archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Relay URL Check in Snowflake Proxy

Browse source
This commit is contained in:
Shelikhoo 2022-04-13 16:20:52 +01:00
parent 02c6f764c9
commit b09a2e09b3
No known key found for this signature in database
GPG key ID: C4D5E79D22B25316
2 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
proxy/lib/snowflake.go
View file

@ -119,6 +119,7 @@ type SnowflakeProxy struct {
// There is no look ahead assertion when matching domain name suffix,
// thus the string prepend the suffix does not need to be empty or ends with a dot.
RelayDomainNamePattern string
AllowNonTLSRelay bool
// NATProbeURL is the URL of the probe service we use for NAT checks
NATProbeURL string
// NATTypeMeasurementInterval is time before NAT type is retested
@ -496,7 +497,13 @@ func (sf *SnowflakeProxy) runSession(sid string) {
return
}
matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
if relayURL != "" && !matcher.IsMember(relayURL) {
parsedRelayURL, err := url.Parse(relayURL)
if err != nil {
log.Printf("bad offer from broker: bad Relay URL %v", err.Error())
tokens.ret()
return
}
if relayURL != "" && (!matcher.IsMember(parsedRelayURL.Hostname()) || (!sf.AllowNonTLSRelay && parsedRelayURL.Scheme != "wss")) {
log.Printf("bad offer from broker: rejected Relay URL")
tokens.ret()
return