[tor-bugs] #33336 [Circumvention/Snowflake]: Trial deployment of Snowflake with Turbo Tunnel

Fri Feb 21 23:13:09 UTC 2020

#33336: Trial deployment of Snowflake with Turbo Tunnel
-------------------------------------+--------------------------
 Reporter:  dcf                      |          Owner:  dcf
     Type:  task                     |         Status:  accepted
 Priority:  Medium                   |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:  turbotunnel              |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+--------------------------

Comment (by dcf):

 Replying to [comment:12 dcf]:
 > Replying to [comment:11 dcf]:
 > >  * It may be my imagination, but I get the impression that everything
 works better while the connection is being used. Initially my impression
 was positive as I was trying to stress the system by having videos playing
 in the background. Then the experience became more frustrating as I tried
 normal text browsing and I encountered the occasional delays mentioned
 above. It made me think that perhaps there is something in the proxy that
 drops idle connections, but I didn't find anything like that. It's
 possible that this is my imagination and that my initial impression was
 just getting good luck with proxies.
 >
 > I think I know why idle browsing seemed to disconnect more, at least in
 the quic case.

 And I think I see what was going wrong with kcp as well. The keepalive
 interval was fine, but the idle timeout was too low (30 s). Because it
 takes over 30 s to realize that you have a bad proxy, the first bad proxy
 would kill your connection. The effect was magnified because the
 [https://gitweb.torproject.org/user/dcf/snowflake.git/tree/client/lib/snowflake.go?h
 =turbotunnel-kcp&id=874a11f6779429246263522fc751f1cc0d9c3af0#n91 copyLoop]
 function, when the session timed out due to idleness, would only exit the
 socks←webRTC loop, but would keep running the webRTC←socks loop for about
 another 2 minutes (might be tor SocksTimeout, not sure). So one bad proxy
 would knock you out for at least 2.5 minutes, as well as killing all your
 existing circuits.

 I made these commits:
  * [https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h
 =turbotunnel-kcp&id=5973a6940147f6e69fe9d74ebc4a912c89a59fd0 5973a694] Set
 the smux KeepAliveTimeout (idle timeout) to 10 minutes.
  * [https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h
 =turbotunnel-kcp&id=ec1468f841b7e40d7351e1426d4947ec2d3bead5 ec1468f8] Let
 copyLoop exit when either direction finishes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33336#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online