OONI Probe CLI v3.21.0
bassosimone
Simone Basso
This is a stable release. On a high-level, this is what changed since 3.19:
- β¨ π π§ Web Connectivity LTE improvements
- β¨ π π§ Web Connectivity Test Helper improvements
- π TorSf experiment: fixed data quality issue
- β¨ Add the
./script/go.bashscript to help development - π§ OONI Run v2: more flexible Engine<->App interface
- β¨ Adding Wikimedia DNS-over-HTTPS resolver
- π§ Removing the run experiment
- π§ Improve SummaryKeys management
- π§ Updating dependencies
- π§ Minor Miscellaneous Maintenance
- π Minor Miscellaneous Bug Fixes
More in detail:
β¨ π π§ Web Connectivity LTE improvements
We made sure that Web Connectivity LTE handles internationalized domain names correctly:
- fix(webconnectivitylte): make IDNA WAI by @bassosimone in #1460
We improved Web Connectivity LTE to correctly handle malformed URLs:
- fix(webconnectivitylte): handle malformed redirect URLs by @bassosimone in #1480
We ensured that we correctly handle measurements containing loopback addresses:
- fix(webconnectivitylte): handle measurements with loopback addrs by @bassosimone in #1462
We fixed a bug where Web Connectivity LTE was not correctly counting bytes sent and received:
- fix(webconnectivitylte): count bytes sent and received by @bassosimone in #1488
We ensured that Web Connectivity LTE correctly handle cases of websites with missing A/AAAA addresses:
- fix(webconnectivitylte): handle domains w/o A/AAAA records by @bassosimone in #1473
We fixed a bug where Web Connectivity LTE was not including the network events:
- fix(webconnectivitylte): include network events by @bassosimone in #1503
We updated Web Connectivity LTE's "classic" analysis engine to generate the extended blocking flags, such that it is now possible to always use the "classic" engine. In practical term, this implied improving the minipipeline package and making sure the "classic" engine, which already generates v0.4-compatible tests keys, could also generate the test keys that were previously generated by the "orig" engine. After this change, we removed the now-unneded "orig" analysis engine.
- refactor(webconnectivitylte): make analysis flags public by @bassosimone in #1447
- refactor(minipipeline): allow avoiding linear analysis by @bassosimone in #1448
- feat(minipipeline): add DNSLookupSuccessWithBogonAddresses by @bassosimone in #1449
- chore(minipipeline): increase code coverage by @bassosimone in #1450
- feat(minipipeline): add ControlFinalResponseExpectations by @bassosimone in #1451
- feat(minipipeline): add ControlFinalResponseExpectations (2/2) by @bassosimone in #1452
- feat(minipipeline): add DNS and HTTP unexplained failures by @bassosimone in #1453
- feat(webconnectivitylte): classic computes XBlockingFlags by @bassosimone in #1446
- feat(webconnectivitylte): classic supports XNullNullFlags by @bassosimone in #1454
- cleanup(webconnectivitylte): remove the orig engine by @bassosimone in #1455
- cleanup(webconnectivitytle): avoid code duplication by @bassosimone in #1456
- feat(webconnectivitylte): handle ghost DNS censorship by @bassosimone in #1457
- feat(webconnectivitylte): add more tests and comments by @bassosimone in #1458
- minipipeline: fix expected TCP & TLS failures by @bassosimone in #1459
We added more test Web Connectivity LTE and minipipeline test cases:
- chore(minipipeline): add http://firefox.com test case by @bassosimone in #1470
- feat(webconnectivitylte): add Cloudflare CAPTCHA test cases by @bassosimone in #1476
- chore(webconnectivityqa): reproduce ooni/probe#2628 issue by @bassosimone in #1479
- minipipeline: fix computing HTTPResponseBodyIsTruncated by @bassosimone in #1481
- chore(webconnectivitylte): add large file test cases by @bassosimone in #1475
- chore(minipipeline): add test case for ooni/probe#2456 by @bassosimone in #1461
- chore(minipipeline): regenerate test cases by @bassosimone in #1469
We improved Web Connectivity LTE to correctly handle more blocking=null accessible=null cases:
- chore(minipipeline): add data to understand ooni/probe#1511 by @bassosimone in #1471
- fix(minipipeline): handle IP-addr URLs in classic linear analysis by @bassosimone in #1472
We improved (and modified) the implementation of StreamAllContext and moved it inside the netxlite package:
- BREAKING CHANGE: feat: move StreamAllContext to netxlite by @bassosimone in #1490
We implemented support for SummaryKeys in Web Connectivity LTE:
- feat(webconnectivitylte): wire-in SummaryKeys by @bassosimone in #1493
We factored Web Connectivity LTE algorithms into the webconnectivityalgo package and added support for cycling through several DNS-over-UDP resolvers, thus implementing a feature request demanded by users in the SEA region:
- refactor: move webconnectivitylte algos to webconnectivityalgo by @bassosimone in #1496
- feat(webconnectivityalgo): test OpportunisticDNSOverHTTPSURLProvider by @bassosimone in #1497
- feat(webconnectivityalgo): test DNSWhoamiService by @bassosimone in #1498
- fix(DNSWhoamiService): implement cache expiration by @bassosimone in #1499
- feat(webconnectivitylte): use random DNS-over-UDP resolver by @bassosimone in #1500
We did work to reduce to ~zero the churn caused by regenerating minipipeline test cases, after we realized the non-determinism in generating the test cases was going to cause too many large and ~hard-to-review properly diffs:
- fix(qatool): reduce generated test cases churn by @bassosimone in #1505
- fix(webconnectivitylte): never sort test keys by @bassosimone in #1506
- fix(webconnectivitylte): use scope for endpoint IDs by @bassosimone in #1507
- fix(webconnectivitylte): don't use a DoH URL provider singleton by @bassosimone in #1508
- fix(minipipeline): sort A before AAAA by @bassosimone in #1509
- fix(qatool): normalize test keys by @bassosimone in #1510
- fix(qatool): make Date header constant by @bassosimone in #1511
- fix(qatool): do not save large response bodies on disk by @bassosimone in #1512
- fix(webconnectivitylte): add 10k*i scope to all IDs by @bassosimone in #1513
- cleanup(netemx): simplify idna and large-file test cases by @bassosimone in #1514
- fix(qatool): remove remaining causes of churn by @bassosimone in #1515
We ensured that Web Connectivity LTE correctly includes the client_resolver field:
- fix(webconnectivitylte): include client_resolver by @bassosimone in #1504
We ensured that Web Connectivity LTE correctly uses the tcptls_experiment tag when needed:
- fix(webconnectivitylte): add classic and tcptls_experiment tags by @bassosimone in #1502
We implemented additional, misc changes to improve the codebase
- refactor(webconnectivitylte): use NewHTTPTransportWithOptions by @bassosimone in #1494
- doc(webconnectivitylte): clarify http_transaction_{start,end} semantics by @bassosimone in #1495
β¨ π π§ Web Connectivity Test Helper improvements
We implemented protection against oohelperd overload, which can be caused by synchronized clients:
- β¨ feat(oohelperd): protect against overload and add metrics by @bassosimone in #1442
We implemented logs and tests to make sure oohelperd does not try connecting to bogons:
- π fix(oohelperd): make sure endpoints don't connect to 127.0.0.1 by @bassosimone in #1463
We removed technical debt in the oohelperd, which was making GVisor-based integration tests tricky. Specifically, we ensured we have a single constructor for oohelperd and that such a constructor depends on a *netxlite.Netx. In turn, this allowed us to use the exact same constructor for running oohelperd in production and in integration testing, thus allowing for less fragile integration testing.
- π fix(oohelperd,netemx): construct equivalent HTTPTransports by @bassosimone in #1464
- π§ cleanup(netxlite): remove first-order implicit-Netx wrappers by @bassosimone in #1465
- π§ refactor(oohelperd): depend on netxlite.Netx only by @bassosimone in #1466
- π§ refactor(oohelperd,netmx): reduce construction diff to zero by @bassosimone in #1467
- π§ refactor(netemx,oohelperd): use oohelperd.NewHandler constructor by @bassosimone in #1468
We modified how we deploy oohelperd. We're now using a docker build.
- oohelperd: move prometheus metrics behind HTTP basic auth + docker image build + codepipeline buildspec by @hellais in #1520
π TorSf experiment: fixed data quality issue
We fixed a data quality issue (ooni/probe#2692) that was causing all torsf runs to fail:
- fix(torsf): disable integration tests by @bassosimone in #1525
- fix(torsf): update domain fronting by @bassosimone in #1531
β¨ Add the ./script/go.bash script to help development
Following a community request, we implemented the ./script/go.bash script to allow anyone to build ooniprobe and other tools implemented by this repository using the correct version of Go. This works as long as the user has go >= 1.15 installed.
- chore(buildtool): support go1.18+ by @bassosimone in #1483
- feat(buildtool): add the gofixpath subcommand by @bassosimone in #1484
- feat(buildtool): introduce script/go.bash wrapper by @bassosimone in #1485
- feat(Makefile): use ./script/go.bash by @bassosimone in #1482
- doc(Readme.md): mention ./script/go.bash by @bassosimone in #1486
- fix(script/go.bash): support Ubuntu 22.04 LTS and Debian 11 by @bassosimone in #1487
- fix(pkg/gobash/version.go): validate zip files content by @bassosimone in #1521
- doc(gobash.yml): explain what to do during releases by @bassosimone in #1523
π§ OONI Run v2: more flexible Engine<->App interface
We refactored the interface between the OONI Engine and mobile apps, such that we provide more control over the request sent and the responses received to the mobile apps. In turn, this allows to evolve OONI Run v2 faster.
- feat(oonimkall): add generic HTTP transaction support by @bassosimone in #1526
β¨ Adding Wikimedia DNS-over-HTTPS resolver
Since this release, we use Wikimedia's DNS-over-HTTPS resolver as one of the candidates DNS resolvers used when communicating with the OONI backend or when we are performing other control-plane operations (i.e., finding out the probe IP).
- feat(engineresolver): add wikimedia DNS by @bassosimone in #1489
π§ Removing the run experiment
The run experiment has never been documented and had only been used to write some research papers. As such, we felt comfortable with removing this experiment when its implementation was preventing refactoring SummaryKeys.
- cleanup(all): remove the run experiment by @bassosimone in #1492
π§ Improve SummaryKeys management
We realized that our SummaryKeys implementation was very fragile, so we refactored it to improve robustness:
- refactor(all): improve SummaryKeys management by @bassosimone in #1491
π§ Updating dependencies
The following pull requests updated dependencies used by ooniprobe:
- chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #1441
- chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #1443
- chore: use latest zlib version published (1.3.1) by @ainghazal in #1477
- chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @dependabot in #1519
- chore: upgrade C dependencies by @bassosimone in #1524
- chore: update oohttp and oocrypto by @bassosimone in #1527
- chore: prepare release 3.21.0 by @bassosimone in #1528
- chore: upgrade dependencies (1/N) by @bassosimone in #1530
- chore: update psiphon by @bassosimone in #1522
π§ Minor Miscellaneous Maintenance
The following pull requests contain minor, miscellaneous maintenance-related changes:
- chore: we're now hacking on v3.21.0-alpha by @bassosimone in #1439
- doc(Readme.md): add link to miniooni by @bassosimone in #1478
π Minor Miscellaneous Bug Fixes
The following pull requests contain minor, miscellaneous bug fixes:
- fix(dnsping): make output more actionable by @bassosimone in #1444
- fix(libtor): prevent concurrent instances by @bassosimone in #1445
- fix(tlsmiddlebox): if RemoteAddr is IPv6 set IPV6_UNICAST_HOPS by @Lanius-collaris in #1517
- fix(CDEPS/tor): allow compiling under ArchLinux by @bassosimone in #1501
- fix(gardener): avoid issues caused by stale databases by @bassosimone in #1516
