[tor-commits] [pluggable-transports/snowflake] 02/04: proxy: Add ICE ephemeral ports range setting CLI flag

Tue Oct 11 16:48:03 UTC 2022

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main
in repository pluggable-transports/snowflake.

commit 47f9392645da2018bdd96fd603c6378e641a1f30
Author: KokaKiwi <kokakiwi+git at kokakiwi.net>
AuthorDate: Fri Sep 30 17:52:07 2022 +0200

    proxy: Add ICE ephemeral ports range setting CLI flag
---
 proxy/lib/snowflake.go |  7 +++++++
 proxy/main.go          | 22 +++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index f2828bf..cd942f0 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -114,6 +114,9 @@ type SnowflakeProxy struct {
 	KeepLocalAddresses bool
 	// RelayURL is the URL of the Snowflake server that all traffic will be relayed to
 	RelayURL string
+	// Ephemeral*Port limits the pool of ports that ICE UDP connections can allocate from
+	EphemeralMinPort uint16
+	EphemeralMaxPort uint16
 	// RelayDomainNamePattern is the pattern specify allowed domain name for relay
 	// If the pattern starts with ^ then an exact match is required.
 	// The rest of pattern is the suffix of domain name.
@@ -350,6 +353,10 @@ func (d dataChannelHandlerWithRelayURL) datachannelHandler(conn *webRTCConn, rem
 func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
 	settingsEngine := webrtc.SettingEngine{}
 
+	if sf.EphemeralMinPort != 0 && sf.EphemeralMaxPort != 0 {
+		settingsEngine.SetEphemeralUDPPortRange(sf.EphemeralMinPort, sf.EphemeralMaxPort)
+	}
+
 	settingsEngine.SetICEMulticastDNSMode(ice.MulticastDNSModeDisabled)
 
 	return webrtc.NewAPI(webrtc.WithSettingEngine(settingsEngine))
diff --git a/proxy/main.go b/proxy/main.go
index 563b3de..e187559 100644
--- a/proxy/main.go
+++ b/proxy/main.go
@@ -2,13 +2,15 @@ package main
 
 import (
 	"flag"
-	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
+	"strconv"
+	"strings"
 	"time"
 
+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog"
 	sf "git.torproject.org/pluggable-transports/snowflake.git/v2/proxy/lib"
 )
@@ -28,6 +30,7 @@ func main() {
 	SummaryInterval := flag.Duration("summary-interval", time.Hour,
 		"the time interval to output summary, 0s disables summaries. Valid time units are \"s\", \"m\", \"h\". ")
 	verboseLogging := flag.Bool("verbose", false, "increase log verbosity")
+	ephemeralPortsRange := flag.String("ephemeral-ports-range", "", "UDP ephemeral ports range")
 
 	flag.Parse()
 
@@ -47,6 +50,23 @@ func main() {
 		AllowNonTLSRelay:       *allowNonTLSRelay,
 	}
 
+	ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRange, ":")
+	if len(ephemeralPortsRangeParts) == 2 {
+		ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16)
+		if err == nil {
+			proxy.EphemeralMinPort = uint16(ephemeralMinPort)
+		} else {
+			log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[0], err)
+		}
+
+		ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16)
+		if err == nil {
+			proxy.EphemeralMaxPort = uint16(ephemeralMaxPort)
+		} else {
+			log.Printf("Invalid port (%v): %v", ephemeralPortsRangeParts[1], err)
+		}
+	}
+
 	var logOutput io.Writer = os.Stderr
 	var eventlogOutput io.Writer = os.Stderr
 	log.SetFlags(log.LstdFlags | log.LUTC)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
