[tor-bugs] #26920 [Applications/Tor Browser]: Deploy Marionette as a Pluggable Transport

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 28 18:06:57 UTC 2019


#26920: Deploy Marionette as a Pluggable Transport
--------------------------------------+---------------------------
 Reporter:  Marionette                |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  Marionette tor-pt         |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:  Sponsor19
--------------------------------------+---------------------------

Comment (by cohosh):

 I have a marionette bridge set up for testing.

 === Bridge Info

 You can add the following line to the client's torrc file:
 {{{
 Bridge marionette 165.227.39.255:8081
 }}}

 The hashed-fingerprint is {{{F669BDEFC46E6F441A87418579A653C1D35BCF6F}}}

 This bridge also has an IPv6 address: {{{2604:a880:cad:d0::30:1}}}

 === Testing specifics

 You can place quite a bit of load on this one. I've placed an accounting
 max of 1TB/month on the bridge.

 === Build process for marionette

 It took some work to build the marionette server and configure the torrc
 file at the bridge. Right now it does not work out the box and the given
 torrc files in the marionette repository need to be modified for
 production bridge use.

 I've created a pull request to fix the compilation and linking issues
 here: https://github.com/redjack/marionette/pull/22

 These are the steps that I followed to build and deploy marionette:
 1. Build the dependencies {{{./build_third_party.sh}}} Note: you should
 run this script instead of following the User Guide. This will install the
 dependencies locally instead of system-wide and put them in the directory
 third_party/libs (which is where marionette later assumes they will be)

 2. go build

 3. go install ./cmd/marionette

 4. Place the binary (located locally in $GOPATH/bin) in /usr/local/bin/ of
 the bridge server

 Here's a sample torrc file that will work:
 {{{
 Nickname pick-a-nickname
 ContactInfo you <your email>
 RunAsDaemon 0
 Log notice stderr

 BridgeRelay 1
 SOCKSPort 0
 ORPort 9001
 ExtORPort 9002
 #IPv6 is also enabled
 ORPort [ipv6 address]:9001

 ServerTransportPlugin marionette exec /usr/local/bin/marionette pt-server
 -log-file /var/log/tor/marionette-server.log -format http_simple_blocking

 # Marionette gets its listening port from its specification document.
 # This should be fixed before deployment. We hardcode this value to 8081.
 ServerTransportListenAddr marionette 0.0.0.0:8081
 }}}

 I've verified the bridge is working by connecting with a client with the
 following torrc file:
 {{{
 RunAsDaemon 0
 Log notice stderr
 DataDirectory datadir

 SocksPort 19050

 UseBridges 1

 # See comment in torrc.server for information about why this must always
 be 8081.
 Bridge marionette 165.227.39.255:8081

 ClientTransportPlugin marionette exec ./marionette pt-client -log-file
 marionette-client.log -format http_simple_blocking
 }}}

 === Other notes on marionette

 - The dependencies for marionette are still a bit troublesome. I'm worried
 that they will be difficult to maintain and easily go out of date. I see
 that python is no longer required which seems to be an improvement but I'm
 curious about the need for re2 and openfst.

 - It would be nice to fix the listen port to not be hardcoded:
 {{{
 # Marionette gets its listening port from its specification document.
 # This should be fixed before deployment. We hardcode this value to 8081.
 ServerTransportListenAddr marionette 0.0.0.0:8081
 }}}
 At cmd/marionette/pt_server.go:86
 {{{
                 // Marionette always listen on port 8081 so we ignore TOR.
                 // This should probably be fixed.
                 host, port, err :=
 net.SplitHostPort(bindAddr.Addr.String())
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26920#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list