archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Proxy: add outbound-address config

Browse source
This commit is contained in:
itchyonion 2022-12-12 13:02:25 -08:00
parent 36d5d2dd83
commit fb35e80b0a
No known key found for this signature in database
GPG key ID: 4B87B720348500EA
3 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
proxy/README.md
View file

@ -47,6 +47,8 @@ Usage of ./proxy:
the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". (default 24h0m0s)
-relay string
websocket relay URL (default "wss://snowflake.bamsoftware.com/")
-outbound-address string
bind a specific outbound address. Replace all host candidates with this address without validation.
-stun string
stun URL (default "stun:stun.l.google.com:19302")
-summary-interval duration

9
proxy/lib/snowflake.go
View file

@ -114,6 +114,8 @@ type SnowflakeProxy struct {
KeepLocalAddresses bool
// RelayURL is the URL of the Snowflake server that all traffic will be relayed to
RelayURL string
// OutboundAddress specify an IP address to use as SDP host candidate
OutboundAddress string
// Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from
EphemeralMinPort uint16
EphemeralMaxPort uint16
@ -360,6 +362,11 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
}
}
if sf.OutboundAddress != "" {
// replace SDP host candidates with the given IP without validation
// still have server reflexive candidates to fall back on
settingsEngine.SetNAT1To1IPs([]string{sf.OutboundAddress}, webrtc.ICECandidateTypeHost)
}
settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)
return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine))
@ -672,8 +679,8 @@ func (sf *SnowflakeProxy) checkNATType(config webrtc.Configuration, probeURL str
}
offer := pc.LocalDescription()
log.Printf("Offer: \n\t%s", strings.ReplaceAll(offer.SDP, "\n", "\n\t"))
sdp, err := util.SerializeSessionDescription(offer)
log.Printf("Offer: %s", sdp)
if err != nil {
log.Printf("Error encoding probe message: %s", err.Error())
return

6
proxy/main.go
View file

@ -25,6 +25,7 @@ func main() {
unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
outboundAddress := flag.String("outbound-address", "", "prefer the given address as outbound address")
allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.")
allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
@ -44,6 +45,10 @@ func main() {
os.Exit(0)
}
if *outboundAddress != "" && *keepLocalAddresses {
log.Fatal("Cannot keep local address candidates when outbound address is specified")
}
eventLogger := event.NewSnowflakeEventDispatcher()
if *ephemeralPortsRangeFlag != "" {
@ -78,6 +83,7 @@ func main() {
BrokerURL: *rawBrokerURL,
KeepLocalAddresses: *keepLocalAddresses,
RelayURL: *relayURL,
OutboundAddress: *outboundAddress,
EphemeralMinPort: ephemeralPortsRange[0],
EphemeralMaxPort: ephemeralPortsRange[1],