-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snowflake simulation fails to dial OR port #3278
Comments
Ah, I think this issue is due to a recent change in Snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/9edaee65470a1483bbdbe984e5e15a885f1e95d2 I'm going to take a closer look at those changes, and whether we even need more support for this. |
There seems to be nothing about /* Security levels - as per NRL IPv6 - don't actually do anything */
#define SO_SECURITY_AUTHENTICATION 22
#define SO_SECURITY_ENCRYPTION_TRANSPORT 23
#define SO_SECURITY_ENCRYPTION_NETWORK 24 But I think this Edit: Oops, a few seconds too late :) |
You're right, it is sockErr = syscall.SetsockoptInt(int(fd), unix.SOL_IP, unix.IP_BIND_ADDRESS_NO_PORT, 1) |
Thanks for finding that link. The link also says:
which means support for
I'm not super clear about this. It sounds like it's just saying that if snowflake doesn't use Supporting |
They shouldn't, no. And I don't think we're going to have trouble with running out of ports for the size of the simulations we're doing. I kind of suspect we don't actually need this socket option to do what it's supposed to do, we might just need it to not return an error. I'm going to poke at it a bit and see if I can find out where this |
On the Shadow side, it's probably coming from shadow/src/main/host/descriptor/socket/inet/legacy_tcp.rs Lines 1248 to 1251 in 47bde40
|
Sure enough, just preventing the error makes everything run without issue. I left in a comment about implementing it as a TODO but honestly I don't think we'll ever need it. |
I might have been mistaken about this. I don't think the problem occurs from running out of ports, but rather that the process that uses |
Describe the issue
The Snowflake server failed to dial the OR port with the following log messages:
A look at the shadow logs suggests the following warnings might be related (they occur the same number of times as the OR dialing failures):
Looking at my system's
sys/socket.h
file (and related files), I've tracked down the level asSOL_IP
. I had a harder time tracking down the option but eventually found it:Here's the full shadow logs (at log level info):
shadow.log
This was working for me before, so I'm guessing it's something to do with the newest version of Go.
To Reproduce
Run the minimal snowflake shadow experiment on Debian unstable: https://github.com/cohosh/shadow-snowflake-minimal
Note: this uses Snowflake without Tor
Operating System (please complete the following information):
Debian GNU/Linux trixie/sid
Linux 6.6.9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.9-1 (2024-01-01) x86_64 GNU/Linux
go1.21.5
Shadow (please complete the following information):
v3.1.0
snowflake, tgen
Additional context
The text was updated successfully, but these errors were encountered: