wiki:doc/Snowflake

Version 36 (modified by cypherpunks, 11 months ago) (diff)

no need for *.html

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (due to #22782)

How to run a Snowflake proxy

Option 1 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://snowflake.torproject.org/options and click the Yes button to opt in to being a proxy.
  2. Go to https://snowflake.torproject.org/snowflake and watch the status messages. You shouldn't close that page if you want to remain a snowflake bridge.

Updated screenshot of snowflake.html

Note: the Snowflake proxy code lives at snowflake.torproject.org. It formerly lived at keroserene.net/snowflake, but as of 2018-04-16 that location isn't being maintained and points to no-longer-used infrastructure. See comment:7:ticket:22874.

Option 2 (standalone)

  1. Get the #Source code.
  2. cd proxy-go
    go get
    go build
    ./proxy-go
    

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-03-07: This section needs to be rewritten to be for the newer rbm-based build system. In particular, you should be able to just do make alpha in tor-browser-build.git.

The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.

You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).

Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.

git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git
git clone https://git.torproject.org/builders/tor-browser-bundle.git
cd tor-browser-bundle
git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git
git fetch dcf
git checkout -b snowflake --track dcf/snowflake

Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.

cd tor-browser-bundle/gitian
./check-prerequisites.sh

Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.

make prep-alpha TORSOCKS=

Then to kick the whole thing off, do this:

make build-alpha

Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.

While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.

Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).

When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.

Current problems you will run into:

  • If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

See also: https://github.com/keroserene/go-webrtc/issues

Graph of some ticket dependencies. "A→B" means "A is required for B".

(Same query, including closed tickets)

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new network-team-roadmap-2019-Q1Q2 Very High
#19026 Remove local LAN address ICE candidates new Medium
#19315 Include libwebrtc license files in bundle new starter Medium
#19409 Make a deb of snowflake and get into Debian new High
#19569 DataChannel-only libwebrtc new arlolra Medium
#20813 Start producing snowflakes new snowflake tor-pt High
#21304 Sanitize snowflake.log needs_review cohosh starter Medium
#21305 Client gets into an unrecoverable connect / close loop new Medium
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new tor-pt snowflake Medium
#21315 publish some realtime stats from the broker? new Medium
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#23257 Snowflake doesn't connect on the CalVisitor network new Medium
#23344 Show country of temporary bridge used in snowflake just like with the obfs4 PT in the Torbutton new tbb-team snowflake Medium
#23888 Creating a Snowflake WebExtension addon new ux-team tor-pt Medium
#24465 Snowflake broken if no libatomic on host needs_revision tbb-team snowflake, tbb-rbm Medium
#25429 Need something better than client's `checkForStaleness` new Medium
#25483 Windows reproducible build of snowflake assigned sukhbir TorBrowserTeam201805 High
#25591 Pass ICE server information from Broker to WebRTC Client new Medium
#25593 Broker needs better resilience against DoS new Medium
#25594 Broker: investigate non-domain-fronting secure client / proxy registrations new Medium
#25595 Test suite for Snowflake on various NAT topologies new Medium
#25596 Configure TURN servers for the proxy and/or client new Medium
#25598 Let the broker inform proxies how often to poll new starter Medium
#25599 SOCKS4 failure message new Medium
#25601 Multiplex - one snowflake proxy should be able to support multiple clients new snowflake tor-pt Medium
#25681 Defend against flooding of the broker by low bandwidth snowflakes new Medium
#25688 proxy-go is still deadlocking occasionally assigned cohosh network-team-roadmap-2019-Q1Q2 Low
#25723 Multiplex - one client splits traffic across multiple proxies assigned dcf Low
#25874 DNS-based rendezvous for Snowflake new Medium
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#25985 Snowflake rendezvous using AMP cache needs_revision Medium
#26092 Split broker into components assigned dcf Low
#26151 Snowflake rendezvous using Amazon SQS new Medium
#26348 Guard against large reads new easy Medium
#27385 https://snowflake.torproject.org/embed is confusing new snowflake, ux-team High
#27850 Provide stand-alone snowflake proxy for 32-bit assigned dcf Medium
#28651 Prepare all pieces of the snowflake pipeline for a second snowflake bridge new Medium
#28672 Android reproducible build of Snowflake new android Medium
#28726 Loosen restrictions on message sizes in WebSocket server new Medium
#28917 Delete the proxy opt-in cookie, don't set it to 0 new Medium
#28942 Evaluate pion WebRTC new Medium
#29125 Make websocket server tolerant of HTTP/2 new Medium
#29205 Look into using Firefox for the WebRTC implementation new Medium
#29206 New design for client -- proxy protocol for Snowflake assigned cohosh network-team-roadmap-2019-Q1Q2 Medium
#29207 New design for broker -- proxy protocol for snowflakes new snowflake, design, network-team-roadmap-2019-Q1Q2 Very High
#29208 Better timeout and retry for Snowflake new High
#29245 Tor 0.4 eventually hits "Delaying directory fetches: No running bridges" after some period of inactivity with bridges new 040-regression, snowflake, 040-deferred-20190220 Medium
#29258 What is the IPv6 story with Snowflake new Medium
#29259 Ensure high test coverage for Snowflake new Medium
#29260 Should Snowflake proxies have a way to identify themselves to the broker new network-team-roadmap-2019-Q1Q2 Medium
#29262 Look into the network layer of WebRTC new Medium
#29293 New Design for client -- broker protocol for Snowflake new snowflake, bridges, broker High
#29565 Fix broker robots.txt to disallow crawling new easy Medium
#29734 Broker should receive country stats information from Proxy and Client merge_ready cohosh snowflake, geoip, stats Medium
#29736 Use WebSocket protocol to communicate between snowflake proxies and broker assigned ahf snowflake, websocket Medium
#29863 Add disk space monitoring for snowflake infrastructure new snowflake Medium
#29875 Going from obfs4 to snowflake using the Tor Network Settings from the Torbutton doesn't work new Medium

Attachments (4)

Download all attachments as: .zip