archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 11:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Relay URL Check in Snowflake Proxy

Browse source
This commit is contained in:
Shelikhoo 2022-04-13 16:20:52 +01:00
parent 02c6f764c9
commit b09a2e09b3
No known key found for this signature in database
GPG key ID: C4D5E79D22B25316
2 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
proxy/lib/snowflake.go
View file

@ -119,6 +119,7 @@ type SnowflakeProxy struct {
// There is no look ahead assertion when matching domain name suffix,
// thus the string prepend the suffix does not need to be empty or ends with a dot.
RelayDomainNamePattern string
AllowNonTLSRelay bool
// NATProbeURL is the URL of the probe service we use for NAT checks
NATProbeURL string
// NATTypeMeasurementInterval is time before NAT type is retested
@ -496,7 +497,13 @@ func (sf *SnowflakeProxy) runSession(sid string) {
return
}
matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
if relayURL != "" && !matcher.IsMember(relayURL) {
parsedRelayURL, err := url.Parse(relayURL)
if err != nil {
log.Printf("bad offer from broker: bad Relay URL %v", err.Error())
tokens.ret()
return
}
if relayURL != "" && (!matcher.IsMember(parsedRelayURL.Hostname()) || (!sf.AllowNonTLSRelay && parsedRelayURL.Scheme != "wss")) {
log.Printf("bad offer from broker: rejected Relay URL")
tokens.ret()
return

5
proxy/main.go
View file

@ -21,6 +21,8 @@ func main() {
unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "", "a pattern to specify allowed hostname pattern for relay URL.")
allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
"the time interval in second before NAT type is retested, 0s disables retest. Valid time units are \"s\", \"m\", \"h\". ")
SummaryInterval := flag.Duration("summary-interval", time.Hour,
@ -40,6 +42,9 @@ func main() {
NATTypeMeasurementInterval: *NATTypeMeasurementInterval,
EventDispatcher: eventLogger,
RelayDomainNamePattern: *allowedRelayHostNamePattern,
AllowNonTLSRelay: *allowNonTLSRelay,
}
var logOutput io.Writer = os.Stderr