proxy: Add ICE ephemeral ports range setting CLI flag

2025-10-13 20:11:19 -04:00 · 2022-09-30 17:52:07 +02:00 · 2022-09-30 17:52:07 +02:00 · 47f9392645
commit 47f9392645
parent 5e564f36ff
2 changed files with 28 additions and 1 deletions
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@ -114,6 +114,9 @@ type SnowflakeProxy struct {
 	KeepLocalAddresses bool
 	// RelayURL is the URL of the Snowflake server that all traffic will be relayed to
 	RelayURL string
+	// Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from
+	EphemeralMinPort uint16
+	EphemeralMaxPort uint16
 	// RelayDomainNamePattern is the pattern specify allowed domain name for relay
 	// If the pattern starts with ^ then an exact match is required.
 	// The rest of pattern is the suffix of domain name.
@ -350,6 +353,10 @@ func (d dataChannelHandlerWithRelayURL) datachannelHandler(conn *webRTCConn, rem
 func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
 	settingsEngine := webrtc.SettingEngine{}

+	if sf.EphemeralMinPort != 0 && sf.EphemeralMaxPort != 0 {
+		settingsEngine.SetEphemeralUDPPortRange(sf.EphemeralMinPort, sf.EphemeralMaxPort)
+	}
+
 	settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)

 	return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine))
--- a/proxy/main.go
+++ b/proxy/main.go
@ -2,13 +2,15 @@ package main

 import (
 	"flag"
-	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
+	"strconv"
+	"strings"
 	"time"

+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog"
 	sf "git.torproject.org/pluggable-transports/snowflake.git/v2/proxy/lib"
 )
@ -28,6 +30,7 @@ func main() {
 	SummaryInterval := flag.Duration("summary-interval", time.Hour,
 		"the time interval to output summary, 0s disables summaries. Valid time units are \"s\", \"m\", \"h\". ")
 	verboseLogging := flag.Bool("verbose", false, "increase log verbosity")
+	ephemeralPortsRange := flag.String("ephemeral-ports-range", "", "UDP ephemeral ports range")

 	flag.Parse()

@ -47,6 +50,23 @@ func main() {
 		AllowNonTLSRelay:       *allowNonTLSRelay,
 	}

+	ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRange, ":")
+	if len(ephemeralPortsRangeParts) == 2 {
+		ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16)
+		if err == nil {
+			proxy.EphemeralMinPort = uint16(ephemeralMinPort)
+		} else {
+			log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[0], err)
+		}
+
+		ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16)
+		if err == nil {
+			proxy.EphemeralMaxPort = uint16(ephemeralMaxPort)
+		} else {
+			log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[1], err)
+		}
+	}
+
 	var logOutput io.Writer = os.Stderr
 	var eventlogOutput io.Writer = os.Stderr
 	log.SetFlags(log.LstdFlags | log.LUTC)