[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #33745 [Circumvention/Snowflake]: Merge a turbotunnel branch
#33745: Merge a turbotunnel branch
-------------------------------------+--------------------------
Reporter: dcf | Owner: dcf
Type: task | Status: assigned
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: turbotunnel | Actual Points:
Parent ID: #19001 | Points:
Reviewer: | Sponsor:
-------------------------------------+--------------------------
Old description:
> Snowflake turbo tunnel features have now been through a test deployment
> (#33336) and a few iterations of Tor Browser packages. There haven't been
> as many test reports as I'd like, but what testing there has been has
> been mostly positive. Turbo tunnel–like features are a dependency of some
> of the tasks for a stable release of Snowflake (#19001). So we should
> merge it.
>
> Some sub-tasks:
> * Decide between the
> [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-
> kcp KCP] and [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h
> =turbotunnel-quic QUIC branch].
> * Test without `LearnCircuitBuildTimeout 0` and find another workaround,
> if necessary. See comment:15:ticket:33336.
> * Rebase and clean history of the chosen branch.
> * Redeploy bridge from master.
>
> Summary of turbo tunnel development history till now:
> * [https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-February/000059.html Turbo Tunnel in Snowflake]
> * [https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-February/000074.html Second draft of Turbo Tunnel Snowflake
> packages]
> * [https://lists.torproject.org/pipermail/anti-censorship-
> team/2020-March/000075.html Third draft of Turbo Tunnel Snowflake
> packages]
> * [[#33336|Trial deployment of Snowflake with Turbo Tunnel]]
> * [[#33519|Support multiple simultaneous SOCKS connections]]
>
> One bug that may or not be snowflake's fault:
> * [[#33669|"Pluggable Transport process terminated" but Tor keeps on
> going (and of course doesn't work)]]
New description:
Snowflake turbo tunnel features have now been through a test deployment
(#33336) and a few iterations of Tor Browser packages. There haven't been
as many test reports as I'd like, but what testing there has been has been
mostly positive. Turbo tunnel–like features are a dependency of some of
the tasks for a stable release of Snowflake (#19001). So we should merge
it.
Some sub-tasks:
* Decide between the
[https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-
kcp KCP] and [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h
=turbotunnel-quic QUIC branch].
* Test without `LearnCircuitBuildTimeout 0` and find another workaround,
if necessary. See comment:15:ticket:33336.
* Rebase and clean history of the chosen branch.
* Redeploy bridge from master.
Summary of turbo tunnel development history till now:
* [https://lists.torproject.org/pipermail/anti-censorship-
team/2020-February/000059.html Turbo Tunnel in Snowflake]
* [https://lists.torproject.org/pipermail/anti-censorship-
team/2020-February/000074.html Second draft of Turbo Tunnel Snowflake
packages]
* [https://lists.torproject.org/pipermail/anti-censorship-
team/2020-March/000075.html Third draft of Turbo Tunnel Snowflake
packages]
* [[ticket:33336|Trial deployment of Snowflake with Turbo Tunnel]]
* [[ticket:33519|Support multiple simultaneous SOCKS connections]]
One bug that may or not be snowflake's fault:
* [[#33669|"Pluggable Transport process terminated" but Tor keeps on going
(and of course doesn't work)]]
--
Comment (by dcf):
Replying to [ticket:33745 dcf]:
> * Decide between the
[https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=turbotunnel-
kcp KCP] and [https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h
=turbotunnel-quic QUIC branch].
On this point, I advocate for the kcp-go branch. I think that quic-go will
be the cause of a lot of maintenance difficulties. There's nothing really
wrong with QUIC the protocol (apart from it still being a changing
standard); the problem is the instability of the quic-go package.
* quic-go doesn't have a stable API, and the API
[https://gitweb.torproject.org/user/dcf/snowflake.git/commit/?h
=turbotunnel-quic&id=42c07f2c140e4c6f1f752329a67fdf15cd6bd8c5 has broken]
in the time I've been using it.
* quic-go is tightly coupled to a specific version of Go and its standard
library, because it uses internal data structures of the crypto/tls
package. If you compile quic-go with the wrong version of Go, you get an
error not at compile time but at runtime. The version of quic-go currently
being used requires Go 1.13, which means it cannot be built in Tor Browser
until Tor Browser upgrades its own version of Go, which is currently
stalled pending changes in rbm (#32027). It cuts the other way as well:
any future upgrade of Go will require a simultaneous upgrade of quic-go
and work to fix any API breakage.
* Upgrading quic-go past where it is now pinned will add a lot of weighty
dependencies (comment:15:ticket:33336).
* The quic-go repository is volatile. Not [[comment:1:ticket:33401|once]]
but [https://github.com/lucas-clemente/quic-go/issues/2172 twice] I
encountered significant bugs whose fix was only a few days or weeks old,
not yet in any numbered release.
* Different versions of quic-go do not necessarily interoperate.
Specifically, I know that the version of quic-go currently packaged in Tor
Browser (as a dependency of pion-webrtc), which is less than one year old,
does not interoperate with current versions of quic-go, because the old
version does not send ALPN in its TLS handshake, and newer versions
require it.
Could I be wrong in my assessment? Of course. kcp-go is not perfect either
--in particular I'm thinking about patching it to remove what of its
dependencies we don't use. If quic-go were the only option, I would say go
ahead with it, and live with the maintenance costs. But my considered
opinion is that it is more risky to deploy a system based on quic-go than
one based on kcp-go and smux.
Replying to [comment:1 arma]:
> So as we choose, we should learn if kcp has gotten much testing.
I know you mean well, but I find comments like this demoralizing. You make
it sound as I have not been thinking about this among many considerations
for months, and going out of my way to document my reasoning. You should
read my [https://github.com/net4people/bbs/issues/14 initial candidate
protocol evaluation] if you have not already.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33745#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs