Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
The Tor Project
Anti-censorship
Pluggable Transports
Snowflake
Commits
b09a2e09
Verified
Commit
b09a2e09
authored
Apr 13, 2022
by
shelikhoo
Browse files
Add Relay URL Check in Snowflake Proxy
parent
02c6f764
Changes
2
Hide whitespace changes
Inline
Side-by-side
proxy/lib/snowflake.go
View file @
b09a2e09
...
...
@@ -119,6 +119,7 @@ type SnowflakeProxy struct {
// There is no look ahead assertion when matching domain name suffix,
// thus the string prepend the suffix does not need to be empty or ends with a dot.
RelayDomainNamePattern
string
AllowNonTLSRelay
bool
// NATProbeURL is the URL of the probe service we use for NAT checks
NATProbeURL
string
// NATTypeMeasurementInterval is time before NAT type is retested
...
...
@@ -496,7 +497,13 @@ func (sf *SnowflakeProxy) runSession(sid string) {
return
}
matcher
:=
namematcher
.
NewNameMatcher
(
sf
.
RelayDomainNamePattern
)
if
relayURL
!=
""
&&
!
matcher
.
IsMember
(
relayURL
)
{
parsedRelayURL
,
err
:=
url
.
Parse
(
relayURL
)
if
err
!=
nil
{
log
.
Printf
(
"bad offer from broker: bad Relay URL %v"
,
err
.
Error
())
tokens
.
ret
()
return
}
if
relayURL
!=
""
&&
(
!
matcher
.
IsMember
(
parsedRelayURL
.
Hostname
())
||
(
!
sf
.
AllowNonTLSRelay
&&
parsedRelayURL
.
Scheme
!=
"wss"
))
{
log
.
Printf
(
"bad offer from broker: rejected Relay URL"
)
tokens
.
ret
()
return
...
...
proxy/main.go
View file @
b09a2e09
...
...
@@ -21,6 +21,8 @@ func main() {
unsafeLogging
:=
flag
.
Bool
(
"unsafe-logging"
,
false
,
"prevent logs from being scrubbed"
)
keepLocalAddresses
:=
flag
.
Bool
(
"keep-local-addresses"
,
false
,
"keep local LAN address ICE candidates"
)
relayURL
:=
flag
.
String
(
"relay"
,
sf
.
DefaultRelayURL
,
"websocket relay URL"
)
allowedRelayHostNamePattern
:=
flag
.
String
(
"allowed-relay-hostname-pattern"
,
""
,
"a pattern to specify allowed hostname pattern for relay URL."
)
allowNonTLSRelay
:=
flag
.
Bool
(
"allow-non-tls-relay"
,
false
,
"allow relay without tls encryption"
)
NATTypeMeasurementInterval
:=
flag
.
Duration
(
"nat-retest-interval"
,
time
.
Hour
*
24
,
"the time interval in second before NAT type is retested, 0s disables retest. Valid time units are
\"
s
\"
,
\"
m
\"
,
\"
h
\"
. "
)
SummaryInterval
:=
flag
.
Duration
(
"summary-interval"
,
time
.
Hour
,
...
...
@@ -40,6 +42,9 @@ func main() {
NATTypeMeasurementInterval
:
*
NATTypeMeasurementInterval
,
EventDispatcher
:
eventLogger
,
RelayDomainNamePattern
:
*
allowedRelayHostNamePattern
,
AllowNonTLSRelay
:
*
allowNonTLSRelay
,
}
var
logOutput
io
.
Writer
=
os
.
Stderr
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
