summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-03-21Updated import pathsBrandon Wiley
2016-03-21Updated import pathsBrandon Wiley
2016-03-21Refactoring main into separate modulesBrandon Wiley
2016-01-25Bump the version to 0.0.7-dev, signifying development towards 0.0.7.Yawning Angel
2016-01-25Do the release ritual for obfs4proxy-0.0.6.Yawning Angel
2016-01-25Fix other instances of attempting to close `nil` on handshake failure.Yawning Angel
Bug introduced in e52258edac55d82ff153755493d770bfbbc9a346, not in any released version of obfs4proxy.
2016-01-17fix incorrect connection closepminmax945
when obfs4 connection create failed,conn variable is set to nil already.
2015-10-30meek-lite: Don't send a "User-Agent" header.Yawning Angel
2015-10-30meek-lite: combine small writes at request dispatch time.Yawning Angel
This dramatically improves bulk upload performance, from totally shit to just shit.
2015-10-29Add the "meek_lite" transport, which does what one would expect.Yawning Angel
This is a meek client only implementation, with the following differences with dcf's `meek-client`: - It is named `meek_lite` to differentiate it from the real thing. - It does not support using an external helper to normalize TLS signatures, so adversaries can look for someone using the Go TLS library to do HTTP. - It does the right thing with TOR_PT_PROXY, even when a helper is not present. Most of the credit goes to dcf, who's code I librerally cribbed and stole. It is intended primarily as a "better than nothina" option for enviornments that do not or can not presently use an external Firefox helper.
2015-10-29Make establishing outgoing connections the transport's responsibility.Yawning Angel
ClientFactories now have a Dial() method instead of a WrapConn() method, so that it is possible to write something like meek-client using the obfs4proxy framework. This breaks the external interface if anyone is using obfs4proxy as a library, but the new way of doing things is a trivial modification, to a single routine that shouldn't have been very large to begin with.
2015-06-01Delay transport initialization till after logging has been setup.Yawning Angel
2015-05-26Fix doc comment for log.Debugf.David Fifield
2015-04-23Bump the version to 0.0.6-dev, signifying development towards 0.0.6.Yawning Angel
2015-04-15Do the release ritual for obfs4proxy-0.0.5.Yawning Angel
2015-04-15Use a built in SOCKS 5 server instead of goptlibs.Yawning Angel
Differences from my goptlib branch: * Instead of exposing a net.Listener, just expose a Handshake() routine that takes an existing net.Conn. (#14135 is irrelevant to this socks server. * There's an extra routine for sending back sensible errors on Dial failure instead of "General failure". * The code is slightly cleaner (IMO). Gotchas: * If the goptlib pt.Args datatype or external interface changes, args.go will need to be updated. Tested with obfs3 and obfs4, including IPv6.
2015-04-13Add routines for querying the log module state.Yawning Angel
Unless you have very good reason to do so, there should be no reason to actually call these ever, since the log messages are only generated if they will result in output being written to a log file.
2015-04-03Move logging wrappers into common/log, and add a DEBUG log level.Yawning Angel
Implements feature #15576.
2015-03-28Add support for tor feature #15435.Yawning Angel
If the relevant enviornment variable is set, treat read errors from Stdin as a SIGTERM.
2015-03-28Clean up/refactor the shutdown/termination handling code.Yawning Angel
This combines the old signal processing code with the parent monitor, into a new termination monitor structure, which also now handles keeping track of outstanding sessions.
2015-03-26Fix comments. (No functional changes)Yawning Angel
2015-03-26Attempt to detect if the parent crashed without killing obfs4proxy.Yawning Angel
The ideal solution here would be to implement #15435, but till then use one of several kludges: * Linux - prctl() so that the kernel SIGTERMs on parent exit. * Other U*ix - Poll the parent process id once a second, and SIGTERM ourself/exit if it changes. Former is better since all the normal cleanup if any gets done. * Windows - Log a warning.
2015-03-23Change the import path for go.net.Yawning Angel
The Go developers decided to move the go.net repository to golang.org/x/net, and also to transition from hg to git. This wasn't changed when the go.crypto imports were since the 'proxy' component doesn't have imports that break, so the old code still works. While the change here is simple (just update the import location), this affects packagers as it now expects the updated package. Sorry for the inconveneince, I blame the Go people, and myself for not just doing this along with the go.crypto changes.
2015-03-22Update the ChangeLog (No functional changes).Yawning Angel
2015-03-22Simplify some err and return logicDaniel Martí
2015-03-18Reduce some if err != nil logic linesDaniel Martí
2015-03-16Update the ChangeLog (No functional changes).Yawning Angel
2015-03-16Fix all go vet issuesDaniel Martí
2015-03-16Run go fmtDaniel Martí
2015-02-17Do the release ritual for obfs4proxy-0.0.4.Yawning Angel
2015-02-17Add support for acting as a ScrambleSuit client.Yawning Angel
This allows obfs4proxy to be used as a ScrambleSuit client that is wire compatible with the obfs4proxy implementation, including session ticket support, and length obfuscation. The current implementation has the following limitations: * IAT obfuscation is not supported (and is disabled in all other ScrambleSuit implementations by default). * The length distribution and probabilites are different from those generated by obfsproxy and obfsclient due to a different DRBG. * Server support is missing and is unlikely to be implemented.
2015-01-14Document the obfs4 NaCl secretbox nonce generation.Yawning Angel
Forgot to include this in the spec, though it was documented as a comment in the framing code.
2015-01-14Change the import path for go.crypto.Yawning Angel
The Go developers decided to move the go.crypto repository to golang.org/x/crypto, and also to transition from hg to git. The tip of tree code.google.com copy of the code is broken due to the import paths pointing at the new repository. While the change here is simple (just update the import location), this affects packagers as it now expects the updated package. Sorry for the inconveneince, I blame the Go people.
2014-10-24Fix minor issues pointed out by "go vet".Yawning Angel
2014-10-03Improve the performance of the obfs4 handshake test.Yawning Angel
Exhaustively testing padding combinations is really slow, and was causing timeouts during the Debian ARM package build process. Attempt to improve the situation by: * Reusing the client and server keypair for all of the tests, to cut runtime down by ~50%. * Splitting the client side and server side tests up, as it appears the timeout is per-test case. If this doesn't fix things, the next thing to try would be to reduce the actual number of padding lengths tested, but that is a last resort at the moment.
2014-10-01Do the release ritual for obfs4proxy-0.0.3.Yawning Angel
2014-10-01Change the bridge line format to be more compact.Yawning Angel
Instead of "node-id" and "public-key" that are Base16 encoded, use "cert" which contains the "node-id" and "public-key" in Base64 encoded form. This is more compact and cuts the length down by 49 characters.
2014-09-26Do the release ritual for obfs4proxy-0.0.2.Yawning Angel
2014-09-24Write an example obfs4 bridge line to "obfs4_bridgeline.txt".Yawning Angel
Write an example client bridge line suitable for use with the running obfs4 server instance to "obfs4_bridgeline.txt" for the convenience of bridge operators.
2014-09-06Fix spelling error in man page, no functional changes.Yawning Angel
2014-09-06Minor documentation cleanups, no functional changes.Yawning Angel
2014-09-06Add a man page for obfs4proxy.Yawning Angel
2014-09-03Do the release ritual for obfs4proxy-0.0.1.Yawning Angel
2014-09-03Change the default logLevel to ERROR, upgrade some client warnings.Yawning Angel
Client side logs are less spammy than server side in general, so more messages should be visible at the default logLevel when running as a client. Server side logging will be spammy basically no matter what unless obfs4proxy gets into the (arguably dangerous) business of figuring out which errors are people being evil vs which ones are transient network issues, so most logging is suppressed by default, unless the admin choses to open the floodgates.
2014-09-03Add a prolog/epilog to the logging that always gets logged.Yawning Angel
The prolog prints the version as soon as logging is enabled, but before the pluggable transport configuration is done. The epilog is printed as the code returns from main, as long as either client or server pt configuration succeded.
2014-09-03Update the README.md (No functional changes).Yawning Angel
2014-09-03Change the version command line arg from `-v` to `-version`.Yawning Angel
For consistency with the rest of the arguments.
2014-09-03Add support for "logLevel" to reduce log spam.Yawning Angel
By default logging will be done at the "WARN" level. Fatal initialization errors will always be logged as long as logging is enabled regardless of logLevel.
2014-08-31Add elideError(error) that knows how to sanitize net.Errors.Yawning Angel
Instead of omitting errors entirely when running with the log scrubber, filter common network errors through elideError() that can scrub the common net.Error types and remove sensitive information.
2014-08-27Various IAT related changes.Yawning Angel
* Unbreak inbound TYPE_PRNG_SEED processing. * IAT obfuscation is now a per-bridge argument (iat-mode). * 0 (default) = Disabled. * 1 = Enabled, ScrambleSuit-style with bulk throughput optimizations. * 2 = Paranoid, Each IAT write will send a length sampled from the length distribution. (EXPENSIVE). The "iat-mode" argument is mandatory on the Bridge lines, and as a ServerTransportOption. Old statefiles will continue to load and use the default value, edit it if your hat is made of tin foil.