[flashproxy/master] Move websocket-transport to /pluggable-transports/websocket.git. - tor-commits

3 Oct 2013

commit f3345057b19f842e7655f53df195bfbf3e590135
Author: David Fifield david@bamsoftware.com
Date:   Thu Oct 3 08:19:32 2013 -0700
Move websocket-transport to /pluggable-transports/websocket.git.
Per #9863.
---
 .gitignore                                         |    2 -
 README                                             |   16 +-
 doc/websocket-transport.txt                        |  219 -------
 websocket-transport/Makefile                       |   34 --
 websocket-transport/src/pt/pt.go                   |  605 --------------------
 websocket-transport/src/pt/socks/socks.go          |  107 ----
 .../src/websocket-client/websocket-client.go       |  254 --------
 .../src/websocket-server/websocket-server.go       |  285 ---------
 websocket-transport/src/websocket/websocket.go     |  431 --------------
 9 files changed, 4 insertions(+), 1949 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6195b6c..c3e5b7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,5 @@
 *.pyc
 /dist
 /py2exe-tmp
-/websocket-transport/websocket-client
-/websocket-transport/websocket-server
 /modules/nodejs/node_modules
 /modules/nodejs/flashproxy.js
diff --git a/README b/README
index 8f84ed8..ca93ce8 100644
--- a/README
+++ b/README
@@ -99,18 +99,10 @@ re-register:
== How to run a relay
-A server transport plugin for the WebSocket protocol is in the
-websocket-transport directory. To build it, you need development tools
-for the Go programming language ("apt-get install golang" on Debian).
-	$ cd websocket-transport
-	$ make
-	# make install
-You will need a version of Tor supporting the extended OR port protocol.
-	$ git clone https://git.torproject.org/user/asn/tor.git -b bug4773_rebase
-Add a line like the following to the relay's torrc. You can change the
---port option; make sure that port is open in the firewall.
-	ExtORPort 5555
-	ServerTransportPlugin websocket exec /usr/local/bin/websocket-server --port 9901
+Proxies talk to a relay running the websocket pluggable transport.
+Source code and documentation for the server transport plugin are in the
+Git repository at
+https://git.torproject.org/pluggable-transports/websocket.git.
== How to put a flash proxy badge on a web page
diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt
deleted file mode 100644
index a9d839f..0000000
--- a/doc/websocket-transport.txt
+++ /dev/null
@@ -1,219 +0,0 @@
-Title: WebSocket pluggable transport
-Author: David Fifield
-
-Overview
-
-  This proposal describes the "websocket" pluggable transport for Tor.
-  It uses the WebSocket protocol now implemented by many web browsers.
-  It is mostly a straightforward description of proxying WebSocket to
-  plain TCP, with special consideration for a base64 encoding for agents
-  that don't support binary WebSocket frames.
-
-Motivation
-
-  The WebSocket protocol is used by the "flash proxy" system that uses
-  web browsers as temporary proxies; browsers may connect to a relay
-  that supports this pluggable transport. Additionally, if WebSocket has
-  a lot of non-Tor use, it becomes a good target for tunneling, perhaps
-  in conjunction with a lower layer of obfuscation. WebSocket commonly
-  works over HTTP ports that are likely to get through a firewall.
-
-WebSocket overview
-
-  WebSocket is a protocol (rather, several mostly compatible protocols)
-  aimed at exposing socket-like functionality to JavaScript in web
-  browsers. It is partially aimed at supplanting techniques such as HTTP
-  long polling for client–server communication. WebSocket provides
-  bidirectional communication between a client and server, sufficient to
-  tunnel Tor traffic. A WebSocket session begins with an HTTP Upgrade
-  handshake. The socket carries data broken into variable-length
-  "messages" which are further broken into "frames." There are
-  distinguished frame opcodes that serve to send either data or control
-  information. Frames sent by the client (but not the server) are XORed
-  with a repeating 32-bit mask that is randomly generated per-frame.
-
-  Broadly speaking, there are two versions of WebSocket: the older
-  "hixie" protocol, and the newer "hybi" protocol which is now RFC 6455.
-  There are subprotocols within these two versions that differ only in
-  small ways: "hixie-75" and "hixie-76"; and "hybi-7", "hybi-10", and
-  "hybi-17". The older "hybi" sockets were supported by Firefox 4 and
-  Opera 11, but were later disabled because of problems with interaction
-  with reverse HTTP proxies. Current versions of Firefox and Chrome
-  support "hybi" sockets, while Safari only supports "hixie".
-
-  The "hybi" sockets support text frames and binary frames. Text frames
-  may only include UTF-8–encoded text; it is an error if payload doesn't
-  decode. Binary frames may contain any binary data. However, not all
-  web browsers support binary frames; they were first added to Firefox
-  in version 11. The "hixie" sockets have only text frames.
-
-Method name
-
-  The method name of the transport is "websocket". For example, these
-  are possible torrc configurations for a client and server,
-  respectively:
-
-UseBridges 1
-ClientTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --client
-Bridge websocket 198.51.100.1
-
-ServerTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --server
-
-The base64 subprotocol
-
-  The most convenient way to tunnel data over WebSocket is with binary
-  frames, but not all web browsers support binary frames. To work around
-  this, the "base64" subprotocol encodes binary data as base64 within
-  text frames. A client that knows it does not support binary frames
-  requests the base64 subprotocol by including "base64" in the value of
-  the Sec-WebSocket-Protocol header field. A server that also supports
-  this subprotocol by sending the value "base64" (and only "base64") in
-  the Sec-WebSocket-Protocol header field of its response. See under
-  "Examples" for examples of handshakes like this.
-
-  The base64 encoding is applied at the message level, not the frame
-  level. This means, in particular, that any '=' padding occurs only at
-  the end of a message, not at the end of each of its constituent
-  frames. So, for example, the 5-byte message "Hello", whose base64
-  encoding is "SGVsbG8=", may be sent as one text frame as follows:
-
-    0x81 0x08 "SGVsbG8="
-
-  or, for example, as two frames (one of 2 bytes and one of 6 bytes):
-
-    0x01 0x02 "SG" 0x81 0x06 "VsbG8="
-
-  When sent by a client, all frames including these must be masked. Here
-  is an example of a masked base64-encoded message sent as a single
-  frame (using the masking key 0x12345678):
-
-    0x81 0x18 0x12 0x34 0x56 0x78 0x41 0x73 0x00 0x0b 0x70 0x73 0x6e 0x45
-
-Examples
-
-  Here are examples of WebSocket handshakes and the beginning of data
-  transfer. The data is the beginning of a Tor connection (i.e., it
-  begins with a TLS handshake). Data are shown using C string syntax.
-  "> " at the beginning of a line indicates client-to-server
-  communication; "< " is server-to-client. "[...]" indicates contents
-  omitted for brevity. Newlines in the presentation are not significant.
-  This section is non-normative.
-
-  Using "hybi"/RFC 6455 WebSocket with binary frames:
-
-> GET / HTTP/1.1\r\n
-> Host: 192.0.2.1:80\r\n
-> Origin: http://example.com%5Cr%5Cn
-> Sec-WebSocket-Version: 13\r\n
-> Sec-WebSocket-Key: mzo2xSF9N8VUxuefqO0RSw==\r\n
-> Connection: Upgrade\r\n
-> Upgrade: websocket\r\n
-> \r\n
-< HTTP/1.1 101 Switching Protocols\r\n
-< Upgrade: websocket\r\n
-< Connection: Upgrade\r\n
-< Sec-WebSocket-Accept: fM0KjD7ixoxkl4PEXU6tNaTveSg=\r\n
-< \r\n
-> \x82\xfe\x01\x04\xc9\xd6\xdd\x29\xdf\xd5\xde\x29\x36\xd7[...]
-< \x16\x03\x01\x00\x31\x02\x00\x00\x2d\x03[...]
-
-  Using "hybi"/RFC 6455 WebSocket with the base64 subprotocol:
-
-> GET / HTTP/1.1\r\n
-> Host: 192.0.2.1:80\r\n
-> Origin: http://example.com%5Cr%5Cn
-> Sec-WebSocket-Version: 13\r\n
-> Sec-WebSocket-Protocol: base64\r\n
-> Sec-WebSocket-Key: k5Ybhw0XBDeBfmda1J9ooQ==\r\n
-> Connection: Upgrade\r\n
-> Upgrade: websocket\r\n
-> \r\n
-< HTTP/1.1 101 Switching Protocols\r\n
-< Upgrade: websocket\r\n
-< Connection: Upgrade\r\n
-< Sec-WebSocket-Accept: LYWpflPUHdal8U1BLPXWR3iqUrI=\r\n
-< Sec-WebSocket-Protocol: base64\r\n
-< \r\n
-> \x81\xfe\x01\x58\xbd\x94\x2a\x31\xfb\xf3\x67\x75\xfc\xc4[...]
-< \x81\x7e\x04\xd0FgMBADECAA[...]
-
-Considerations specific to pluggable transports
-
-  Endpoints must implement WebSocket according to RFC 6455; for example,
-  a server MUST close the connection if it receives an unmasked frame
-  from a client, and a client MUST close the connection if it receives a
-  masked frame from a server (RFC 6455 section 5.1). There are also
-  additional requirements for WebSocket when used as a Tor pluggable
-  transport.
-
-  Clients MUST implement the RFC 6455 version of the protocol and use it
-  for all connections. Servers MUST implement the RFC 6455 version of
-  the protocol and MAY also implement earlier versions. That is, a
-  server MAY check a client HTTP request to see if it matches an earlier
-  version of the protocol, and MAY begin communicating using that
-  protocol. Section 4.4 of RFC 6455 discusses supporting multiple
-  versions of the protocol.
-
-  Servers MUST support binary frames (opcode 2). Servers MAY also
-  support text frames (opcode 1). Servers supporting text frames MUST
-  implement the base64 subprotocol and accept it when requested by a
-  client in the Sec-WebSocket-Protocol header field. Text frames MUST
-  NOT be sent by either side if the base64 subprotocol has not been
-  negotiated. Any endpoint receiving a text frame when base64 has not
-  been negotiated, or a text message that cannot be decoded as base64,
-  MUST close the connection.
-
-  A client MUST NOT proceed after receiving any HTTP response status
-  code other than 101. In particular, it MUST NOT follow redirections
-  such as 301.
-
-  Endpoints SHOULD respond to Ping frames with a single Pong frame, but
-  nothing in this specification requires the sending of Ping frames.
-
-  Message and frame boundaries are not meaningful. Received non-control
-  messages are concatenated, in order, to reconstruct the original
-  stream. Endpoints SHOULD limit the size of messages they send. All
-  messages SHOULD be sent in a single frame.
-
-  Endpoints MUST limit the size of messages and frames that they will
-  buffer. When the sum of the length of already-buffered data and the
-  length of the next frame exceeds the limit, the endpoint MUST close
-  the connection and SHOULD do so with a status code of 1009 (see RFC
-  6455 section 7.4.1). Endpoints MUST be capable of receiving messages
-  containing up to 16384 bytes of binary data; this may require
-  buffering up to 21848 bytes of UTF-8–encoded base64 text.
-
-Questions/extensions
-
-  WebSocket also has a TLS-wrapped version, identified by using the
-  "wss" (as opposed to "ws") URL scheme. An advantage of this when
-  tunneling through a browser is that the TLS handshake will be exactly
-  that of a browser. However, this probably requires the certificates of
-  relays' server transport plugins to be trusted by browsers.
-
-References
-
-  "Pluggable transports for circumvention"
-  https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180-pluggable...
-
-  RFC 6455, "The WebSocket Protocol" (a.k.a. hybi-17)
-  https://tools.ietf.org/html/rfc6455
-
-  "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-10)"
-  (a.k.a. hybi-10)
-  https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
-
-  "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-7)"
-  (a.k.a. hybi-7)
-  https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-7
-
-  "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-00)"
-  (a.k.a. hybi-00, hixie-76)
-  https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-00
-
-  "The Web Socket protocol (draft-hixie-thewebsocketprotocol-75)"
-  (a.k.a. hixie-75)
-  https://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75
-
-  Browser support matrix
-  http://autobahn.ws/testsuite/reports/clients/index.html
diff --git a/websocket-transport/Makefile b/websocket-transport/Makefile
deleted file mode 100644
index 2ce4ffa..0000000
--- a/websocket-transport/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
-DESTDIR =
-PREFIX = /usr/local
-BINDIR = $(PREFIX)/bin
-
-PROGRAMS = websocket-client websocket-server
-
-export GOPATH = $(CURDIR)
-GOBUILDFLAGS =
-# Alternate flags to use gccgo, allowing cross-compiling for x86 from
-# x86_64, and presumably better optimization. Install this package:
-#   apt-get install gccgo-multilib
-# GOBUILDFLAGS = -compiler gccgo -gccgoflags "-O3 -m32 -static-libgo"
-
-all: websocket-server
-
-%: $(GOPATH)/src/%/*.go
-	go build $(GOBUILDFLAGS) "$*"
-
-# websocket-client has a special rule because "go get" is necessary.
-websocket-client: $(GOPATH)/src/websocket-client/*.go
-	go get -d $(GOBUILDFLAGS) websocket-client
-	go build $(GOBUILDFLAGS) websocket-client
-
-install:
-	mkdir -p "$(DESTDIR)$(BINDIR)"
-	cp -f websocket-server "$(DESTDIR)$(BINDIR)"
-
-clean:
-	rm -f $(PROGRAMS)
-
-fmt:
-	go fmt $(PROGRAMS)
-
-.PHONY: all install clean fmt
diff --git a/websocket-transport/src/pt/pt.go b/websocket-transport/src/pt/pt.go
deleted file mode 100644
index 6b40098..0000000
--- a/websocket-transport/src/pt/pt.go
+++ /dev/null
@@ -1,605 +0,0 @@
-// Tor pluggable transports library.
-//
-// Sample client usage:
-//
-// pt.ClientSetup([]string{"foo"})
-// ln, err := startSocksListener()
-// if err != nil {
-// 	panic(err.Error())
-// }
-// pt.Cmethod("foo", "socks4", ln.Addr())
-// pt.CmethodsDone()
-//
-// Sample server usage:
-//
-// var ptInfo pt.ServerInfo
-// info = pt.ServerSetup([]string{"foo", "bar"})
-// for _, bindAddr := range info.BindAddrs {
-// 	ln, err := startListener(bindAddr.Addr)
-// 	if err != nil {
-// 		pt.SmethodError(bindAddr.MethodName, err.Error())
-// 		continue
-// 	}
-// 	pt.Smethod(bindAddr.MethodName, ln.Addr())
-// }
-// pt.SmethodsDone()
-// func handler(conn net.Conn, methodName) {
-// 	or, err := pt.ConnectOr(&ptInfo, conn, methodName)
-// 	if err != nil {
-// 		return
-// 	}
-// 	// Do something with or and conn.
-// }
-
-package pt
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha256"
-	"crypto/subtle"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"os"
-	"strings"
-	"time"
-)
-
-func getenv(key string) string {
-	return os.Getenv(key)
-}
-
-// Abort with an ENV-ERROR if the environment variable isn't set.
-func getenvRequired(key string) string {
-	value := os.Getenv(key)
-	if value == "" {
-		EnvError(fmt.Sprintf("no %s environment variable", key))
-	}
-	return value
-}
-
-// Escape a string so it contains no byte values over 127 and doesn't contain
-// any of the characters '\x00', '\n', or '\'.
-func escape(s string) string {
-	var buf bytes.Buffer
-	for _, b := range []byte(s) {
-		if b == '\n' {
-			buf.WriteString("\n")
-		} else if b == '\' {
-			buf.WriteString("\\")
-		} else if 0 < b && b < 128 {
-			buf.WriteByte(b)
-		} else {
-			fmt.Fprintf(&buf, "\x%02x", b)
-		}
-	}
-	return buf.String()
-}
-
-// Print a pluggable transports protocol line to stdout. The line consists of an
-// unescaped keyword, followed by any number of escaped strings.
-func Line(keyword string, v ...string) {
-	var buf bytes.Buffer
-	buf.WriteString(keyword)
-	for _, x := range v {
-		buf.WriteString(" " + escape(x))
-	}
-	fmt.Println(buf.String())
-	os.Stdout.Sync()
-}
-
-// All of the *Error functions call os.Exit(1).
-
-// Emit an ENV-ERROR with explanation text.
-func EnvError(msg string) {
-	Line("ENV-ERROR", msg)
-	os.Exit(1)
-}
-
-// Emit a VERSION-ERROR with explanation text.
-func VersionError(msg string) {
-	Line("VERSION-ERROR", msg)
-	os.Exit(1)
-}
-
-// Emit a CMETHOD-ERROR with explanation text.
-func CmethodError(methodName, msg string) {
-	Line("CMETHOD-ERROR", methodName, msg)
-	os.Exit(1)
-}
-
-// Emit an SMETHOD-ERROR with explanation text.
-func SmethodError(methodName, msg string) {
-	Line("SMETHOD-ERROR", methodName, msg)
-	os.Exit(1)
-}
-
-// Emit a CMETHOD line. socks must be "socks4" or "socks5". Call this once for
-// each listening client SOCKS port.
-func Cmethod(name string, socks string, addr net.Addr) {
-	Line("CMETHOD", name, socks, addr.String())
-}
-
-// Emit a CMETHODS DONE line. Call this after opening all client listeners.
-func CmethodsDone() {
-	Line("CMETHODS", "DONE")
-}
-
-// Emit an SMETHOD line. Call this once for each listening server port.
-func Smethod(name string, addr net.Addr) {
-	Line("SMETHOD", name, addr.String())
-}
-
-// Emit an SMETHODS DONE line. Call this after opening all server listeners.
-func SmethodsDone() {
-	Line("SMETHODS", "DONE")
-}
-
-// Get a pluggable transports version offered by Tor and understood by us, if
-// any. The only version we understand is "1". This function reads the
-// environment variable TOR_PT_MANAGED_TRANSPORT_VER.
-func getManagedTransportVer() string {
-	const transportVersion = "1"
-	for _, offered := range strings.Split(getenvRequired("TOR_PT_MANAGED_TRANSPORT_VER"), ",") {
-		if offered == transportVersion {
-			return offered
-		}
-	}
-	return ""
-}
-
-// Get the intersection of the method names offered by Tor and those in
-// methodNames. This function reads the environment variable
-// TOR_PT_CLIENT_TRANSPORTS.
-func getClientTransports(methodNames []string) []string {
-	clientTransports := getenvRequired("TOR_PT_CLIENT_TRANSPORTS")
-	if clientTransports == "*" {
-		return methodNames
-	}
-	result := make([]string, 0)
-	for _, requested := range strings.Split(clientTransports, ",") {
-		for _, methodName := range methodNames {
-			if requested == methodName {
-				result = append(result, methodName)
-				break
-			}
-		}
-	}
-	return result
-}
-
-// This structure is returned by ClientSetup. It consists of a list of method
-// names.
-type ClientInfo struct {
-	MethodNames []string
-}
-
-// Check the client pluggable transports environments, emitting an error message
-// and exiting the program if any error is encountered. Returns a subset of
-// methodNames requested by Tor.
-func ClientSetup(methodNames []string) ClientInfo {
-	var info ClientInfo
-
-	ver := getManagedTransportVer()
-	if ver == "" {
-		VersionError("no-version")
-	} else {
-		Line("VERSION", ver)
-	}
-
-	info.MethodNames = getClientTransports(methodNames)
-	if len(info.MethodNames) == 0 {
-		CmethodsDone()
-		os.Exit(1)
-	}
-
-	return info
-}
-
-// A combination of a method name and an address, as extracted from
-// TOR_PT_SERVER_BINDADDR.
-type BindAddr struct {
-	MethodName string
-	Addr       *net.TCPAddr
-}
-
-// Resolve an address string into a net.TCPAddr.
-func resolveBindAddr(bindAddr string) (*net.TCPAddr, error) {
-	addr, err := net.ResolveTCPAddr("tcp", bindAddr)
-	if err == nil {
-		return addr, nil
-	}
-	// Before the fixing of bug #7011, tor doesn't put brackets around IPv6
-	// addresses. Split after the last colon, assuming it is a port
-	// separator, and try adding the brackets.
-	parts := strings.Split(bindAddr, ":")
-	if len(parts) <= 2 {
-		return nil, err
-	}
-	bindAddr = "[" + strings.Join(parts[:len(parts)-1], ":") + "]:" + parts[len(parts)-1]
-	return net.ResolveTCPAddr("tcp", bindAddr)
-}
-
-// Return a new slice, the members of which are those members of addrs having a
-// MethodName in methodNames.
-func filterBindAddrs(addrs []BindAddr, methodNames []string) []BindAddr {
-	var result []BindAddr
-
-	for _, ba := range addrs {
-		for _, methodName := range methodNames {
-			if ba.MethodName == methodName {
-				result = append(result, ba)
-				break
-			}
-		}
-	}
-
-	return result
-}
-
-// Return a map from method names to bind addresses. The map is the contents of
-// TOR_PT_SERVER_BINDADDR, with keys filtered by TOR_PT_SERVER_TRANSPORTS, and
-// further filtered by the methods in methodNames.
-func getServerBindAddrs(methodNames []string) []BindAddr {
-	var result []BindAddr
-
-	// Get the list of all requested bindaddrs.
-	var serverBindAddr = getenvRequired("TOR_PT_SERVER_BINDADDR")
-	for _, spec := range strings.Split(serverBindAddr, ",") {
-		var bindAddr BindAddr
-
-		parts := strings.SplitN(spec, "-", 2)
-		if len(parts) != 2 {
-			EnvError(fmt.Sprintf("TOR_PT_SERVER_BINDADDR: %q: doesn't contain "-"", spec))
-		}
-		bindAddr.MethodName = parts[0]
-		addr, err := resolveBindAddr(parts[1])
-		if err != nil {
-			EnvError(fmt.Sprintf("TOR_PT_SERVER_BINDADDR: %q: %s", spec, err.Error()))
-		}
-		bindAddr.Addr = addr
-		result = append(result, bindAddr)
-	}
-
-	// Filter by TOR_PT_SERVER_TRANSPORTS.
-	serverTransports := getenvRequired("TOR_PT_SERVER_TRANSPORTS")
-	if serverTransports != "*" {
-		result = filterBindAddrs(result, strings.Split(serverTransports, ","))
-	}
-
-	// Finally filter by what we understand.
-	result = filterBindAddrs(result, methodNames)
-
-	return result
-}
-
-// Read and validate the contents of an auth cookie file. Returns the 32-byte
-// cookie. See section 4.2.1.2 of pt-spec.txt.
-func readAuthCookieFile(filename string) ([]byte, error) {
-	authCookieHeader := []byte("! Extended ORPort Auth Cookie !\x0a")
-	header := make([]byte, 32)
-	cookie := make([]byte, 32)
-
-	f, err := os.Open(filename)
-	if err != nil {
-		return cookie, err
-	}
-	defer f.Close()
-
-	n, err := io.ReadFull(f, header)
-	if err != nil {
-		return cookie, err
-	}
-	n, err = io.ReadFull(f, cookie)
-	if err != nil {
-		return cookie, err
-	}
-	// Check that the file ends here.
-	n, err = f.Read(make([]byte, 1))
-	if n != 0 {
-		return cookie, errors.New(fmt.Sprintf("file is longer than 64 bytes"))
-	} else if err != io.EOF {
-		return cookie, errors.New(fmt.Sprintf("did not find EOF at end of file"))
-	}
-
-	if !bytes.Equal(header, authCookieHeader) {
-		return cookie, errors.New(fmt.Sprintf("missing auth cookie header"))
-	}
-
-	return cookie, nil
-}
-
-// This structure is returned by ServerSetup. It consists of a list of
-// BindAddrs, an address for the ORPort, an address for the extended ORPort (if
-// any), and an authentication cookie (if any).
-type ServerInfo struct {
-	BindAddrs      []BindAddr
-	OrAddr         *net.TCPAddr
-	ExtendedOrAddr *net.TCPAddr
-	AuthCookie     []byte
-}
-
-// Check the server pluggable transports environments, emitting an error message
-// and exiting the program if any error is encountered. Resolves the various
-// requested bind addresses, the server ORPort and extended ORPort, and reads
-// the auth cookie file. Returns a ServerInfo struct.
-func ServerSetup(methodNames []string) ServerInfo {
-	var info ServerInfo
-	var err error
-
-	ver := getManagedTransportVer()
-	if ver == "" {
-		VersionError("no-version")
-	} else {
-		Line("VERSION", ver)
-	}
-
-	var orPort = getenvRequired("TOR_PT_ORPORT")
-	info.OrAddr, err = net.ResolveTCPAddr("tcp", orPort)
-	if err != nil {
-		EnvError(fmt.Sprintf("cannot resolve TOR_PT_ORPORT %q: %s", orPort, err.Error()))
-	}
-
-	info.BindAddrs = getServerBindAddrs(methodNames)
-	if len(info.BindAddrs) == 0 {
-		SmethodsDone()
-		os.Exit(1)
-	}
-
-	var extendedOrPort = getenv("TOR_PT_EXTENDED_SERVER_PORT")
-	if extendedOrPort != "" {
-		info.ExtendedOrAddr, err = net.ResolveTCPAddr("tcp", extendedOrPort)
-		if err != nil {
-			EnvError(fmt.Sprintf("cannot resolve TOR_PT_EXTENDED_SERVER_PORT %q: %s", extendedOrPort, err.Error()))
-		}
-	}
-
-	var authCookieFilename = getenv("TOR_PT_AUTH_COOKIE_FILE")
-	if authCookieFilename != "" {
-		info.AuthCookie, err = readAuthCookieFile(authCookieFilename)
-		if err != nil {
-			EnvError(fmt.Sprintf("error reading TOR_PT_AUTH_COOKIE_FILE %q: %s", authCookieFilename, err.Error()))
-		}
-	}
-
-	return info
-}
-
-// See 217-ext-orport-auth.txt section 4.2.1.3.
-func computeServerHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte {
-	h := hmac.New(sha256.New, info.AuthCookie)
-	io.WriteString(h, "ExtORPort authentication server-to-client hash")
-	h.Write(clientNonce)
-	h.Write(serverNonce)
-	return h.Sum([]byte{})
-}
-
-// See 217-ext-orport-auth.txt section 4.2.1.3.
-func computeClientHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte {
-	h := hmac.New(sha256.New, info.AuthCookie)
-	io.WriteString(h, "ExtORPort authentication client-to-server hash")
-	h.Write(clientNonce)
-	h.Write(serverNonce)
-	return h.Sum([]byte{})
-}
-
-func extOrPortAuthenticate(s *net.TCPConn, info *ServerInfo) error {
-	r := bufio.NewReader(s)
-
-	// Read auth types. 217-ext-orport-auth.txt section 4.1.
-	var authTypes [256]bool
-	var count int
-	for count = 0; count < 256; count++ {
-		b, err := r.ReadByte()
-		if err != nil {
-			return err
-		}
-		if b == 0 {
-			break
-		}
-		authTypes[b] = true
-	}
-	if count >= 256 {
-		return errors.New(fmt.Sprintf("read 256 auth types without seeing \x00"))
-	}
-
-	// We support only type 1, SAFE_COOKIE.
-	if !authTypes[1] {
-		return errors.New(fmt.Sprintf("server didn't offer auth type 1"))
-	}
-	_, err := s.Write([]byte{1})
-	if err != nil {
-		return err
-	}
-
-	clientNonce := make([]byte, 32)
-	clientHash := make([]byte, 32)
-	serverNonce := make([]byte, 32)
-	serverHash := make([]byte, 32)
-
-	_, err = io.ReadFull(rand.Reader, clientNonce)
-	if err != nil {
-		return err
-	}
-	_, err = s.Write(clientNonce)
-	if err != nil {
-		return err
-	}
-
-	_, err = io.ReadFull(r, serverHash)
-	if err != nil {
-		return err
-	}
-	_, err = io.ReadFull(r, serverNonce)
-	if err != nil {
-		return err
-	}
-
-	expectedServerHash := computeServerHash(info, clientNonce, serverNonce)
-	if subtle.ConstantTimeCompare(serverHash, expectedServerHash) != 1 {
-		return errors.New(fmt.Sprintf("mismatch in server hash"))
-	}
-
-	clientHash = computeClientHash(info, clientNonce, serverNonce)
-	_, err = s.Write(clientHash)
-	if err != nil {
-		return err
-	}
-
-	status := make([]byte, 1)
-	_, err = io.ReadFull(r, status)
-	if err != nil {
-		return err
-	}
-	if status[0] != 1 {
-		return errors.New(fmt.Sprintf("server rejected authentication"))
-	}
-
-	if r.Buffered() != 0 {
-		return errors.New(fmt.Sprintf("%d bytes left after extended OR port authentication", r.Buffered()))
-	}
-
-	return nil
-}
-
-// See section 3.1 of 196-transport-control-ports.txt.
-const (
-	extOrCmdDone      = 0x0000
-	extOrCmdUserAddr  = 0x0001
-	extOrCmdTransport = 0x0002
-	extOrCmdOkay      = 0x1000
-	extOrCmdDeny      = 0x1001
-)
-
-func extOrPortWriteCommand(s *net.TCPConn, cmd uint16, body []byte) error {
-	var buf bytes.Buffer
-	if len(body) > 65535 {
-		return errors.New("command exceeds maximum length of 65535")
-	}
-	err := binary.Write(&buf, binary.BigEndian, cmd)
-	if err != nil {
-		return err
-	}
-	err = binary.Write(&buf, binary.BigEndian, uint16(len(body)))
-	if err != nil {
-		return err
-	}
-	err = binary.Write(&buf, binary.BigEndian, body)
-	if err != nil {
-		return err
-	}
-	_, err = s.Write(buf.Bytes())
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Send a USERADDR command on s. See section 3.1.2.1 of
-// 196-transport-control-ports.txt.
-func extOrPortSendUserAddr(s *net.TCPConn, conn net.Conn) error {
-	return extOrPortWriteCommand(s, extOrCmdUserAddr, []byte(conn.RemoteAddr().String()))
-}
-
-// Send a TRANSPORT command on s. See section 3.1.2.2 of
-// 196-transport-control-ports.txt.
-func extOrPortSendTransport(s *net.TCPConn, methodName string) error {
-	return extOrPortWriteCommand(s, extOrCmdTransport, []byte(methodName))
-}
-
-// Send a DONE command on s. See section 3.1 of 196-transport-control-ports.txt.
-func extOrPortSendDone(s *net.TCPConn) error {
-	return extOrPortWriteCommand(s, extOrCmdDone, []byte{})
-}
-
-func extOrPortRecvCommand(s *net.TCPConn) (cmd uint16, body []byte, err error) {
-	var bodyLen uint16
-	data := make([]byte, 4)
-
-	_, err = io.ReadFull(s, data)
-	if err != nil {
-		return
-	}
-	buf := bytes.NewBuffer(data)
-	err = binary.Read(buf, binary.BigEndian, &cmd)
-	if err != nil {
-		return
-	}
-	err = binary.Read(buf, binary.BigEndian, &bodyLen)
-	if err != nil {
-		return
-	}
-	body = make([]byte, bodyLen)
-	_, err = io.ReadFull(s, body)
-	if err != nil {
-		return
-	}
-
-	return cmd, body, err
-}
-
-// Send USERADDR and TRANSPORT commands followed by a DONE command. Wait for an
-// OKAY or DENY response command from the server. Returns nil if and only if
-// OKAY is received.
-func extOrPortSetup(s *net.TCPConn, conn net.Conn, methodName string) error {
-	var err error
-
-	err = extOrPortSendUserAddr(s, conn)
-	if err != nil {
-		return err
-	}
-	err = extOrPortSendTransport(s, methodName)
-	if err != nil {
-		return err
-	}
-	err = extOrPortSendDone(s)
-	if err != nil {
-		return err
-	}
-	cmd, _, err := extOrPortRecvCommand(s)
-	if err != nil {
-		return err
-	}
-	if cmd == extOrCmdDeny {
-		return errors.New("server returned DENY after our USERADDR and DONE")
-	} else if cmd != extOrCmdOkay {
-		return errors.New(fmt.Sprintf("server returned unknown command 0x%04x after our USERADDR and DONE", cmd))
-	}
-
-	return nil
-}
-
-// Connect to info.ExtendedOrAddr if defined, or else info.OrAddr, and return an
-// open *net.TCPConn. If connecting to the extended OR port, extended OR port
-// authentication à la 217-ext-orport-auth.txt is done before returning; an
-// error is returned if authentication fails.
-func ConnectOr(info *ServerInfo, conn net.Conn, methodName string) (*net.TCPConn, error) {
-	if info.ExtendedOrAddr == nil {
-		return net.DialTCP("tcp", nil, info.OrAddr)
-	}
-
-	s, err := net.DialTCP("tcp", nil, info.ExtendedOrAddr)
-	if err != nil {
-		return nil, err
-	}
-	s.SetDeadline(time.Now().Add(5 * time.Second))
-	err = extOrPortAuthenticate(s, info)
-	if err != nil {
-		s.Close()
-		return nil, err
-	}
-	err = extOrPortSetup(s, conn, methodName)
-	if err != nil {
-		s.Close()
-		return nil, err
-	}
-	s.SetDeadline(time.Time{})
-
-	return s, nil
-}
diff --git a/websocket-transport/src/pt/socks/socks.go b/websocket-transport/src/pt/socks/socks.go
deleted file mode 100644
index 788d53c..0000000
--- a/websocket-transport/src/pt/socks/socks.go
+++ /dev/null
@@ -1,107 +0,0 @@
-// SOCKS4a server library.
-
-package socks
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-)
-
-const (
-	socksVersion         = 0x04
-	socksCmdConnect      = 0x01
-	socksResponseVersion = 0x00
-	socksRequestGranted  = 0x5a
-	socksRequestFailed   = 0x5b
-)
-
-// Read a SOCKS4a connect request, and call the given connect callback with the
-// requested destination string. If the callback returns an error, sends a SOCKS
-// request failed message. Otherwise, sends a SOCKS request granted message for
-// the destination address returned by the callback.
-func AwaitSocks4aConnect(conn *net.TCPConn, connect func(string) (*net.TCPAddr, error)) error {
-	dest, err := readSocks4aConnect(conn)
-	if err != nil {
-		sendSocks4aResponseFailed(conn)
-		return err
-	}
-	destAddr, err := connect(dest)
-	if err != nil {
-		sendSocks4aResponseFailed(conn)
-		return err
-	}
-	sendSocks4aResponseGranted(conn, destAddr)
-	return nil
-}
-
-// Read a SOCKS4a connect request. Returns a "host:port" string.
-func readSocks4aConnect(s io.Reader) (string, error) {
-	r := bufio.NewReader(s)
-
-	var h [8]byte
-	n, err := io.ReadFull(r, h[:])
-	if err != nil {
-		return "", errors.New(fmt.Sprintf("after %d bytes of SOCKS header: %s", n, err))
-	}
-	if h[0] != socksVersion {
-		return "", errors.New(fmt.Sprintf("SOCKS header had version 0x%02x, not 0x%02x", h[0], socksVersion))
-	}
-	if h[1] != socksCmdConnect {
-		return "", errors.New(fmt.Sprintf("SOCKS header had command 0x%02x, not 0x%02x", h[1], socksCmdConnect))
-	}
-
-	_, err = r.ReadBytes('\x00')
-	if err != nil {
-		return "", errors.New(fmt.Sprintf("reading SOCKS userid: %s", err))
-	}
-
-	var port int
-	var host string
-
-	port = int(h[2])<<8 | int(h[3])<<0
-	if h[4] == 0 && h[5] == 0 && h[6] == 0 && h[7] != 0 {
-		hostBytes, err := r.ReadBytes('\x00')
-		if err != nil {
-			return "", errors.New(fmt.Sprintf("reading SOCKS4a destination: %s", err))
-		}
-		host = string(hostBytes[:len(hostBytes)-1])
-	} else {
-		host = net.IPv4(h[4], h[5], h[6], h[7]).String()
-	}
-
-	if r.Buffered() != 0 {
-		return "", errors.New(fmt.Sprintf("%d bytes left after SOCKS header", r.Buffered()))
-	}
-
-	return fmt.Sprintf("%s:%d", host, port), nil
-}
-
-// Send a SOCKS4a response with the given code and address.
-func sendSocks4aResponse(w io.Writer, code byte, addr *net.TCPAddr) error {
-	var resp [8]byte
-	resp[0] = socksResponseVersion
-	resp[1] = code
-	resp[2] = byte((addr.Port >> 8) & 0xff)
-	resp[3] = byte((addr.Port >> 0) & 0xff)
-	resp[4] = addr.IP[0]
-	resp[5] = addr.IP[1]
-	resp[6] = addr.IP[2]
-	resp[7] = addr.IP[3]
-	_, err := w.Write(resp[:])
-	return err
-}
-
-var emptyAddr = net.TCPAddr{IP: net.IPv4(0, 0, 0, 0), Port: 0}
-
-// Send a SOCKS4a response code 0x5a.
-func sendSocks4aResponseGranted(w io.Writer, addr *net.TCPAddr) error {
-	return sendSocks4aResponse(w, socksRequestGranted, addr)
-}
-
-// Send a SOCKS4a response code 0x5b (with an all-zero address).
-func sendSocks4aResponseFailed(w io.Writer) error {
-	return sendSocks4aResponse(w, socksRequestFailed, &emptyAddr)
-}
diff --git a/websocket-transport/src/websocket-client/websocket-client.go b/websocket-transport/src/websocket-client/websocket-client.go
deleted file mode 100644
index 1c3b3b9..0000000
--- a/websocket-transport/src/websocket-client/websocket-client.go
+++ /dev/null
@@ -1,254 +0,0 @@
-// Tor websocket client transport plugin.
-//
-// Usage:
-// ClientTransportPlugin websocket exec ./websocket-client
-
-package main
-
-import (
-	"code.google.com/p/go.net/websocket"
-	"flag"
-	"fmt"
-	"io"
-	"net"
-	"net/url"
-	"os"
-	"os/signal"
-	"sync"
-	"time"
-)
-
-import "pt"
-import "pt/socks"
-
-const ptMethodName = "websocket"
-const socksTimeout = 2 * time.Second
-const bufSiz = 1500
-
-var logFile = os.Stderr
-
-// When a connection handler starts, +1 is written to this channel; when it
-// ends, -1 is written.
-var handlerChan = make(chan int)
-
-var logMutex sync.Mutex
-
-func usage() {
-	fmt.Printf("Usage: %s [OPTIONS]\n", os.Args[0])
-	fmt.Printf("WebSocket client pluggable transport for Tor.\n")
-	fmt.Printf("Works only as a managed proxy.\n")
-	fmt.Printf("\n")
-	fmt.Printf("  -h, --help    show this help.\n")
-	fmt.Printf("  --log FILE    log messages to FILE (default stderr).\n")
-	fmt.Printf("  --socks ADDR  listen for SOCKS on ADDR.\n")
-}
-
-func Log(format string, v ...interface{}) {
-	dateStr := time.Now().Format("2006-01-02 15:04:05")
-	logMutex.Lock()
-	defer logMutex.Unlock()
-	msg := fmt.Sprintf(format, v...)
-	fmt.Fprintf(logFile, "%s %s\n", dateStr, msg)
-}
-
-func proxy(local *net.TCPConn, ws *websocket.Conn) {
-	var wg sync.WaitGroup
-
-	wg.Add(2)
-
-	// Local-to-WebSocket read loop.
-	go func() {
-		buf := make([]byte, bufSiz)
-		var err error
-		for {
-			n, er := local.Read(buf[:])
-			if n > 0 {
-				ew := websocket.Message.Send(ws, buf[:n])
-				if ew != nil {
-					err = ew
-					break
-				}
-			}
-			if er != nil {
-				err = er
-				break
-			}
-		}
-		if err != nil && err != io.EOF {
-			Log("%s", err)
-		}
-		local.CloseRead()
-		ws.Close()
-
-		wg.Done()
-	}()
-
-	// WebSocket-to-local read loop.
-	go func() {
-		var buf []byte
-		var err error
-		for {
-			er := websocket.Message.Receive(ws, &buf)
-			if er != nil {
-				err = er
-				break
-			}
-			n, ew := local.Write(buf)
-			if ew != nil {
-				err = ew
-				break
-			}
-			if n != len(buf) {
-				err = io.ErrShortWrite
-				break
-			}
-		}
-		if err != nil && err != io.EOF {
-			Log("%s", err)
-		}
-		local.CloseWrite()
-		ws.Close()
-
-		wg.Done()
-	}()
-
-	wg.Wait()
-}
-
-func handleConnection(conn *net.TCPConn) error {
-	defer conn.Close()
-
-	handlerChan <- 1
-	defer func() {
-		handlerChan <- -1
-	}()
-
-	var ws *websocket.Conn
-
-	conn.SetDeadline(time.Now().Add(socksTimeout))
-	err := socks.AwaitSocks4aConnect(conn, func(dest string) (*net.TCPAddr, error) {
-		// Disable deadline.
-		conn.SetDeadline(time.Time{})
-		Log("SOCKS request for %s", dest)
-		destAddr, err := net.ResolveTCPAddr("tcp", dest)
-		if err != nil {
-			return nil, err
-		}
-		wsUrl := url.URL{Scheme: "ws", Host: dest}
-		ws, err = websocket.Dial(wsUrl.String(), "", wsUrl.String())
-		if err != nil {
-			return nil, err
-		}
-		Log("WebSocket connection to %s", ws.Config().Location.String())
-		return destAddr, nil
-	})
-	if err != nil {
-		return err
-	}
-	defer ws.Close()
-	proxy(conn, ws)
-	return nil
-}
-
-func socksAcceptLoop(ln *net.TCPListener) error {
-	for {
-		socks, err := ln.AcceptTCP()
-		if err != nil {
-			return err
-		}
-		go func() {
-			err := handleConnection(socks)
-			if err != nil {
-				Log("SOCKS from %s: %s", socks.RemoteAddr(), err)
-			}
-		}()
-	}
-	return nil
-}
-
-func startListener(addrStr string) (*net.TCPListener, error) {
-	addr, err := net.ResolveTCPAddr("tcp", addrStr)
-	if err != nil {
-		return nil, err
-	}
-	ln, err := net.ListenTCP("tcp", addr)
-	if err != nil {
-		return nil, err
-	}
-	go func() {
-		err := socksAcceptLoop(ln)
-		if err != nil {
-			Log("accept: %s", err)
-		}
-	}()
-	return ln, nil
-}
-
-func main() {
-	var logFilename string
-	var socksAddrStrs = []string{"127.0.0.1:0"}
-	var socksArg string
-
-	flag.Usage = usage
-	flag.StringVar(&logFilename, "log", "", "log file to write to")
-	flag.StringVar(&socksArg, "socks", "", "address on which to listen for SOCKS connections")
-	flag.Parse()
-
-	if logFilename != "" {
-		f, err := os.OpenFile(logFilename, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Can't open log file %q: %s.\n", logFilename, err.Error())
-			os.Exit(1)
-		}
-		logFile = f
-	}
-
-	if socksArg != "" {
-		socksAddrStrs = []string{socksArg}
-	}
-
-	Log("starting")
-	pt.ClientSetup([]string{ptMethodName})
-
-	listeners := make([]*net.TCPListener, 0)
-	for _, socksAddrStr := range socksAddrStrs {
-		ln, err := startListener(socksAddrStr)
-		if err != nil {
-			pt.CmethodError(ptMethodName, err.Error())
-		}
-		pt.Cmethod(ptMethodName, "socks4", ln.Addr())
-		Log("listening on %s", ln.Addr().String())
-		listeners = append(listeners, ln)
-	}
-	pt.CmethodsDone()
-
-	var numHandlers int = 0
-
-	signalChan := make(chan os.Signal, 1)
-	signal.Notify(signalChan, os.Interrupt)
-	var sigint bool = false
-	for !sigint {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-		case <-signalChan:
-			Log("SIGINT")
-			sigint = true
-		}
-	}
-
-	for _, ln := range listeners {
-		ln.Close()
-	}
-
-	sigint = false
-	for numHandlers != 0 && !sigint {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-		case <-signalChan:
-			Log("SIGINT")
-			sigint = true
-		}
-	}
-}
diff --git a/websocket-transport/src/websocket-server/websocket-server.go b/websocket-transport/src/websocket-server/websocket-server.go
deleted file mode 100644
index 207be8d..0000000
--- a/websocket-transport/src/websocket-server/websocket-server.go
+++ /dev/null
@@ -1,285 +0,0 @@
-// Tor websocket server transport plugin.
-//
-// Usage:
-// ServerTransportPlugin websocket exec ./websocket-server --port 9901
-
-package main
-
-import (
-	"encoding/base64"
-	"errors"
-	"flag"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"
-	"time"
-)
-
-import "pt"
-import "websocket"
-
-const ptMethodName = "websocket"
-const requestTimeout = 10 * time.Second
-
-// "4/3+1" accounts for possible base64 encoding.
-const maxMessageSize = 64*1024*4/3 + 1
-
-var logFile = os.Stderr
-
-var ptInfo pt.ServerInfo
-
-// When a connection handler starts, +1 is written to this channel; when it
-// ends, -1 is written.
-var handlerChan = make(chan int)
-
-func usage() {
-	fmt.Printf("Usage: %s [OPTIONS]\n", os.Args[0])
-	fmt.Printf("WebSocket server pluggable transport for Tor.\n")
-	fmt.Printf("Works only as a managed proxy.\n")
-	fmt.Printf("\n")
-	fmt.Printf("  -h, --help   show this help.\n")
-	fmt.Printf("  --log FILE   log messages to FILE (default stderr).\n")
-	fmt.Printf("  --port PORT  listen on PORT (overrides Tor's requested port).\n")
-}
-
-var logMutex sync.Mutex
-
-func log(format string, v ...interface{}) {
-	dateStr := time.Now().Format("2006-01-02 15:04:05")
-	logMutex.Lock()
-	defer logMutex.Unlock()
-	msg := fmt.Sprintf(format, v...)
-	fmt.Fprintf(logFile, "%s %s\n", dateStr, msg)
-}
-
-// An abstraction that makes an underlying WebSocket connection look like an
-// io.ReadWriteCloser. It internally takes care of things like base64 encoding
-// and decoding.
-type webSocketConn struct {
-	Ws         *websocket.WebSocket
-	Base64     bool
-	messageBuf []byte
-}
-
-// Implements io.Reader.
-func (conn *webSocketConn) Read(b []byte) (n int, err error) {
-	for len(conn.messageBuf) == 0 {
-		var m websocket.Message
-		m, err = conn.Ws.ReadMessage()
-		if err != nil {
-			return
-		}
-		if m.Opcode == 8 {
-			err = io.EOF
-			return
-		}
-		if conn.Base64 {
-			if m.Opcode != 1 {
-				err = errors.New(fmt.Sprintf("got non-text opcode %d with the base64 subprotocol", m.Opcode))
-				return
-			}
-			conn.messageBuf = make([]byte, base64.StdEncoding.DecodedLen(len(m.Payload)))
-			var num int
-			num, err = base64.StdEncoding.Decode(conn.messageBuf, m.Payload)
-			if err != nil {
-				return
-			}
-			conn.messageBuf = conn.messageBuf[:num]
-		} else {
-			if m.Opcode != 2 {
-				err = errors.New(fmt.Sprintf("got non-binary opcode %d with no subprotocol", m.Opcode))
-				return
-			}
-			conn.messageBuf = m.Payload
-		}
-	}
-
-	n = copy(b, conn.messageBuf)
-	conn.messageBuf = conn.messageBuf[n:]
-
-	return
-}
-
-// Implements io.Writer.
-func (conn *webSocketConn) Write(b []byte) (n int, err error) {
-	if conn.Base64 {
-		buf := make([]byte, base64.StdEncoding.EncodedLen(len(b)))
-		base64.StdEncoding.Encode(buf, b)
-		err = conn.Ws.WriteMessage(1, buf)
-		if err != nil {
-			return
-		}
-		n = len(b)
-	} else {
-		err = conn.Ws.WriteMessage(2, b)
-		n = len(b)
-	}
-	return
-}
-
-// Implements io.Closer.
-func (conn *webSocketConn) Close() error {
-	// Ignore any error in trying to write a Close frame.
-	_ = conn.Ws.WriteFrame(8, nil)
-	return conn.Ws.Conn.Close()
-}
-
-// Create a new webSocketConn.
-func newWebSocketConn(ws *websocket.WebSocket) webSocketConn {
-	var conn webSocketConn
-	conn.Ws = ws
-	conn.Base64 = (ws.Subprotocol == "base64")
-	return conn
-}
-
-// Copy from WebSocket to socket and vice versa.
-func proxy(local *net.TCPConn, conn *webSocketConn) {
-	var wg sync.WaitGroup
-
-	wg.Add(2)
-
-	go func() {
-		_, err := io.Copy(conn, local)
-		if err != nil {
-			log("error copying ORPort to WebSocket")
-		}
-		local.CloseRead()
-		conn.Close()
-		wg.Done()
-	}()
-
-	go func() {
-		_, err := io.Copy(local, conn)
-		if err != nil {
-			log("error copying WebSocket to ORPort")
-		}
-		local.CloseWrite()
-		conn.Close()
-		wg.Done()
-	}()
-
-	wg.Wait()
-}
-
-func webSocketHandler(ws *websocket.WebSocket) {
-	// Undo timeouts on HTTP request handling.
-	ws.Conn.SetDeadline(time.Time{})
-	conn := newWebSocketConn(ws)
-
-	handlerChan <- 1
-	defer func() {
-		handlerChan <- -1
-	}()
-
-	s, err := pt.ConnectOr(&ptInfo, ws.Conn, ptMethodName)
-	if err != nil {
-		log("Failed to connect to ORPort: " + err.Error())
-		return
-	}
-
-	proxy(s, &conn)
-}
-
-func startListener(addr *net.TCPAddr) (*net.TCPListener, error) {
-	ln, err := net.ListenTCP("tcp", addr)
-	if err != nil {
-		return nil, err
-	}
-	go func() {
-		var config websocket.Config
-		config.Subprotocols = []string{"base64"}
-		config.MaxMessageSize = maxMessageSize
-		s := &http.Server{
-			Handler:     config.Handler(webSocketHandler),
-			ReadTimeout: requestTimeout,
-		}
-		err = s.Serve(ln)
-		if err != nil {
-			log("http.Serve: " + err.Error())
-		}
-	}()
-	return ln, nil
-}
-
-func main() {
-	var logFilename string
-	var port int
-
-	flag.Usage = usage
-	flag.StringVar(&logFilename, "log", "", "log file to write to")
-	flag.IntVar(&port, "port", 0, "port to listen on if unspecified by Tor")
-	flag.Parse()
-
-	if logFilename != "" {
-		f, err := os.OpenFile(logFilename, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Can't open log file %q: %s.\n", logFilename, err.Error())
-			os.Exit(1)
-		}
-		logFile = f
-	}
-
-	log("starting")
-	ptInfo = pt.ServerSetup([]string{ptMethodName})
-
-	listeners := make([]*net.TCPListener, 0)
-	for _, bindAddr := range ptInfo.BindAddrs {
-		// Override tor's requested port (which is 0 if this transport
-		// has not been run before) with the one requested by the --port
-		// option.
-		if port != 0 {
-			bindAddr.Addr.Port = port
-		}
-
-		ln, err := startListener(bindAddr.Addr)
-		if err != nil {
-			pt.SmethodError(bindAddr.MethodName, err.Error())
-			continue
-		}
-		pt.Smethod(bindAddr.MethodName, ln.Addr())
-		log("listening on %s", ln.Addr().String())
-		listeners = append(listeners, ln)
-	}
-	pt.SmethodsDone()
-
-	var numHandlers int = 0
-	var sig os.Signal
-	sigChan := make(chan os.Signal, 1)
-	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
-
-	sig = nil
-	for sig == nil {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-		case sig = <-sigChan:
-		}
-	}
-	log("Got first signal %q with %d running handlers.", sig, numHandlers)
-	for _, ln := range listeners {
-		ln.Close()
-	}
-
-	if sig == syscall.SIGTERM {
-		log("Caught signal %q, exiting.", sig)
-		return
-	}
-
-	sig = nil
-	for sig == nil && numHandlers != 0 {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-			log("%d remaining handlers.", numHandlers)
-		case sig = <-sigChan:
-		}
-	}
-	if sig != nil {
-		log("Got second signal %q with %d running handlers.", sig, numHandlers)
-	}
-}
diff --git a/websocket-transport/src/websocket/websocket.go b/websocket-transport/src/websocket/websocket.go
deleted file mode 100644
index dc228d1..0000000
--- a/websocket-transport/src/websocket/websocket.go
+++ /dev/null
@@ -1,431 +0,0 @@
-// WebSocket library. Only the RFC 6455 variety of WebSocket is supported.
-//
-// Reading and writing is strictly per-frame (or per-message). There is no way
-// to partially read a frame. Config.MaxMessageSize affords control of the
-// maximum buffering of messages.
-//
-// The reason for using this custom implementation instead of
-// code.google.com/p/go.net/websocket is that the latter has problems with long
-// messages and does not support server subprotocols.
-//   "Denial of Service Protection in Go HTTP Servers"
-//   https://code.google.com/p/go/issues/detail?id=2093
-//   "go.websocket: Read/Copy fail with long frames"
-//   https://code.google.com/p/go/issues/detail?id=2134
-//   http://golang.org/pkg/net/textproto/#pkg-bugs
-//   "To let callers manage exposure to denial of service attacks, Reader should
-//   allow them to set and reset a limit on the number of bytes read from the
-//   connection."
-//   "websocket.Dial doesn't limit response header length as http.Get does"
-//   https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/2Tge6U8-QYI
-//
-// Example usage:
-//
-// func doSomething(ws *WebSocket) {
-// }
-// var config websocket.Config
-// config.Subprotocols = []string{"base64"}
-// config.MaxMessageSize = 2500
-// http.Handle("/", config.Handler(doSomething))
-// err = http.ListenAndServe(":8080", nil)
-
-package websocket
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/base64"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"strings"
-)
-
-// Settings for potential WebSocket connections. Subprotocols is a list of
-// supported subprotocols as in RFC 6455 section 1.9. When answering client
-// requests, the first of the client's requests subprotocols that is also in
-// this list (if any) will be used as the subprotocol for the connection.
-// MaxMessageSize is a limit on buffering messages.
-type Config struct {
-	Subprotocols   []string
-	MaxMessageSize int
-}
-
-// Representation of a WebSocket frame. The Payload is always without masking.
-type Frame struct {
-	Fin     bool
-	Opcode  byte
-	Payload []byte
-}
-
-// Return true iff the frame's opcode says it is a control frame.
-func (frame *Frame) IsControl() bool {
-	return (frame.Opcode & 0x08) != 0
-}
-
-// Representation of a WebSocket message. The Payload is always without masking.
-type Message struct {
-	Opcode  byte
-	Payload []byte
-}
-
-// A WebSocket connection after hijacking from HTTP.
-type WebSocket struct {
-	// Conn and ReadWriter from http.ResponseWriter.Hijack.
-	Conn  net.Conn
-	Bufrw *bufio.ReadWriter
-	// Whether we are a client or a server has implications for masking.
-	IsClient bool
-	// Set from a parent Config.
-	MaxMessageSize int
-	// The single selected subprotocol after negotiation, or "".
-	Subprotocol string
-	// Buffer for message payloads, which may be interrupted by control
-	// messages.
-	messageBuf bytes.Buffer
-}
-
-func applyMask(payload []byte, maskKey [4]byte) {
-	for i := 0; i < len(payload); i++ {
-		payload[i] = payload[i] ^ maskKey[i%4]
-	}
-}
-
-func (ws *WebSocket) maxMessageSize() int {
-	if ws.MaxMessageSize == 0 {
-		return 64000
-	}
-	return ws.MaxMessageSize
-}
-
-// Read a single frame from the WebSocket.
-func (ws *WebSocket) ReadFrame() (frame Frame, err error) {
-	var b byte
-	err = binary.Read(ws.Bufrw, binary.BigEndian, &b)
-	if err != nil {
-		return
-	}
-	frame.Fin = (b & 0x80) != 0
-	frame.Opcode = b & 0x0f
-	err = binary.Read(ws.Bufrw, binary.BigEndian, &b)
-	if err != nil {
-		return
-	}
-	masked := (b & 0x80) != 0
-
-	payloadLen := uint64(b & 0x7f)
-	if payloadLen == 126 {
-		var short uint16
-		err = binary.Read(ws.Bufrw, binary.BigEndian, &short)
-		if err != nil {
-			return
-		}
-		payloadLen = uint64(short)
-	} else if payloadLen == 127 {
-		var long uint64
-		err = binary.Read(ws.Bufrw, binary.BigEndian, &long)
-		if err != nil {
-			return
-		}
-		payloadLen = long
-	}
-	if payloadLen > uint64(ws.maxMessageSize()) {
-		err = errors.New(fmt.Sprintf("frame payload length of %d exceeds maximum of %d", payloadLen, ws.MaxMessageSize))
-		return
-	}
-
-	maskKey := [4]byte{}
-	if masked {
-		if ws.IsClient {
-			err = errors.New("client got masked frame")
-			return
-		}
-		err = binary.Read(ws.Bufrw, binary.BigEndian, &maskKey)
-		if err != nil {
-			return
-		}
-	} else {
-		if !ws.IsClient {
-			err = errors.New("server got unmasked frame")
-			return
-		}
-	}
-
-	frame.Payload = make([]byte, payloadLen)
-	_, err = io.ReadFull(ws.Bufrw, frame.Payload)
-	if err != nil {
-		return
-	}
-	if masked {
-		applyMask(frame.Payload, maskKey)
-	}
-
-	return frame, nil
-}
-
-// Read a single message from the WebSocket. Multiple fragmented frames are
-// combined into a single message before being returned. Non-control messages
-// may be interrupted by control frames. The control frames are returned as
-// individual messages before the message that they interrupt.
-func (ws *WebSocket) ReadMessage() (message Message, err error) {
-	var opcode byte = 0
-	for {
-		var frame Frame
-		frame, err = ws.ReadFrame()
-		if err != nil {
-			return
-		}
-		if frame.IsControl() {
-			if !frame.Fin {
-				err = errors.New("control frame has fin bit unset")
-				return
-			}
-			message.Opcode = frame.Opcode
-			message.Payload = frame.Payload
-			return message, nil
-		}
-
-		if opcode == 0 {
-			if frame.Opcode == 0 {
-				err = errors.New("first frame has opcode 0")
-				return
-			}
-			opcode = frame.Opcode
-		} else {
-			if frame.Opcode != 0 {
-				err = errors.New(fmt.Sprintf("non-first frame has nonzero opcode %d", frame.Opcode))
-				return
-			}
-		}
-		if ws.messageBuf.Len()+len(frame.Payload) > ws.MaxMessageSize {
-			err = errors.New(fmt.Sprintf("message payload length of %d exceeds maximum of %d",
-				ws.messageBuf.Len()+len(frame.Payload), ws.MaxMessageSize))
-			return
-		}
-		ws.messageBuf.Write(frame.Payload)
-		if frame.Fin {
-			break
-		}
-	}
-	message.Opcode = opcode
-	message.Payload = ws.messageBuf.Bytes()
-	ws.messageBuf.Reset()
-
-	return message, nil
-}
-
-// Write a single frame to the WebSocket stream. Destructively masks payload in
-// place if ws.IsClient. Frames are always unfragmented.
-func (ws *WebSocket) WriteFrame(opcode byte, payload []byte) (err error) {
-	if opcode >= 16 {
-		err = errors.New(fmt.Sprintf("opcode %d is >= 16", opcode))
-		return
-	}
-	ws.Bufrw.WriteByte(0x80 | opcode)
-
-	var maskBit byte
-	var maskKey [4]byte
-	if ws.IsClient {
-		_, err = io.ReadFull(rand.Reader, maskKey[:])
-		if err != nil {
-			return
-		}
-		applyMask(payload, maskKey)
-		maskBit = 0x80
-	} else {
-		maskBit = 0x00
-	}
-
-	if len(payload) < 126 {
-		ws.Bufrw.WriteByte(maskBit | byte(len(payload)))
-	} else if len(payload) <= 0xffff {
-		ws.Bufrw.WriteByte(maskBit | 126)
-		binary.Write(ws.Bufrw, binary.BigEndian, uint16(len(payload)))
-	} else {
-		ws.Bufrw.WriteByte(maskBit | 127)
-		binary.Write(ws.Bufrw, binary.BigEndian, uint64(len(payload)))
-	}
-
-	if ws.IsClient {
-		_, err = ws.Bufrw.Write(maskKey[:])
-		if err != nil {
-			return
-		}
-	}
-	_, err = ws.Bufrw.Write(payload)
-	if err != nil {
-		return
-	}
-
-	ws.Bufrw.Flush()
-
-	return
-}
-
-// Write a single message to the WebSocket stream. Destructively masks payload
-// in place if ws.IsClient. Messages are always sent as a single unfragmented
-// frame.
-func (ws *WebSocket) WriteMessage(opcode byte, payload []byte) (err error) {
-	return ws.WriteFrame(opcode, payload)
-}
-
-// Split a string on commas and trim whitespace.
-func commaSplit(s string) []string {
-	var result []string
-	if strings.TrimSpace(s) == "" {
-		return result
-	}
-	for _, e := range strings.Split(s, ",") {
-		result = append(result, strings.TrimSpace(e))
-	}
-	return result
-}
-
-// Returns true iff one of the strings in haystack is needle (case-insensitive).
-func containsCase(haystack []string, needle string) bool {
-	for _, e := range haystack {
-		if strings.ToLower(e) == strings.ToLower(needle) {
-			return true
-		}
-	}
-	return false
-}
-
-// One-step SHA-1 hash of a string.
-func sha1Hash(data string) []byte {
-	h := sha1.New()
-	h.Write([]byte(data))
-	return h.Sum(nil)
-}
-
-func httpError(w http.ResponseWriter, bufrw *bufio.ReadWriter, code int) {
-	w.Header().Set("Connection", "close")
-	bufrw.WriteString(fmt.Sprintf("HTTP/1.0 %d %s\r\n", code, http.StatusText(code)))
-	w.Header().Write(bufrw)
-	bufrw.WriteString("\r\n")
-	bufrw.Flush()
-}
-
-// An implementation of http.Handler with a Config. The ServeHTTP function calls
-// Callback assuming WebSocket HTTP negotiation is successful.
-type HTTPHandler struct {
-	Config            *Config
-	Callback func(*WebSocket)
-}
-
-// Implements the http.Handler interface.
-func (handler *HTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	conn, bufrw, err := w.(http.Hijacker).Hijack()
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	defer conn.Close()
-
-	// See RFC 6455 section 4.2.1 for this sequence of checks.
-
-	// 1. An HTTP/1.1 or higher GET request, including a "Request-URI"...
-	if req.Method != "GET" {
-		httpError(w, bufrw, http.StatusMethodNotAllowed)
-		return
-	}
-	if req.URL.Path != "/" {
-		httpError(w, bufrw, http.StatusNotFound)
-		return
-	}
-	// 2. A |Host| header field containing the server's authority.
-	// We deliberately skip this test.
-	// 3. An |Upgrade| header field containing the value "websocket",
-	// treated as an ASCII case-insensitive value.
-	if !containsCase(commaSplit(req.Header.Get("Upgrade")), "websocket") {
-		httpError(w, bufrw, http.StatusBadRequest)
-		return
-	}
-	// 4. A |Connection| header field that includes the token "Upgrade",
-	// treated as an ASCII case-insensitive value.
-	if !containsCase(commaSplit(req.Header.Get("Connection")), "Upgrade") {
-		httpError(w, bufrw, http.StatusBadRequest)
-		return
-	}
-	// 5. A |Sec-WebSocket-Key| header field with a base64-encoded value
-	// that, when decoded, is 16 bytes in length.
-	websocketKey := req.Header.Get("Sec-WebSocket-Key")
-	key, err := base64.StdEncoding.DecodeString(websocketKey)
-	if err != nil || len(key) != 16 {
-		httpError(w, bufrw, http.StatusBadRequest)
-		return
-	}
-	// 6. A |Sec-WebSocket-Version| header field, with a value of 13.
-	// We also allow 8 from draft-ietf-hybi-thewebsocketprotocol-10.
-	var knownVersions = []string{"8", "13"}
-	websocketVersion := req.Header.Get("Sec-WebSocket-Version")
-	if !containsCase(knownVersions, websocketVersion) {
-		// "If this version does not match a version understood by the
-		// server, the server MUST abort the WebSocket handshake
-		// described in this section and instead send an appropriate
-		// HTTP error code (such as 426 Upgrade Required) and a
-		// |Sec-WebSocket-Version| header field indicating the
-		// version(s) the server is capable of understanding."
-		w.Header().Set("Sec-WebSocket-Version", strings.Join(knownVersions, ", "))
-		httpError(w, bufrw, 426)
-		return
-	}
-	// 7. Optionally, an |Origin| header field.
-	// 8. Optionally, a |Sec-WebSocket-Protocol| header field, with a list of
-	// values indicating which protocols the client would like to speak, ordered
-	// by preference.
-	clientProtocols := commaSplit(req.Header.Get("Sec-WebSocket-Protocol"))
-	// 9. Optionally, a |Sec-WebSocket-Extensions| header field...
-	// 10. Optionally, other header fields...
-
-	var ws WebSocket
-	ws.Conn = conn
-	ws.Bufrw = bufrw
-	ws.IsClient = false
-	ws.MaxMessageSize = handler.Config.MaxMessageSize
-
-	// See RFC 6455 section 4.2.2, item 5 for these steps.
-
-	// 1. A Status-Line with a 101 response code as per RFC 2616.
-	bufrw.WriteString(fmt.Sprintf("HTTP/1.0 %d %s\r\n", http.StatusSwitchingProtocols, http.StatusText(http.StatusSwitchingProtocols)))
-	// 2. An |Upgrade| header field with value "websocket" as per RFC 2616.
-	w.Header().Set("Upgrade", "websocket")
-	// 3. A |Connection| header field with value "Upgrade".
-	w.Header().Set("Connection", "Upgrade")
-	// 4. A |Sec-WebSocket-Accept| header field.  The value of this header
-	// field is constructed by concatenating /key/, defined above in step 4
-	// in Section 4.2.2, with the string
-	// "258EAFA5-E914-47DA-95CA-C5AB0DC85B11", taking the SHA-1 hash of this
-	// concatenated value to obtain a 20-byte value and base64-encoding (see
-	// Section 4 of [RFC4648]) this 20-byte hash.
-	const magicGUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
-	acceptKey := base64.StdEncoding.EncodeToString(sha1Hash(websocketKey + magicGUID))
-	w.Header().Set("Sec-WebSocket-Accept", acceptKey)
-	// 5.  Optionally, a |Sec-WebSocket-Protocol| header field, with a value
-	// /subprotocol/ as defined in step 4 in Section 4.2.2.
-	for _, clientProto := range clientProtocols {
-		for _, serverProto := range handler.Config.Subprotocols {
-			if clientProto == serverProto {
-				ws.Subprotocol = clientProto
-				w.Header().Set("Sec-WebSocket-Protocol", clientProto)
-				break
-			}
-		}
-	}
-	// 6.  Optionally, a |Sec-WebSocket-Extensions| header field...
-	w.Header().Write(bufrw)
-	bufrw.WriteString("\r\n")
-	bufrw.Flush()
-
-	// Call the WebSocket-specific handler.
-	handler.Callback(&ws)
-}
-
-// Return an http.Handler with the given callback function.
-func (config *Config) Handler(callback func(*WebSocket)) http.Handler {
-	return &HTTPHandler{config, callback}
-}

    