[tor-bugs] #30125 [Obfuscation/Snowflake]: Port server's log sanitization to client, broker, and proxy-go

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 12 14:12:47 UTC 2019 

#30125: Port server's log sanitization to client, broker, and proxy-go
-----------------------------------+------------------------------
 Reporter:  dcf                    |          Owner:  cohosh
     Type:  enhancement            |         Status:  needs_review
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:  Sponsor19
-----------------------------------+------------------------------

Comment (by cohosh):

 Replying to [comment:4 dcf]:
 > The refactoring looks good. I have a few ideas about deployment to save
 us some trouble later. My main goal is that there should be a clean break
 between the old unsanitized logs and the new sanitized logs, so that we
 don't later have to trawl through a log file and figure out where the
 change happened. This is because I'd like us to extract what we need from
 the old logs and then delete them.
 >
 Thanks! This looks reasonable to me. Do you have something in mind for
 extracting useful data from the unsanitized logs? I suppose we could write
 a separate scrubber to sanitize them retroactively.

 > For the bridge, those logs are being rotated and not saved long-term, so
 we don't need to do anything special.
 >
 > For the broker, it will be something like this:
 > [...]
 > For proxy-go, it will be similar, except that there are several /home
 /snowflake-proxy/*.log.d log directories. Also /home/snowflake-proxy
 /snowflake-proxy-*.log{,.xz} are unsanitized logs from before we started
 using runit log directories (happened in #28390).
 I've noticed that there are a lot of old logs from different proxy-go
 instances. I'll set up the tarball to keep the directory structure, but I
 guess my question is the same as above about what we're planning on using
 these logs for.
 >
 > For the client, we'll need a Tor Browser ticket to pick up the upgrade.
 A sample ticket and patch that can serve as a template is #26795. I know
 you are interested in the reproducible build and this would be a good
 introduction to
 [[doc/TorBrowser/Hacking#BuildingOfficialTorBrowserReleaseBinaries|rbm]]
 if you haven't used it yet. Basically, you just need to edit
 projects/snowflake/config and update `git_hash`, then run `make testbuild`
 to make sure it still builds, then open a ticket in the Applications/Tor
 Browser component.
 Cool! I also wanted to ask you about thoughts you have about when to make
 snowflake client releases. I'm assuming it's just whenever there are
 changes we think are important to have people start using. But I also
 don't want to overwhelm the applications team.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30125#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list