archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-14 05:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
1388 commits 18 branches 42 tags 3.8 MiB
Commit graph

161 commits

Author SHA1 Message Date
David Fifield
1895bb9d2c Comment typo. 2025-01-13 08:49:15 +00:00
David Fifield
dbad475254 Finish incomplete comment for newEncapsulationPacketConn. 2024-12-12 06:40:57 +00:00
WofWca
94b6647d33
feat(client): try restricted proxy if NAT unknown 
Just once, to offload unrestricted proxies.
This is useful when our STUN servers are blocked or don't support
the NAT discovery feature, or if they're just slow.

Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40178.
Partially addresses https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40376

Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>
 2024-12-05 10:34:08 -05:00
WofWca
f6767061e4
refactor: separate some Negotiate logic 
As per https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/392#note_3096760
in preparation for further changes to `Negotiate`.
 2024-12-05 10:27:36 -05:00
WofWca
ae5bd52821
improvement: use SetIPFilter for local addrs 
Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40271.
Supersedes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/417.

This simplifies the code and (probably) removes the need for
`StripLocalAddresses`, although makes us more dependent on Pion.

Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>
 2024-11-28 10:56:40 -05:00
Shelikhoo
239357509f
update snowflake to use pion webrtc v4 2024-11-13 14:58:53 +00:00
Renovate Bot
290be512e3 chore(deps): update module github.com/pion/webrtc/v3 to v4 2024-11-11 18:45:36 +00:00
Cecylia Bocovich
0d8bd159ec
Have SnowflakeConn.Close() return errors 
Return an error if the connection was already closed. On the first
close, return an error if any of the calls inside Close() returned an
error in this order:
- smux.Stream.Close()
- pconn.Close()
- smux.Session.Close()
 2024-10-29 14:58:01 -04:00
Cecylia Bocovich
a019fdaec9
Perform SnowflakeConn.Close() logic only once 
Use synchronization to avoid a panic if SnowflakeConn.Close is called
more than once.
 2024-10-29 14:58:01 -04:00
Neel Chauhan
8792771cdc
broker and proxy must not reject client offers with no ICE candidates 
Fixes #40371. Partially reverts !141.
 2024-10-17 15:46:02 -04:00
WofWca
78f4b9dbc5 test(client): add test for BrokerChannel 2024-09-08 14:50:08 +04:00
David Fifield
bb2126b7c6
Use %w, not %v, in fmt.Errorf, so errors can be unwrapped. 
https://go.dev/blog/go1.13-errors#wrapping-errors-with-w
 2024-08-21 17:00:18 -04:00
David Fifield
ee5f815f60 Cosmetic changes from dev-snowflake-udp-rebase-extradata. 
https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-snowflake-udp-rebase-extradata
commit 59b76dc68d2ee0383c2acd91cb0f44edc46af939
 2024-08-01 22:12:56 +00:00
Michael Pu
9fe2ca58a0 Switch to sqscreds param for passing in SQS credentials 2024-03-09 13:35:16 -05:00
Michael Pu
1e1f827248
Update tests 2024-03-05 12:38:33 -05:00
Michael Pu
9cd362f42d
Move SQS client ID generation to Exchange 2024-03-05 12:38:33 -05:00
am3o
acce1f1fd9
refactor: change deprecated "io/ioutil" package to recommended "io" package 2024-02-17 12:47:22 +01:00
Anthony Chang
32e864b71d
Add unit tests for SQS rendezvous in client 
Co-authored-by: Michael Pu <michael.pu@uwaterloo.ca>
 2024-01-22 13:11:03 -05:00
Anthony Chang
f3b062ddb2
Add mocks and interfaces for testing SQS rendezvous 
Co-authored-by: Michael Pu <michael.pu@uwaterloo.ca>
 2024-01-22 13:10:56 -05:00
Michael Pu
8fb17de152
Implement SQS rendezvous in client and broker 
This features adds an additional rendezvous method to send client offers
and receive proxy answers through the use of Amazon SQS queues.

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/26151
 2024-01-22 13:06:42 -05:00
David Fifield
d0529141ac Cosmetic fixes taken from !219. 
shelikhoo/dev-udp-performance-rebased branch
https://gitlab.torproject.org/shelikhoo/snowflake/-/commits/9dce28cfc2093490473432ffecd9abaab7ebdbdb
 2024-01-16 18:43:58 +00:00
David Fifield
aa06e7bef3 Merge branch 'encapsulation-readdata-buffer' 2023-11-21 03:46:46 +00:00
David Fifield
234d9cb11c Link a section in the pion/webrtc@3.0.0 release notes. 2023-11-21 01:27:09 +00:00
David Fifield
d99f31d881 Have encapsulation.ReadData return an error when the buffer is short. 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/154#note_2919109

Still ignoring the io.ErrShortBuffer at the callers, which retains
current behavior.
 2023-11-07 05:51:35 +00:00
David Fifield
001f691b47 Have encapsulation.ReadData read into a provided buffer. 
Instead of unconditionally allocating its own.
 2023-11-07 05:51:35 +00:00
Shelikhoo
5df7a06eee
Add outbound proxy configuration propagation 2023-10-24 17:47:25 +01:00
Cecylia Bocovich
9fdfb3d1b5
Randomly select front domain from comma-separated list 
This commmit changes the command-line and Bridge line arguments to take
a comma-separated list of front domains. The change is backwards
compatible with old Bridge and ClientTransportPlugin lines. At
rendezvous time, a front domain will be randomly chosen from the list.
 2023-10-05 17:51:56 -04:00
Cecylia Bocovich
b632c7d49c
Workaround for shadow in lieu of AF_NETLINK support 
For details, see https://github.com/shadow/shadow/issues/2980
 2023-08-24 16:33:22 +01:00
Cecylia Bocovich
f8eb86f24d
Append Let's Encrypt ISRG Root X1 to cert pool 
This is a workaround for older versions of android that do not trust
the Let's Encrypt root certificate.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40087
 2023-06-14 18:12:29 -04:00
meskio
82cc0f38f7
Move the development to gitlab 
Related: tpo/anti-censorship/team#86
 2023-05-31 10:01:47 +02:00
itchyonion
07b5f07452
Validate SDP offers and answers 2023-05-29 10:12:48 -07:00
itchyonion
990fcb4127
Filter out non stun: server addresses in ParseIceServers 2023-01-30 09:10:15 -08:00
itchyonion
a6a18c1a9b
Parse ICE servers with pion/ice library function 2023-01-30 09:10:15 -08:00
luciole
2c599f8827
change bandwidth type from int to int64 to prevent overflow 2022-11-21 10:33:21 -05:00
trinity-1686a
5ef5142bb0 format using go-1.19 2022-10-09 21:15:50 +02:00
Tommaso Gragnato
9ce1de4eee Use Pion's Setting Engine to reduce Multicast DNS noise 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40123

The purpose of the patch is to prevent Pion from opening the mDNS port,
thus preventing snowflake from directly leaking .local candidates.

What this doesn't prevent is the resolution of .local candidates
once they are passed on to the system DNS.
 2022-09-26 08:52:23 -07:00
itchyonion
e4c01f0595 Wrap client NAT log 2022-05-31 08:52:23 -07:00
Cecylia Bocovich
d807e9d370
Move tor-specific code outside of client library 2022-04-11 11:38:52 -04:00
Arlo Breault
b563141c6a Forward bridge fingerprint 
gitlab 28651
 2022-03-21 15:06:05 -04:00
Arlo Breault
281d917beb Stop storing version in ClientPollRequest 
This continues to asserts the known version while decoding.  The client
will only ever generate the latest version while encoding and if the
response needs to change, the impetus will be a new feature, set in the
deserialized request, which can be used as a distinguisher.
 2022-03-21 15:06:05 -04:00
Arlo Breault
bd636a1374 Introduce an unexported newBrokerChannelFromConfig 
A follow-up wants to pass in a new property from the ClientConfig but it
would be an API breaking change to NewBrokerChannel.

However, it's unclear why NewBrokerChannel is exported at all.  No other
package in the repo depends on it and the known users of the library
probably wouldn't be construct them.

While this patch was being reviewed, a new constructor was added,
NewBrokerChannelWithUTLSSettings, with effectively the same issue.
Both of those exported ones are deleted here.
 2022-03-16 16:33:24 -04:00
Arlo Breault
829cacac5f Parse ClientPollRequest version in DecodeClientPollRequest 
Instead of IPC.ClientOffers.  This makes things consistent with
EncodeClientPollRequest which adds the version while serializing.
 2022-03-16 15:43:10 -04:00
Arlo Breault
6fd0f1ae5d Rename *PollRequest methods to distinguish client/proxy 2022-03-16 15:43:10 -04:00
Shelikhoo
8d5998b744
Harmonize identifiers to uTLS 2022-03-16 09:13:29 +00:00
Shelikhoo
e3aeb5fe5b
Add line wrap to NewBrokerChannelWithUTlsSettings 2022-03-16 09:13:29 +00:00
Shelikhoo
1573502e93
Use uTLS aware broker channel constructor 2022-03-16 09:13:29 +00:00
Shelikhoo
ccfdcab8fe
Add uTLS remove SNI to snowflake client 2022-03-16 09:13:29 +00:00
Shelikhoo
9af0ad119b
Add utls imitate setting to snowflake client 2022-03-16 09:13:29 +00:00
Cecylia Bocovich
01ae5b56e8
Fix client library test 
Initialize eventsLogger for WebRTCPeer in client library test.
 2022-02-14 15:11:41 -05:00
Cecylia Bocovich
3547b284a9
Make all snowflake events LogSeverityNotice 
Let's reserve Tor error logs for more severe events that indicate
a client-side bug or absolute failure. By default, tor logs at severity
level notice (and above).
 2022-02-14 14:09:16 -05:00