Opened 2 years ago

Closed 2 years ago

#20837 closed task (fixed)

Turn on client iat-mode for some default obfs4 bridges

Reported by: dcf Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-bridges TorBrowserTeam201611R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Since the last release, some of the default bridges have turned on obfs4's packet size and timing obfuscation (iat-mode). Here is the thread where it came up:

[tor-project] Turning on timing obfuscation (iat-mode=1) for some default bridges
https://lists.torproject.org/pipermail/tor-project/2016-November/000776.html

We should make the client setting of iat-mode match the server setting. (If the two sides do not have the same setting, the connection will still work, but only one direction will be using the packet size and timing obfuscation.)

Child Tickets

Attachments (1)

0001-Bug-20837-activate-iat-mode-for-certain-obfs4-bridge.patch (4.3 KB) - added by dcf 2 years ago.

Download all attachments as: .zip

Change History (3)

comment:1 Changed 2 years ago by dcf

Keywords: TorBrowserTeam201611R added
Status: newneeds_review

This patch makes the following changes:

  • ndnop3 → iat-mode=1
  • ndnop5 → iat-mode=2
  • Lisbeth → iat-mode=1

The change in settings for ndnop3 and ndnop5 was reported by Linus here: https://lists.torproject.org/pipermail/tor-project/2016-November/000780.html.

The change in settings for Lisbeth was told me on IRC by dgoulet.

I tested this patch by commenting all the bridges in a fresh download of Tor Browser 6.0.6, then adding each of the changed bridge lines one at a time and verifying that I could bootstrap.

comment:2 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks (especially for the testing)! This is fixed on master, maint-6.0 and hardened-builds (commits 6382cb570c228463e48c49291c72e128131d9cd9, c692d3d162088f8b645ea5fec6ef05d57116c00c, and 1cab20e4122796a020c71961f0648d07dc25692f).

Note: See TracTickets for help on using tickets.