The old behavior closed the connection on handshake failure after:
* The first N bytes (random on a per-server basis).
* The first M seconds (random on a per-server basis).
Whichever came first. As Sergey Frolov kindly points out, depending on
which conditions cause termination, the server will send either a FIN or
a RST. This change will remove the "amount read" based termination
threshold, so that connections that cause failed handshakes will discard
all data received until the teardown time is reached.
Thanks to Sergey Frolov for bringing this issue to my attention.
This commit changes the upstream repo location to:
https://gitlab.com/yawning/obfs4.git
Additionally all the non-`main` sub-packages now have an import
comment annotation. As a matter of courtesy, I will continue to
push to both the existing github.com and git.torproject.org repos
for the foreseeable future, though I reserve the right to stop
doing so at any time.
ClientFactories now have a Dial() method instead of a WrapConn()
method, so that it is possible to write something like meek-client
using the obfs4proxy framework.
This breaks the external interface if anyone is using obfs4proxy as
a library, but the new way of doing things is a trivial modification,
to a single routine that shouldn't have been very large to begin with.
Instead of "node-id" and "public-key" that are Base16 encoded, use
"cert" which contains the "node-id" and "public-key" in Base64 encoded
form. This is more compact and cuts the length down by 49 characters.
* Unbreak inbound TYPE_PRNG_SEED processing.
* IAT obfuscation is now a per-bridge argument (iat-mode).
* 0 (default) = Disabled.
* 1 = Enabled, ScrambleSuit-style with bulk throughput optimizations.
* 2 = Paranoid, Each IAT write will send a length sampled from the
length distribution. (EXPENSIVE).
The "iat-mode" argument is mandatory on the Bridge lines, and as a
ServerTransportOption. Old statefiles will continue to load and use
the default value, edit it if your hat is made of tin foil.
WARNING: THIS BREAKS BACKWARD COMPATIBILITY.
This is primarily to work around bug #12930. Base16 was chosen over
unpadded Base64 because the go runtime Base64 decoder does not handle
omitting the padding.
May $deity have mercy on anyone who needs to hand-enter an obfs4 bridge
line because I will not.
Golang's command line parser is slightly cumbersome to use with
subcommands, so the arguments are "obfs4-iatObufscation" and
"obfs-distBias" instead of obfsproxy style subcommands.
* Changed obfs4proxy to be more like obfsproxy in terms of design,
including being an easy framework for developing new TCP/IP style
pluggable transports.
* Added support for also acting as an obfs2/obfs3 client or bridge
as a transition measure (and because the code itself is trivial).
* Massively cleaned up the obfs4 and related code to be easier to
read, and more idiomatic Go-like in style.
* To ease deployment, obfs4proxy will now autogenerate the node-id,
curve25519 keypair, and drbg seed if none are specified, and save
them to a JSON file in the pt_state directory (Fixes Tor bug #12605).