This is an automated email from the git hooks/post-receive script.
meskio pushed a commit to branch main in repository pluggable-transports/snowflake.
commit 47f9392645da2018bdd96fd603c6378e641a1f30 Author: KokaKiwi kokakiwi+git@kokakiwi.net AuthorDate: Fri Sep 30 17:52:07 2022 +0200
proxy: Add ICE ephemeral ports range setting CLI flag --- proxy/lib/snowflake.go | 7 +++++++ proxy/main.go | 22 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index f2828bf..cd942f0 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -114,6 +114,9 @@ type SnowflakeProxy struct { KeepLocalAddresses bool // RelayURL is the URL of the Snowflake server that all traffic will be relayed to RelayURL string + // Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from + EphemeralMinPort uint16 + EphemeralMaxPort uint16 // RelayDomainNamePattern is the pattern specify allowed domain name for relay // If the pattern starts with ^ then an exact match is required. // The rest of pattern is the suffix of domain name. @@ -350,6 +353,10 @@ func (d dataChannelHandlerWithRelayURL) datachannelHandler(conn *webRTCConn, rem func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API { settingsEngine := webrtc.SettingEngine{}
+ if sf.EphemeralMinPort != 0 && sf.EphemeralMaxPort != 0 { + settingsEngine.SetEphemeralUDPPortRange(sf.EphemeralMinPort, sf.EphemeralMaxPort) + } + settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)
return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine)) diff --git a/proxy/main.go b/proxy/main.go index 563b3de..e187559 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -2,13 +2,15 @@ package main
import ( "flag" - "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" "io" "io/ioutil" "log" "os" + "strconv" + "strings" "time"
+ "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog" sf "git.torproject.org/pluggable-transports/snowflake.git/v2/proxy/lib" ) @@ -28,6 +30,7 @@ func main() { SummaryInterval := flag.Duration("summary-interval", time.Hour, "the time interval to output summary, 0s disables summaries. Valid time units are "s", "m", "h". ") verboseLogging := flag.Bool("verbose", false, "increase log verbosity") + ephemeralPortsRange := flag.String("ephemeral-ports-range", "", "UDP ephemeral ports range")
flag.Parse()
@@ -47,6 +50,23 @@ func main() { AllowNonTLSRelay: *allowNonTLSRelay, }
+ ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRange, ":") + if len(ephemeralPortsRangeParts) == 2 { + ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16) + if err == nil { + proxy.EphemeralMinPort = uint16(ephemeralMinPort) + } else { + log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[0], err) + } + + ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16) + if err == nil { + proxy.EphemeralMaxPort = uint16(ephemeralMaxPort) + } else { + log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[1], err) + } + } + var logOutput io.Writer = os.Stderr var eventlogOutput io.Writer = os.Stderr log.SetFlags(log.LstdFlags | log.LUTC)