[tor-bugs] #18628 [Obfuscation/Snowflake]: Devise some way for the browser proxy to forward metadata to the bridge before the OR data

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jul 22 13:09:04 UTC 2017 

#18628: Devise some way for the browser proxy to forward metadata to the bridge
before the OR data
-----------------------------------+--------------------------------
 Reporter:  arlolra                |          Owner:
     Type:  defect                 |         Status:  needs_revision
 Priority:  High                   |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+--------------------------------
Changes (by dcf):

 * status:  needs_review => needs_revision


Comment:

 Review of the patches from comment:2:

 It's better if the WebSocket struct exposes the entire client http.Request
 structure, not just Request.URL. That way, consumers can also inspect the
 headers etc. Compare with
 [https://godoc.org/golang.org/x/net/websocket#Conn.Request Conn.Request()]
 in the x/net websocket package. (You can make it a simple member access,
 doesn't have to be a function call.)

 Completely delete the path check in websocket, don't just comment it out.

 Run `go fmt`.

 About the client address:
  * There should be some validation of `client_ip`, such as parsing with
 [https://golang.org/pkg/net/#ParseIP net.ParseIP], before passing the
 string into tor.
  * The ExtORPort USERADDR command
 [https://gitweb.torproject.org/torspec.git/tree/proposals/196-transport-
 control-ports.txt?id=f59e8f5b2819842fe6cb5b162a9226a4f1891b4d#n72 is
 documented] to take an addr:port string, not just an IP address. So
 snowflake-server needs to add a dummy port number (using
 [https://golang.org/pkg/net/#JoinHostPort net.JoinHostPort]) before giving
 the string to tor. Alternately, rename `client_ip` to `client_addr` and
 have it contain the entire addr:port string.
    * If tor is accepting a plain IP address for USERADDR, it's a bug in
 tor or in the documentation, and we need to file a separate bug.
  * How does client_ip handle IPv6 addresses? We need to decide whether
 IPv6 addresses will have square brackets (if the port is included, then
 yes; if the port is not included, then probably no) and document it at
 least in a comment.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18628#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list