[Pkg-privacy-commits] [Git][pkg-privacy-team/snowflake][debian/sid] 330 commits: Bring client torrc up to date with Tor Browser fc89e8b1.

Fri Dec 6 18:56:19 GMT 2024

Antoine Beaupré pushed to branch debian/sid at Privacy Maintainers / snowflake

Commits:
b443e994 by David Fifield at 2023-01-19T11:37:23-07:00
Bring client torrc up to date with Tor Browser fc89e8b1.

https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commits/fc89e8b10c3ff30db2079b2fb327d05b2b5f3c80/projects/common/bridges_list.snowflake.txt

* Use port 80 in placeholder IP addresses
  tpo/applications/tor-browser-build!516
* Enable uTLS
  tpo/applications/tor-browser-build!540
* Shorten bridge line (remove stun.voip.blackberry.com)
  tpo/applications/tor-browser-build!558
* Add snowflake-02 bridge
  tpo/applications/tor-browser-build!571

- - - - -
a6a18c1a by itchyonion at 2023-01-30T09:10:15-08:00
Parse ICE servers with pion/ice library function

- - - - -
66269c07 by itchyonion at 2023-01-30T09:10:15-08:00
Update README to correctly reflec the type of ICE servers we currently support

- - - - -
990fcb41 by itchyonion at 2023-01-30T09:10:15-08:00
Filter out non stun: server addresses in ParseIceServers

- - - - -
5cc849e1 by WofWca at 2023-02-09T11:45:09-08:00
fix: up/down traffic stats being mixed up
- - - - -
39d906b3 by Shelikhoo at 2023-03-10T15:25:15+00:00
Add utls-imitate, utls-nosni doc to README

- - - - -
473cc459 by Shelikhoo at 2023-03-13T14:13:50+00:00
Add utls-imitate, utls-nosni doc to README: fix style

- - - - -
b63d2272 by David Fifield at 2023-03-13T11:42:44-06:00
Test for data race with QueuePacketConn.WriteTo and kcp-go.

For #40260.

- - - - -
d2858aeb by David Fifield at 2023-03-13T12:57:35-06:00
Revert "Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo."

This reverts commit 839d2218837dfbd1682ff39b375f45660b3974b5. (Except for
the added benchmarks in queuepacketconn_test.go.) This change
corresponds to the issues #40187 and #40199.

The analysis in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40199
was wrong; kcp-go does reuse the buffers it passes to
QueuePacketConn.WriteTo. This led to unsynchronized reuse of packet
buffers and mangled packets observable at the client:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260.

Undoing the change in QueuePacketConn.QueueIncoming as well, for
symmetry, even though it is not implicated in any correctness problems.

- - - - -
ef51f206 by David Fifield at 2023-03-13T19:36:09+00:00
Merge branch '40260-revert-queuepacketconn-ownership' into 'main'

Revert "Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo"

See merge request tpo/anti-censorship/pluggable-transports/snowflake!140
- - - - -
36d5d2dd by David Fifield at 2023-03-13T15:10:35-06:00
Fix comment typo on NewRedialPacketConn.

- - - - -
fb35e80b by itchyonion at 2023-03-14T12:42:59-07:00
Proxy: add outbound-address config

- - - - -
5dd0a31d by itchyonion at 2023-03-14T12:43:00-07:00
Add comments and improve logging

- - - - -
1ef43a0d by KokaKiwi at 2023-03-22T12:19:03+00:00
Use latest Pion WebRTC libs version

- webrtc and dtls libs got the "Skip Hello Verify" patches applied

Link: https://github.com/pion/dtls/pull/513
Link: https://github.com/pion/webrtc/pull/2433

- - - - -
47dd253a by Shelikhoo at 2023-03-22T12:19:06+00:00
Update CI test targets

- - - - -
17829d80 by David Fifield at 2023-03-29T09:49:24-06:00
Comment typo.

- - - - -
6bdd48c0 by David Fifield at 2023-04-03T00:18:26-06:00
Restore ListenAndServe error return in Transport.Listen.

This error return was lost in 11f0846264d4033e7a7dc7824febb6ad7140762f;
i.e. !31.

Fixes #40043.

- - - - -
590d158d by David Fifield at 2023-04-04T18:46:35-06:00
Comment typo.

- - - - -
6bae31f0 by David Fifield at 2023-04-04T18:56:55-06:00
Use a static array in benchmarks.

Since d2858aeb7ec50ae09b9a7e2e2a910ae31cec62bd the caller is permitted
to reuse its slice again.

- - - - -
97c93001 by David Fifield at 2023-04-04T19:12:22-06:00
Fix loop termination in TestQueuePacketConnWriteToKCP.

The noise-generating goroutine was meant to stop when the parent
function returned and closed the `done` channel. The `break` in the loop
was wrongly exiting only from the `select`, not from the `for`.

This was the cause of banchmark anomalies in
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260#note_2885832.
The noise-generating loop from the test was continuing to run while the
benchmarks were running.

- - - - -
c097d5f3 by David Fifield at 2023-04-04T20:22:32-06:00
Use a sync.Pool to reuse packet buffers in QueuePacketConn.

This is meant to reduce overall allocations. See past discussion at
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260#note_2885524 ff.

- - - - -
297ca91b by meskio at 2023-04-19T17:15:35+02:00
Use goptlib from gitlab.torproject.org

- - - - -
f723cf52 by meskio at 2023-04-20T16:37:52+02:00
Merge remote-tracking branch 'gitlab/main'

- - - - -
8e5ea826 by David Fifield at 2023-04-20T11:28:58-04:00
Add a scanner error check to ClusterCounter.Count.

It was silently exiting at the "recordingStart":"2022-09-23T17:06:59.680537075Z"
line, the first line whose length (66873) exceeds
bufio.MaxScanTokenSize. Now distinctcounter exits with an error status
instead of reporting partial results.

$ ./distinctcounter -from 2023-01-01T00:00:00Z -to 2023-01-10T00:00:00Z -in metrics-ip-salted.jsonl
2023/04/20 13:54:11 unable to count:bufio.Scanner: token too long

- - - - -
07b5f074 by itchyonion at 2023-05-29T10:12:48-07:00
Validate SDP offers and answers

- - - - -
255cee69 by itchyonion at 2023-05-29T10:12:48-07:00
Broker: soften non-critical log from error to warning

- - - - -
6c431800 by itchyonion at 2023-05-29T10:12:48-07:00
Broker: update unit tests after adding SDP validation

- - - - -
88608ad4 by itchyonion at 2023-05-29T10:12:48-07:00
Broker: add warning log when proxy couldn't mach with client

- - - - -
82cc0f38 by meskio at 2023-05-31T10:01:47+02:00
Move the development to gitlab

Related: tpo/anti-censorship/team#86

- - - - -
130b63cc by itchyonion at 2023-06-08T00:51:42-07:00
use debian buster and bullseye as base images

- - - - -
9edaee65 by David Fifield at 2023-06-08T13:24:22-06:00
Use IP_BIND_ADDRESS_NO_PORT when dialing the ORPort on Linux.

When the orport-srcaddr option is set, we bind to a source IP address
before dialing the ORPort/ExtORPort. tor similarly binds to a source IP
address when OutboundBindAddress is set in torrc. Since tor 0.4.7.13,
tor sets IP_BIND_ADDRESS_NO_PORT, and because problems arise when some
programs use IP_BIND_ADDRESS_NO_PORT and some do not, we also have to
start using IP_BIND_ADDRESS_NO_PORT when we upgrade tor
(tpo/anti-censorship/pluggable-transports/snowflake#40270).

Related: tpo/anti-censorship/pluggable-transports/snowflake#40198

- - - - -
f8eb86f2 by Cecylia Bocovich at 2023-06-14T18:12:29-04:00
Append Let's Encrypt ISRG Root X1 to cert pool

This is a workaround for older versions of android that do not trust
the Let's Encrypt root certificate.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40087

- - - - -
ea01c92c by Vort at 2023-06-19T17:44:45+01:00
Implement DataChannel flow control

- - - - -
2fa8fd91 by Cecylia Bocovich at 2023-06-19T12:52:25-04:00
Update version to v2.6.0

- - - - -
08d1c6d6 by Cecylia Bocovich at 2023-06-20T14:52:09-04:00
Bump minimum required version of go

The version of x/sys we're using requires go1.17 or later

- - - - -
80980a3a by David Fifield at 2023-06-29T19:59:50+00:00
Fix a comment left over from turbotunnel-quic.

- - - - -
58c3121c by David Fifield at 2023-06-29T21:12:29+00:00
Close temporary UDPSession in TestQueuePacketConnWriteToKCP.

With these not being closed, they were continuing to consume resources
after the return of the test function, which was affecting the later
BenchmarkSendQueue.

Before:
```
snowflake/common/turbotunnel$ go test -bench BenchmarkSendQueue -v
=== RUN   TestQueueIncomingOversize
--- PASS: TestQueueIncomingOversize (0.00s)
=== RUN   TestWriteToOversize
--- PASS: TestWriteToOversize (0.00s)
=== RUN   TestRestoreMTU
--- PASS: TestRestoreMTU (0.00s)
=== RUN   TestRestoreCap
--- PASS: TestRestoreCap (0.00s)
=== RUN   TestQueuePacketConnWriteToKCP
--- PASS: TestQueuePacketConnWriteToKCP (1.01s)
goos: linux
goarch: amd64
pkg: gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/turbotunnel
cpu: Intel(R) Core(TM) i5 CPU         680  @ 3.60GHz
BenchmarkSendQueue
BenchmarkSendQueue-4     8519708               136.0 ns/op
PASS
ok      gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/turbotunnel  3.481s
```

After:
```
snowflake/common/turbotunnel$ go test -bench BenchmarkSendQueue -v
=== RUN   TestQueueIncomingOversize
--- PASS: TestQueueIncomingOversize (0.00s)
=== RUN   TestWriteToOversize
--- PASS: TestWriteToOversize (0.00s)
=== RUN   TestRestoreMTU
--- PASS: TestRestoreMTU (0.00s)
=== RUN   TestRestoreCap
--- PASS: TestRestoreCap (0.00s)
=== RUN   TestQueuePacketConnWriteToKCP
--- PASS: TestQueuePacketConnWriteToKCP (1.02s)
goos: linux
goarch: amd64
pkg: gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/turbotunnel
cpu: Intel(R) Core(TM) i5 CPU         680  @ 3.60GHz
BenchmarkSendQueue
BenchmarkSendQueue-4    11620237               105.7 ns/op
PASS
ok      gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/turbotunnel  3.244s
```

- - - - -
aaeab3f4 by meskio at 2023-07-03T19:52:57+02:00
Update dependencies

So renovate doesn't create tons of merge requests.

- - - - -
af73ab7d by meskio at 2023-07-03T20:01:18+02:00
Add renovate config

Closes: #40194

- - - - -
d932cb27 by am3o at 2023-07-28T14:23:22+01:00
feat: add option to expose the stats by using metrics

- - - - -
81047321 by David Fifield at 2023-07-29T22:33:26+00:00
Change DefaultRelayURL back to wss://snowflake.torproject.net/.

Fixes #40283. Compare to #31522.

- - - - -
f73fe6ec by meskio at 2023-08-14T08:56:56+02:00
Keep the 'v' from the tag on the released .tar.gz

Gitlab doesn't support '#v' expansion for the links name and url:
https://docs.gitlab.com/ee/ci/variables/where_variables_can_be_used.html
https://docs.gitlab.com/ee/ci/variables/where_variables_can_be_used.html#gitlab-internal-variable-expansion-mechanism

The current releases include a 'snowflake-.tar.gz' that gives a 404,
because the link provided is missing the tag part. Let's keep it
simple and produce a tar.gz with the v in the name like
snowflake-v2.6.0.tar.gz

Closes: #40282

- - - - -
0cb2975f by Renovate Bot at 2023-08-24T13:56:29+01:00
Update module golang.org/x/net to v0.13.0 [SECURITY]

- - - - -
b632c7d4 by Cecylia Bocovich at 2023-08-24T16:33:22+01:00
Workaround for shadow in lieu of AF_NETLINK support

For details, see https://github.com/shadow/shadow/issues/2980

- - - - -
e37e15ab by Renovate Bot at 2023-08-25T17:21:48+01:00
Update golang Docker tag to v1.21

- - - - -
a3bfc280 by Renovate Bot at 2023-08-28T16:37:52+01:00
Update module golang.org/x/crypto to v0.12.0

- - - - -
b5d702f4 by Shelikhoo at 2023-09-11T14:30:00+01:00
update version to v2.6.1

- - - - -
caaff700 by Renovate Bot at 2023-09-12T15:44:11+00:00
Update module golang.org/x/sys to v0.12.0

- - - - -
f4e1ab90 by Renovate Bot at 2023-09-19T14:09:33+00:00
chore(deps): update module golang.org/x/net to v0.15.0

- - - - -
2844ac6a by Cecylia Bocovich at 2023-09-19T11:42:31-04:00
Update CI targets to include only Go 1.20 and 1.21

To keep up with our dependencies, we no longer support versions of Go
older than v1.20.

- - - - -
106da49c by Renovate Bot at 2023-09-19T15:49:22+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.20

- - - - -
f47ca18e by Renovate Bot at 2023-09-19T16:06:59+00:00
chore(deps): update module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib to v1.5.0

- - - - -
e45e8e55 by Renovate Bot at 2023-09-20T12:34:49-04:00
chore(deps): update module github.com/smartystreets/goconvey to v1.8.1

- - - - -
3a050c6b by Cecylia Bocovich at 2023-09-20T12:34:51-04:00
Use ShouldBeNil to check for nil values

- - - - -
1d069ca7 by Shelikhoo at 2023-09-20T20:05:28+01:00
Update CI targets to test android from golang 1.21

- - - - -
60e66bea by Shelikhoo at 2023-09-25T14:27:23+01:00
Remove Golang 1.20 from CI Testing

- - - - -
1559963f by Renovate Bot at 2023-09-25T15:21:28+01:00
chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.3

- - - - -
5cdf52c8 by Shelikhoo at 2023-09-27T13:15:50+01:00
Update dependencies

- - - - -
4ff36e3f by WofWca at 2023-10-02T21:39:56+04:00
improvement(broker): don't reject unrestricted client if there are no restricted proxies

I.e. match it with an unrestricted proxy (if there is one).

The old behavior exists since the inception of the restricted vs
unrestricted feature, i.e. 0052c0e10c

- - - - -
9fdfb3d1 by Cecylia Bocovich at 2023-10-05T17:51:56-04:00
Randomly select front domain from comma-separated list

This commmit changes the command-line and Bridge line arguments to take
a comma-separated list of front domains. The change is backwards
compatible with old Bridge and ClientTransportPlugin lines. At
rendezvous time, a front domain will be randomly chosen from the list.

- - - - -
d434549d by Cecylia Bocovich at 2023-10-05T17:51:56-04:00
Maintain backward compatability with old clients

Introduce a new commandline and SOCKS argument for comma-separated
domain fronts rather than repurposing the old one so that we can
maintain backwards compatability with users running old versions of the
client. A new bridge line shared on circumvention settings could have
both the front= and fronts= options set.

- - - - -
a615e8b1 by WofWca at 2023-10-09T15:15:45+01:00
fix(proxy): remove _potential_ deadlock

The `dc.Send()` should increase the `bufferedAmount` value,
so there is no need to add the message length a second time.

Also replace GT with GE, for the case where
`BufferedAmountLowThreshold === maxBufferedAmount`

Currently the deadlock cannot happen because `maxBufferedAmount`
and `BufferedAmountLowThreshold` are too far apart, in fact
the former is 2x the latter.

See
- https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/144#note_2902956
- https://github.com/pion/webrtc/pull/2473
- https://github.com/pion/webrtc/pull/2474

- - - - -
6393af6b by David Fifield at 2023-10-09T16:16:05+01:00
Remove proxy churn measurements from broker.

We've done the analysis we planned to do on these measurements.

A program to analyze the proxy churn and extract hour-by-hour
intersections is available at:
https://github.com/turfed/snowflake-paper/tree/main/figures/proxy-churn

Closes #40280.

- - - - -
7142fa3d by KokaKiwi at 2023-10-12T15:52:43+01:00
fix(proxy): Correctly close connection pipe when dealing with error

- - - - -
bd7391d6 by Shelikhoo at 2023-10-16T15:14:51+01:00
update version to 2.7.0

- - - - -
b11a4148 by meskio at 2023-10-16T20:48:47+02:00
Use go 1.21 in renovate

- - - - -
251a151b by Renovate Bot at 2023-10-20T15:40:01+00:00
chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.5

- - - - -
ef6f8dd5 by Renovate Bot at 2023-10-23T14:00:09+01:00
chore(deps): update module golang.org/x/net to v0.17.0 [security]

- - - - -
fc7053ac by Renovate Bot at 2023-10-23T13:10:46+00:00
chore(deps): update module github.com/prometheus/client_model to v0.5.0

- - - - -
6b0421db by meskio at 2023-10-24T12:50:27+02:00
Merge remote-tracking branch 'gitlab/mr/195'

- - - - -
8b46e605 by Shelikhoo at 2023-10-24T17:42:46+01:00
Add common proxy utilities

- - - - -
f43da1d2 by Shelikhoo at 2023-10-24T17:43:32+01:00
Add transport wrapper

- - - - -
5df7a06e by Shelikhoo at 2023-10-24T17:47:25+01:00
Add outbound proxy configuration propagation

- - - - -
2617d234 by Renovate Bot at 2023-10-25T15:53:48+01:00
chore(deps): update module github.com/refraction-networking/utls to v1.5.4

- - - - -
4fa43a88 by Renovate Bot at 2023-10-25T16:49:19+01:00
chore(deps): update module github.com/prometheus/client_golang to v1.17.0

- - - - -
778e3af0 by meskio at 2023-10-26T18:47:01+02:00
Merge remote-tracking branch 'gitlab/mr/187'

- - - - -
10fb9afa by Cecylia Bocovich at 2023-10-26T17:04:56-04:00
Check if multiple front domains argument is empty

This fixes a regression introduced in 9fdfb3d1, where the list of front
domains always contained an empty string if none were supplied via the
commandline options, causing rendezvous failures for both amp cache and
domain fronting. This fix checks to see whether the commandline option
was supplied.

- - - - -
939062c7 by Cecylia Bocovich at 2023-10-30T12:42:45-04:00
Remove ThroughputSummary from bytesLogger

This was leftover from when we used to log the total throughput of
connections when they close. It should be removed for privacy reasons as
mentioned in
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40079

- - - - -
83a7422f by Cecylia Bocovich at 2023-10-30T12:42:45-04:00
Zero bytesSyncLogger stats after reading them

This also makes the call to GetStat() more thread safe.

- - - - -
354cb654 by Cecylia Bocovich at 2023-10-30T12:42:45-04:00
Move creation of periodic stats task inside proxy library

This adds a new type of SnowflakeEvent. EventOnProxyStats is triggered
by the periodic task run at SummaryInterval and produces an event with a
proxy stats output string.

- - - - -
018bbd6d by Cecylia Bocovich at 2023-10-30T12:42:45-04:00
Proxy stats log only what occurred that time interval

Modify the periodic stats output by standalone snowflake proxies to only
include the data transferred during the time interval being logged. This
is an improvement of previous behaviour that logged the total data
transferred by all proxy connections that were closed within the time
interval being logged..

Closes #40302:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40302

- - - - -
5c5eb2c3 by Cecylia Bocovich at 2023-10-30T12:42:45-04:00
Modify EventOnProxyStats to include summary data

- - - - -
caa2b364 by Cecylia Bocovich at 2023-10-31T10:02:31-04:00
Process and properly log connection closure stats

- - - - -
22d9381d by Cecylia Bocovich at 2023-10-31T13:11:38-04:00
Update prometheus metrics to use new EventOnProxyStats

- - - - -
648609db by Cecylia Bocovich at 2023-10-31T13:15:52-04:00
Refactor disabling the stats logger

Have Snowflake proxy periodically collect throughput stats even if the
stats logger is disabled so that it can be handled by the prometheus
metrics.

- - - - -
c1715e09 by Renovate Bot at 2023-11-05T03:39:42+00:00
chore(deps): update module github.com/gorilla/websocket to v1.5.1

- - - - -
001f691b by David Fifield at 2023-11-07T05:51:35+00:00
Have encapsulation.ReadData read into a provided buffer.

Instead of unconditionally allocating its own.

- - - - -
d99f31d8 by David Fifield at 2023-11-07T05:51:35+00:00
Have encapsulation.ReadData return an error when the buffer is short.

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/154#note_2919109

Still ignoring the io.ErrShortBuffer at the callers, which retains
current behavior.

- - - - -
8b1a48af by Renovate Bot at 2023-11-08T20:43:13+00:00
chore(deps): update module golang.org/x/net to v0.18.0

- - - - -
440f7b79 by meskio at 2023-11-13T10:27:51+01:00
Merge remote-tracking branch 'gitlab/mr/207'

- - - - -
c5da3c42 by Renovate Bot at 2023-11-20T12:35:01+00:00
chore(deps): update module github.com/miekg/dns to v1.1.57

- - - - -
b3b0d3b5 by Cecylia Bocovich at 2023-11-20T10:40:34-05:00
Document that prometheus transfer metrics are in KB

- - - - -
aca932c5 by Renovate Bot at 2023-11-20T16:11:44+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.23

- - - - -
a88f73b0 by Cecylia Bocovich at 2023-11-20T11:43:07-05:00
Bump version to 2.8.0

- - - - -
234d9cb1 by David Fifield at 2023-11-21T01:27:09+00:00
Link a section in the pion/webrtc at 3.0.0 release notes.

- - - - -
aa06e7be by David Fifield at 2023-11-21T03:46:46+00:00
Merge branch 'encapsulation-readdata-buffer'

- - - - -
4fe86a0e by Renovate Bot at 2023-11-30T14:20:56+00:00
chore(deps): update module golang.org/x/sys to v0.15.0

- - - - -
67963193 by Renovate Bot at 2023-11-30T15:02:49+00:00
chore(deps): update module golang.org/x/crypto to v0.16.0

- - - - -
f9c33399 by Renovate Bot at 2023-11-30T15:41:21+00:00
chore(deps): update module golang.org/x/net to v0.19.0

- - - - -
cd0167fe by Renovate Bot at 2023-12-14T17:08:54-05:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.24

- - - - -
36a8eb48 by n8fr8 at 2023-12-18T12:58:48+00:00
Add Ignore Android Restriction Workaround for Proxy

- - - - -
04266abb by Renovate Bot at 2023-12-18T13:11:22+00:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.0

- - - - -
0995b1dd by Renovate Bot at 2023-12-19T05:13:10+00:00
chore(deps): update module golang.org/x/crypto to v0.17.0 [security]

- - - - -
91ffc333 by meskio at 2023-12-20T12:57:41+01:00
Merge remote-tracking branch 'gitlab/mr/224'

- - - - -
9f330caa by Cecylia Bocovich at 2023-12-21T10:39:48-05:00
Suppress logs of EventOnProxyConnectionOver

- - - - -
a0e3e871 by Cecylia Bocovich at 2023-12-21T15:54:54-05:00
Bump version to v2.8.1

- - - - -
0d8261c4 by Arlo Breault at 2024-01-04T00:31:08-05:00
Add vcs revision to version string

For #40285

- - - - -
98db63ad by Arlo Breault at 2024-01-04T17:36:22+00:00
Update recommended torrc options in the client readme

For #40294

- - - - -
e4c818be by Arlo Breault at 2024-01-08T10:03:35-05:00
Scrub space separated ip addresses

The issue with ReplaceAllFunc is that it's capturing the leading and
trailing spaces in the regexp, so successive ips don't match.  From the
docstring,

> If 'All' is present, the routine matches successive non-overlapping
> matches of the entire expression.

For #40306

- - - - -
c98f50f5 by Renovate Bot at 2024-01-08T10:09:53-05:00
chore(deps): update module golang.org/x/sys to v0.16.0

- - - - -
48af2b21 by Renovate Bot at 2024-01-08T10:11:14-05:00
chore(deps): update module github.com/prometheus/client_golang to v1.18.0

- - - - -
591be520 by Renovate Bot at 2024-01-08T10:12:26-05:00
chore(deps): update module google.golang.org/protobuf to v1.32.0

- - - - -
54a47287 by Renovate Bot at 2024-01-08T10:13:07-05:00
chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.7

- - - - -
39395540 by Cecylia Bocovich at 2024-01-10T11:05:56-05:00
Add proxy commandline option for probe server URL

- - - - -
fe2f7de9 by Cecylia Bocovich at 2024-01-10T11:06:39-05:00
Use SetNet setting in probetest to ignore net.Interfaces error

Needed to get probetest running in shadow. Applies the fix from
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40278
to the probetest server.

- - - - -
f7a468e3 by Cecylia Bocovich at 2024-01-10T11:37:24-05:00
Add probetest commandline option for STUN URL

- - - - -
d0529141 by David Fifield at 2024-01-16T18:43:58+00:00
Cosmetic fixes taken from !219.

shelikhoo/dev-udp-performance-rebased branch
https://gitlab.torproject.org/shelikhoo/snowflake/-/commits/9dce28cfc2093490473432ffecd9abaab7ebdbdb

- - - - -
8fb17de1 by Michael Pu at 2024-01-22T13:06:42-05:00
Implement SQS rendezvous in client and broker

This features adds an additional rendezvous method to send client offers
and receive proxy answers through the use of Amazon SQS queues.

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/26151

- - - - -
f3b062dd by Anthony Chang at 2024-01-22T13:10:56-05:00
Add mocks and interfaces for testing SQS rendezvous

Co-authored-by: Michael Pu <michael.pu at uwaterloo.ca>

- - - - -
32e864b7 by Anthony Chang at 2024-01-22T13:11:03-05:00
Add unit tests for SQS rendezvous in client

Co-authored-by: Michael Pu <michael.pu at uwaterloo.ca>

- - - - -
9b90b77d by Andrew Wang at 2024-01-22T13:11:03-05:00
Add unit tests for SQS rendezvous in broker

Co-authored-by: Michael Pu <michael.pu at uwaterloo.ca>

- - - - -
b8df42a3 by Michael Pu at 2024-01-31T12:50:50-05:00
Fix nil ptr deference when listing client queues

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
26ceb6e2 by Michael Pu at 2024-01-31T14:34:29-05:00
Add metrics for tracking rendezvous method

Update tests for metrics

Add rendezvous_method to Prometheus metrics

Update broker spec docs with rendezvous method metrics

Bug fix

- - - - -
dbecefa7 by Anthony Chang at 2024-01-31T14:34:29-05:00
Move RendezvousMethod field to messages.Arg

- - - - -
5f5cbe64 by Michael Pu at 2024-01-31T14:34:32-05:00
Prune metrics that are reported for rendezvous

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
38352b22 by Cecylia Bocovich at 2024-02-05T12:00:05-05:00
Bump version to v2.9.0

- - - - -
d411842a by Anna “CyberTailor” at 2024-02-12T16:48:12-05:00
chore(ci): use golang:1.21 in generate_tarball job

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
49c4f7dc by Renovate Bot at 2024-02-12T16:55:34-05:00
chore(deps): update module github.com/pion/ice/v2 to v2.3.13

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
4c67e510 by Renovate Bot at 2024-02-12T16:59:39-05:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.26.6

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
35984c08 by Renovate Bot at 2024-02-13T20:16:38+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.0

- - - - -
acce1f1f by am3o at 2024-02-17T12:47:22+01:00
refactor: change deprecated "io/ioutil" package to recommended "io" package

- - - - -
bbd8b3af by meskio at 2024-02-19T09:55:49+01:00
Merge remote-tracking branch 'gitlab/mr/253'

- - - - -
f52785e8 by Renovate Bot at 2024-02-19T14:08:47+00:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.2

- - - - -
95e677c9 by Renovate Bot at 2024-02-20T14:19:29+00:00
chore(deps): update module golang.org/x/crypto to v0.19.0

- - - - -
533caaf4 by Renovate Bot at 2024-02-20T14:59:50+00:00
chore(deps): update module golang.org/x/net to v0.21.0

- - - - -
0c3d92c6 by Renovate Bot at 2024-02-21T14:58:56+00:00
chore(deps): update module github.com/miekg/dns to v1.1.58

- - - - -
b130151b by Cecylia Bocovich at 2024-02-27T11:32:09-05:00
Bump version to v2.9.1

- - - - -
b3b03d1a by Cecylia Bocovich at 2024-02-27T13:41:43-05:00
Add integration testing with shadow

This change uses the Shadow network simulator[0] to run a minimal snowflake
network and pass data between a client and a server.

[0] https://shadow.github.io/

- - - - -
f95babc1 by Cecylia Bocovich at 2024-02-27T13:41:43-05:00
Export shadow logs as an artifact for debugging

- - - - -
2c16ef83 by Cecylia Bocovich at 2024-02-27T13:41:43-05:00
Patch snowflake server in shadow experiment

Prevent an unsupported syscall in shadow from causing the snowflake
server to fail.

- - - - -
810f1fcc by Cecylia Bocovich at 2024-02-27T13:41:43-05:00
Use golang:1.21 container for shadow experiments

- - - - -
7b47a7d9 by Cecylia Bocovich at 2024-02-27T13:41:43-05:00
Use known working version of shadow

- - - - -
9175e863 by Micah Anderson at 2024-03-03T14:07:33+00:00
Automatically build container on release and push to our registry.

Now that Tor's gitlab has the container registry enabled, we can build a
snowflake container on release, and push the built container to the snowflake
registry.

This is accomplished without using privileged gitlab runners, via kaniko.

This would speed up snowflake updates for people running the docker
container. It would also mean that the 'docker-snowflake-proxy' project would no
longer need to exist.

Fixes docker-snowflake-proxy#10
Fixes docker-snowflake-proxy#13

- - - - -
5ee90a78 by Micah Anderson at 2024-03-03T14:07:33+00:00
Build multi-arch image.

This will build only those architectures that we have runners to build on

- - - - -
0e593edc by Micah Anderson at 2024-03-03T14:07:33+00:00
Build multi-arch image.

This will build only those architectures that we have runners to build on

- - - - -
91373235 by Micah Anderson at 2024-03-03T14:07:33+00:00
Build multi-arch image.

This will build only those architectures that we have runners to build on

- - - - -
9b689a10 by Micah Anderson at 2024-03-03T14:07:33+00:00
Build multi-arch image.

This will build only those architectures that we have runners to build on

- - - - -
c4c22fa2 by Micah Anderson at 2024-03-03T14:07:33+00:00
Build multi-arch image.

This will build only those architectures that we have runners to build on

- - - - -
9cd362f4 by Michael Pu at 2024-03-05T12:38:33-05:00
Move SQS client ID generation to Exchange

- - - - -
1e1f8272 by Michael Pu at 2024-03-05T12:38:33-05:00
Update tests

- - - - -
0777f019 by Michael Pu at 2024-03-05T12:38:50-05:00
update docs

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
5093c888 by Renovate Bot at 2024-03-06T05:11:40+00:00
chore(deps): update module google.golang.org/protobuf to v1.33.0 [security]

- - - - -
0c8efb4e by Cecylia Bocovich at 2024-03-07T17:51:16-05:00
Only run shadow tests on compatible runners

- - - - -
22bca0fb by Renovate Bot at 2024-03-08T11:40:27-05:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.7

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
c4beb91a by Renovate Bot at 2024-03-08T11:43:02-05:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.3

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
1c51e432 by Renovate Bot at 2024-03-08T11:45:59-05:00
chore(deps): update module golang.org/x/crypto to v0.21.0

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
b42966a6 by Renovate Bot at 2024-03-08T13:11:49-05:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.31.2

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
fe56eadd by Cecylia Bocovich at 2024-03-08T13:24:20-05:00
Fix grep command to check output of shadow tests

- - - - -
9fe2ca58 by Michael Pu at 2024-03-09T13:35:16-05:00
Switch to sqscreds param for passing in SQS credentials

- - - - -
91b8da42 by Michael Pu at 2024-03-09T13:35:16-05:00
update docs

- - - - -
b512e242 by Michael Pu at 2024-03-09T13:36:25-05:00
Implement better client IP per rendezvous method tracking for clients

Implement better client IP per rendezvous method tracking for clients

Add tests for added code, fix existing tests

chore(deps): update module github.com/miekg/dns to v1.1.58

Implement better client IP tracking for http and ampcache

Add tests for added code, fix existing tests

Implement GetCandidateAddrs from SDP

Add getting client IP for SQS

Bug fixes

Bug fix for tests

- - - - -
8968535c by Michael Pu at 2024-03-09T13:36:26-05:00
Update doc with new lines in metrics output

- - - - -
2b11f569 by Renovate Bot at 2024-03-11T20:03:53+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.29

- - - - -
d1175dac by Renovate Bot at 2024-03-12T09:00:37+00:00
chore(deps): update golang docker tag to v1.22

- - - - -
52fcd3d5 by Renovate Bot at 2024-03-12T09:29:03+00:00
chore(deps): update docker.io/library/golang docker tag to v1.22

- - - - -
d6570983 by meskio at 2024-03-12T08:26:04-03:00
Merge remote-tracking branch 'origin/mr/264'

- - - - -
f502eca6 by meskio at 2024-03-12T08:28:53-03:00
Merge remote-tracking branch 'origin/mr/258'

- - - - -
e7dfbebf by Renovate Bot at 2024-03-12T11:58:27+00:00
chore(deps): update module github.com/prometheus/client_model to v0.6.0

- - - - -
b05f059c by Renovate Bot at 2024-03-18T14:31:53-04:00
chore(deps): update module github.com/prometheus/client_golang to v1.19.0

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
712f2667 by Renovate Bot at 2024-03-18T14:34:14-04:00
chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.8

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
7b74b9e0 by Renovate Bot at 2024-03-18T14:36:47-04:00
chore(deps): update module golang.org/x/net to v0.22.0

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
eef46b95 by Micah Anderson at 2024-03-18T18:39:58+00:00
CI: tag containers in a meaningful way (Fixes #40345).

If there was a push to `main`, build a container with the tag `latest. If there
was a tag pushed, then build a container with the container tag set to the git
tag, additionally setting a `stable` tag that matches.

Because the process creates a number of temporary intermediary containers before
they are merged into one with the `merge-manifests` job (`$tag_amd64`,
`$tag_arm64`, `$tag_s390x`, `latest_amd64`, `latest_arm64`, `latest_s390x`)
which are only useful for the `merge-manifests` job, we clean these up in the
`clean_image_tags` job using the gitlab API

- - - - -
05a95802 by Cecylia Bocovich at 2024-03-18T14:47:44-04:00
Bump version to v2.9.2

- - - - -
f681b1c5 by Renovate Bot at 2024-03-18T20:47:07+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.8

- - - - -
a1d3d28f by Renovate Bot at 2024-03-19T15:40:51+00:00
chore(deps): update module github.com/pion/ice/v2 to v2.3.14

- - - - -
27e76279 by Renovate Bot at 2024-03-20T17:05:21+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.8

- - - - -
ec36fd42 by Renovate Bot at 2024-03-20T17:28:00+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.31.3

- - - - -
1bde730b by David Fifield at 2024-03-22T00:43:58+00:00
Comment typo.

- - - - -
96422e0d by Cecylia Bocovich at 2024-03-24T12:41:23-04:00
Update torrc file to match Tor Browser builtins

We switched to a CDN77, a cloud provider that supports domain fronting.

- - - - -
1a620dd2 by Micah Anderson at 2024-03-25T19:23:05+00:00
CI: make tag-container-release job depend on previous stages

- - - - -
095e9727 by Micah Anderson at 2024-03-25T19:23:05+00:00
CI: Remove echo in container stage.

This was here for debugging and is no longer necessary.

It also resulted in the following command being run:

$ echo "Building Docker image with tag: $TAG" /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${CI_REGISTRY_IMAGE}:${TAG}_${ARCH}"

which does not produce the image properly.

- - - - -
9997b4ac by Renovate Bot at 2024-03-29T19:17:08+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2 to v1.26.1

- - - - -
debd4739 by Renovate Bot at 2024-04-03T14:14:06+00:00
chore(deps): update module github.com/prometheus/client_model to v0.6.1

- - - - -
d439f895 by Sky at 2024-04-04T06:28:33+00:00
Allow to set listen address for metrics service via cl flags
- - - - -
cec3c2df by Sky at 2024-04-04T08:21:56+00:00
Update README.md to include all available CLI options
- - - - -
01588d99 by meskio at 2024-04-04T12:27:14+02:00
Merge remote-tracking branches 'gitlab/mr/289' and 'gitlab/mr/293'

- - - - -
228e757a by Renovate Bot at 2024-04-04T17:39:39+00:00
chore(deps): update module golang.org/x/crypto to v0.22.0

- - - - -
2b5fa625 by Renovate Bot at 2024-04-15T16:46:50-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.11

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
adffd43c by Renovate Bot at 2024-04-15T16:49:35-04:00
chore(deps): update module github.com/pion/sdp/v3 to v3.0.9

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
abf45d3f by Renovate Bot at 2024-04-15T16:51:21-04:00
chore(deps): update module golang.org/x/net to v0.23.0 [security]

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
47bf72ca by Renovate Bot at 2024-04-15T16:52:21-04:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.4

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
6c38c605 by Renovate Bot at 2024-04-17T20:11:37+00:00
chore(deps): update module github.com/miekg/dns to v1.1.59

- - - - -
7e94ef53 by Renovate Bot at 2024-04-19T15:42:41+00:00
chore(deps): update module golang.org/x/net to v0.24.0

- - - - -
d4099503 by Shelikhoo at 2024-04-24T11:33:41+01:00
remove apt install lbzip2 to avoid broken dependencies

- - - - -
18f3ac73 by Shelikhoo at 2024-04-25T10:02:37+01:00
rename stable container tags to latest

- - - - -
22a94597 by Renovate Bot at 2024-04-30T08:11:33+00:00
chore(deps): update module google.golang.org/protobuf to v1.34.0

- - - - -
5ffe9fbe by Renovate Bot at 2024-05-06T17:17:51+00:00
chore(deps): update module golang.org/x/net to v0.25.0

- - - - -
2eb4686c by Renovate Bot at 2024-05-07T18:05:10-04:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.40

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
1a8c3199 by Renovate Bot at 2024-05-07T18:07:09-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.31.4

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
96a02f80 by Renovate Bot at 2024-05-07T18:11:14-04:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.6

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
7bd3e31d by Renovate Bot at 2024-05-09T13:17:07+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.32.0

- - - - -
a9df5dd7 by meskio at 2024-05-09T16:24:33+02:00
Use ptutil for safelog and prometheus rounded metrics

* Related: #40354

- - - - -
150b2fe3 by Renovate Bot at 2024-05-13T11:12:45+01:00
chore(deps): update module github.com/prometheus/client_golang to v1.19.1

- - - - -
54495ceb by Renovate Bot at 2024-05-13T11:09:20+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.13

- - - - -
4ed5da7f by itchyonion at 2024-05-28T12:30:44-07:00
Simplify proxy NAT checking logic

- - - - -
7306b3a2 by Renovate Bot at 2024-06-10T12:54:10+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.32.6

- - - - -
e84bddb2 by Renovate Bot at 2024-06-10T16:10:34+00:00
chore(deps): update module golang.org/x/sys to v0.21.0

- - - - -
985bf9ee by meskio at 2024-06-11T08:58:50+02:00
Merge remote-tracking branches 'gitlab/mr/318' and 'gitlab/mr/326'

- - - - -
f5d4aabd by Renovate Bot at 2024-06-11T18:16:22+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.42

- - - - -
b83ef3f3 by meskio at 2024-06-12T10:47:04+02:00
Merge remote-tracking branch 'gitlab/mr/327'

- - - - -
e5f4e9d4 by Renovate Bot at 2024-06-17T19:15:49-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.19

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
b40137f1 by Renovate Bot at 2024-06-17T19:18:11-04:00
chore(deps): update gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil digest to 6a4a471

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
e73c6f3d by Renovate Bot at 2024-06-17T20:35:22-04:00
chore(deps): update module github.com/gorilla/websocket to v1.5.3

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
618b19a0 by Renovate Bot at 2024-06-18T19:16:39+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.20

- - - - -
b8f130e2 by meskio at 2024-06-19T09:47:30+02:00
Merge remote-tracking branch 'gitlab/mr/332'

- - - - -
e821930c by Renovate Bot at 2024-06-19T19:17:18+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.21

- - - - -
455f9d6e by meskio at 2024-06-20T09:31:39+02:00
Merge remote-tracking branch 'gitlab/mr/335'

- - - - -
843d9a9c by Renovate Bot at 2024-06-24T12:25:04+01:00
chore(deps): update module github.com/pion/transport/v2 to v2.2.5

- - - - -
c221f70b by Renovate Bot at 2024-06-26T19:10:59+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.22

- - - - -
5f0c0c96 by meskio at 2024-06-27T10:17:44+02:00
Merge remote-tracking branch 'gitlab/mr/341'

- - - - -
bd04c0f3 by Renovate Bot at 2024-06-28T13:47:21-04:00
chore(deps): update gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil digest to e8254c0

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
3c0a0063 by Cecylia Bocovich at 2024-06-29T17:34:28-04:00
Revert "chore(deps): update gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil digest to e8254c0"

This reverts commit bd04c0f307c953965e3802419396bc44b8500d35.

- - - - -
d9478322 by Renovate Bot at 2024-06-29T17:35:19-04:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.43

Signed-off-by: Cecylia Bocovich <cohosh at torproject.org>

- - - - -
4b37dd3a by Renovate Bot at 2024-06-29T22:09:23+00:00
chore(deps): update gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil digest to e8254c0

- - - - -
cf102330 by Renovate Bot at 2024-06-29T22:09:27+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2 to v1.30.1

- - - - -
c21ed7d9 by Renovate Bot at 2024-07-02T15:11:12+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.44

- - - - -
e2ba4d35 by meskio at 2024-07-08T08:37:04+02:00
Merge remote-tracking branches 'gitlab/mr/342', 'gitlab/mr/344' and 'gitlab/mr/345'

- - - - -
ffdda135 by Arlo Breault at 2024-07-11T11:46:57+01:00
Indicate modified in version string

issue 40365

- - - - -
9e977fe6 by meskio at 2024-07-11T13:39:56+02:00
Report the version of snowflake to the Tor process

- - - - -
f64f234e by meskio at 2024-07-11T17:45:57+02:00
New ptuitl/safeprom doesn't have Rounded in the type names

This version fixes the test issue of double registering metrics.

* Closes: #40367

- - - - -
308e1816 by Renovate Bot at 2024-08-01T12:29:42+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.34.3

- - - - -
8f93d08d by Renovate Bot at 2024-08-01T15:08:32+01:00
chore(deps): update module github.com/refraction-networking/utls to v1.6.7

- - - - -
21fef74c by Renovate Bot at 2024-08-01T14:42:28+00:00
chore(deps): update module github.com/xtaci/smux to v1.5.27

- - - - -
a93b4859 by meskio at 2024-08-01T17:47:19+02:00
Merge remote-tracking branch 'gitlab/mr/354'

- - - - -
ee5f815f by David Fifield at 2024-08-01T22:12:56+00:00
Cosmetic changes from dev-snowflake-udp-rebase-extradata.

https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-snowflake-udp-rebase-extradata
commit 59b76dc68d2ee0383c2acd91cb0f44edc46af939

- - - - -
f25b293f by David Fifield at 2024-08-02T03:36:37+00:00
Comment typo.

- - - - -
92f21539 by Renovate Bot at 2024-08-02T03:44:34+00:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.2.50

- - - - -
6d2011de by meskio at 2024-08-07T12:33:37+02:00
Report a different implementation for client and server

- - - - -
103278d6 by WofWca at 2024-08-20T12:43:31+01:00
docs(broker): clarify `allowed-relay-pattern`

Specify that the broker will reject proxies
whose AcceptedRelayPattern is more restrictive than this,
and not less restrictive.

The parameter was introduced here
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/87
> The proxy sends its allowed URL pattern to the broker.
> The broker rejects proxies that are too restrictive.

- - - - -
b70c0600 by Renovate Bot at 2024-08-21T11:06:51+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.28

- - - - -
5b4caa23 by Renovate Bot at 2024-08-21T10:30:24+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.34.4

- - - - -
d25b8306 by meskio at 2024-08-21T13:16:02+02:00
Merge remote-tracking branch 'gitlab/mr/364'

- - - - -
1d6a2580 by obble at 2024-08-21T15:02:15+00:00
Improving Snowflake Proxy Performance by Adjusting Copy Buffer Size

TL;DR: The current implementation uses a 32K buffer size for a total of 64K of
buffers/connection, but each read/write is less than 2K according to my measurements.

# Background

The Snwoflake proxy uses as particularly hot function `copyLoop`
(proxy/lib/snowflake.go) to proxy data from a Tor relay to a connected client.
This is currently done using the `io.Copy` function to write all incoming data
both ways.

Looking at the `io.Copy` implementation, it internally uses `io.CopyBuffer`,
which in turn defaults to a buffer of size 32K for copying data (I checked and
the current implementation uses 32K every time).

Since `snowflake-proxy` is intended to be run in a very distributed manner, on
as many machines as possible, minimizing the CPU and memory footprint of each
proxied connection would be ideal, as well as maximising throughput for
clients.

# Hypothesis

There might exist a buffer size `X` that is more suitable for usage in `copyLoop` than 32K.

# Testing

## Using tcpdump

Assuming you use `-ephemeral-ports-range 50000:51000` for `snowflake-proxy`,
you can capture the UDP packets being proxied using

```sh
sudo tcpdump  -i <interface> udp portrange 50000-51000
```

which will provide a `length` value for each packet captured. One good start
value for `X` could then be slighly larger than the largest captured packet,
assuming one packet is copied at a time.

Experimentally I found this value to be 1265 bytes, which would make `X = 2K` a
possible starting point.

## Printing actual read

The following snippe was added in `proxy/lib/snowflake.go`:

```go
// Taken straight from standardlib io.copyBuffer
func copyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error) {
	// If the reader has a WriteTo method, use it to do the copy.
	// Avoids an allocation and a copy.
	if wt, ok := src.(io.WriterTo); ok {
		return wt.WriteTo(dst)
	}
	// Similarly, if the writer has a ReadFrom method, use it to do the copy.
	if rt, ok := dst.(io.ReaderFrom); ok {
		return rt.ReadFrom(src)
	}
	if buf == nil {
		size := 32 * 1024
		if l, ok := src.(*io.LimitedReader); ok && int64(size) > l.N {
			if l.N < 1 {
				size = 1
			} else {
				size = int(l.N)
			}
		}
		buf = make([]byte, size)
	}
	for {
		nr, er := src.Read(buf)
		if nr > 0 {
			log.Printf("Read %d", nr) // THIS IS THE ONLY DIFFERENCE FROM io.CopyBuffer
			nw, ew := dst.Write(buf[0:nr])
			if nw < 0 || nr < nw {
				nw = 0
				if ew == nil {
					ew = errors.New("invalid write result")
				}
			}
			written += int64(nw)
			if ew != nil {
				err = ew
				break
			}
			if nr != nw {
				err = io.ErrShortWrite
				break
			}
		}
		if er != nil {
			if er != io.EOF {
				err = er
			}
			break
		}
	}
	return written, err
}
```

and `copyLoop` was amended to use this instead of `io.Copy`.

The `Read: BYTES` was saved to a file using this command

```sh
./proxy -verbose -ephemeral-ports-range 50000:50010 2>&1 >/dev/null  | awk '/Read: / { print $4 }' | tee read_sizes.txt
```

I got the result:

min: 8
max: 1402
median: 1402
average: 910.305

Suggested buffer size: 2K
Current buffer size: 32768 (32K, experimentally verified)

## Using a Snowflake Proxy in Tor browser and use Wireshark

I also used Wireshark, and concluded that all packets sent was < 2K.

# Conclusion

As per the commit I suggest changing the buffer size to 2K. Some things I have not been able to answer:

1. Does this make a big impact on performance?
1. Are there any unforseen consequences? What happens if a packet is > 2K (I
	 think the Go standard libary just splits the packet, but someone please confirm).

- - - - -
a6d4570c by obble at 2024-08-21T16:06:41+01:00
Fix log message in CopyLoop

- - - - -
677146c9 by WofWca at 2024-08-21T20:50:59+04:00
add `test_bridgeList.txt` file

As an example for the `bridge-list-path` parameter

- - - - -
06241114 by WofWca at 2024-08-21T16:23:12-04:00
docs: fix example server library usage

`Listen` now accepts `numKCPInstances`

- - - - -
bb2126b7 by David Fifield at 2024-08-21T17:00:18-04:00
Use %w, not %v, in fmt.Errorf, so errors can be unwrapped.

https://go.dev/blog/go1.13-errors#wrapping-errors-with-w

- - - - -
937860b1 by Renovate Bot at 2024-08-22T05:59:24+01:00
chore(deps): update module golang.org/x/crypto to v0.26.0

- - - - -
f6320e42 by Renovate Bot at 2024-08-22T05:12:30+00:00
chore(deps): update docker.io/library/golang docker tag to v1.23

- - - - -
240dd3af by meskio at 2024-08-22T11:46:35+02:00
Merge remote-tracking branch 'gitlab/mr/365'

- - - - -
450c3096 by Renovate Bot at 2024-08-22T11:00:07+01:00
chore(deps): update module golang.org/x/net to v0.28.0

- - - - -
44a96231 by Renovate Bot at 2024-08-22T11:18:02+01:00
chore(deps): update module github.com/miekg/dns to v1.1.62

- - - - -
5fb1290f by Renovate Bot at 2024-08-22T11:10:40+00:00
chore(deps): update module github.com/prometheus/client_golang to v1.20.1

- - - - -
0804d865 by meskio at 2024-08-22T13:35:53+02:00
Merge remote-tracking branch 'gitlab/mr/362'

- - - - -
2ebfcf6e by meskio at 2024-08-22T13:36:46+02:00
Merge remote-tracking branch 'gitlab/mr/367'

- - - - -
8f429666 by Renovate Bot at 2024-08-22T12:56:14+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.28

- - - - -
f4db6461 by WofWca at 2024-08-22T09:31:37-04:00
feat: expose `pollInterval` in CLI

Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40373

- - - - -
37c1e2c2 by Renovate Bot at 2024-08-27T09:19:09-04:00
chore(deps): update module golang.org/x/sys to v0.24.0

- - - - -
0a942f8e by Renovate Bot at 2024-08-27T09:20:43-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.30

- - - - -
97e21e3a by Renovate Bot at 2024-08-27T09:43:08-04:00
chore(deps): update module github.com/pion/stun to v3

- - - - -
9f832f8b by Renovate Bot at 2024-08-27T14:00:16+00:00
chore(deps): update module github.com/prometheus/client_golang to v1.20.2

- - - - -
978a55b7 by meskio at 2024-09-02T13:03:08+02:00
Merge remote-tracking branch 'gitlab/mr/374'

- - - - -
14f4c82f by WofWca at 2024-09-02T14:59:23+01:00
test(proxy): add tests for relayURL check

- - - - -
0f2bdffb by WofWca at 2024-09-02T14:59:26+01:00
hardening(proxy): only accept `ws` & `wss` relays

- - - - -
399bda52 by WofWca at 2024-09-02T14:59:26+01:00
refactor(proxy): tidy up `isRelayURLAcceptable`

Add clearer error messages

- - - - -
94c6089c by WofWca at 2024-09-02T14:59:26+01:00
hardening(proxy): don't proxy private IP addresses

...by default.

This is useful when `RelayDomainNamePattern` is lax (e.g. just "$")
(which is not the case by default, so this is simply
a hardening measure).

- - - - -
f058a3da by Renovate Bot at 2024-09-03T18:54:49+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2 to v1.30.5

- - - - -
f7016413 by meskio at 2024-09-04T13:16:17+02:00
Merge remote-tracking branch 'gitlab/mr/383'

- - - - -
ec9476e5 by WofWca at 2024-09-04T10:47:08-04:00
Better error msg on bad fingerprint

- - - - -
2bbd4d06 by WofWca at 2024-09-05T13:04:42+01:00
refactor(proxy): better `RelayURL` description

It's the case that it's simply "default" after
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/87
Now the broker specifies the relay URL (see `ProxyPollResponse`).

- - - - -
78f4b9db by WofWca at 2024-09-08T14:50:08+04:00
test(client): add test for `BrokerChannel`

- - - - -
7f9fea57 by WofWca at 2024-09-09T11:58:28+01:00
fix(proxy): send answer even if ICE gathering is not complete

Otherwise the connection is guaranteed to fail, even though
we actually might have gathered enough to make a successful
connection.

Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40230

This is the standalone proxy counterpart of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/merge_requests/55

- - - - -
f44aa279 by WofWca at 2024-09-09T15:26:55+01:00
refactor(proxy): improve NAT check logging

4ed5da7f2f070d introduced `OnError` but it did not print
failed periodic NAT type check errors - the error was simply
ignored.

- - - - -
51edbbfd by WofWca at 2024-09-09T15:26:58+01:00
fix(proxy): maybe memory leak on failed NAT check

Maybe related: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40243

- - - - -
2d13e2a5 by WofWca at 2024-09-09T15:26:58+01:00
fix(probetest): maybe resource leak

...on failed requests: WebRTC connection wouldn't get
closed in such cases.

- - - - -
55c4c90a by WofWca at 2024-09-09T15:26:59+01:00
fix(probetest): NAT check timing out sometimes

if ICE gathering on the probetest server is taking long
to complete.

Related: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40230

- - - - -
0323ccba by Renovate Bot at 2024-09-09T15:53:08+01:00
chore(deps): update module github.com/xtaci/smux to v1.5.29

- - - - -
1d951e37 by Renovate Bot at 2024-09-09T15:28:00+00:00
chore(deps): update module github.com/prometheus/client_golang to v1.20.3

- - - - -
f046361e by meskio at 2024-09-09T18:22:21+02:00
Merge remote-tracking branch 'gitlab/mr/393'

- - - - -
9d2c513e by meskio at 2024-09-09T18:22:27+02:00
Merge remote-tracking branch 'gitlab/mr/394'

- - - - -
bcac2250 by Shelikhoo at 2024-09-12T11:10:13+01:00
update mobile CI test's golang version to 1.23

- - - - -
daff4d89 by WofWca at 2024-09-19T19:14:04+00:00
refactor(proxy): add comment about packet size

- - - - -
f752d2ab by David Fifield at 2024-09-21T14:30:59+00:00
Spell out EphemeralMinPort and EphemeralMaxPort in comment.

For searching purposes.

- - - - -
71828580 by WofWca at 2024-09-21T15:11:37+00:00
fix(broker): empty pattern if bridge-list is empty

i.e. if no bridge list file is provided, the relay pattern
would not get set.

AFAIK this is not a breaking change because the broker
can't be used as a library, unlike client and server.

- - - - -
0f0f1188 by WofWca at 2024-09-21T18:20:31+00:00
improvement(proxy): don't panic on invalid relayURL

Though prior to this change the panic could only happen
if the default relayURL set by the proxy is invalid,
since `datachannelHandler` is only called after a succesful
`checkIsRelayURLAcceptable()`, which ensures that it _is_ valid.
But in the case of invalid default relay URL, a warning is printed
already.

- - - - -
de61d7bb by David Fifield at 2024-09-21T18:28:17+00:00
Document relayURL return in SignalingServer.pollOffer.

The second return value was added in
863a8296e85ae467aa3855ab85f6f990f9cb40e5.

- - - - -
721c028d by Renovate Bot at 2024-09-23T13:21:05+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.35.0

- - - - -
99521fb1 by Renovate Bot at 2024-09-23T12:49:18+00:00
chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.17

- - - - -
4497d68d by Cecylia Bocovich at 2024-09-23T10:08:18-04:00
Move time.Sleep call in turbotunnel test

An update the the kcp-go library removes the guarantee that all data
written to a KCP connection will be flushed before the connection is
closed. Moving the sleep call has no impact on the integrity of the
tests, and gives the connection time to flush data before the connection
is closed.

See https://github.com/xtaci/kcp-go/issues/273

- - - - -
43b91c79 by Renovate Bot at 2024-09-23T12:19:07-04:00
chore(deps): update module github.com/prometheus/client_golang to v1.20.4

- - - - -
60c89648 by Renovate Bot at 2024-09-23T12:20:36-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.34

- - - - -
d0c52757 by Renovate Bot at 2024-09-23T12:32:33-04:00
chore(deps): update module golang.org/x/crypto to v0.27.0

- - - - -
61771d80 by Renovate Bot at 2024-09-23T16:57:56+00:00
chore(deps): update module github.com/xtaci/smux to v1.5.30

- - - - -
e8736ecd by anarcat at 2024-09-23T18:10:39+00:00
use proper image name for debian image

We're deprecating the old image name format, see https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/14
- - - - -
00cf7bdf by Renovate Bot at 2024-09-23T19:21:31+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.35.1

- - - - -
d4d517f3 by meskio at 2024-09-24T11:35:27+02:00
Merge remote-tracking branch 'gitlab/mr/401'

- - - - -
7a8f484e by meskio at 2024-09-24T11:36:22+02:00
Merge remote-tracking branches 'gitlab/mr/399' and 'gitlab/mr/402'

- - - - -
f353be83 by Renovate Bot at 2024-09-24T14:11:01+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.37

- - - - -
443c633a by Cecylia Bocovich at 2024-09-24T13:12:23-04:00
Revert "Move time.Sleep call in turbotunnel test"

This reverts commit 4497d68d6fd3130dee71b0208fa1e67829ad6717.

- - - - -
177ab12b by Cecylia Bocovich at 2024-09-24T13:13:15-04:00
Revert "chore(deps): update module github.com/xtaci/kcp-go/v5 to v5.6.17"

This reverts commit 99521fb134cd6715939f04356b12fa78d19d7976.

- - - - -
15b3f64a by Cecylia Bocovich at 2024-09-24T14:14:03-04:00
Update go.sum file with `go mod tidy`

- - - - -
9b047288 by WofWca at 2024-09-25T16:50:18+01:00
docs: improve proxy CLI param descriptions

Since the proxy component is the most dedicated for public use,
more comprehensive docs are good.

- - - - -
d346639e by WofWca at 2024-09-26T18:15:04+01:00
improvement(proxy): improve NAT check logging

- - - - -
5c7bdcea by WofWca at 2024-09-26T18:15:05+01:00
fix(probetest): wrong "restricted" sometimes

Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40387

- - - - -
17be3430 by Renovate Bot at 2024-10-07T16:26:23+01:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.41

- - - - -
4e45515c by Renovate Bot at 2024-10-07T16:32:43+00:00
chore(deps): update module github.com/xtaci/smux to v1.5.31

- - - - -
1b44ee76 by Renovate Bot at 2024-10-07T16:34:40+00:00
chore(deps): update module golang.org/x/crypto to v0.28.0

- - - - -
177a6bdf by meskio at 2024-10-08T12:19:03+02:00
Merge remote-tracking branches 'gitlab/mr/405' and 'gitlab/mr/410'

- - - - -
214ee6b1 by Renovate Bot at 2024-10-08T20:37:17+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.27.43

- - - - -
846ef79c by meskio at 2024-10-16T12:13:19+02:00
Merge remote-tracking branch 'gitlab/mr/412'

- - - - -
33318ea5 by Renovate Bot at 2024-10-17T14:51:40-04:00
chore(deps): update module github.com/pion/webrtc/v3 to v3.3.4

- - - - -
fc790844 by Renovate Bot at 2024-10-17T14:53:30-04:00
chore(deps): update module golang.org/x/net to v0.30.0

- - - - -
1085d048 by Renovate Bot at 2024-10-17T14:54:35-04:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.36.2

- - - - -
9ff205dd by Neel Chauhan at 2024-10-17T15:15:02-04:00
Probetest/proxy: Set multiple comma-separated default STUN URLs

This adds the BlackBerry STUN server alongside Google's. Closes #40392.

- - - - -
8792771c by Neel Chauhan at 2024-10-17T15:46:02-04:00
broker and proxy must not reject client offers with no ICE candidates

Fixes #40371. Partially reverts !141.

- - - - -
ce2fc00f by Renovate Bot at 2024-10-17T19:53:08+00:00
chore(deps): update module github.com/prometheus/client_golang to v1.20.5

- - - - -
f22f1ceb by Renovate Bot at 2024-10-17T19:53:19+00:00
chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.28.0

- - - - -
a7855d50 by meskio at 2024-10-21T12:50:40+02:00
Merge remote-tracking branches 'gitlab/mr/420' and 'gitlab/mr/422'

- - - - -
f4305180 by Neel Chauhan at 2024-10-22T14:50:43-04:00
Remove the pollInterval loop from SignalingServer.pollOffer in the standalone proxy

Closes #40210.

- - - - -
93f5d1ef by Waldemar Zimpel at 2024-10-23T03:25:26+02:00
Log average transfer rate

Adds the average transfer rate for the summary interval to the summary log lines

- - - - -
0e0ca872 by meskio at 2024-10-23T09:11:41+02:00
Merge remote-tracking branch 'gitlab/mr/423'

- - - - -
028ff826 by Waldemar Zimpel at 2024-10-28T16:23:44+01:00
Optionally enable local time for logging

Introduces the option `-log-local-time` which switches to local time
for logging instead of using UTC. Also if this option is applied, a message
is being output to the log on startup about the usage of local time
to draw attention, so the user/operator can take care of anonymity in case
the logs are going to be shared.

- - - - -
a019fdae by Cecylia Bocovich at 2024-10-29T14:58:01-04:00
Perform SnowflakeConn.Close() logic only once

Use synchronization to avoid a panic if SnowflakeConn.Close is called
more than once.

- - - - -
0d8bd159 by Cecylia Bocovich at 2024-10-29T14:58:01-04:00
Have SnowflakeConn.Close() return errors

Return an error if the connection was already closed. On the first
close, return an error if any of the calls inside Close() returned an
error in this order:
- smux.Stream.Close()
- pconn.Close()
- smux.Session.Close()

- - - - -
aaf88265 by Cecylia Bocovich at 2024-11-06T10:31:33-05:00
Add proxy event for when client has connected

This enables the usage of callbacks that will be called when a client
has opened a data channel connection to the proxy.

- - - - -
b06004a3 by Cecylia Bocovich at 2024-11-07T16:56:55-05:00
Bump version of snowflake to 2.10.0

- - - - -
8b2e12c9 by Cecylia Bocovich at 2024-11-11T13:15:48-05:00
Bump version of Snowflake to 2.10.1

- - - - -
2a139f1a by Antoine Beaupré at 2024-12-06T13:30:20-05:00
Merge tag 'v2.10.1' into debian/sid

2.10.1

- - - - -
b9834bd8 by Antoine Beaupré at 2024-12-06T13:55:58-05:00
bump goptlib dep

- - - - -
3999b8fd by Antoine Beaupré at 2024-12-06T13:55:59-05:00
prepare 2.10.1-1 upload

- - - - -

30 changed files:

- .gitlab-ci.yml
- ChangeLog
- + Dockerfile
- README.md
- Vagrantfile
- broker/amp.go
- broker/bridge-list.go
- broker/bridge-list_test.go
- broker/broker.go
- broker/http.go
- broker/ipc.go
- broker/metrics.go
- − broker/prometheus.go
- broker/snowflake-broker_test.go
- + broker/sqs.go
- + broker/sqs_test.go
- + broker/test_bridgeList.txt
- client/README.md
- client/lib/lib_test.go
- client/lib/peers.go
- client/lib/rendezvous.go
- client/lib/rendezvous_ampcache.go
- client/lib/rendezvous_http.go
- + client/lib/rendezvous_sqs.go
- client/lib/rendezvous_test.go
- client/lib/snowflake.go
- client/lib/turbotunnel.go
- client/lib/webrtc.go
- client/snowflake.go
- client/torrc

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/8fac5904b4d51a11b35f4a5eb970cd178a44be14...3999b8fde77aa7d4c30bb60b9beb24407300b02e

-- 
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/snowflake/-/compare/8fac5904b4d51a11b35f4a5eb970cd178a44be14...3999b8fde77aa7d4c30bb60b9beb24407300b02e
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20241206/4f91996a/attachment-0001.htm>