mirror of
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
synced 2025-10-13 20:11:19 -04:00
Add a orport-srcaddr
server transport option.
The option controls what source address to use when dialing the (Ext)ORPort. Using a source address other than 127.0.0.1, or a range of addresses, can help with localhost ephemeral port exhaustion. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40198
This commit is contained in:
parent
9d72b30603
commit
0780f2e809
6 changed files with 260 additions and 11 deletions
|
@ -68,3 +68,22 @@ without having to run as root:
|
|||
```
|
||||
setcap 'cap_net_bind_service=+ep' /usr/local/bin/snowflake-server
|
||||
```
|
||||
|
||||
|
||||
# Controlling source addresses
|
||||
|
||||
Use the `orport-srcaddr` pluggable transport option to control what source addresses
|
||||
are used when connecting to the upstream Tor ExtORPort or ORPort.
|
||||
The value of the option may be a single IP address (e.g. "127.0.0.2")
|
||||
or a CIDR range (e.g. "127.0.2.0/24"). If a range is given,
|
||||
an IP address from the range is randomly chosen for each new connection.
|
||||
|
||||
Use `ServerTransportOptions` in torrc to set the option:
|
||||
```
|
||||
ServerTransportOptions snowflake orport-srcaddr=127.0.2.0/24
|
||||
```
|
||||
|
||||
Specifying a source address range other than the default 127.0.0.1
|
||||
can help with conserving localhost ephemeral ports on servers
|
||||
that receive a lot of connections:
|
||||
https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40198
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue