[tor-bugs] #33666 [Circumvention/Snowflake]: Investigate Snowflake proxy failures
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 3 03:54:44 UTC 2020
#33666: Investigate Snowflake proxy failures
-------------------------------------+------------------------------
Reporter: cohosh | Owner: (none)
Type: defect | Status: needs_review
Priority: High | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #19001 | Points:
Reviewer: | Sponsor:
-------------------------------------+------------------------------
Comment (by dcf):
Replying to [comment:5 cohosh]:
> 1. log debug information and encourage the owner through the UI to file
a Tor ticket with the log messages so we can figure out what's going on,
> 2. keep track of how many times this happens, and if it always happens
(the proxy sees no successful connections) disable the proxy and print out
some debug messages,
> 3. do a probe test only when the datachannel fails to open to check
whether the proxy can open a datachannel with the probe point.
My opinion on this is that (2) is a reasonable idea. (I said (3) in the
meeting today but I meant (2).)
It does open a new DoS vector: a malicious client can fail all its
DataChannels and cause proxies to think they are unreliable.
comment:8 shows that failure rate may be as much a function of the client
as of the proxy. Maybe this is a mutally incompatible NAT situation? The
symptoms you mention in comment:2 match that. It's possible that both
peers are sending binding requests to each other, but neither are making
it all the way to the other side.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33666#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list