Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

obfs4 Transport stateDir handling #132

Open
jmwample opened this issue Jun 14, 2022 · 4 comments
Open

obfs4 Transport stateDir handling #132

jmwample opened this issue Jun 14, 2022 · 4 comments

Comments

@jmwample
Copy link
Member

jmwample commented Jun 14, 2022

Typical obfs4 usage relies on a state directory on the server to store parsed configuration options and generated bridge parameters.
However, our deployment violates several assumptions of the typical obfs4 model:

  • we do not need to distribute the configuration to clients as it is dynamically generated based on shared secret information
  • many (potentially short lived) server processes will run using independent key material.

Because of this, neither of the files generated by obfs4.ServerFactory (called in the wrapping transport code here) are really of use. And we may actually need to consider what path we pass for StateDir as we do not want cause collisions based on a shared state directory path allowing one session to use another sessions cert / key information.

@jmwample
Copy link
Member Author

We could in theory use the obfs4ServerFactory directly and do the generation steps done by obfs4.ServerFactory without the statedir ourselves, but for now that struct is not exposed.

@jmwample
Copy link
Member Author

#130 adds a temporary fix that creates an ioutil.tempdir for each obfs4 session ensuring separation of state. However this is probably not a good long-term fix as file descriptor limitations might cause issues, also we probably don't need any of the files to begin with.

@jmwample
Copy link
Member Author

Temporary fix described above was moved to #135. Leaving this issue open for a more permanent solution - likely involving a fork of / patch to the obfs4 library.

@jmwample
Copy link
Member Author

jmwample commented Jan 13, 2023

Added a pass on implementing a more permanent fix (and an upstream PR) where empty statedir string results in no files being parsed or created.
Yawning/obfs4#35
https://gitlab.com/yawning/obfs4/-/merge_requests/11

https://github.com/jmwample/obfs4/tree/jmwample/stateless

We could just use this for now with a replace in the go mod. It is a pretty simple change and I am not sure it is going to be accepted upstream anyways.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant