enginenetx: use DNS to figure out the bridge address #2704
Assignees
Labels
Comments
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 15, 2024
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 15, 2024
This diff refactors the code generating tactics to mix bridge and DNS tactics, such that we avoid trying all bridge tactics before falling back to DNS tactics. In the event in which the bridge is IP or endpoint blocked, this change makes sure we try using DNS tactics earlier, and, if the DNS is working, this means a faster bootstrap. Based on testing, where I replaced the bridge address with 10.0.0.1, we try DNS tactics after 8 seconds. After the first run, if the DNS tactics are working, we would immediately use them before bridge tactics, since we store information about tactics inside the $OONI_HOME/engine dir. Part of ooni/probe#2704.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 17, 2024
This diff introduces a test case for `bridgesPolicy` where we count after how many policies we observe a DNS-generated policy. This test has been crucial to investigate ooni/probe#2704. Based on this test we can conclude the following: 1. if the bridge IP address gets blocked or stops working, we're still falling back to using the DNS; 2. however, the current algorithm does that in a too-slow fashion. Additionally, I manually verified that we're actually falling back to the DNS and that it really takes a long time by changing the implementation to use `10.0.0.1` as the bridge address and verifying that the code behaves as expected (though the "expected" behavior here is not nice at all and we should improve upon that). While there, fix naming and comments.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 17, 2024
…1556) This diff extends the enginenetx package to add algorithms to filter, mix, and stream tactics. We will use this algorithms to simplify the implementation and make it more composable. This work is part of ooni/probe#2704.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 17, 2024
This diff refactors enginenetx to assign InitialDelay only when dialing. It is pointless to do that before. Also, take advantage of algorithms introduced by #1556 to make the code more compact. Part of ooni/probe#2704.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Apr 17, 2024
We need deterministic+random mixing of HTTPS dial tactics to ensure that we prioritize some tactics coming from the DNS before attempting all the previous tactics, which would make the bootstrap super slow. Part of ooni/probe#2704.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
May 9, 2024
As mentioned in #1552 (comment), we want to split the generation of tactics and the mixing of tactics, such that it's easier to compose the desired overall policy. Part of ooni/probe#2704. --------- Co-authored-by: Arturo Filastò <arturo@filasto.net>
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
May 9, 2024
This implements the changes requested in #1552. We rearrange the chains such that the DNS has priority and extended policies come after it. Part of ooni/probe#2704. --------- Co-authored-by: Arturo Filastò <arturo@filasto.net>
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
May 9, 2024
In #1592 and previous pull requests, I replaced the policies that embedded mixing logic with neutral policies and external mixing logic, which enabled me to implement what was requested in the #1552 pull request review. Now, with this pull request, I am cleaning up, by removing the policies that we were previously using. Work part of ooni/probe#2704. --------- Co-authored-by: Arturo Filastò <arturo@filasto.net>
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
May 10, 2024
This diff addresses a bug observed on the wild where a slow DNS causes several tactics to be ready concurrently. If we want several tactics to be ready concurrently, we should arrange for that, and for now BTW that's not the case. Part of ooni/probe#2704.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
May 10, 2024
Previously, the code was computing the zero time when we started resolving. However, I have observed in the wild that, if the DNS lookup time is high, we're going to have several ready tactics. We did not previously see this bug because we gave priority to bridges and stats tactics, hence we always had some ready tactics from the get go. This PR is part of settling the dust after the changes requested in the #1552 review. The related tracking issue is ooni/probe#2704. --------- Co-authored-by: Arturo Filastò <arturo@filasto.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The core issue is that the bridge strategy we're currently implementing calls for hard coding the default bridge IP address inside the tree. This hard coding was meant as an interim strategy. We originally wanted to deploy additional bridges.
However, robustness would be even bigger if we can re-add some DNS back into the mix. This would allow us to have a way to be resilient in case we're forced to change the whole set of IP addresses that we're using.
It would also be useful to improve the overall documentation about the bridge strategy, at least as far as its implementation inside the ooni/probe-cli tree is concerned. We should probably do something similar to what we did with the "mini ooni run v2" prototype and have a document inside probe-cli.
The text was updated successfully, but these errors were encountered: