Proxy: add outbound-address config

3 files changed, 16 insertions, 1 deletions

diff --git a/proxy/README.md b/proxy/README.md
index f7efaec..e26ef62 100644
--- a/proxy/README.md
+++ b/proxy/README.md
@@ -47,6 +47,8 @@ Usage of ./proxy:
         the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h".  (default 24h0m0s)
   -relay string
         websocket relay URL (default "wss://snowflake.bamsoftware.com/")
+  -outbound-address string
+        bind a specific outbound address. Replace all host candidates with this address without validation. 
   -stun string
         stun URL (default "stun:stun.l.google.com:19302")
   -summary-interval duration
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index fd9df88..9616132 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -114,6 +114,8 @@ type SnowflakeProxy struct {
 	KeepLocalAddresses bool
 	// RelayURL is the URL of the Snowflake server that all traffic will be relayed to
 	RelayURL string
+	// OutboundAddress specify an IP address to use as SDP host candidate
+	OutboundAddress string
 	// Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from
 	EphemeralMinPort uint16
 	EphemeralMaxPort uint16
@@ -360,6 +362,11 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
 		}
 	}
 
+	if sf.OutboundAddress != "" {
+		// replace SDP host candidates with the given IP without validation
+		// still have server reflexive candidates to fall back on
+		settingsEngine.SetNAT1To1IPs([]string{sf.OutboundAddress}, webrtc.ICECandidateTypeHost)
+	}
 	settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)
 
 	return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine))
@@ -672,8 +679,8 @@ func (sf *SnowflakeProxy) checkNATType(config webrtc.Configuration, probeURL str
 	}
 
 	offer := pc.LocalDescription()
+	log.Printf("Offer: \n\t%s", strings.ReplaceAll(offer.SDP, "\n", "\n\t"))
 	sdp, err := util.SerializeSessionDescription(offer)
-	log.Printf("Offer: %s", sdp)
 	if err != nil {
 		log.Printf("Error encoding probe message: %s", err.Error())
 		return
diff --git a/proxy/main.go b/proxy/main.go
index d470f38..500b36a 100644
--- a/proxy/main.go
+++ b/proxy/main.go
@@ -25,6 +25,7 @@ func main() {
 	unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
 	keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
 	relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
+	outboundAddress := flag.String("outbound-address", "", "prefer the given address as outbound address")
 	allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.")
 	allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
 	NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
@@ -44,6 +45,10 @@ func main() {
 		os.Exit(0)
 	}
 
+	if *outboundAddress != "" && *keepLocalAddresses {
+		log.Fatal("Cannot keep local address candidates when outbound address is specified")
+	}
+
 	eventLogger := event.NewSnowflakeEventDispatcher()
 
 	if *ephemeralPortsRangeFlag != "" {
@@ -78,6 +83,7 @@ func main() {
 		BrokerURL:          *rawBrokerURL,
 		KeepLocalAddresses: *keepLocalAddresses,
 		RelayURL:           *relayURL,
+		OutboundAddress:    *outboundAddress,
 		EphemeralMinPort:   ephemeralPortsRange[0],
 		EphemeralMaxPort:   ephemeralPortsRange[1],