gitlab-ci.yml
- ChangeLog
- client/README.md
- client/lib/snowflake.go
- client/lib/util.go
- client/lib/webrtc.go
- client/snowflake.go
- client/torrc
- common/amp/doc.go
- common/encapsulation/encapsulation.go
- common/encapsulation/encapsulation_test.go
- common/event/interface.go
- common/messages/client.go
- common/messages/proxy.go
- common/safelog/log.go
- common/safelog/log_test.go
- common/turbotunnel/clientmap.go
- + common/turbotunnel/clientmap_test.go
- common/turbotunnel/consts.go
- common/turbotunnel/queuepacketconn.go
- + common/turbotunnel/queuepacketconn_test.go
- common/utls/client_hello_id.go
- + common/utls/client_hello_id_version.go
- common/utls/roundtripper.go
- common/utls/roundtripper_test.go
- + common/version/combined.go
- + common/version/detail.go
- + common/version/version.go
- common/websocketconn/websocketconn.go
- common/websocketconn/websocketconn_test.go
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/15aaf49e50a5afb51abb83d54330fdb4bb43aac4...db16115ada535e6c2e43cd20fa32a61e7aeab499
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/15aaf49e50a5afb51abb83d54330fdb4bb43aac4...db16115ada535e6c2e43cd20fa32a61e7aeab499
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20230224/db8a507c/attachment-0001.htm>
More information about the Pkg-privacy-commits
mailing list