[tor-bugs] #33336 [Circumvention/Snowflake]: Deploy a Turbo Tunnel–aware Snowflake bridge
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 19 17:09:36 UTC 2020
#33336: Deploy a Turbo Tunnel–aware Snowflake bridge
-------------------------------------+------------------------------
Reporter: dcf | Owner: dcf
Type: task | Status: needs_review
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: turbotunnel | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+------------------------------
Changes (by dcf):
* status: assigned => needs_review
Old description:
> We now have a
> [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel
> turbotunnel branch] of Snowflake that uses an inner transport protocol to
> migrate session across multiple proxies.
> * https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-February/000059.html
> And some first-draft Tor Browser builds that can use it:
> * https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-February/000069.html
>
> I want to deploy a bridge that supports Turbo Tunnel, then make Tor
> Browser builds and invite testers to test them.
>
> There's the question of whether to run the Turbo Tunnel code on the
> existing public bridge, or to set up a second bridge reserved for the
> Turbo Tunnel experiment. I propose to run the Turbo Tunnel code on the
> existing public bridge (i.e., snowflake.torproject.net). This is because
> (1) the Turbo Tunnel server is [https://lists.torproject.org/pipermail
> /anti-censorship-team/2020-February/000062.html backward-compatible] with
> non–Turbo Tunnel clients, and (2) we would need to somehow provide proxy
> capacity for the second bridge, which our current proxy code cannot
> easily handle. Running a separate bridge would have the advantage,
> though, that because we would have to run our own special proxy-go
> instances to support it, we could closely control the proxy environment;
> but part of my goal in an experimental deployment is to see how the Turbo
> Tunnel code fares with the organic proxies we have now.
>
> I've have versions of the code using two different session/reliability
> protocol libraries: kcp-go and quic-go. Other than to note that two two
> libraries are [https://github.com/net4people/bbs/issues/14 basically
> equivalent in features], I haven't done much to compare them as to
> performance. kcp-go is more mature and stable, while quic-go
> [https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-February/000069.html add fewer dependencies to the Tor Browser
> build].
>
> We could make use of this opportunity to compare the two options. We set
> up a triple-mode bridge: supporting legacy, KCP, and QUIC clients. We
> make two Tor Browser builds, one with KCP and one with QUIC, and invite
> testing of both. Based on the results of user testing, we decide which we
> like better, and finally deploy only that option (and the backward-
> compatible mode). The only thing is, giving people two options to test is
> more confusing than giving them one.
New description:
We now have a
[https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel
turbotunnel branch] of Snowflake that uses an inner transport protocol to
migrate session across multiple proxies.
* https://lists.torproject.org/pipermail/anti-censorship-
team/2020-February/000059.html
And some first-draft Tor Browser builds that can use it:
* https://lists.torproject.org/pipermail/anti-censorship-
team/2020-February/000069.html
I want to deploy a bridge that supports Turbo Tunnel, then make Tor
Browser builds and invite testers to test them.
There's the question of whether to run the Turbo Tunnel code on the
existing public bridge, or to set up a second bridge reserved for the
Turbo Tunnel experiment. I propose to run the Turbo Tunnel code on the
existing public bridge (i.e., snowflake.torproject.net). This is because
(1) the Turbo Tunnel server is [https://lists.torproject.org/pipermail
/anti-censorship-team/2020-February/000062.html backward-compatible] with
non–Turbo Tunnel clients, and (2) we would need to somehow provide proxy
capacity for the second bridge, which our current proxy code cannot easily
handle. Running a separate bridge would have the advantage, though, that
because we would have to run our own special proxy-go instances to support
it, we could closely control the proxy environment; but part of my goal in
an experimental deployment is to see how the Turbo Tunnel code fares with
the organic proxies we have now.
I've have versions of the code using two different session/reliability
protocol libraries: kcp-go and quic-go. Other than to note that the two
libraries are [https://github.com/net4people/bbs/issues/14 basically
equivalent in features], I haven't done much to compare them as to
performance. kcp-go is more mature and stable, while quic-go
[https://lists.torproject.org/pipermail/anti-censorship-
team/2020-February/000069.html adds fewer dependencies to the Tor Browser
build].
We could make use of this opportunity to compare the two options. We set
up a triple-mode bridge: supporting legacy, KCP, and QUIC clients. We make
two Tor Browser builds, one with KCP and one with QUIC, and invite testing
of both. Based on the results of user testing, we decide which we like
better, and finally deploy only that option (and the backward-compatible
mode). The only thing is, giving people two options to test is more
confusing than giving them one.
--
Comment:
Shall we deploy the Turbo Tunnel bridge? I can do it as early as today. I
was waiting until we had figured out #33367 (and I've added the patch for
#33367 to the turbotunnel branch).
To be specific, what I want to do is build the server at commit
[https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel&id=da37211c74b7d6992f4cb07adb6033a684d56838
da37211c74b7d6992f4cb07adb6033a684d56838] to the public bridge. Then watch
it closely for a few hours to make sure it hasn't broken currently
deployed clients. The Tor Browser packages from comment:4 should start
working just by selecting "snowflake" from the menu, without extra
configuration.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33336#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list