[tor-bugs] #34129 [Circumvention/Snowflake]: Use STUN to determine NAT behaviour of peers
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 22 16:15:42 UTC 2020
#34129: Use STUN to determine NAT behaviour of peers
-------------------------------------+---------------------------
Reporter: cohosh | Owner: cohosh
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor28
-------------------------------------+---------------------------
Comment (by cohosh):
The attached
[https://trac.torproject.org/projects/tor/attachment/ticket/34129/main.go
go code] demonstrates the use of RFC 5780 on the client side. It required
only a few modifications to the pion/stun library:
To summarize, it checks both the NAT mapping behaviour of the client and
its NAT filtering behaviour. Each of these can be classified as:
- address-independent (the least restrictive NATs)
- address-dependent (ports are assigned/connections filtered based on the
server address)
- address and port-dependent (ports are assigned/connections filtered
based on the server address and port)
Note: I'm only checking the mapping behaviour for address independence,
not port independence just yet because it requires an additional
configuration change to my coturn server.
You can test it out by doing the following:
{{{
go build main.go
./main --server 174.138.112.125:3478
}}}
Note that the filtering test relies on a time out and so will take up to a
minute to complete (it won't hang forever though). I suspect this is the
problem we ran into with the coturn utils. Maybe too long a time out or a
buggy client that waits forever for a filtered response.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34129#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list