[tor-bugs] #26920 [Applications/Tor Browser]: Deploy Marionette as a Pluggable Transport
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 28 18:06:57 UTC 2019
#26920: Deploy Marionette as a Pluggable Transport
--------------------------------------+---------------------------
Reporter: Marionette | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: Marionette tor-pt | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor19
--------------------------------------+---------------------------
Comment (by cohosh):
I have a marionette bridge set up for testing.
=== Bridge Info
You can add the following line to the client's torrc file:
{{{
Bridge marionette 165.227.39.255:8081
}}}
The hashed-fingerprint is {{{F669BDEFC46E6F441A87418579A653C1D35BCF6F}}}
This bridge also has an IPv6 address: {{{2604:a880:cad:d0::30:1}}}
=== Testing specifics
You can place quite a bit of load on this one. I've placed an accounting
max of 1TB/month on the bridge.
=== Build process for marionette
It took some work to build the marionette server and configure the torrc
file at the bridge. Right now it does not work out the box and the given
torrc files in the marionette repository need to be modified for
production bridge use.
I've created a pull request to fix the compilation and linking issues
here: https://github.com/redjack/marionette/pull/22
These are the steps that I followed to build and deploy marionette:
1. Build the dependencies {{{./build_third_party.sh}}} Note: you should
run this script instead of following the User Guide. This will install the
dependencies locally instead of system-wide and put them in the directory
third_party/libs (which is where marionette later assumes they will be)
2. go build
3. go install ./cmd/marionette
4. Place the binary (located locally in $GOPATH/bin) in /usr/local/bin/ of
the bridge server
Here's a sample torrc file that will work:
{{{
Nickname pick-a-nickname
ContactInfo you <your email>
RunAsDaemon 0
Log notice stderr
BridgeRelay 1
SOCKSPort 0
ORPort 9001
ExtORPort 9002
#IPv6 is also enabled
ORPort [ipv6 address]:9001
ServerTransportPlugin marionette exec /usr/local/bin/marionette pt-server
-log-file /var/log/tor/marionette-server.log -format http_simple_blocking
# Marionette gets its listening port from its specification document.
# This should be fixed before deployment. We hardcode this value to 8081.
ServerTransportListenAddr marionette 0.0.0.0:8081
}}}
I've verified the bridge is working by connecting with a client with the
following torrc file:
{{{
RunAsDaemon 0
Log notice stderr
DataDirectory datadir
SocksPort 19050
UseBridges 1
# See comment in torrc.server for information about why this must always
be 8081.
Bridge marionette 165.227.39.255:8081
ClientTransportPlugin marionette exec ./marionette pt-client -log-file
marionette-client.log -format http_simple_blocking
}}}
=== Other notes on marionette
- The dependencies for marionette are still a bit troublesome. I'm worried
that they will be difficult to maintain and easily go out of date. I see
that python is no longer required which seems to be an improvement but I'm
curious about the need for re2 and openfst.
- It would be nice to fix the listen port to not be hardcoded:
{{{
# Marionette gets its listening port from its specification document.
# This should be fixed before deployment. We hardcode this value to 8081.
ServerTransportListenAddr marionette 0.0.0.0:8081
}}}
At cmd/marionette/pt_server.go:86
{{{
// Marionette always listen on port 8081 so we ignore TOR.
// This should probably be fixed.
host, port, err :=
net.SplitHostPort(bindAddr.Addr.String())
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26920#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list