This is an automated email from the git hooks/post-receive script.
shelikhoo pushed a commit to branch main in repository pluggable-transports/snowflake.
commit 97dea533da7b6b3b2b1dfbffe7dca3a8350fab0b Author: Shelikhoo xiaokangwang@outlook.com AuthorDate: Wed Jun 15 13:20:58 2022 +0100
Update Relay Pattern format to include dollar sign --- common/namematcher/matcher.go | 5 +++++ common/namematcher/matcher_test.go | 26 +++++++++++++------------- proxy/lib/snowflake.go | 6 +++++- proxy/main.go | 2 +- 4 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/common/namematcher/matcher.go b/common/namematcher/matcher.go index 57f9c56..afcdbff 100644 --- a/common/namematcher/matcher.go +++ b/common/namematcher/matcher.go @@ -3,9 +3,14 @@ package namematcher import "strings"
func NewNameMatcher(rule string) NameMatcher { + rule = strings.TrimSuffix(rule, "$") return NameMatcher{suffix: strings.TrimPrefix(rule, "^"), exact: strings.HasPrefix(rule, "^")} }
+func IsValidRule(rule string) bool { + return strings.HasSuffix(rule, "$") +} + type NameMatcher struct { exact bool suffix string diff --git a/common/namematcher/matcher_test.go b/common/namematcher/matcher_test.go index 8d92614..08d089c 100644 --- a/common/namematcher/matcher_test.go +++ b/common/namematcher/matcher_test.go @@ -11,13 +11,13 @@ func TestMatchMember(t *testing.T) { expects bool }{ {matcher: "", target: "", expects: true}, - {matcher: "^snowflake.torproject.net", target: "snowflake.torproject.net", expects: true}, - {matcher: "^snowflake.torproject.net", target: "faketorproject.net", expects: false}, - {matcher: "snowflake.torproject.net", target: "faketorproject.net", expects: false}, - {matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "imaginary-01-snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false}, + {matcher: "^snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true}, + {matcher: "^snowflake.torproject.net$", target: "faketorproject.net", expects: false}, + {matcher: "snowflake.torproject.net$", target: "faketorproject.net", expects: false}, + {matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true}, + {matcher: "snowflake.torproject.net$", target: "imaginary-01-snowflake.torproject.net", expects: true}, + {matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.torproject.net", expects: true}, + {matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false}, } for _, v := range testingVector { t.Run(v.matcher+"<>"+v.target, func(t *testing.T) { @@ -36,12 +36,12 @@ func TestMatchSubset(t *testing.T) { expects bool }{ {matcher: "", target: "", expects: true}, - {matcher: "^snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "testing-snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "^testing-snowflake.torproject.net", expects: true}, - {matcher: "snowflake.torproject.net", target: "", expects: false}, + {matcher: "^snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true}, + {matcher: "snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true}, + {matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net$", expects: true}, + {matcher: "snowflake.torproject.net$", target: "testing-snowflake.torproject.net$", expects: true}, + {matcher: "snowflake.torproject.net$", target: "^testing-snowflake.torproject.net$", expects: true}, + {matcher: "snowflake.torproject.net$", target: "", expects: false}, } for _, v := range testingVector { t.Run(v.matcher+"<>"+v.target, func(t *testing.T) { diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index 2770aa4..34f8abe 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -30,7 +30,6 @@ import ( "crypto/rand" "encoding/base64" "fmt" - "git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher" "io" "io/ioutil" "log" @@ -43,6 +42,7 @@ import (
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/messages" + "git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/task" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/util" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/websocketconn" @@ -582,6 +582,10 @@ func (sf *SnowflakeProxy) Start() error { return fmt.Errorf("invalid relay url: %s", err) }
+ if !namematcher.IsValidRule(sf.RelayDomainNamePattern) { + return fmt.Errorf("invalid relay domain name pattern") + } + config = webrtc.Configuration{ ICEServers: []webrtc.ICEServer{ { diff --git a/proxy/main.go b/proxy/main.go index 63ed5c7..c42852e 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -21,7 +21,7 @@ func main() { unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed") keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates") relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL") - allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net", "a pattern to specify allowed hostname pattern for relay URL.") + allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.") allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption") NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24, "the time interval in second before NAT type is retested, 0s disables retest. Valid time units are "s", "m", "h". ")