[tor-bugs] #21304 [Obfuscation/Snowflake]: Sanitize snowflake.log
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 3 20:46:06 UTC 2019
#21304: Sanitize snowflake.log
-----------------------------------+-----------------------------
Reporter: arlolra | Owner: cohosh
Type: defect | Status: merge_ready
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: starter | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
-----------------------------------+-----------------------------
Comment (by dcf):
Replying to [comment:17 cohosh]:
> Replying to [comment:16 dcf]:
> > Apart from the specific client and broker changes you made
[https://github.com/cohosh/snowflake/commit/3eb9064438ca6242f935173aed88ec29a0c16c7d
here], do the client and broker benefit from using the same log scrubber?
I.e., is it worth it to factor out the log scrubber into its own package
and share it, after merging it to server?
> >
> I would say yes, as a precaution, just because the broker at least also
uses the net.http package for connections that involve the client IP
address. It would be a very small library... is that a good way to do it?
I think the way to do it is create a new subdirectory containing the code,
put `package safelog` (or whatever) at the top of the file, and then
import it where needed using `import git.torproject.org/pluggable-
transports/snowflake.git/safelog` (or whatever).
Compare to how obfs4proxy factors out some of its common code:
https://gitlab.com/yawning/obfs4/blob/dba633c7dc0d7d919e8be1b61016cab7cfa8e60e/obfs4proxy/obfs4proxy.go#L45-48
But in any case, the server code is fine to merge as-is now, IMO.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21304#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list