From 5e564f36ff639eae2289be5a9e937e98ab62ee75 Mon Sep 17 00:00:00 2001 From: KokaKiwi Date: Fri, 30 Sep 2022 17:51:28 +0200 Subject: [PATCH 1/3] proxy: Add a SnowflakeProxy.makeWebRTCAPI() method --- proxy/lib/snowflake.go | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index f9bcddb..f2828bf 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -347,6 +347,14 @@ func (d dataChannelHandlerWithRelayURL) datachannelHandler(conn *webRTCConn, rem d.sf.datachannelHandler(conn, remoteAddr, d.RelayURL) } +func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API { + settingsEngine := webrtc.SettingEngine{} + + settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + + return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine)) +} + // Create a PeerConnection from an SDP offer. Blocks until the gathering of ICE // candidates is complete and the answer is available in LocalDescription. // Installs an OnDataChannel callback that creates a webRTCConn and passes it to @@ -356,9 +364,7 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip dataChan chan struct{}, handler func(conn *webRTCConn, remoteAddr net.Addr)) (*webrtc.PeerConnection, error) { - s := webrtc.SettingEngine{} - s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) - api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + api := sf.makeWebRTCAPI() pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) @@ -446,9 +452,7 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip func (sf *SnowflakeProxy) makeNewPeerConnection(config webrtc.Configuration, dataChan chan struct{}) (*webrtc.PeerConnection, error) { - s := webrtc.SettingEngine{} - s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) - api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + api := sf.makeWebRTCAPI() pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) From 47f9392645da2018bdd96fd603c6378e641a1f30 Mon Sep 17 00:00:00 2001 From: KokaKiwi Date: Fri, 30 Sep 2022 17:52:07 +0200 Subject: [PATCH 2/3] proxy: Add ICE ephemeral ports range setting CLI flag --- proxy/lib/snowflake.go | 7 +++++++ proxy/main.go | 22 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index f2828bf..cd942f0 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -114,6 +114,9 @@ type SnowflakeProxy struct { KeepLocalAddresses bool // RelayURL is the URL of the Snowflake server that all traffic will be relayed to RelayURL string + // Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from + EphemeralMinPort uint16 + EphemeralMaxPort uint16 // RelayDomainNamePattern is the pattern specify allowed domain name for relay // If the pattern starts with ^ then an exact match is required. // The rest of pattern is the suffix of domain name. @@ -350,6 +353,10 @@ func (d dataChannelHandlerWithRelayURL) datachannelHandler(conn *webRTCConn, rem func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API { settingsEngine := webrtc.SettingEngine{} + if sf.EphemeralMinPort != 0 && sf.EphemeralMaxPort != 0 { + settingsEngine.SetEphemeralUDPPortRange(sf.EphemeralMinPort, sf.EphemeralMaxPort) + } + settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine)) diff --git a/proxy/main.go b/proxy/main.go index 563b3de..e187559 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -2,13 +2,15 @@ package main import ( "flag" - "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" "io" "io/ioutil" "log" "os" + "strconv" + "strings" "time" + "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog" sf "git.torproject.org/pluggable-transports/snowflake.git/v2/proxy/lib" ) @@ -28,6 +30,7 @@ func main() { SummaryInterval := flag.Duration("summary-interval", time.Hour, "the time interval to output summary, 0s disables summaries. Valid time units are \"s\", \"m\", \"h\". ") verboseLogging := flag.Bool("verbose", false, "increase log verbosity") + ephemeralPortsRange := flag.String("ephemeral-ports-range", "", "UDP ephemeral ports range") flag.Parse() @@ -47,6 +50,23 @@ func main() { AllowNonTLSRelay: *allowNonTLSRelay, } + ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRange, ":") + if len(ephemeralPortsRangeParts) == 2 { + ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16) + if err == nil { + proxy.EphemeralMinPort = uint16(ephemeralMinPort) + } else { + log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[0], err) + } + + ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16) + if err == nil { + proxy.EphemeralMaxPort = uint16(ephemeralMaxPort) + } else { + log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[1], err) + } + } + var logOutput io.Writer = os.Stderr var eventlogOutput io.Writer = os.Stderr log.SetFlags(log.LstdFlags | log.LUTC) From 068af0870370b5c1ae8690068088b2d8ed11bfa5 Mon Sep 17 00:00:00 2001 From: KokaKiwi Date: Fri, 30 Sep 2022 17:50:21 +0200 Subject: [PATCH 3/3] Change how ephemeral-ports-range CLI flag is handled --- proxy/main.go | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/proxy/main.go b/proxy/main.go index e187559..a6e6a19 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -1,7 +1,9 @@ package main import ( + "errors" "flag" + "fmt" "io" "io/ioutil" "log" @@ -30,7 +32,27 @@ func main() { SummaryInterval := flag.Duration("summary-interval", time.Hour, "the time interval to output summary, 0s disables summaries. Valid time units are \"s\", \"m\", \"h\". ") verboseLogging := flag.Bool("verbose", false, "increase log verbosity") - ephemeralPortsRange := flag.String("ephemeral-ports-range", "", "UDP ephemeral ports range") + var ephemeralPortsRange []uint16 = []uint16{0, 0} + flag.Func("ephemeral-ports-range", "ICE UDP ephemeral ports range (format: \"[min]:[max]\")", func(s string) error { + ephemeralPortsRangeParts := strings.Split(s, ":") + if len(ephemeralPortsRangeParts) == 2 { + ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16) + if err != nil { + return err + } + + ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16) + if err != nil { + return err + } + + ephemeralPortsRange = []uint16{uint16(ephemeralMinPort), uint16(ephemeralMaxPort)} + + return nil + } + + return errors.New(fmt.Sprintf("Bad range port format: %v", s)) + }) flag.Parse() @@ -42,6 +64,8 @@ func main() { BrokerURL: *rawBrokerURL, KeepLocalAddresses: *keepLocalAddresses, RelayURL: *relayURL, + EphemeralMinPort: ephemeralPortsRange[0], + EphemeralMaxPort: ephemeralPortsRange[1], NATTypeMeasurementInterval: *NATTypeMeasurementInterval, EventDispatcher: eventLogger, @@ -50,23 +74,6 @@ func main() { AllowNonTLSRelay: *allowNonTLSRelay, } - ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRange, ":") - if len(ephemeralPortsRangeParts) == 2 { - ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16) - if err == nil { - proxy.EphemeralMinPort = uint16(ephemeralMinPort) - } else { - log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[0], err) - } - - ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16) - if err == nil { - proxy.EphemeralMaxPort = uint16(ephemeralMaxPort) - } else { - log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[1], err) - } - } - var logOutput io.Writer = os.Stderr var eventlogOutput io.Writer = os.Stderr log.SetFlags(log.LstdFlags | log.LUTC)