archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-14 05:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Customize reflect.go for Snowflake broker.

Browse source 
Don't need Meek-IP.
This commit is contained in:
David Fifield 2017-07-15 12:04:59 -07:00
parent a150a991d0
commit 827972e2bf
3 changed files with 13 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

18
appengine/README
View file

@ -1,7 +1,5 @@
This component runs on Google App Engine. It lies between meek-client This component runs on Google App Engine. It reflects domain-fronted
and meek-server. The App Engine component receives requests from the requests from a client to the Snowflake broker.
client and forwards them to the server, then receives responses from the
server and forwards them to the client.
You need the Go App Engine SDK in order to deploy the app. You need the Go App Engine SDK in order to deploy the app.
https://cloud.google.com/sdk/docs/#linux https://cloud.google.com/sdk/docs/#linux
@ -10,8 +8,7 @@ After unpacking, install the app-engine-go component:
To test locally, run To test locally, run
google-cloud-sdk/bin/dev_appserver.py app.yaml google-cloud-sdk/bin/dev_appserver.py app.yaml
The app will be running at http://127.0.0.1:8080/. You can test broker The app will be running at http://127.0.0.1:8080/.
forwarding function by browsing to http://127.0.0.1:8000/ip.
To deploy to App Engine, first create a new project and app. You have to To deploy to App Engine, first create a new project and app. You have to
think of a unique name (marked as "<appname>" in the commands). You only think of a unique name (marked as "<appname>" in the commands). You only
@ -23,9 +20,8 @@ log in to a Google account.
Then to deploy the project, run: Then to deploy the project, run:
google-cloud-sdk/bin/gcloud app deploy --project=<appname> google-cloud-sdk/bin/gcloud app deploy --project=<appname>
To configure meek-client to talk to the App Engine app, provide To configure the Snowflake client to talk to the App Engine app, provide
"https://<appname>.appspot.com/" as the url and "www.google.com" as the "https://<appname>.appspot.com/" as the --url option.
front domain.
UseBridges 1 UseBridges 1
Bridge meek 0.0.2.0:1 url=https://example.appspot.com/ front=www.google.com Bridge snowflake 0.0.2.0:1
ClientTransportPlugin meek exec ./meek-client --log meek-client.log ClientTransportPlugin snowflake exec ./client -url https://<appname>.appspot.com/ -front www.google.com

3
appengine/app.yaml
View file

@ -1,8 +1,5 @@
runtime: go runtime: go
api_version: go1 api_version: go1
automatic_scaling:
max_idle_instances: 2
min_pending_latency: 1000ms
handlers: handlers:
- url: /.* - url: /.*

31
appengine/reflect.go
View file

@ -1,10 +1,9 @@
// A web app for Google App Engine that proxies HTTP requests and responses to a // A web app for Google App Engine that proxies HTTP requests and responses to
// Tor relay running meek-server. // the Snowflake broker.
package reflect package reflect
import ( import (
"io" "io"
"net"
"net/http" "net/http"
"net/url" "net/url"
"time" "time"
@ -14,7 +13,7 @@ import (
) )
const ( const (
forwardURL = "https://meek.bamsoftware.com/" forwardURL = "https://snowflake-broker.bamsoftware.com/"
// A timeout of 0 means to use the App Engine default (5 seconds). // A timeout of 0 means to use the App Engine default (5 seconds).
urlFetchTimeout = 20 * time.Second urlFetchTimeout = 20 * time.Second
) )
@ -32,26 +31,14 @@ func pathJoin(a, b string) string {
return a + b return a + b
} }
// We reflect only a whitelisted set of header fields. In requests, the full // We reflect only a whitelisted set of header fields. Otherwise, we may copy
// list includes things like User-Agent and X-Appengine-Country that the Tor // headers like Transfer-Encoding that interfere with App Engine's own
// bridge doesn't need to know. In responses, there may be things like // hop-by-hop headers.
// Transfer-Encoding that interfere with App Engine's own hop-by-hop headers.
var reflectedHeaderFields = []string{ var reflectedHeaderFields = []string{
"Content-Type", "Content-Type",
"X-Session-Id", "X-Session-Id",
} }
// Get the original client IP address as a string. When using the standard
// net/http server, Request.RemoteAddr is a "host:port" string; however App
// Engine seems to use just "host". We check for both to be safe.
func getClientAddr(r *http.Request) string {
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err == nil {
return host
}
return r.RemoteAddr
}
// Make a copy of r, with the URL being changed to be relative to forwardURL, // Make a copy of r, with the URL being changed to be relative to forwardURL,
// and including only the headers in reflectedHeaderFields. // and including only the headers in reflectedHeaderFields.
func copyRequest(r *http.Request) (*http.Request, error) { func copyRequest(r *http.Request) (*http.Request, error) {
@ -74,12 +61,6 @@ func copyRequest(r *http.Request) (*http.Request, error) {
} }
} }
} }
// Set the original client IP address in a Meek-IP header. We would use
// X-Forwarded-For, but App Engine prohibits setting that header:
// https://cloud.google.com/appengine/docs/standard/go/outbound-requests#request_headers
// We could use Forwarded from RFC 7239, but other CDNs already use
// X-Forwarded-For and this way we only need one parser.
c.Header.Add("Meek-IP", getClientAddr(r))
return c, nil return c, nil
} }