[tor-commits] [snowflake/main] Remove support for oneshot mode
cohosh at torproject.org
cohosh at torproject.org
Mon Feb 7 16:39:55 UTC 2022
commit c0b35076c93b19de97989eb1fd5eed74f45635db
Author: Cecylia Bocovich <cohosh at torproject.org>
Date: Wed Feb 2 19:13:03 2022 -0500
Remove support for oneshot mode
Due to a bug (#40098), legacy oneshot connections have not worked for
awhile. Connections without the turbotunnel token would cause the server
to crash. This fixes that bug by removing support altogether and simply
closes the connection.
---
server/lib/http.go | 28 ++++------------------------
server/lib/snowflake.go | 2 +-
2 files changed, 5 insertions(+), 25 deletions(-)
diff --git a/server/lib/http.go b/server/lib/http.go
index 5f214a1..0aba81e 100644
--- a/server/lib/http.go
+++ b/server/lib/http.go
@@ -48,23 +48,10 @@ var upgrader = websocket.Upgrader{
// attached to the WebSocket connection and every session.
var clientIDAddrMap = newClientIDMap(clientIDAddrMapCapacity)
-// overrideReadConn is a net.Conn with an overridden Read method. Compare to
-// recordingConn at
-// https://dave.cheney.net/2015/05/22/struct-composition-with-go.
-type overrideReadConn struct {
- net.Conn
- io.Reader
-}
-
-func (conn *overrideReadConn) Read(p []byte) (int, error) {
- return conn.Reader.Read(p)
-}
-
type httpHandler struct {
// pconn is the adapter layer between stream-oriented WebSocket
// connections and the packet-oriented KCP layer.
pconn *turbotunnel.QueuePacketConn
- ln *SnowflakeListener
}
func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -99,10 +86,10 @@ func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
default:
// We didn't find a matching token, which means that we are
// dealing with a client that doesn't know about such things.
- // "Unread" the token by constructing a new Reader and pass it
- // to the old one-session-per-WebSocket mode.
- conn2 := &overrideReadConn{Conn: conn, Reader: io.MultiReader(bytes.NewReader(token[:]), conn)}
- err = oneshotMode(conn2, addr, handler.ln)
+ // Close the conn as we no longer support the old
+ // one-session-per-WebSocket mode.
+ log.Println("Received unsupported oneshot connection")
+ return
}
if err != nil {
log.Println(err)
@@ -110,13 +97,6 @@ func (handler *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}
-// oneshotMode handles clients that did not send turbotunnel.Token at the start
-// of their stream. These clients use the WebSocket as a raw pipe, and expect
-// their session to begin and end when this single WebSocket does.
-func oneshotMode(conn net.Conn, addr net.Addr, ln *SnowflakeListener) error {
- return ln.queueConn(&SnowflakeClientConn{Conn: conn, address: addr})
-}
-
// turbotunnelMode handles clients that sent turbotunnel.Token at the start of
// their stream. These clients expect to send and receive encapsulated packets,
// with a long-lived session identified by ClientID.
diff --git a/server/lib/snowflake.go b/server/lib/snowflake.go
index 31b6a20..a1051e0 100644
--- a/server/lib/snowflake.go
+++ b/server/lib/snowflake.go
@@ -279,7 +279,7 @@ func (l *SnowflakeListener) queueConn(conn net.Conn) error {
}
}
-// SnowflakeClientConn is a wrapper for the underlying oneshot or turbotunnel
+// SnowflakeClientConn is a wrapper for the underlying turbotunnel
// conn. We need to reference our client address map to determine the
// remote address
type SnowflakeClientConn struct {
More information about the tor-commits
mailing list