Home Explore Help
Sign In
oid
/
snowflake
mirror of https://git.torproject.org/pluggable-transports/snowflake.git/
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: main
Branches Tags
snowflake
/
broker
Neel Chauhan 8792771cdc broker and proxy must not reject client offers with no ICE candidates 1 month ago
..
README.md c1b0fdd8cf Cleaned up and reorganized READMEs 3 years ago
amp.go b512e242e8 Implement better client IP per rendezvous method tracking for clients 8 months ago
bridge-list.go ec9476e5ab Better error msg on bad fingerprint 2 months ago
bridge-list_test.go 82cc0f38f7 Move the development to gitlab 1 year ago
broker.go 71828580bb fix(broker): empty pattern if bridge-list is empty 2 months ago
http.go 8792771cdc broker and proxy must not reject client offers with no ICE candidates 1 month ago
ipc.go ec9476e5ab Better error msg on bad fingerprint 2 months ago
metrics.go f64f234eeb New ptuitl/safeprom doesn't have Rounded in the type names 4 months ago
snowflake-broker_test.go 8792771cdc broker and proxy must not reject client offers with no ICE candidates 1 month ago
snowflake-heap.go 270eb21803 Encode client-broker messages as json in HTTP body 3 years ago
sqs.go b512e242e8 Implement better client IP per rendezvous method tracking for clients 8 months ago
sqs_test.go 71828580bb fix(broker): empty pattern if bridge-list is empty 2 months ago
test_bridgeList.txt 677146c9d5 add `test_bridgeList.txt` file 3 months ago
test_geoip 171c55a9b1 Implemented geoip lookups for the snowflake broker. This heavily based off of how tor maps IP addresses to country codes, and relies on the provided ipv4 and ipv6 files. 5 years ago
test_geoip6 171c55a9b1 Implemented geoip lookups for the snowflake broker. This heavily based off of how tor maps IP addresses to country codes, and relies on the provided ipv4 and ipv6 files. 5 years ago

README.md

Table of Contents

This is the Broker component of Snowflake.

Overview

The Broker handles the rendezvous by matching Snowflake Clients with Proxies, and passing their WebRTC Session Descriptions (the "signaling" step). This allows Clients and Proxies to establish a Peer connection.

It is analogous to Flashproxy's Facilitator, but bidirectional and domain-fronted.

The Broker expects:

  • Clients to send their SDP offer in a POST request, which will then block until the Broker responds with the answer of the matched Proxy.
  • Proxies to announce themselves with a POST request, to which the Broker responds with some Client's SDP offer. The Proxy should then send a second POST request soon after containing its SDP answer, which the Broker passes back to the same Client.

Running your own

The server uses TLS by default. There is a --disable-tls option for testing purposes, but you should use TLS in production.

The server automatically fetches certificates from Let's Encrypt as needed. Use the --acme-hostnames option to tell the server what hostnames it may request certificates for. You can optionally provide a contact email address, using the --acme-email option, so that Let's Encrypt can inform you of any problems.

In order to fetch certificates automatically, the server needs to open an additional HTTP listener on port 80. On Linux, you can use the setcap program, part of libcap2, to enable the broker to bind to low-numbered ports without having to run as root:

setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker

You can control the listening broker port with the --addr option. Port 443 is the default.

You'll need to provide the URL of the custom broker to the client plugin using the --url $URL flag.