archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 11:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update Relay Pattern format to include dollar sign

Browse source
This commit is contained in:
Shelikhoo 2022-06-15 13:20:58 +01:00
parent ddf72025d1
commit 97dea533da
No known key found for this signature in database
GPG key ID: C4D5E79D22B25316
4 changed files with 24 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common/namematcher/matcher.go
View file

@ -3,9 +3,14 @@ package namematcher
import "strings"
func NewNameMatcher(rule string) NameMatcher {
rule = strings.TrimSuffix(rule, "$")
return NameMatcher{suffix: strings.TrimPrefix(rule, "^"), exact: strings.HasPrefix(rule, "^")}
}
func IsValidRule(rule string) bool {
return strings.HasSuffix(rule, "$")
}
type NameMatcher struct {
exact bool
suffix string

26
common/namematcher/matcher_test.go
View file

@ -11,13 +11,13 @@ func TestMatchMember(t *testing.T) {
expects bool
}{
{matcher: "", target: "", expects: true},
{matcher: "^snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
{matcher: "^snowflake.torproject.net", target: "faketorproject.net", expects: false},
{matcher: "snowflake.torproject.net", target: "faketorproject.net", expects: false},
{matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "imaginary-01-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false},
{matcher: "^snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true},
{matcher: "^snowflake.torproject.net$", target: "faketorproject.net", expects: false},
{matcher: "snowflake.torproject.net$", target: "faketorproject.net", expects: false},
{matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net$", target: "imaginary-01-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false},
}
for _, v := range testingVector {
t.Run(v.matcher+"<>"+v.target, func(t *testing.T) {
@ -36,12 +36,12 @@ func TestMatchSubset(t *testing.T) {
expects bool
}{
{matcher: "", target: "", expects: true},
{matcher: "^snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "testing-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "^testing-snowflake.torproject.net", expects: true},
{matcher: "snowflake.torproject.net", target: "", expects: false},
{matcher: "^snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true},
{matcher: "snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true},
{matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net$", expects: true},
{matcher: "snowflake.torproject.net$", target: "testing-snowflake.torproject.net$", expects: true},
{matcher: "snowflake.torproject.net$", target: "^testing-snowflake.torproject.net$", expects: true},
{matcher: "snowflake.torproject.net$", target: "", expects: false},
}
for _, v := range testingVector {
t.Run(v.matcher+"<>"+v.target, func(t *testing.T) {

6
proxy/lib/snowflake.go
View file

@ -30,7 +30,6 @@ import (
"crypto/rand"
"encoding/base64"
"fmt"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"io"
"io/ioutil"
"log"
@ -43,6 +42,7 @@ import (
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/messages"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/task"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/util"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/websocketconn"
@ -582,6 +582,10 @@ func (sf *SnowflakeProxy) Start() error {
return fmt.Errorf("invalid relay url: %s", err)
}
if !namematcher.IsValidRule(sf.RelayDomainNamePattern) {
return fmt.Errorf("invalid relay domain name pattern")
}
config = webrtc.Configuration{
ICEServers: []webrtc.ICEServer{
{

2
proxy/main.go
View file

@ -21,7 +21,7 @@ func main() {
unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net", "a pattern to specify allowed hostname pattern for relay URL.")
allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.")
allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
"the time interval in second before NAT type is retested, 0s disables retest. Valid time units are \"s\", \"m\", \"h\". ")