This is an automated email from the git hooks/post-receive script. itchyonion pushed a commit to branch main in repository pluggable-transports/snowflake. The following commit(s) were added to refs/heads/main by this push: new 9ce1de4 Use Pion's Setting Engine to reduce Multicast DNS noise 9ce1de4 is described below commit 9ce1de4eee4e23c918c7c5e96666ff5c6ddc654e Author: Tommaso Gragnato <gragnato.tommaso@icloud.com> AuthorDate: Sun Aug 14 14:34:57 2022 +0200 Use Pion's Setting Engine to reduce Multicast DNS noise https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... The purpose of the patch is to prevent Pion from opening the mDNS port, thus preventing snowflake from directly leaking .local candidates. What this doesn't prevent is the resolution of .local candidates once they are passed on to the system DNS. --- client/lib/webrtc.go | 6 +++++- proxy/lib/snowflake.go | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/client/lib/webrtc.go b/client/lib/webrtc.go index d5264a9..01990e0 100644 --- a/client/lib/webrtc.go +++ b/client/lib/webrtc.go @@ -10,6 +10,7 @@ import ( "time" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/event" + "github.com/pion/ice/v2" "github.com/pion/webrtc/v3" ) @@ -189,7 +190,10 @@ func (c *WebRTCPeer) connect(config *webrtc.Configuration, broker *BrokerChannel // after ICE candidate gathering is complete.. func (c *WebRTCPeer) preparePeerConnection(config *webrtc.Configuration) error { var err error - c.pc, err = webrtc.NewPeerConnection(*config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + c.pc, err = api.NewPeerConnection(*config) if err != nil { log.Printf("NewPeerConnection ERROR: %s", err) return err diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index 34f8abe..f9bcddb 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -47,6 +47,7 @@ import ( "git.torproject.org/pluggable-transports/snowflake.git/v2/common/util" "git.torproject.org/pluggable-transports/snowflake.git/v2/common/websocketconn" "github.com/gorilla/websocket" + "github.com/pion/ice/v2" "github.com/pion/webrtc/v3" ) @@ -355,7 +356,10 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip dataChan chan struct{}, handler func(conn *webRTCConn, remoteAddr net.Addr)) (*webrtc.PeerConnection, error) { - pc, err := webrtc.NewPeerConnection(config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) } @@ -442,7 +446,10 @@ func (sf *SnowflakeProxy) makePeerConnectionFromOffer(sdp *webrtc.SessionDescrip func (sf *SnowflakeProxy) makeNewPeerConnection(config webrtc.Configuration, dataChan chan struct{}) (*webrtc.PeerConnection, error) { - pc, err := webrtc.NewPeerConnection(config) + s := webrtc.SettingEngine{} + s.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled) + api := webrtc.NewAPI(webrtc.WithSettingEngine(s)) + pc, err := api.NewPeerConnection(config) if err != nil { return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) } -- To stop receiving notification emails like this one, please contact the administrator of this repository.