diff options
author | itchyonion <itchyonion@torproject.org> | 2022-12-12 13:02:25 -0800 |
---|---|---|
committer | itchyonion <itchyonion@torproject.org> | 2023-03-14 12:42:59 -0700 |
commit | fb35e80b0a9c2b85cbd8fbee502519df396fea74 (patch) | |
tree | 109e764e8de7e0b303dcb62c166f728cd5d02e3b | |
parent | 36d5d2dd83fcad4d3a05f6f6472d96da4759d794 (diff) | |
download | snowflake-fb35e80b0a9c2b85cbd8fbee502519df396fea74.tar.gz snowflake-fb35e80b0a9c2b85cbd8fbee502519df396fea74.zip |
Proxy: add outbound-address config
-rw-r--r-- | proxy/README.md | 2 | ||||
-rw-r--r-- | proxy/lib/snowflake.go | 9 | ||||
-rw-r--r-- | proxy/main.go | 6 |
3 files changed, 16 insertions, 1 deletions
diff --git a/proxy/README.md b/proxy/README.md index f7efaec..e26ef62 100644 --- a/proxy/README.md +++ b/proxy/README.md @@ -47,6 +47,8 @@ Usage of ./proxy: the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". (default 24h0m0s) -relay string websocket relay URL (default "wss://snowflake.bamsoftware.com/") + -outbound-address string + bind a specific outbound address. Replace all host candidates with this address without validation. -stun string stun URL (default "stun:stun.l.google.com:19302") -summary-interval duration diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index fd9df88..9616132 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -114,6 +114,8 @@ type SnowflakeProxy struct { KeepLocalAddresses bool // RelayURL is the URL of the Snowflake server that all traffic will be relayed to RelayURL string + // OutboundAddress specify an IP address to use as SDP host candidate + OutboundAddress string // Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from EphemeralMinPort uint16 EphemeralMaxPort uint16 @@ -360,6 +362,11 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API { } } + if sf.OutboundAddress != "" { + // replace SDP host candidates with the given IP without validation + // still have server reflexive candidates to fall back on + settingsEngine.SetNAT1To1IPs([]string{sf.OutboundAddress}, webrtc.ICECandidateTypeHost) + } settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine)) @@ -672,8 +679,8 @@ func (sf *SnowflakeProxy) checkNATType(config webrtc.Configuration, probeURL str } offer := pc.LocalDescription() + log.Printf("Offer: \n\t%s", strings.ReplaceAll(offer.SDP, "\n", "\n\t")) sdp, err := util.SerializeSessionDescription(offer) - log.Printf("Offer: %s", sdp) if err != nil { log.Printf("Error encoding probe message: %s", err.Error()) return diff --git a/proxy/main.go b/proxy/main.go index d470f38..500b36a 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -25,6 +25,7 @@ func main() { unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed") keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates") relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL") + outboundAddress := flag.String("outbound-address", "", "prefer the given address as outbound address") allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.") allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption") NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24, @@ -44,6 +45,10 @@ func main() { os.Exit(0) } + if *outboundAddress != "" && *keepLocalAddresses { + log.Fatal("Cannot keep local address candidates when outbound address is specified") + } + eventLogger := event.NewSnowflakeEventDispatcher() if *ephemeralPortsRangeFlag != "" { @@ -78,6 +83,7 @@ func main() { BrokerURL: *rawBrokerURL, KeepLocalAddresses: *keepLocalAddresses, RelayURL: *relayURL, + OutboundAddress: *outboundAddress, EphemeralMinPort: ephemeralPortsRange[0], EphemeralMaxPort: ephemeralPortsRange[1], |