Add a orport-srcaddr server transport option.

The option controls what source address to use when dialing the (Ext)ORPort. Using a source address other than 127.0.0.1, or a range of addresses, can help with localhost ephemeral port exhaustion. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40198
2025-10-13 11:11:30 -04:00 · 2022-11-15 23:42:21 -07:00 · 2022-11-15 23:42:21 -07:00 · 0780f2e809
commit 0780f2e809
parent 9d72b30603
6 changed files with 260 additions and 11 deletions
--- a/server/randaddr.go
+++ b/server/randaddr.go
@ -0,0 +1,41 @@
+package main
+
+import (
+	"crypto/rand"
+	"fmt"
+	"net"
+)
+
+// randIPAddr generates a random IP address within the network represented by
+// ipnet.
+func randIPAddr(ipnet *net.IPNet) (net.IP, error) {
+	if len(ipnet.IP) != len(ipnet.Mask) {
+		return nil, fmt.Errorf("IP and mask have unequal lengths (%v and %v)", len(ipnet.IP), len(ipnet.Mask))
+	}
+	ip := make(net.IP, len(ipnet.IP))
+	_, err := rand.Read(ip)
+	if err != nil {
+		return nil, err
+	}
+	for i := 0; i < len(ipnet.IP); i++ {
+		ip[i] = (ipnet.IP[i] & ipnet.Mask[i]) | (ip[i] & ^ipnet.Mask[i])
+	}
+	return ip, nil
+}
+
+// parseIPCIDR parses a CIDR-notation IP address and prefix length; or if that
+// fails, as a plain IP address (with the prefix length equal to the address
+// length).
+func parseIPCIDR(s string) (*net.IPNet, error) {
+	_, ipnet, err := net.ParseCIDR(s)
+	if err == nil {
+		return ipnet, nil
+	}
+	// IP/mask failed; try just IP now, but remember err, to return it in
+	// case that fails too.
+	ip := net.ParseIP(s)
+	if ip != nil {
+		return &net.IPNet{IP: ip, Mask: net.CIDRMask(len(ip)*8, len(ip)*8)}, nil
+	}
+	return nil, err
+}