Dial the (Ext)ORPort with a random srcaddr in 127.0.1.0/24.

This is a hack to attempt to conserve emphemeral port numbers.
https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40198#note_2839248
https://lists.torproject.org/pipermail/anti-censorship-team/2022-September/000263.html

go.mod

@@ -22,3 +22,5 @@ require (
 	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
 	google.golang.org/protobuf v1.26.0
 )
+
+replace git.torproject.org/pluggable-transports/goptlib.git v1.1.0 => gitlab.torproject.org/dcf/goptlib v0.0.0-20220930193603-cd79bbc900ad

go.sum

 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-git.torproject.org/pluggable-transports/goptlib.git v1.1.0 h1:LMQAA8pAho+QtYrrVNimJQiINNEwcwuuD99vezD/PAo=
-git.torproject.org/pluggable-transports/goptlib.git v1.1.0/go.mod h1:YT4XMSkuEXbtqlydr9+OxqFAyspUv0Gr9qhM3B++o/Q=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
@@ -356,6 +354,8 @@ github.com/xtaci/smux v1.5.15/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+gitlab.torproject.org/dcf/goptlib v0.0.0-20220930193603-cd79bbc900ad h1:n3z4mhfahnulwrQRoKR0vJHFdxHSgztu+YVNRFJCYp8=
+gitlab.torproject.org/dcf/goptlib v0.0.0-20220930193603-cd79bbc900ad/go.mod h1:4PBMl1dg7/3vMWSoWb46eGWlrxkUyn/CAJmxhDLAlDs=
 gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 h1:4949mHh9Vj2/okk48yG8nhP6TosFWOUfSfSr502sKGE=
 gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01/go.mod h1:K3LOI4H8fa6j+7E10ViHeGEQV10304FG4j94ypmKLjY=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=

server/server.go

@@ -9,6 +9,7 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
+	"math/rand"
 	"net"
 	"net/http"
 	"os"
@@ -67,16 +68,32 @@ func proxy(local *net.TCPConn, conn net.Conn) {
 	wg.Wait()
 }
 
+// localAddr returns a random localhost IP address, suitable to be used as the
+// LocalAddr in a net.Dialer in a call to pt.DialOrWithDialer.
+//
+// The reason for using multiple source addresses when dialing the ORPort is to
+// conserve ephemeral ports:
+// https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40198
+func localAddr() net.Addr {
+	var b byte
+	for b == 0 {
+		b = byte(rand.Uint32())
+	}
+	return &net.TCPAddr{IP: net.IPv4(127, 0, 1, b)}
+}
+
 // handleConn bidirectionally connects a client snowflake connection with an ORPort.
 func handleConn(conn net.Conn) error {
 	addr := conn.RemoteAddr().String()
 	statsChannel <- addr != ""
-	or, err := pt.DialOr(&ptInfo, addr, ptMethodName)
+	or, err := pt.DialOrWithDialer(&net.Dialer{
+		LocalAddr: localAddr(),
+	}, &ptInfo, addr, ptMethodName)
 	if err != nil {
 		return fmt.Errorf("failed to connect to ORPort: %s", err)
 	}
 	defer or.Close()
-	proxy(or, conn)
+	proxy(or.(*net.TCPConn), conn)
 	return nil
 }