2021-04-03 19:57:21 +02:00
|
|
|
// Package tunnel allows to create tunnels to speak
|
|
|
|
|
// with OONI backends and other services.
|
2021-04-05 16:08:16 +02:00
|
|
|
//
|
|
|
|
|
// You need to fill a Config object and call Start to
|
|
|
|
|
// obtain an instance of Tunnel. The tunnel will expose
|
|
|
|
|
// a SOCKS5 proxy. You need to configure your HTTP
|
|
|
|
|
// code to use such a proxy. Remember to call the Stop
|
|
|
|
|
// method of a tunnel when you are done.
|
|
|
|
|
//
|
|
|
|
|
// There are two use cases for this package. The first
|
|
|
|
|
// use case is to enable urlgetter to perform measurements
|
|
|
|
|
// over tunnels (mainly psiphon).
|
|
|
|
|
//
|
|
|
|
|
// The second use case is to use tunnels to reach to the
|
|
|
|
|
// OONI backend when it's blocked. For the latter case
|
|
|
|
|
// we currently mainly use psiphon. In such a case, we'll
|
|
|
|
|
// use a psiphon configuration embedded into the OONI
|
|
|
|
|
// binary itself. When you are running a version of OONI
|
|
|
|
|
// that does not embed such a configuration, it won't
|
|
|
|
|
// be possible to address this use case.
|
|
|
|
|
//
|
2021-12-15 14:16:22 +01:00
|
|
|
// For tor tunnels, we have two distinct configurations: on
|
|
|
|
|
// mobile we use github.com/ooni/go-libtor; on desktop we use
|
|
|
|
|
// a more complex strategy. If the OONI_TOR_BINARY environment
|
|
|
|
|
// variable is set, we assume its value is the path to the
|
|
|
|
|
// tor binary and use it. Otherwise, we search for an executable
|
|
|
|
|
// called "tor" in the PATH and use it. Those two strategies
|
|
|
|
|
// are implemented, respectively by tormobile.go and tordesktop.go.
|
|
|
|
|
//
|
2021-04-05 16:08:16 +02:00
|
|
|
// See session.go in the engine package for more details
|
|
|
|
|
// concerning this second use case.
|
2021-02-02 12:05:47 +01:00
|
|
|
package tunnel
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"errors"
|
2021-04-05 11:27:41 +02:00
|
|
|
"fmt"
|
2021-02-02 12:05:47 +01:00
|
|
|
"net/url"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
2021-04-05 16:08:16 +02:00
|
|
|
// Session is a measurement session. We filter for the only
|
|
|
|
|
// functionality we're interested to use. That is, fetching the
|
|
|
|
|
// psiphon configuration from the OONI backend (if possible).
|
2021-04-05 17:41:15 +02:00
|
|
|
//
|
|
|
|
|
// Depending on how OONI is compiled, the psiphon configuration
|
|
|
|
|
// may be embedded into the binary. In such a case, we won't
|
|
|
|
|
// need to download the configuration from the backend.
|
2021-02-02 12:05:47 +01:00
|
|
|
type Session interface {
|
2021-04-05 16:08:16 +02:00
|
|
|
// FetchPsiphonConfig should fetch and return the psiphon config
|
|
|
|
|
// as a serialized JSON, or fail with an error.
|
2021-04-03 19:57:21 +02:00
|
|
|
FetchPsiphonConfig(ctx context.Context) ([]byte, error)
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
|
2021-04-05 16:08:16 +02:00
|
|
|
// Tunnel is a tunnel for communicating with OONI backends
|
|
|
|
|
// (and other services) to circumvent blocking.
|
2021-02-02 12:05:47 +01:00
|
|
|
type Tunnel interface {
|
2021-04-05 11:27:41 +02:00
|
|
|
// BootstrapTime returns the time it required to
|
2021-04-05 16:08:16 +02:00
|
|
|
// create a new tunnel instance.
|
2021-02-02 12:05:47 +01:00
|
|
|
BootstrapTime() time.Duration
|
2021-04-05 11:27:41 +02:00
|
|
|
|
2021-04-05 16:08:16 +02:00
|
|
|
// SOCKS5ProxyURL returns the SOCSK5 proxy URL.
|
2021-02-02 12:05:47 +01:00
|
|
|
SOCKS5ProxyURL() *url.URL
|
2021-04-05 11:27:41 +02:00
|
|
|
|
2021-04-05 16:08:16 +02:00
|
|
|
// Stop stops the tunnel. You should not attempt to
|
|
|
|
|
// use any other tunnel method after Stop.
|
2021-02-02 12:05:47 +01:00
|
|
|
Stop()
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-05 11:27:41 +02:00
|
|
|
// ErrEmptyTunnelDir indicates that config.TunnelDir is empty.
|
|
|
|
|
var ErrEmptyTunnelDir = errors.New("TunnelDir is empty")
|
|
|
|
|
|
|
|
|
|
// ErrUnsupportedTunnelName indicates that the given tunnel name
|
|
|
|
|
// is not supported by this package.
|
|
|
|
|
var ErrUnsupportedTunnelName = errors.New("unsupported tunnel name")
|
|
|
|
|
|
feat(torsf): collect tor logs, select rendezvous method, count bytes (#683)
This diff contains significant improvements over the previous
implementation of the torsf experiment.
We add support for configuring different rendezvous methods after
the convo at https://github.com/ooni/probe/issues/2004. In doing
that, I've tried to use a terminology that is consistent with the
names being actually used by tor developers.
In terms of what to do next, this diff basically instruments
torsf to always rendezvous using domain fronting. Yet, it's also
possible to change the rendezvous method from the command line,
when using miniooni, which allows to experiment a bit more. In the
same vein, by default we use a persistent tor datadir, but it's
also possible to use a temporary datadir using the cmdline.
Here's how a generic invocation of `torsf` looks like:
```bash
./miniooni -O DisablePersistentDatadir=true \
-O RendezvousMethod=amp \
-O DisableProgress=true \
torsf
```
(The default is `DisablePersistentDatadir=false` and
`RendezvousMethod=domain_fronting`.)
With this implementation, we can start measuring whether snowflake
and tor together can boostrap, which seems the most important thing
to focus on at the beginning. Understanding why the bootstrap most
often does not converge with a temporary datadir on Android devices
remains instead an open problem for now. (I'll also update the
relevant issues or create new issues after commit this.)
We also address some methodology improvements that were proposed
in https://github.com/ooni/probe/issues/1686. Namely:
1. we record the tor version;
2. we include the bootstrap percentage by reading the logs;
3. we set the anomaly key correctly;
4. we measure the bytes send and received (by `tor` not by `snowflake`, since
doing it for snowflake seems more complex at this stage).
What remains to be done is the possibility of including Snowflake
events into the measurement, which is not possible until the new
improvements at common/event in snowflake.git are included into a
tagged version of snowflake itself. (I'll make sure to mention
this aspect to @cohosh in https://github.com/ooni/probe/issues/2004.)
2022-02-07 17:05:36 +01:00
|
|
|
// DebugInfo contains information useful to debug issues
|
|
|
|
|
// when starting up a given tunnel fails.
|
|
|
|
|
type DebugInfo struct {
|
|
|
|
|
// LogFilePath is the path to the log file, which MAY
|
|
|
|
|
// be empty in case we don't have a log file.
|
|
|
|
|
LogFilePath string
|
|
|
|
|
|
|
|
|
|
// Name is the name of the tunnel and will always
|
|
|
|
|
// be properly set by the code.
|
|
|
|
|
Name string
|
|
|
|
|
|
|
|
|
|
// Version is the tunnel version. This field MAY be
|
|
|
|
|
// empty if we don't know the version.
|
|
|
|
|
Version string
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-05 16:08:16 +02:00
|
|
|
// Start starts a new tunnel by name or returns an error. We currently
|
|
|
|
|
// support the following tunnels:
|
|
|
|
|
//
|
|
|
|
|
// The "tor" tunnel requires the "tor" binary to be installed on
|
|
|
|
|
// your system. You can use config.TorArgs and config.TorBinary to
|
|
|
|
|
// select what binary to execute and with which arguments.
|
|
|
|
|
//
|
|
|
|
|
// The "psiphon" tunnel requires a configuration. Some builds of
|
|
|
|
|
// ooniprobe embed a configuration into the binary. When this
|
|
|
|
|
// is the case, the config.Session is a mocked object that just
|
2021-04-05 17:41:15 +02:00
|
|
|
// returns such a configuration.
|
2021-04-05 16:08:16 +02:00
|
|
|
//
|
|
|
|
|
// Otherwise, If there is no embedded psiphon configuration, the
|
2021-04-05 17:41:15 +02:00
|
|
|
// config.Session must be an ordinary engine.Session. In such a
|
2021-04-05 16:08:16 +02:00
|
|
|
// case, fetching the Psiphon configuration from the backend may
|
|
|
|
|
// fail when the backend is not reachable.
|
2021-04-05 17:41:15 +02:00
|
|
|
//
|
|
|
|
|
// The "fake" tunnel is a fake tunnel that just exposes a
|
|
|
|
|
// SOCKS5 proxy and then connects directly to server. We use
|
|
|
|
|
// this special kind of tunnel to implement tests.
|
feat(torsf): collect tor logs, select rendezvous method, count bytes (#683)
This diff contains significant improvements over the previous
implementation of the torsf experiment.
We add support for configuring different rendezvous methods after
the convo at https://github.com/ooni/probe/issues/2004. In doing
that, I've tried to use a terminology that is consistent with the
names being actually used by tor developers.
In terms of what to do next, this diff basically instruments
torsf to always rendezvous using domain fronting. Yet, it's also
possible to change the rendezvous method from the command line,
when using miniooni, which allows to experiment a bit more. In the
same vein, by default we use a persistent tor datadir, but it's
also possible to use a temporary datadir using the cmdline.
Here's how a generic invocation of `torsf` looks like:
```bash
./miniooni -O DisablePersistentDatadir=true \
-O RendezvousMethod=amp \
-O DisableProgress=true \
torsf
```
(The default is `DisablePersistentDatadir=false` and
`RendezvousMethod=domain_fronting`.)
With this implementation, we can start measuring whether snowflake
and tor together can boostrap, which seems the most important thing
to focus on at the beginning. Understanding why the bootstrap most
often does not converge with a temporary datadir on Android devices
remains instead an open problem for now. (I'll also update the
relevant issues or create new issues after commit this.)
We also address some methodology improvements that were proposed
in https://github.com/ooni/probe/issues/1686. Namely:
1. we record the tor version;
2. we include the bootstrap percentage by reading the logs;
3. we set the anomaly key correctly;
4. we measure the bytes send and received (by `tor` not by `snowflake`, since
doing it for snowflake seems more complex at this stage).
What remains to be done is the possibility of including Snowflake
events into the measurement, which is not possible until the new
improvements at common/event in snowflake.git are included into a
tagged version of snowflake itself. (I'll make sure to mention
this aspect to @cohosh in https://github.com/ooni/probe/issues/2004.)
2022-02-07 17:05:36 +01:00
|
|
|
//
|
|
|
|
|
// The return value is a triple:
|
|
|
|
|
//
|
|
|
|
|
// 1. a valid Tunnel on success, nil on failure;
|
|
|
|
|
//
|
|
|
|
|
// 2. debugging information (both on success and failure);
|
|
|
|
|
//
|
|
|
|
|
// 3. nil on success, an error on failure.
|
|
|
|
|
func Start(ctx context.Context, config *Config) (Tunnel, DebugInfo, error) {
|
2021-02-02 12:05:47 +01:00
|
|
|
switch config.Name {
|
2021-04-05 17:41:15 +02:00
|
|
|
case "fake":
|
|
|
|
|
return fakeStart(ctx, config)
|
2021-02-02 12:05:47 +01:00
|
|
|
case "psiphon":
|
2021-04-05 16:08:16 +02:00
|
|
|
return psiphonStart(ctx, config)
|
2022-10-03 16:52:20 +02:00
|
|
|
case "torsf":
|
|
|
|
|
return torsfStart(ctx, config)
|
2021-02-02 12:05:47 +01:00
|
|
|
case "tor":
|
2021-04-05 16:08:16 +02:00
|
|
|
return torStart(ctx, config)
|
2021-02-02 12:05:47 +01:00
|
|
|
default:
|
feat(torsf): collect tor logs, select rendezvous method, count bytes (#683)
This diff contains significant improvements over the previous
implementation of the torsf experiment.
We add support for configuring different rendezvous methods after
the convo at https://github.com/ooni/probe/issues/2004. In doing
that, I've tried to use a terminology that is consistent with the
names being actually used by tor developers.
In terms of what to do next, this diff basically instruments
torsf to always rendezvous using domain fronting. Yet, it's also
possible to change the rendezvous method from the command line,
when using miniooni, which allows to experiment a bit more. In the
same vein, by default we use a persistent tor datadir, but it's
also possible to use a temporary datadir using the cmdline.
Here's how a generic invocation of `torsf` looks like:
```bash
./miniooni -O DisablePersistentDatadir=true \
-O RendezvousMethod=amp \
-O DisableProgress=true \
torsf
```
(The default is `DisablePersistentDatadir=false` and
`RendezvousMethod=domain_fronting`.)
With this implementation, we can start measuring whether snowflake
and tor together can boostrap, which seems the most important thing
to focus on at the beginning. Understanding why the bootstrap most
often does not converge with a temporary datadir on Android devices
remains instead an open problem for now. (I'll also update the
relevant issues or create new issues after commit this.)
We also address some methodology improvements that were proposed
in https://github.com/ooni/probe/issues/1686. Namely:
1. we record the tor version;
2. we include the bootstrap percentage by reading the logs;
3. we set the anomaly key correctly;
4. we measure the bytes send and received (by `tor` not by `snowflake`, since
doing it for snowflake seems more complex at this stage).
What remains to be done is the possibility of including Snowflake
events into the measurement, which is not possible until the new
improvements at common/event in snowflake.git are included into a
tagged version of snowflake itself. (I'll make sure to mention
this aspect to @cohosh in https://github.com/ooni/probe/issues/2004.)
2022-02-07 17:05:36 +01:00
|
|
|
di := DebugInfo{}
|
|
|
|
|
return nil, di, fmt.Errorf("%w: %s", ErrUnsupportedTunnelName, config.Name)
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
}
|
