From 9ce1de4eee4e23c918c7c5e96666ff5c6ddc654e Mon Sep 17 00:00:00 2001 From: Tommaso Gragnato Date: Sun, 14 Aug 2022 14:34:57 +0200 Subject: [PATCH] Use Pion's Setting Engine to reduce Multicast DNS noise https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40123 The purpose of the patch is to prevent Pion from opening the mDNS port, thus preventing snowflake from directly leaking .local candidates. What this doesn't prevent is the resolution of .local candidates once they are passed on to the system DNS. --- client/lib/webrtc.go | 6 +++++- proxy/lib/snowflake.go | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/client/lib/webrtc.go b/client/lib/webrtc.go index d5264a9..01990e0 100644 --- a/client/lib/webrtc.go +++ b/client/lib/webrtc.go @@ -10,6 +10,7 @@ import ( "time" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" + "github.com/pion/ice/v2" "github.com/pion/webrtc/v3" ) @@ -189,7 +190,10 @@ func (c *WebRTCPeer) connect(config *webrtc.Configuration, broker *BrokerChannel // after ICE candidate gathering is complete.. func (c *WebRTCPeer) preparePeerConnection(config *webrtc.Configuration) error { var err error - c.pc, err = webrtc.NewPeerConnection(*config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + c.pc, err = api.NewPeerConnection(*config) if err != nil { log.Printf("NewPeerConnection ERROR: %s", err) return err diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index 34f8abe..f9bcddb 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -47,6 +47,7 @@ import ( "git.torproject.org/pluggable-transports/snowflake.git/v2/common/util" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/websocketconn" "github.com/gorilla/websocket" + "github.com/pion/ice/v2" "github.com/pion/webrtc/v3" ) @@ -355,7 +356,10 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip dataChan chan struct{}, handler func(conn *webRTCConn, remoteAddr net.Addr)) (*webrtc.PeerConnection, error) { - pc, err := webrtc.NewPeerConnection(config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) } @@ -442,7 +446,10 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip func (sf *SnowflakeProxy) makeNewPeerConnection(config webrtc.Configuration, dataChan chan struct{}) (*webrtc.PeerConnection, error) { - pc, err := webrtc.NewPeerConnection(config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) }