[tor-bugs] #30716 [Circumvention/Obfs4]: Improve the obfs4 obfuscation protocol

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Dec 12 17:53:30 UTC 2019 

#30716: Improve the obfs4 obfuscation protocol
-------------------------------------------------+-------------------------
 Reporter:  phw                                  |          Owner:  phw
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Circumvention/Obfs4                  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  sponsor28, anti-censorship-roadmap-  |  Actual Points:
  october                                        |
Parent ID:                                       |         Points:  20
 Reviewer:  cohosh                               |        Sponsor:
                                                 |  Sponsor28-must
-------------------------------------------------+-------------------------

Comment (by cohosh):

 This looks great so far. I like the usage of a `net.Conn` to compose
 sharknado with obfs4. I left a few minor comments but no suggested changes
 at the moment. I do have some questions about the implementation:
 - The commit message says
  {{{
 For example, sharknado can -- in
 theory -- turn the following packet sequence:

 client -- 1500 bytes -> server
 client -- 1500 bytes -> server
 client --  500 bytes -> server

 into the following sequences:

 client -- 1500 bytes -> server
 client <- 1500 bytes -- server
 client -- 1500 bytes -> server
 client --  500 bytes -> server
 }}}
  but it looks like it's the client is the one breaking the bursts with
 dummy traffic. Should this instead read
  {{{
 For example, sharknado can -- in
 theory -- turn the following packet sequence:

 client <- 1500 bytes -- server
 client <- 1500 bytes -- server
 client <-  500 bytes -- server

 into the following sequences:

 client <- 1500 bytes -- server
 client -- 1500 bytes -- server
 client <- 1500 bytes -- server
 client <-  500 bytes -- server
 }}}

  Do we want this to happen only at one side of the connection? Or
 eventually for both the client and the server to send dummy traffic? I
 took your comment on deployment speed to mean that we're mostly interested
 in having the client do the shaping.

 - How do servers distinguish between dummy and non-dummy traffic?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30716#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list