Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#20092 closed task (fixed)

Rotate ports for default obfs4 bridges

Reported by: lynntsai Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201609R tbb-bridges
Cc: dcf, asn, mrphs, lynntsai Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Link: https://lists.torproject.org/pipermail/tor-project/2016-August/000664.html

Some obsf4 operators have opened up additional ports and we'd like to rotate to one of the new ones for the next release. The previous ports will remain open and functional.

Child Tickets

Attachments (1)

0001-Change-ports-for-6-default-obfs4-bridges.patch (6.2 KB) - added by lynntsai 2 years ago.
Switch locations of ports to make diff easier to read

Download all attachments as: .zip

Change History (12)

comment:1 Changed 2 years ago by lynntsai

Keywords: TorBrowserTeam201609R added
Status: newneeds_review

comment:2 Changed 2 years ago by dcf

Hi, lynntsai is working with me and I approve of this change.

comment:3 Changed 2 years ago by dcf

Cc: lynntsai added

comment:4 Changed 2 years ago by mrphs

Why removing old ports instead of just adding the new ones? I'm a bit concerned of removing those on port 80 and 443 as some firewalls only allow connections to those ports.

comment:5 in reply to:  4 Changed 2 years ago by dcf

Replying to mrphs:

Why removing old ports instead of just adding the new ones? I'm a bit concerned of removing those on port 80 and 443 as some firewalls only allow connections to those ports.

That's a good point. Here's a summary of what the patch changes:

83.212.101.3 41213 → 50000

154.35.22.9     80 unchanged
154.35.22.9    443 unchanged
154.35.22.9  60873 → 5881

154.35.22.10    80 unchanged
154.35.22.10   443 unchanged
154.35.22.10 41835 → 2934

154.35.22.11    80 unchanged
154.35.22.11   443 unchanged
154.35.22.11 49868 → 2413

154.35.22.12    80 → 1894

154.35.22.13   443 → 4319

In three of the six cases, 80 and 443 were already open and only the high-numbered port changed. I don't think we should keep the old high-numbered port for those. But for 154.35.22.12 and 154.35.22.13 we should probably add a new bridge line and keep the existing 80/443.

comment:6 Changed 2 years ago by gk

Should this go into 6.0.5? I thought about tagging that one shortly.

comment:7 in reply to:  6 Changed 2 years ago by dcf

Replying to gk:

Should this go into 6.0.5? I thought about tagging that one shortly.

It would be good to have it in 6.0.5 if possible.

Lynn, do you think you can update the patch to do what is suggested in comment:5? I.e., restore 154.35.22.12:80 and 154.35.22.13:443, and add two new lines for 154.35.22.12:1894 and 154.35.22.13:4319.

comment:8 Changed 2 years ago by lynntsai

I updated the patch to include the previous two bridges, 154.35.22.12:80 and 154.35.22.13:443

comment:9 in reply to:  8 Changed 2 years ago by dcf

Replying to lynntsai:

I updated the patch to include the previous two bridges, 154.35.22.12:80 and 154.35.22.13:443

I would suggest a little change, to make the diff read easier. Put 154.35.22.12:80 on line obfs4.8 and 154.35.22.13:443 on line obfs4.9 (where they were originally), and put the new 154.35.22.11:2413 154.35.22.12:1894 at the end at positions obfs4.17 and obfs4.18. (Basically, just swap the port numbers on lines obfs4.8 and obfs4.17, and lines obfs4.9 and obfs4.18.

Changed 2 years ago by lynntsai

Switch locations of ports to make diff easier to read

comment:10 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Alright, this looks good and got applied to master (commit 73c28d82238b97c93b4a6b44c92d0b232c4b91da), maint-6.0 (commit 8ca70d898ca83618915289af226fd6f82ff58f85) and hardened-builds (commit 2c2b24a2cf30808b33c7e45fb0c441852470f68e), thanks. I just added the bug number to the commit message.

comment:11 Changed 2 years ago by dcf

Keywords: tbb-bridges added
Note: See TracTickets for help on using tickets.