archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove support for oneshot mode

Browse source 
Due to a bug (#40098), legacy oneshot connections have not worked for
awhile. Connections without the turbotunnel token would cause the server
to crash. This fixes that bug by removing support altogether and simply
closes the connection.
This commit is contained in:
Cecylia Bocovich 2022-02-02 19:13:03 -05:00
parent 00e8415d8e
commit c0b35076c9
No known key found for this signature in database
GPG key ID: 009DE379FD9B7B90
2 changed files with 5 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

28
server/lib/http.go
View file

@ -48,23 +48,10 @@ var upgrader = websocket.Upgrader{
// attached to the WebSocket connection and every session.
var clientIDAddrMap = newClientIDMap(clientIDAddrMapCapacity)
// overrideReadConn is a net.Conn with an overridden Read method. Compare to
// recordingConn at
// https://dave.cheney.net/2015/05/22/struct-composition-with-go.
type overrideReadConn struct {
net.Conn
io.Reader
}
func (conn *overrideReadConn) Read(p []byte) (int, error) {
return conn.Reader.Read(p)
}
type httpHandler struct {
// pconn is the adapter layer between stream-oriented WebSocket
// connections and the packet-oriented KCP layer.
pconn *turbotunnel.QueuePacketConn
ln *SnowflakeListener
}
func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@ -99,10 +86,10 @@ func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
default:
// We didn't find a matching token, which means that we are
// dealing with a client that doesn't know about such things.
// "Unread" the token by constructing a new Reader and pass it
// to the old one-session-per-WebSocket mode.
conn2 := &overrideReadConn{Conn: conn, Reader: io.MultiReader(bytes.NewReader(token[:]), conn)}
err = oneshotMode(conn2, addr, handler.ln)
// Close the conn as we no longer support the old
// one-session-per-WebSocket mode.
log.Println("Received unsupported oneshot connection")
return
}
if err != nil {
log.Println(err)
@ -110,13 +97,6 @@ func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}
// oneshotMode handles clients that did not send turbotunnel.Token at the start
// of their stream. These clients use the WebSocket as a raw pipe, and expect
// their session to begin and end when this single WebSocket does.
func oneshotMode(conn net.Conn, addr net.Addr, ln *SnowflakeListener) error {
return ln.queueConn(&SnowflakeClientConn{Conn: conn, address: addr})
}
// turbotunnelMode handles clients that sent turbotunnel.Token at the start of
// their stream. These clients expect to send and receive encapsulated packets,
// with a long-lived session identified by ClientID.

2
server/lib/snowflake.go
View file

@ -279,7 +279,7 @@ func (l *SnowflakeListener) queueConn(conn net.Conn) error {
}
}
// SnowflakeClientConn is a wrapper for the underlying oneshot or turbotunnel
// SnowflakeClientConn is a wrapper for the underlying turbotunnel
// conn. We need to reference our client address map to determine the
// remote address
type SnowflakeClientConn struct {