c/ooni-probe-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4dc2907472
ooni-probe-cli/internal/ptx/obfs4.go

169 lines
5.1 KiB
Go
Raw Normal View History

feat: introduce ptx package for pluggable transports dialers (#373) * feat: introduce ptx package for pluggable transports dialers Version 2 of the pluggable transports specification defines a function that's like `Dial() (net.Conn, error`). Because we use contexts as much as possible in `probe-cli`, we are wrapping such an interface into a `DialContext` func. The code for obfs4 is adapted from https://github.com/ooni/probe-cli/pull/341. The code for snowflake is significantly easier than it is in https://github.com/ooni/probe-cli/pull/341, because now Snowflake supports the PTv2 spec (thanks @cohosh!). The code for setting up a pluggable transport listener has also been adapted from https://github.com/ooni/probe-cli/pull/341. We cannot merge this code yet, because we need unit testing, yet the newly added code already seems suitable for these use cases: 1. testing by dialing and seeing whether we can dial (which is not very useful but still better than not doing it); 2. spawning tor+pluggable transports for circumvention (we need a little more hammering like we did in https://github.com/ooni/probe-cli/pull/341, which is basically https://github.com/ooni/probe/issues/1565, and then we will be able to do that, as demonstrated by the new, simple client which already allows us to use pluggable transports with tor); 3. testing by launching tor (when available) with a set of pluggable transports (which depends on https://github.com/ooni/probe-engine/issues/897 and has not been assigned an issue yet). * fix: tweaks after self code-review * feat: write quick tests for ptx/obfs4 (They run in 0.4s, so I think it's fine for them to always run.) * feat(ptx/snowflake): write unit and integration tests * feat: create a fake PTDialer The idea is that we'll use this simpler PTDialer for testing. * feat: finish writing tests for new package * Apply suggestions from code review * Update internal/ptx/dependencies_test.go Co-authored-by: Arturo Filastò <arturo@openobservatory.org> * Update internal/ptx/dependencies_test.go Co-authored-by: Arturo Filastò <arturo@openobservatory.org> * chore: use as testing bridge one that's used by tor browser The previous testing bridge used to be used by tor browser but it was subsequently removed here: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e26e91bef8bd8d04d79bdd69f087efd808bc925d See https://github.com/ooni/probe-cli/pull/373#discussion_r649820724 Co-authored-by: Arturo Filastò <arturo@openobservatory.org>
2021-06-14 10:20:54 +02:00
package ptx
import (
"context"
"fmt"
"net"
"path/filepath"
"time"
pt "git.torproject.org/pluggable-transports/goptlib.git"
"github.com/ooni/probe-cli/v3/internal/runtimex"
"gitlab.com/yawning/obfs4.git/transports/base"
"gitlab.com/yawning/obfs4.git/transports/obfs4"
)
// DefaultTestingOBFS4Bridge is a factory that returns you
// an OBFS4Dialer configured for the bridge we use by default
// when testing. Of course, given the nature of obfs4, it's
// not wise to use this bridge in general. But, feel free to
// use this bridge for integration testing of this code.
func DefaultTestingOBFS4Bridge() *OBFS4Dialer {
// TODO(bassosimone): this is a public working bridge we have found
// with @hellais. We should ask @cohosh whether there's some obfs4 bridge
// dedicated to integration testing that we should use instead.
return &OBFS4Dialer{
Address: "192.95.36.142:443",
Cert: "qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ",
DataDir: "testdata",
Fingerprint: "CDF2E852BF539B82BD10E27E9115A31734E378C2",
IATMode: "1",
}
}
// OBFS4Dialer is a dialer for obfs4. Make sure you fill all
// the fields marked as mandatory before using.
type OBFS4Dialer struct {
// Address contains the MANDATORY proxy address.
Address string
// Cert contains the MANDATORY certificate parameter.
Cert string
// DataDir is the MANDATORY directory where to store obfs4 data.
DataDir string
// Fingerprint is the MANDATORY bridge fingerprint.
Fingerprint string
// IATMode contains the MANDATORY iat-mode parameter.
IATMode string
// UnderlyingDialer is the optional underlying dialer to
// use. If not set, we will use &net.Dialer{}.
UnderlyingDialer UnderlyingDialer
}
// DialContext establishes a connection with the given obfs4 proxy. The context
// argument allows to interrupt this operation midway.
func (d *OBFS4Dialer) DialContext(ctx context.Context) (net.Conn, error) {
cd, err := d.newCancellableDialer()
if err != nil {
return nil, err
}
return cd.dial(ctx, "tcp", d.Address)
}
// newCancellableDialer constructs a new cancellable dialer. This function
// is separate from DialContext for testing purposes.
func (d *OBFS4Dialer) newCancellableDialer() (*obfs4CancellableDialer, error) {
factory := d.newFactory()
parsedargs, err := d.parseargs(factory)
if err != nil {
return nil, err
}
return &obfs4CancellableDialer{
done: make(chan interface{}),
ud: d.underlyingDialer(), // choose proper dialer
factory: factory,
parsedargs: parsedargs,
}, nil
}
// newFactory creates an obfs4 factory instance.
func (d *OBFS4Dialer) newFactory() base.ClientFactory {
o4f := &obfs4.Transport{}
cf, err := o4f.ClientFactory(filepath.Join(d.DataDir, "obfs4"))
// the source code for this transport always returns a nil error
runtimex.PanicOnError(err, "unexpected o4f.ClientFactory failure")
return cf
}
// parseargs parses the obfs4 arguments.
func (d *OBFS4Dialer) parseargs(factory base.ClientFactory) (interface{}, error) {
args := &pt.Args{"cert": []string{d.Cert}, "iat-mode": []string{d.IATMode}}
return factory.ParseArgs(args)
}
// underlyingDialer returns a suitable UnderlyingDialer.
func (d *OBFS4Dialer) underlyingDialer() UnderlyingDialer {
if d.UnderlyingDialer != nil {
return d.UnderlyingDialer
}
return &net.Dialer{
Timeout: 15 * time.Second, // eventually interrupt connect
}
}
// obfs4CancellableDialer is a cancellable dialer for obfs4. It will run
// the dial proper in a background goroutine, thus allowing for its early
// cancellation.
type obfs4CancellableDialer struct {
// done is a channel that will be closed when done. In normal
// usage you don't want to await for this signal. But it's useful
// for testing to know that the background goroutine joined.
done chan interface{}
// factory is the factory for obfs4.
factory base.ClientFactory
// parsedargs contains the parsed args for obfs4.
parsedargs interface{}
// ud is the underlying Dialer to use.
ud UnderlyingDialer
}
// dial performs the dial.
func (d *obfs4CancellableDialer) dial(ctx context.Context, network, address string) (net.Conn, error) {
connch, errch := make(chan net.Conn), make(chan error, 1)
go func() {
defer close(d.done) // signal we're joining
conn, err := d.factory.Dial(network, address, d.innerDial, d.parsedargs)
if err != nil {
errch <- err // buffered channel
return
}
select {
case connch <- conn:
default:
conn.Close() // context won the race
}
}()
select {
case err := <-errch:
return nil, err
case conn := <-connch:
return conn, nil
case <-ctx.Done():
return nil, ctx.Err()
}
}
// innerDial performs the inner dial using the underlying dialer.
func (d *obfs4CancellableDialer) innerDial(network, address string) (net.Conn, error) {
return d.ud.DialContext(context.Background(), network, address)
}
// AsBridgeArgument returns the argument to be passed to
// the tor command line to declare this bridge.
func (d *OBFS4Dialer) AsBridgeArgument() string {
return fmt.Sprintf("obfs4 %s %s cert=%s iat-mode=%s",
d.Address, d.Fingerprint, d.Cert, d.IATMode)
}
// Name returns the pluggable transport name.
func (d *OBFS4Dialer) Name() string {
return "obfs4"
}
Reference in New Issue Copy Permalink