[tor-bugs] #33336 [Circumvention/Snowflake]: Trial deployment of Snowflake with Turbo Tunnel
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 22 06:16:30 UTC 2020
#33336: Trial deployment of Snowflake with Turbo Tunnel
-------------------------------------+--------------------------
Reporter: dcf | Owner: dcf
Type: task | Status: accepted
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: turbotunnel | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+--------------------------
Comment (by dcf):
Replying to [comment:12 dcf]:
> I can try doing another Tor Browser build with a more recent version of
quic-go, assuming I can find a new enough version of quic-go that is also
compatible with pion-quic (which
[https://github.com/pion/quic/blob/v0.1.1/go.mod#L4 currently specifies]
the old version from 2019-04-01).
I have a couple of updated branches and I'm starting on Tor Browser builds
with them. They make the kcp idle timeout fix from comment:14 and update
to a newer quic-go as mentioned in comment:12.
* [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h
=turbotunnel-kcp&id=90746c1c3fce5db371038b092c32abb548504d9d turbotunnel-
kcp]
* [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h
=turbotunnel-quic&id=42c07f2c140e4c6f1f752329a67fdf15cd6bd8c5 turbotunnel-
quic]
The upgrade of quic-go was a bit of a gross process. The
[https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h
=turbotunnel-quic&id=42c07f2c140e4c6f1f752329a67fdf15cd6bd8c5 API changes]
are mild. pion-quic is unfortunately incompatible with the newer version;
but I worked around that with a patch in the tor-browser-build project. I
selected a very specific commit of quic-go to upgrade to: we need at least
[https://github.com/lucas-clemente/quic-
go/commit/6407f5bf680283bf7e3755976306767da2c55e66 6407f5bf] because it
has the keepalive fix for comment:12 and those in #33401. But I didn't
want to use [https://github.com/lucas-clemente/quic-
go/commit/572ef44cf2d1197428f493e90cdfdd161e584f2c 572ef44c] or later,
because it adds a huge number of new transitive dependencies that I didn't
have the ambition to start packaging for tor-browser-build. (It's a
''lot'' of dependencies—`go mod graph` goes from 59 lines to 283 lines.
And one of the dependencies—google.golang.org/api—is over 550 MB!)
Upgrading quic-go also requires upgrading go itself to 1.13, because the
qtls library is coupled to crypto/tls in the standard library. The
upgraded client was not compatible with the server I deployed in
comment:8, so I rebuilt the server at commit
[https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel&id=42c07f2c140e4c6f1f752329a67fdf15cd6bd8c5
42c07f2c] and deployed it at 2020-02-22T04:13:
{{{
lrwxrwxrwx 1 root root 37 Feb 22 04:12 snowflake-server ->
snowflake-server.turbotunnel.42c07f2c
-rwxr-xr-x 1 root root 9067083 Feb 18 23:18 snowflake-server.normal
-rwxr-xr-x 1 root root 15648527 Feb 22 04:11 snowflake-
server.turbotunnel.42c07f2c
-rwxr-xr-x 1 root root 12459290 Feb 19 18:01 snowflake-
server.turbotunnel.da37211c
}}}
Overall, it's making me feel more and more meh about deploying quic-go; it
and QUIC are still changing fast and I foresee maintenance and
compatibility difficulties.
In the new Tor Browser builds I'm going to enable snowflake-client logging
by default and enable some torrc options to try and make tor more
reluctant to give up on its circuits. The latter idea I got from the
[http://meetbot.debian.net/tor-meeting/2020/tor-
meeting.2020-02-20-18.00.log.html#l-32 2020-02-20 anti-censorship meeting]
(staring at about 18:10:00).
{{{
LearnCircuitBuildTimeout 0
CircuitBuildTimeout 300
CircuitStreamTimeout 300
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33336#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list