#24432: The meek<->moat tunneling isn't set up correctly ----------------------------------+-------------------------- Reporter: isis | Owner: isis Type: defect | Status: new Priority: High | Milestone: Component: Obfuscation/BridgeDB | Version: Severity: Normal | Resolution: Keywords: moat bridgedb-dist | Actual Points: Parent ID: | Points: 2 Reviewer: | Sponsor: SponsorM ----------------------------------+--------------------------
Comment (by isis): So the meek tunnel is working, but the URL redirections are still not quite right… David Fifield helped me out by providing this `externalize-pt-client` script (now in `bridgedb.git/scripts/externalize-pt-client` in my `fix/24432` branch): {{{ #!/bin/bash set -e CMDLINE="${@:?need a meek-client command line}" TRANSPORTS=meek # This could be controlled by a command-line arg. PORT=10000 TOR_PT_MANAGED_TRANSPORT_VER=1 \ TOR_PT_CLIENT_TRANSPORTS="$TRANSPORTS" $CMDLINE \ | sed -n -u -e '/^CMETHOD /{s/^.*127\.0\.0\.1://;p}' | while read pt_port; do echo "forwarding port $PORT -> $pt_port" socat -v -v TCP-LISTEN:$PORT,fork,reuseaddr TCP- CONNECT:127.0.0.1:$pt_port & done }}} Also in that branch, I've modified `scripts/test-moat` to also (in addition to a localhost server) test the production server through the meek tunnel. This can be accomplished by running David's script like so: {{{ (bdb)∃!isisⒶwintermute:(develop *$>)~/code/torproject/bridgedb ∴ ./scripts /externalize-pt-client ~/code/go/src/git.torproject.org/pluggable- transports/meek/meek-client/meek-client -url https://tor-bridges-hyphae- channel.appspot.com/ -front www.google.com }}} Then, in another terminal, do: {{{ (bdb)∃!isisⒶwintermute:(fix/24432 $)~/code/torproject/bridgedb ∴ TEST_PRODUCTION_MOAT=1 ./scripts/test-moat fetch }}} For me, the bridges.torproject.org server responds with: {{{ {"errors": [{"status": "Not Implemented", "code": 501, "detail": "moat version 0.1.0 does not implement POST /moat/fetch", "version": "0.1.0", "type": "", "id": 0}]} }}} Which means: 1) the meek tunnel through https://tor-bridges-hyphae-channel.appspot.com works 2) the TLS tunneling through the Apache instance on bridges.torproject.org:443 works 3) the meek-server running on polyanthum (the bridges.torproject.org host) is correctly stripping the meek layer of TLS 4) the Apache instance is correctly redirecting to the Twisted Python server 5) the Twisted servers are responding 6) the moat server specifically is responding, but it isn't giving the correct response, since it seems to think there's no such resource One thing is that, watching the logs while doing this, the Twisted server isn't registering that a request was even made, i.e. there's no logs of the request hitting the server (even though its responding with JSON API, which is a little weird). So the next step would probably be, in the usual Twisted fashion, to just add ridiculous amounts of log statements everywhere to figure out why it thinks there's no such resource. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24432#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs