Startseite Erkunden Hilfe
Anmelden
oid
/
snowflake
Mirror von https://git.torproject.org/pluggable-transports/snowflake.git/
Beobachten 1
Favorit hinzufügen 0
Fork 0
Dateien Issues 0 Wiki
Branch: main
Branches Tags
snowflake
/
proxy
/
main.go

main.go 8.4 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"flag"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io"
    7. 

  7. 	"log"
    8. 

  8. 	"net"
    9. 

  9. 	"os"
    10. 

  10. 	"strconv"
    11. 

  11. 	"strings"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"gitlab.torproject.org/tpo/anti-censorship/geoip"
    15. 

  15. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil/safelog"
    16. 

  16. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/event"
    17. 

  17. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/version"
    18. 

  18. 	sf "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/proxy/lib"
    19. 

  19. )
    20. 

  20. 

  21. const minPollInterval = 2 * time.Second
    22. 

  22. 

  23. func main() {
    24. 

  24. 	pollInterval := flag.Duration("poll-interval", sf.DefaultPollInterval,
    25. 

  25. 		fmt.Sprint("how often to ask the broker for a new client. Keep in mind that asking for a client will not always result in getting one. Minumum value is ", minPollInterval, ". Valid time units are \"ms\", \"s\", \"m\", \"h\"."))
    26. 

  26. 	capacity := flag.Uint("capacity", 0, "maximum concurrent clients (default is to accept an unlimited number of clients)")
    27. 

  27. 	stunURL := flag.String("stun", sf.DefaultSTUNURL, "Comma-separated STUN server `URL`s that this proxy will use will use to, among some other things, determine its public IP address")
    28. 

  28. 	logFilename := flag.String("log", "", "log `filename`. If not specified, logs will be output to stderr (console).")
    29. 

  29. 	rawBrokerURL := flag.String("broker", sf.DefaultBrokerURL, "The `URL` of the broker server that the proxy will be using to find clients")
    30. 

  30. 	unsafeLogging := flag.Bool("unsafe-logging", false, "keep IP addresses and other sensitive info in the logs")
    31. 

  31. 	logLocalTime := flag.Bool("log-local-time", false, "Use local time for logging (default: UTC)")
    32. 

  32. 	keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates.\nThis is usually pointless because Snowflake clients don't usually reside on the same local network as the proxy.")
    33. 

  33. 	defaultRelayURL := flag.String("relay", sf.DefaultRelayURL, "The default `URL` of the server (relay) that this proxy will forward client connections to, in case the broker itself did not specify the said URL")
    34. 

  34. 	probeURL := flag.String("nat-probe-server", sf.DefaultNATProbeURL, "The `URL` of the server that this proxy will use to check its network NAT type.\nDetermining NAT type helps to understand whether this proxy is compatible with certain clients' NAT")
    35. 

  35. 	outboundAddress := flag.String("outbound-address", "", "prefer the given `address` as outbound address for client connections")
    36. 

  36. 	allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "this proxy will only be allowed to forward client connections to relays (servers) whose URL matches this pattern.\nNote that a pattern \"example.com$\" will match \"subdomain.example.com\" as well as \"other-domain-example.com\".\nIn order to only match \"example.com\", prefix the pattern with \"^\": \"^example.com$\"")
    37. 

  37. 	allowProxyingToPrivateAddresses := flag.Bool("allow-proxying-to-private-addresses", false, "allow forwarding client connections to private IP addresses.\nUseful when a Snowflake server (relay) is hosted on the same private network as this proxy.")
    38. 

  38. 	allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow this proxy to pass client's data to the relay in an unencrypted form.\nThis is only useful if the relay doesn't support encryption, e.g. for testing / development purposes.")
    39. 

  39. 	NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
    40. 

  40. 		"the time interval between NAT type is retests (see \"nat-probe-server\"). 0s disables retest. Valid time units are \"s\", \"m\", \"h\".")
    41. 

  41. 	summaryInterval := flag.Duration("summary-interval", time.Hour,
    42. 

  42. 		"the time interval between summary log outputs, 0s disables summaries. Valid time units are \"s\", \"m\", \"h\".")
    43. 

  43. 	disableStatsLogger := flag.Bool("disable-stats-logger", false, "disable the exposing mechanism for stats using logs")
    44. 

  44. 	enableMetrics := flag.Bool("metrics", false, "enable the exposing mechanism for stats using metrics")
    45. 

  45. 	metricsAddress := flag.String("metrics-address", "localhost", "set listen `address` for metrics service")
    46. 

  46. 	metricsPort := flag.Int("metrics-port", 9999, "set port for the metrics service")
    47. 

  47. 	verboseLogging := flag.Bool("verbose", false, "increase log verbosity")
    48. 

  48. 	ephemeralPortsRangeFlag := flag.String("ephemeral-ports-range", "", "Set the `range` of ports used for client connections (format:\"<min>:<max>\").\nUseful in conjunction with port forwarding, in order to make the proxy NAT type \"unrestricted\".\nIf omitted, the ports will be chosen automatically from a wide range.\nWhen specifying the range, make sure it's at least 2x as wide as the amount of clients that you are hoping to serve concurrently (see the \"capacity\" flag).")
    49. 

  49. 	geoipDatabase := flag.String("geoipdb", "/usr/share/tor/geoip", "path to correctly formatted geoip database mapping IPv4 address ranges to country codes")
    50. 

  50. 	geoip6Database := flag.String("geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes")
    51. 

  51. 	versionFlag := flag.Bool("version", false, "display version info to stderr and quit")
    52. 

  52. 

  53. 	var ephemeralPortsRange []uint16 = []uint16{0, 0}
    54. 

  54. 

  55. 	flag.Parse()
    56. 

  56. 

  57. 	if *versionFlag {
    58. 

  58. 		fmt.Fprintf(os.Stderr, "snowflake-proxy %s", version.ConstructResult())
    59. 

  59. 		os.Exit(0)
    60. 

  60. 	}
    61. 

  61. 

  62. 	if *pollInterval < minPollInterval {
    63. 

  63. 		log.Fatalf("poll-interval must be >= %v", minPollInterval)
    64. 

  64. 	}
    65. 

  65. 

  66. 	if *outboundAddress != "" && *keepLocalAddresses {
    67. 

  67. 		log.Fatal("Cannot keep local address candidates when outbound address is specified")
    68. 

  68. 	}
    69. 

  69. 

  70. 	eventLogger := event.NewSnowflakeEventDispatcher()
    71. 

  71. 

  72. 	if *ephemeralPortsRangeFlag != "" {
    73. 

  73. 		ephemeralPortsRangeParts := strings.Split(*ephemeralPortsRangeFlag, ":")
    74. 

  74. 		if len(ephemeralPortsRangeParts) == 2 {
    75. 

  75. 			ephemeralMinPort, err := strconv.ParseUint(ephemeralPortsRangeParts[0], 10, 16)
    76. 

  76. 			if err != nil {
    77. 

  77. 				log.Fatal(err)
    78. 

  78. 			}
    79. 

  79. 

  80. 			ephemeralMaxPort, err := strconv.ParseUint(ephemeralPortsRangeParts[1], 10, 16)
    81. 

  81. 			if err != nil {
    82. 

  82. 				log.Fatal(err)
    83. 

  83. 			}
    84. 

  84. 

  85. 			if ephemeralMinPort == 0 || ephemeralMaxPort == 0 {
    86. 

  86. 				log.Fatal("Ephemeral port cannot be zero")
    87. 

  87. 			}
    88. 

  88. 			if ephemeralMinPort > ephemeralMaxPort {
    89. 

  89. 				log.Fatal("Invalid port range: min > max")
    90. 

  90. 			}
    91. 

  91. 

  92. 			ephemeralPortsRange = []uint16{uint16(ephemeralMinPort), uint16(ephemeralMaxPort)}
    93. 

  93. 		} else {
    94. 

  94. 			log.Fatalf("Bad range port format: %v", *ephemeralPortsRangeFlag)
    95. 

  95. 		}
    96. 

  96. 	}
    97. 

  97. 

  98. 	gip, err := geoip.New(*geoipDatabase, *geoip6Database)
    99. 

  99. 	if *enableMetrics && err != nil {
    100. 

  100. 		// The geoip DB is only used for metrics, let's only report the error if enabled
    101. 

  101. 		log.Println("Error loading geoip db for country based metrics:", err)
    102. 

  102. 	}
    103. 

  103. 

  104. 	proxy := sf.SnowflakeProxy{
    105. 

  105. 		PollInterval:       *pollInterval,
    106. 

  106. 		Capacity:           uint(*capacity),
    107. 

  107. 		STUNURL:            *stunURL,
    108. 

  108. 		BrokerURL:          *rawBrokerURL,
    109. 

  109. 		KeepLocalAddresses: *keepLocalAddresses,
    110. 

  110. 		RelayURL:           *defaultRelayURL,
    111. 

  111. 		NATProbeURL:        *probeURL,
    112. 

  112. 		OutboundAddress:    *outboundAddress,
    113. 

  113. 		EphemeralMinPort:   ephemeralPortsRange[0],
    114. 

  114. 		EphemeralMaxPort:   ephemeralPortsRange[1],
    115. 

  115. 

  116. 		NATTypeMeasurementInterval: *NATTypeMeasurementInterval,
    117. 

  117. 		EventDispatcher:            eventLogger,
    118. 

  118. 

  119. 		RelayDomainNamePattern:          *allowedRelayHostNamePattern,
    120. 

  120. 		AllowProxyingToPrivateAddresses: *allowProxyingToPrivateAddresses,
    121. 

  121. 		AllowNonTLSRelay:                *allowNonTLSRelay,
    122. 

  122. 

  123. 		SummaryInterval: *summaryInterval,
    124. 

  124. 		GeoIP:           gip,
    125. 

  125. 	}
    126. 

  126. 

  127. 	var logOutput = io.Discard
    128. 

  128. 	var eventlogOutput io.Writer = os.Stderr
    129. 

  129. 

  130. 	loggerFlags := log.LstdFlags
    131. 

  131. 

  132. 	if !*logLocalTime {
    133. 

  133. 		loggerFlags |= log.LUTC
    134. 

  134. 	}
    135. 

  135. 

  136. 	log.SetFlags(loggerFlags)
    137. 

  137. 

  138. 	if *verboseLogging {
    139. 

  139. 		logOutput = os.Stderr
    140. 

  140. 	}
    141. 

  141. 

  142. 	if *logFilename != "" {
    143. 

  143. 		f, err := os.OpenFile(*logFilename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
    144. 

  144. 		if err != nil {
    145. 

  145. 			log.Fatal(err)
    146. 

  146. 		}
    147. 

  147. 		defer f.Close()
    148. 

  148. 		if *verboseLogging {
    149. 

  149. 			logOutput = io.MultiWriter(logOutput, f)
    150. 

  150. 		}
    151. 

  151. 		eventlogOutput = io.MultiWriter(eventlogOutput, f)
    152. 

  152. 	}
    153. 

  153. 

  154. 	if *unsafeLogging {
    155. 

  155. 		log.SetOutput(logOutput)
    156. 

  156. 	} else {
    157. 

  157. 		log.SetOutput(&safelog.LogScrubber{Output: logOutput})
    158. 

  158. 	}
    159. 

  159. 

  160. 	proxyEventLogger := sf.NewProxyEventLogger(eventlogOutput, *disableStatsLogger)
    161. 

  161. 	eventLogger.AddSnowflakeEventListener(proxyEventLogger)
    162. 

  162. 

  163. 	if *enableMetrics {
    164. 

  164. 		metrics := sf.NewMetrics()
    165. 

  165. 

  166. 		err := metrics.Start(net.JoinHostPort(*metricsAddress, strconv.Itoa(*metricsPort)))
    167. 

  167. 		if err != nil {
    168. 

  168. 			log.Fatalf("could not enable metrics: %v", err)
    169. 

  169. 		}
    170. 

  170. 

  171. 		eventLogger.AddSnowflakeEventListener(sf.NewEventMetrics(metrics))
    172. 

  172. 	}
    173. 

  173. 

  174. 	log.Printf("snowflake-proxy %s\n", version.GetVersion())
    175. 

  175. 

  176. 	err = proxy.Start()
    177. 

  177. 	if err != nil {
    178. 

  178. 		log.Fatal(err)
    179. 

  179. 	}
    180. 

  180. }
    181. 

  181.