archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Proxy: add outbound-address config

Browse source
This commit is contained in:
itchyonion 2022-12-12 13:02:25 -08:00
parent 36d5d2dd83
commit fb35e80b0a
No known key found for this signature in database
GPG key ID: 4B87B720348500EA
3 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
proxy/README.md
View file

@ -47,6 +47,8 @@ Usage of ./proxy:
the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". (default 24h0m0s) the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". (default 24h0m0s)
-relay string -relay string
websocket relay URL (default "wss://snowflake.bamsoftware.com/") websocket relay URL (default "wss://snowflake.bamsoftware.com/")
-outbound-address string
bind a specific outbound address. Replace all host candidates with this address without validation.
-stun string -stun string
stun URL (default "stun:stun.l.google.com:19302") stun URL (default "stun:stun.l.google.com:19302")
-summary-interval duration -summary-interval duration

9
proxy/lib/snowflake.go
View file

@ -114,6 +114,8 @@ type SnowflakeProxy struct {
KeepLocalAddresses bool KeepLocalAddresses bool
// RelayURL is the URL of the Snowflake server that all traffic will be relayed to // RelayURL is the URL of the Snowflake server that all traffic will be relayed to
RelayURL string RelayURL string
// OutboundAddress specify an IP address to use as SDP host candidate
OutboundAddress string
// Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from // Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from
EphemeralMinPort uint16 EphemeralMinPort uint16
EphemeralMaxPort uint16 EphemeralMaxPort uint16
@ -360,6 +362,11 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
} }
} }
if sf.OutboundAddress != "" {
// replace SDP host candidates with the given IP without validation
// still have server reflexive candidates to fall back on
settingsEngine.SetNAT1To1IPs([]string{sf.OutboundAddress}, webrtc.ICECandidateTypeHost)
}
settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)
return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine)) return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine))
@ -672,8 +679,8 @@ func (sf *SnowflakeProxy) checkNATType(config webrtc.Configuration, probeURL str
} }
offer := pc.LocalDescription() offer := pc.LocalDescription()
log.Printf("Offer: \n\t%s", strings.ReplaceAll(offer.SDP, "\n", "\n\t"))
sdp, err := util.SerializeSessionDescription(offer) sdp, err := util.SerializeSessionDescription(offer)
log.Printf("Offer: %s", sdp)
if err != nil { if err != nil {
log.Printf("Error encoding probe message: %s", err.Error()) log.Printf("Error encoding probe message: %s", err.Error())
return return

6
proxy/main.go
View file

@ -25,6 +25,7 @@ func main() {
unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed") unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates") keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL") relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
outboundAddress := flag.String("outbound-address", "", "prefer the given address as outbound address")
allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.") allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.")
allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption") allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24, NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
@ -44,6 +45,10 @@ func main() {
os.Exit(0) os.Exit(0)
} }
if *outboundAddress != "" && *keepLocalAddresses {
log.Fatal("Cannot keep local address candidates when outbound address is specified")
}
eventLogger := event.NewSnowflakeEventDispatcher() eventLogger := event.NewSnowflakeEventDispatcher()
if *ephemeralPortsRangeFlag != "" { if *ephemeralPortsRangeFlag != "" {
@ -78,6 +83,7 @@ func main() {
BrokerURL: *rawBrokerURL, BrokerURL: *rawBrokerURL,
KeepLocalAddresses: *keepLocalAddresses, KeepLocalAddresses: *keepLocalAddresses,
RelayURL: *relayURL, RelayURL: *relayURL,
OutboundAddress: *outboundAddress,
EphemeralMinPort: ephemeralPortsRange[0], EphemeralMinPort: ephemeralPortsRange[0],
EphemeralMaxPort: ephemeralPortsRange[1], EphemeralMaxPort: ephemeralPortsRange[1],