On Monday, December 12, 2022, 08:31:43 AM MST, David Fifield <david@bamsoftware.com> wrote:
On Sun, Dec 11, 2022 at 04:25:06AM +0000, Gary C. New via tor-relays wrote:
>> I was successfully able to get Snowflake cross-compiled and installed for
>> OpenWRT and Entware as a package.
> Thanks, nice work.
>> # opkg files snowflake
>> Package snowflake (2.4.1-1) is installed on root and has the following files:
>> /opt/bin/proxy
>> /opt/bin/client
>> /opt/bin/probetest
>> /opt/bin/broker
>> /opt/bin/server
>> /opt/bin/distinctcounter
>I don't think it makes sense to package the server or broker for
>OpenWRT. The client and proxy, sure. But the server and broker do not
>even run on the same host in an actual deployment. distinctcounter is
>just a metrics utility for the broker:
>https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/95
I agree it makes sense to package the client and proxy separate from the broker and server. This was just a quick and dirty test to see if I could get Snowflake cross-compiled and working on the OpenWRT and Entware platforms.
I am having some issues or misunderstandings with implementing Snowflake Proxy within Tor. I assumed that implementing Snowflake Proxy within Tor would be similar to OBFS4Bridge in that Tor would initialize Snowflake Proxy as a managed Pluggable Transport listening on the assigned ServerTransportListenAddr. I can see Snowflake Proxy initiate outbound requests, but I don't see it listen on the specified ServerTransportListenAddr and Port.
NOTE: Basic Inbound Connection Flow is Nginx (xxx.xxx.xxx.xxx:6031) => Snowflake Proxy (192.168.0.31:6031) => Tor (192.168.0.31:9001)
NOTE: I am only running Snowflake Proxy within the test torrc configuration.
# cat torrc
...
Nickname Snowflake31
ORPort xxx.xxx.xxx.xxx:443 NoListen
ORPort 192.168.0.31:9001 NoAdvertise
BridgeRelay 1
BridgeDistribution moat
ExtORPort 192.168.0.31:auto
###ServerTransportPlugin obfs31-1 exec /opt/bin/obfs4proxy -enableLogging
###ServerTransportListenAddr obfs31-1 192.168.0.31:3031
ServerTransportPlugin snowflake31-1 exec /opt/bin/proxy -log /tmp/snowflake.log -verbose
ServerTransportListenAddr snowflake31-1 192.168.0.31:6031
# ps w | grep -I tor
26303 tor 253m S /opt/sbin/tor -f /tmp/torrc --quiet
26304 tor 795m S /opt/bin/proxy -log /tmp/snowflake.log -verbose
# netstat -anp | grep proxy
tcp 0 0 192.168.0.31:49850 37.218.245.111:443 ESTABLISHED 26304/proxy
udp 0 0 192.168.0.31:33961 0.0.0.0:* 26304/proxy
udp 0 0 0.0.0.0:52654 0.0.0.0:* 26304/proxy
# tail -f /tmp/snowflake.log
...
2022/12/12 04:28:33 snowflake-proxy 2.4.1
2022/12/12 04:28:33 Proxy starting
2022/12/12 04:28:33 WebRTC: Created offer
2022/12/12 04:28:33 WebRTC: Set local description
2022/12/12 04:28:33 Offer: {"type":"offer","sdp":"v=0\r\no=- 4129729503856148472 1670819313 IN IP4 [scrubbed]\r\ns=-\r\nt=0 0\r\na=fingerprint:sha-256 3B:60:50:33:72:A1:35:91:44:7E:02:2E:F2:4E:0E:21:C2:24:1C:47:F7:43:A1:A7:F3:DE:BA:AB:3E:82:9E:11\r\na=extmap-allow-mixed\r\na=group:BUNDLE 0\r\nm=application 9 UDP/DTLS/SCTP webrtc-datachannel\r\nc=IN IP4 [scrubbed]\r\na=setup:actpass\r\na=mid:0\r\na=sendrecv\r\na=sctp-port:5000\r\na=ice-ufrag:glNJtRHnBjaRYRkg\r\na=ice-pwd:OxntNuRslEPhLgSstUnzwJFTPzPUGmzt\r\na=candidate:551460743 1 udp 2130706431 [scrubbed] 50786 typ host\r\na=candidate:551460743 2 udp 2130706431 [scrubbed] 50786 typ host\r\na=candidate:1335998215 1 udp 1694498815 [scrubbed] 45684 typ srflx raddr [scrubbed] rport 45684\r\na=candidate:1335998215 2 udp 1694498815 [scrubbed] 45684 typ srflx raddr [scrubbed] rport 45684\r\na=end-of-candidates\r\n"}
2022/12/12 04:29:00 NAT Type measurement: unknown -> restricted = restricted
2022/12/12 04:29:00 NAT type: restricted
...
2022/12/12 04:29:11 sdp offer successfully received.
2022/12/12 04:29:11 Generating answer...
...
2022/12/12 04:29:31 Timed out waiting for client to open data channel.
2022/12/12 04:29:41 sdp offer successfully received.
2022/12/12 04:29:41 Generating answer...
2022/12/12 04:30:02 Timed out waiting for client to open data channel.
...
2022/12/12 04:32:05 sdp offer successfully received.
2022/12/12 04:32:05 Generating answer...
2022/12/12 04:32:26 Timed out waiting for client to open data channel.
Is it possible to use Snowflake Proxy as a managed Pluggable Transport similar to OBFS4Bridge within Tor? It would be helpful to have a torrc configuration example within the Standalone Snowflake Proxy documentation.
Thanks, again, for your guidance and assistance.
Respectfully,
Gary