feat(torsf): collect tor logs, select rendezvous method, count bytes (#683)

This diff contains significant improvements over the previous
implementation of the torsf experiment.

We add support for configuring different rendezvous methods after
the convo at https://github.com/ooni/probe/issues/2004. In doing
that, I've tried to use a terminology that is consistent with the
names being actually used by tor developers.

In terms of what to do next, this diff basically instruments
torsf to always rendezvous using domain fronting. Yet, it's also
possible to change the rendezvous method from the command line,
when using miniooni, which allows to experiment a bit more. In the
same vein, by default we use a persistent tor datadir, but it's
also possible to use a temporary datadir using the cmdline.

Here's how a generic invocation of `torsf` looks like:

```bash
./miniooni -O DisablePersistentDatadir=true \
           -O RendezvousMethod=amp \
           -O DisableProgress=true \
           torsf
```

(The default is `DisablePersistentDatadir=false` and
`RendezvousMethod=domain_fronting`.)

With this implementation, we can start measuring whether snowflake
and tor together can boostrap, which seems the most important thing
to focus on at the beginning. Understanding why the bootstrap most
often does not converge with a temporary datadir on Android devices
remains instead an open problem for now. (I'll also update the
relevant issues or create new issues after commit this.)

We also address some methodology improvements that were proposed
in https://github.com/ooni/probe/issues/1686. Namely:

1. we record the tor version;

2. we include the bootstrap percentage by reading the logs;

3. we set the anomaly key correctly;

4. we measure the bytes send and received (by `tor` not by `snowflake`, since
doing it for snowflake seems more complex at this stage).

What remains to be done is the possibility of including Snowflake
events into the measurement, which is not possible until the new
improvements at common/event in snowflake.git are included into a
tagged version of snowflake itself. (I'll make sure to mention
this aspect to @cohosh in https://github.com/ooni/probe/issues/2004.)

internal/ptx/dependencies.go

@@ -1,8 +0,0 @@
-package ptx
-
-import (
-	"github.com/ooni/probe-cli/v3/internal/model"
-)
-
-// defaultLogger is the default silentLogger instance.
-var defaultLogger model.Logger = model.DiscardLogger

internal/ptx/dependencies_test.go

@@ -1,11 +0,0 @@
-package ptx
-
-import "testing"
-
-func TestCoverSilentLogger(t *testing.T) {
-	// let us not be distracted by uncovered lines that can
-	// easily be covered, we can easily cover defaultLogger
-	defaultLogger.Debugf("foo")
-	defaultLogger.Infof("bar")
-	defaultLogger.Warnf("baz")
-}

internal/ptx/obfs4.go

@@ -125,7 +125,8 @@ type obfs4CancellableDialer struct {
 }
 
 // dial performs the dial.
-func (d *obfs4CancellableDialer) dial(ctx context.Context, network, address string) (net.Conn, error) {
+func (d *obfs4CancellableDialer) dial(
+	ctx context.Context, network, address string) (net.Conn, error) {
 	connch, errch := make(chan net.Conn), make(chan error, 1)
 	go func() {
 		defer close(d.done) // signal we're joining

internal/ptx/obfs4_test.go

@@ -74,7 +74,8 @@ func TestOBFS4DialerFailsWithConnectionErrorAndContextExpiration(t *testing.T) {
 	wg := &sync.WaitGroup{}
 	wg.Add(1)
 	o4d.UnderlyingDialer = &mocks.Dialer{
-		MockDialContext: func(ctx context.Context, network string, address string) (net.Conn, error) {
+		MockDialContext: func(
+			ctx context.Context, network string, address string) (net.Conn, error) {
 			cancel()
 			<-sigch
 			wg.Done()
@@ -114,8 +115,9 @@ func TestOBFS4DialerWorksWithContextExpiration(t *testing.T) {
 	called := &atomicx.Int64{}
 	o4d := DefaultTestingOBFS4Bridge()
 	o4d.UnderlyingDialer = &mocks.Dialer{
-		MockDialContext: func(ctx context.Context, network string, address string) (net.Conn, error) {
-			// We cancel the context before returning the error, which makes
+		MockDialContext: func(
+			ctx context.Context, network string, address string) (net.Conn, error) {
+			// We cancel the context before returning the conn, which makes
 			// the context cancellation happen before us returning.
 			cancel()
 			conn, err := net.Dial(network, address)

internal/ptx/ptx.go

@@ -46,6 +46,7 @@ import (
 	"sync"
 
 	pt "git.torproject.org/pluggable-transports/goptlib.git"
+	"github.com/ooni/probe-cli/v3/internal/bytecounter"
 	"github.com/ooni/probe-cli/v3/internal/model"
 	"github.com/ooni/probe-cli/v3/internal/netxlite"
 )
@@ -69,15 +70,23 @@ type PTDialer interface {
 // you fill the mandatory fields before using it. Do not modify public
 // fields after you called Start, since this causes data races.
 type Listener struct {
+	// ExperimentByteCounter is the OPTIONAL byte counter that
+	// counts the bytes consumed by the experiment.
+	ExperimentByteCounter *bytecounter.Counter
+
+	// Logger is the OPTIONAL logger. When not set, this library
+	// will not emit logs. (But the underlying pluggable transport
+	// may still emit its own log messages.)
+	Logger model.Logger
+
 	// PTDialer is the MANDATORY pluggable transports dialer
 	// to use. Both SnowflakeDialer and OBFS4Dialer implement this
 	// interface and can be thus safely used here.
 	PTDialer PTDialer
 
-	// Logger is the optional logger. When not set, this library
-	// will not emit logs. (But the underlying pluggable transport
-	// may still emit its own log messages.)
-	Logger model.Logger
+	// SessionByteCounter is the OPTIONAL byte counter that
+	// counts the bytes consumed by the session.
+	SessionByteCounter *bytecounter.Counter
 
 	// mu provides mutual exclusion for accessing internals.
 	mu sync.Mutex
@@ -100,7 +109,7 @@ func (lst *Listener) logger() model.Logger {
 	if lst.Logger != nil {
 		return lst.Logger
 	}
-	return defaultLogger
+	return model.DiscardLogger
 }
 
 // forward forwards the traffic from left to right and from right to left
@@ -151,6 +160,11 @@ func (lst *Listener) handleSocksConn(ctx context.Context, socksConn ptxSocksConn
 		lst.logger().Warnf("ptx: ContextDialer.DialContext error: %s", err)
 		return err // used for testing
 	}
+	// We _must_ wrap the ptConn. Wrapping the socks conn leads us to
+	// count the sent bytes as received and the received bytes as sent:
+	// bytes flow in the opposite direction there for the socks conn.
+	ptConn = bytecounter.MaybeWrap(ptConn, lst.SessionByteCounter)
+	ptConn = bytecounter.MaybeWrap(ptConn, lst.ExperimentByteCounter)
 	lst.forwardWithContext(ctx, socksConn, ptConn) // transfer ownership
 	return nil                                     // used for testing
 }

internal/ptx/snowflake.go

@@ -2,20 +2,130 @@ package ptx
 
 import (
 	"context"
+	"errors"
 	"net"
 
 	sflib "git.torproject.org/pluggable-transports/snowflake.git/v2/client/lib"
 	"github.com/ooni/probe-cli/v3/internal/stuninput"
 )
 
-// SnowflakeDialer is a dialer for snowflake. When optional fields are
-// not specified, we use defaults from the snowflake repository.
+// SnowflakeRendezvousMethod is the method which with we perform the rendezvous.
+type SnowflakeRendezvousMethod interface {
+	// Name is the name of the method.
+	Name() string
+
+	// AMPCacheURL returns a suitable AMP cache URL.
+	AMPCacheURL() string
+
+	// BrokerURL returns a suitable broker URL.
+	BrokerURL() string
+
+	// FrontDomain returns a suitable front domain.
+	FrontDomain() string
+}
+
+// NewSnowflakeRendezvousMethodDomainFronting is a rendezvous method
+// that uses domain fronting to perform the rendezvous.
+func NewSnowflakeRendezvousMethodDomainFronting() SnowflakeRendezvousMethod {
+	return &snowflakeRendezvousMethodDomainFronting{}
+}
+
+type snowflakeRendezvousMethodDomainFronting struct{}
+
+func (d *snowflakeRendezvousMethodDomainFronting) Name() string {
+	return "domain_fronting"
+}
+
+func (d *snowflakeRendezvousMethodDomainFronting) AMPCacheURL() string {
+	return ""
+}
+
+func (d *snowflakeRendezvousMethodDomainFronting) BrokerURL() string {
+	return "https://snowflake-broker.torproject.net.global.prod.fastly.net/"
+}
+
+func (d *snowflakeRendezvousMethodDomainFronting) FrontDomain() string {
+	return "cdn.sstatic.net"
+}
+
+// NewSnowflakeRendezvousMethodAMP is a rendezvous method that
+// uses the AMP cache to perform the rendezvous.
+func NewSnowflakeRendezvousMethodAMP() SnowflakeRendezvousMethod {
+	return &snowflakeRendezvousMethodAMP{}
+}
+
+type snowflakeRendezvousMethodAMP struct{}
+
+func (d *snowflakeRendezvousMethodAMP) Name() string {
+	return "amp"
+}
+
+func (d *snowflakeRendezvousMethodAMP) AMPCacheURL() string {
+	return "https://cdn.ampproject.org/"
+}
+
+func (d *snowflakeRendezvousMethodAMP) BrokerURL() string {
+	return "https://snowflake-broker.torproject.net/"
+}
+
+func (d *snowflakeRendezvousMethodAMP) FrontDomain() string {
+	return "www.google.com"
+}
+
+// ErrSnowflakeNoSuchRendezvousMethod indicates the given rendezvous
+// method is not supported by this implementation.
+var ErrSnowflakeNoSuchRendezvousMethod = errors.New("ptx: unsupported rendezvous method")
+
+// NewSnowflakeRendezvousMethod creates a new rendezvous method by name. We currently
+// support the following rendezvous methods:
+//
+// 1. "domain_fronting" uses domain fronting with the sstatic.net CDN;
+//
+// 2. "" means default and it is currently equivalent to "domain_fronting" (but
+// we don't guarantee that this default may change over time);
+//
+// 3. "amp" uses the AMP cache.
+//
+// Returns either a valid rendezvous method or an error.
+func NewSnowflakeRendezvousMethod(method string) (SnowflakeRendezvousMethod, error) {
+	switch method {
+	case "domain_fronting", "":
+		return NewSnowflakeRendezvousMethodDomainFronting(), nil
+	case "amp":
+		return NewSnowflakeRendezvousMethodAMP(), nil
+	default:
+		return nil, ErrSnowflakeNoSuchRendezvousMethod
+	}
+}
+
+// SnowflakeDialer is a dialer for snowflake. You SHOULD either use a factory
+// for constructing this type or set the fields marked as MANDATORY.
 type SnowflakeDialer struct {
-	// newClientTransport is an optional hook for creating
+	// RendezvousMethod is the MANDATORY rendezvous method to use.
+	RendezvousMethod SnowflakeRendezvousMethod
+
+	// newClientTransport is an OPTIONAL hook for creating
 	// an alternative snowflakeTransport in testing.
 	newClientTransport func(config sflib.ClientConfig) (snowflakeTransport, error)
 }
 
+// NewSnowflakeDialer creates a SnowflakeDialer with default settings.
+func NewSnowflakeDialer() *SnowflakeDialer {
+	return &SnowflakeDialer{
+		RendezvousMethod:   NewSnowflakeRendezvousMethodDomainFronting(),
+		newClientTransport: nil,
+	}
+}
+
+// NewSnowflakeDialerWithRendezvousMethod creates a SnowflakeDialer
+// using the given RendezvousMethod explicitly.
+func NewSnowflakeDialerWithRendezvousMethod(m SnowflakeRendezvousMethod) *SnowflakeDialer {
+	return &SnowflakeDialer{
+		RendezvousMethod:   m,
+		newClientTransport: nil,
+	}
+}
+
 // snowflakeTransport is anything that allows us to dial a snowflake
 type snowflakeTransport interface {
 	Dial() (net.Conn, error)
@@ -32,9 +142,9 @@ func (d *SnowflakeDialer) dialContext(
 	ctx context.Context) (net.Conn, chan interface{}, error) {
 	done := make(chan interface{})
 	txp, err := d.newSnowflakeClient(sflib.ClientConfig{
-		BrokerURL:          d.brokerURL(),
-		AmpCacheURL:        d.ampCacheURL(),
-		FrontDomain:        d.frontDomain(),
+		BrokerURL:          d.RendezvousMethod.BrokerURL(),
+		AmpCacheURL:        d.RendezvousMethod.AMPCacheURL(),
+		FrontDomain:        d.RendezvousMethod.FrontDomain(),
 		ICEAddresses:       d.iceAddresses(),
 		KeepLocalAddresses: false,
 		Max:                d.maxSnowflakes(),
@@ -68,35 +178,14 @@ func (d *SnowflakeDialer) dialContext(
 
 // newSnowflakeClient allows us to call a mock rather than
 // the real sflib.NewSnowflakeClient.
-func (d *SnowflakeDialer) newSnowflakeClient(config sflib.ClientConfig) (snowflakeTransport, error) {
+func (d *SnowflakeDialer) newSnowflakeClient(
+	config sflib.ClientConfig) (snowflakeTransport, error) {
 	if d.newClientTransport != nil {
 		return d.newClientTransport(config)
 	}
 	return sflib.NewSnowflakeClient(config)
 }
 
-// ampCacheURL returns a suitable AMP cache URL.
-func (d *SnowflakeDialer) ampCacheURL() string {
-	// I tried using the following AMP cache and always got:
-	//
-	// 2022/01/19 16:51:28 AMP cache rendezvous response: 500 Internal Server Error
-	//
-	// So I disabled the AMP cache until we figure it out.
-	//
-	//return "https://cdn.ampproject.org/"
-	return ""
-}
-
-// brokerURL returns a suitable broker URL.
-func (d *SnowflakeDialer) brokerURL() string {
-	return "https://snowflake-broker.torproject.net.global.prod.fastly.net/"
-}
-
-// frontDomain returns a suitable front domain.
-func (d *SnowflakeDialer) frontDomain() string {
-	return "cdn.sstatic.net"
-}
-
 // iceAddresses returns suitable ICE addresses.
 func (d *SnowflakeDialer) iceAddresses() []string {
 	return stuninput.AsSnowflakeInput()

internal/ptx/snowflake_test.go

@@ -11,12 +11,107 @@ import (
 	"github.com/ooni/probe-cli/v3/internal/model/mocks"
 )
 
+func TestSnowflakeMethodDomainFronting(t *testing.T) {
+	meth := NewSnowflakeRendezvousMethodDomainFronting()
+	if meth.AMPCacheURL() != "" {
+		t.Fatal("invalid amp cache URL")
+	}
+	const brokerURL = "https://snowflake-broker.torproject.net.global.prod.fastly.net/"
+	if meth.BrokerURL() != brokerURL {
+		t.Fatal("invalid broker URL")
+	}
+	const frontDomain = "cdn.sstatic.net"
+	if meth.FrontDomain() != frontDomain {
+		t.Fatal("invalid front domain")
+	}
+	if meth.Name() != "domain_fronting" {
+		t.Fatal("invalid name")
+	}
+}
+
+func TestSnowflakeMethodAMP(t *testing.T) {
+	meth := NewSnowflakeRendezvousMethodAMP()
+	const ampCacheURL = "https://cdn.ampproject.org/"
+	if meth.AMPCacheURL() != ampCacheURL {
+		t.Fatal("invalid amp cache URL")
+	}
+	const brokerURL = "https://snowflake-broker.torproject.net/"
+	if meth.BrokerURL() != brokerURL {
+		t.Fatal("invalid broker URL")
+	}
+	const frontDomain = "www.google.com"
+	if meth.FrontDomain() != frontDomain {
+		t.Fatal("invalid front domain")
+	}
+	if meth.Name() != "amp" {
+		t.Fatal("invalid name")
+	}
+}
+
+func TestNewSnowflakeRendezvousMethod(t *testing.T) {
+	t.Run("for domain_fronted", func(t *testing.T) {
+		meth, err := NewSnowflakeRendezvousMethod("domain_fronting")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if _, ok := meth.(*snowflakeRendezvousMethodDomainFronting); !ok {
+			t.Fatal("unexpected method type")
+		}
+	})
+
+	t.Run("for empty string", func(t *testing.T) {
+		meth, err := NewSnowflakeRendezvousMethod("")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if _, ok := meth.(*snowflakeRendezvousMethodDomainFronting); !ok {
+			t.Fatal("unexpected method type")
+		}
+	})
+
+	t.Run("for amp", func(t *testing.T) {
+		meth, err := NewSnowflakeRendezvousMethod("amp")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if _, ok := meth.(*snowflakeRendezvousMethodAMP); !ok {
+			t.Fatal("unexpected method type")
+		}
+	})
+
+	t.Run("for another value", func(t *testing.T) {
+		meth, err := NewSnowflakeRendezvousMethod("amptani")
+		if !errors.Is(err, ErrSnowflakeNoSuchRendezvousMethod) {
+			t.Fatal("unexpected error", err)
+		}
+		if meth != nil {
+			t.Fatal("unexpected method value")
+		}
+	})
+}
+
+func TestNewSnowflakeDialer(t *testing.T) {
+	dialer := NewSnowflakeDialer()
+	_, ok := dialer.RendezvousMethod.(*snowflakeRendezvousMethodDomainFronting)
+	if !ok {
+		t.Fatal("invalid rendezvous method type")
+	}
+}
+
+func TestNewSnowflakeDialerWithRendezvousMethod(t *testing.T) {
+	meth := NewSnowflakeRendezvousMethodAMP()
+	dialer := NewSnowflakeDialerWithRendezvousMethod(meth)
+	if meth != dialer.RendezvousMethod {
+		t.Fatal("invalid rendezvous method value")
+	}
+}
+
 func TestSnowflakeDialerWorks(t *testing.T) {
 	// This test may sadly run for a very long time (~10s)
 	if testing.Short() {
 		t.Skip("skip test in short mode")
 	}
-	sfd := &SnowflakeDialer{}
+	sfd := NewSnowflakeDialer()
 	conn, err := sfd.DialContext(context.Background())
 	if err != nil {
 		t.Fatal(err)
@@ -48,6 +143,7 @@ var _ snowflakeTransport = &mockableSnowflakeTransport{}
 
 func TestSnowflakeDialerWorksWithMocks(t *testing.T) {
 	sfd := &SnowflakeDialer{
+		RendezvousMethod: NewSnowflakeRendezvousMethodDomainFronting(),
 		newClientTransport: func(config sflib.ClientConfig) (snowflakeTransport, error) {
 			return &mockableSnowflakeTransport{
 				MockDial: func() (net.Conn, error) {
@@ -80,6 +176,7 @@ func TestSnowflakeDialerWorksWithMocks(t *testing.T) {
 func TestSnowflakeDialerCannotCreateTransport(t *testing.T) {
 	expected := errors.New("mocked error")
 	sfd := &SnowflakeDialer{
+		RendezvousMethod: NewSnowflakeRendezvousMethodDomainFronting(),
 		newClientTransport: func(config sflib.ClientConfig) (snowflakeTransport, error) {
 			return nil, expected
 		},
@@ -96,6 +193,7 @@ func TestSnowflakeDialerCannotCreateTransport(t *testing.T) {
 func TestSnowflakeDialerCannotCreateConnWithNoContextExpiration(t *testing.T) {
 	expected := errors.New("mocked error")
 	sfd := &SnowflakeDialer{
+		RendezvousMethod: NewSnowflakeRendezvousMethodDomainFronting(),
 		newClientTransport: func(config sflib.ClientConfig) (snowflakeTransport, error) {
 			return &mockableSnowflakeTransport{
 				MockDial: func() (net.Conn, error) {
@@ -118,6 +216,7 @@ func TestSnowflakeDialerCannotCreateConnWithContextExpiration(t *testing.T) {
 	defer cancel()
 	expected := errors.New("mocked error")
 	sfd := &SnowflakeDialer{
+		RendezvousMethod: NewSnowflakeRendezvousMethodDomainFronting(),
 		newClientTransport: func(config sflib.ClientConfig) (snowflakeTransport, error) {
 			return &mockableSnowflakeTransport{
 				MockDial: func() (net.Conn, error) {
@@ -141,6 +240,7 @@ func TestSnowflakeDialerWorksWithWithCancelledContext(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 	sfd := &SnowflakeDialer{
+		RendezvousMethod: NewSnowflakeRendezvousMethodDomainFronting(),
 		newClientTransport: func(config sflib.ClientConfig) (snowflakeTransport, error) {
 			return &mockableSnowflakeTransport{
 				MockDial: func() (net.Conn, error) {