archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-14 14:11:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
1253 commits 18 branches 42 tags 3.8 MiB
Commit graph

82 commits

Author SHA1 Message Date
David Fifield
ee4e0aa160 Trivial doc update: we do report the USERADDR now. 2018-03-05 15:27:27 -08:00
David Fifield
58556dc07b Keep track of clientAddr in statsChannel. 2017-10-17 22:19:43 -07:00
David Fifield
4697746120 Actually call clientAddr. 2017-10-17 22:19:23 -07:00
David Fifield
d9e8f8f647 Log once a day how many connections had client_ip. 
This is a sanity check against any catastrophic failure of our parsing
code.
 2017-10-17 22:12:21 -07:00
David Fifield
c84e1a2e03 Add a dummy port number to USERADDR. 
Current versions of tor accept USERADDR with or without a port number,
but future versions may become more strict and require the port number.
https://bugs.torproject.org/23080
 2017-10-17 22:12:21 -07:00
David Fifield
83f8712078 Factor out a function to extract the client IP address. 2017-10-17 22:12:21 -07:00
David Fifield
9e5eb7f5ee Pass the incoming client_ip into the ExtORPort. 2017-10-14 15:06:36 -04:00
David Fifield
db2251345d Close the log file in server. 2017-07-16 15:03:56 -07:00
David Fifield
a936fc7e9b README and documentation for server. 2017-01-21 14:53:51 -08:00
David Fifield
1f8be86a01 Add a DirCache for certificates under TOR_PT_STATE_LOCATION. 
This way, we don't lose state of certificates every time the process is
restarted. There's a possibility, otherwise, that if you have to restart
the server rapidly, you might run into Let's Encrypt rate limits and be
unable to create a cert for a while.
https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage
 2017-01-21 14:23:15 -08:00
David Fifield
b0826304a4 Make certManager a pointer and only set it when !disableTLS. 2017-01-21 14:01:43 -08:00
David Fifield
1b1fb37afe Add "hostname" args to the bridge descriptor as well. 2017-01-20 19:17:08 -08:00
David Fifield
80acfbd8d8 Explain more in usage. 2017-01-20 19:17:08 -08:00
David Fifield
b86bbd748d Add --acme-email option. 2017-01-20 19:17:08 -08:00
David Fifield
61310600c3 Automatically fetch certificates from Let's Encrypt. 
This removes the --tls-cert and --tls-keys options and replaces them
with --acme-hostname and (optional) --acme-email. It uses
https://godoc.org/golang.org/x/crypto/acme/autocert, which is kind of a
successor to https://godoc.org/rsc.io/letsencrypt.

The autocert package only works when the listener runs on port 443. For
that reason, if TOR_PT_SERVER_BINDADDR asks for a port other than 443,
the program will open an *additional* listening port on 443. If there is
an error opening the listener, it is reported through an SMETHOD-ERROR
for the requested address.

The inspiration for this code came from George Tankersley's patch for
meek-server:
https://bugs.torproject.org/18655#comment:8
https://github.com/gtank/meek/tree/letsencrypt
 2017-01-20 19:17:08 -08:00
David Fifield
af70d49e96 Add a log messages when failing to open a listener. 2017-01-20 17:56:52 -08:00
David Fifield
42cdd53077 continue, not break, after SmethodError. 
This was a bug added in 8378f85952 when
this code was moved out of a switch.
 2017-01-20 15:22:11 -08:00
David Fifield
8378f85952 Remove a level of indentation in server. 2017-01-20 10:19:25 -08:00
David Fifield
d8411816c4 Include "tls=no" or "tls=yes" in the bridge descriptor. 
Might make this controlled by ServerTransportOptions instead of the
--disable-tls command line option.
 2017-01-20 10:13:39 -08:00
David Fifield
aa204af6b1 Make log messages more uniform. 2017-01-20 09:43:33 -08:00
David Fifield
21e27d3b3c Use log.Fatalf instead of log.Printf + os.Exit in server. 2017-01-20 09:39:53 -08:00
David Fifield
11f3bbe3c2 go fmt in server. 2017-01-19 16:42:29 -08:00
David Fifield
15963688c2 Remove support for the base64 WebSocket subprotocol. 
This was only needed for very very old Firefox before WebSockets were
properly standardized.
 2017-01-18 20:00:59 -08:00
David Fifield
3e78251715 Remove the --port option from WebSocket server. 
Recommend ServerTransportListenAddr in torrc instead.
 2017-01-18 19:33:07 -08:00
David Fifield
2a9126a158 Simplify signal handling in WebSocket server. 
pt-spec no longer talks about SIGINT.
 2017-01-18 19:24:02 -08:00
David Fifield
57f72ab4ff Remove unused logFile variable. 2017-01-18 19:20:30 -08:00
Arlo Breault
5cd2a226aa Enable tls websockets on the server 
* Code lifted from meek-server
 2016-12-19 16:07:02 -08:00
David Fifield
57c0724491 Use 192.81.135.242:9902 as the default relay. 
This is the relay that reports using the transport name "snowflake".
https://bugs.torproject.org/18627
 2016-03-27 12:49:20 -07:00
David Fifield
346f316038 Use "ExtORPort auto" in documentation. 2016-03-26 15:34:27 -07:00
David Fifield
a269053ac2 Make Snowflake-specific changes to the websocket server. 
Change the transport name to "snowflake" and don't report the remote
client address to the ExtORPort.
 2016-03-26 15:25:06 -07:00
David Fifield
cfca47674e Build the websocket-server. 
Patch server.go to refer to out-of-tree websocket library.
 2016-03-26 15:24:56 -07:00
David Fifield
e53705519e Add a copy of websocket-server in the server directory. 
From commit ea3ee6b5cf035a9465c02b4a2b38882c9c6a7050 in
https://git.torproject.org/pluggable-transports/websocket.git
 2016-03-26 15:24:56 -07:00