archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Broker Allowed Relay Pattern Indication Rejection for Proxy

Browse source
This commit is contained in:
Shelikhoo 2022-04-14 11:15:35 +01:00
parent 2ebdc89c42
commit b18a9431b2
No known key found for this signature in database
GPG key ID: C4D5E79D22B25316
2 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

23
broker/broker.go
View file

@ -20,6 +20,7 @@ import (
"syscall"
"time"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
@ -38,8 +39,9 @@ type BrokerContext struct {
proxyPolls chan *ProxyPoll
metrics *Metrics
bridgeList BridgeListHolderFileBased
allowedRelayPattern string
bridgeList BridgeListHolderFileBased
allowedRelayPattern string
presumedPatternForLegacyClient string
}
func (ctx *BrokerContext) GetBridgeInfo(fingerprint [20]byte) (BridgeInfo, error) {
@ -154,14 +156,24 @@ func (ctx *BrokerContext) AddSnowflake(id string, proxyType string, natType stri
return snowflake
}
func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader, relayPattern string) error {
func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader, relayPattern, presumedPatternForLegacyClient string) error {
if err := ctx.bridgeList.LoadBridgeInfo(reader); err != nil {
return err
}
ctx.allowedRelayPattern = relayPattern
ctx.presumedPatternForLegacyClient = presumedPatternForLegacyClient
return nil
}
func (ctx *BrokerContext) CheckProxyRelayPattern(pattern string, nonSupported bool) bool {
if nonSupported {
pattern = ctx.presumedPatternForLegacyClient
}
proxyPattern := namematcher.NewNameMatcher(pattern)
brokerPattern := namematcher.NewNameMatcher(ctx.allowedRelayPattern)
return proxyPattern.IsSupersetOf(brokerPattern)
}
// Client offer contains an SDP, bridge fingerprint and the NAT type of the client
type ClientOffer struct {
natType string
@ -176,7 +188,7 @@ func main() {
var addr string
var geoipDatabase string
var geoip6Database string
var bridgeListFilePath, allowedRelayPattern string
var bridgeListFilePath, allowedRelayPattern, presumedPatternForLegacyClient string
var disableTLS bool
var certFilename, keyFilename string
var disableGeoip bool
@ -193,6 +205,7 @@ func main() {
flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes")
flag.StringVar(&bridgeListFilePath, "bridge-list-path", "", "file path for bridgeListFile")
flag.StringVar(&allowedRelayPattern, "allowed-relay-pattern", "", "allowed pattern for relay host name")
flag.StringVar(&presumedPatternForLegacyClient, "default-relay-pattern", "", "presumed pattern for legacy client")
flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
flag.BoolVar(&disableGeoip, "disable-geoip", false, "don't use geoip for stats collection")
flag.StringVar(&metricsFilename, "metrics-log", "", "path to metrics logging output")
@ -230,7 +243,7 @@ func main() {
if err != nil {
log.Fatal(err.Error())
}
err = ctx.InstallBridgeListProfile(bridgeListFile, allowedRelayPattern)
err = ctx.InstallBridgeListProfile(bridgeListFile, allowedRelayPattern, presumedPatternForLegacyClient)
if err != nil {
log.Fatal(err.Error())
}