[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [pluggable-transports/snowflake] 15/31: Add Broker Allowed Relay Pattern Indication Rejection for Proxy
This is an automated email from the git hooks/post-receive script.
shelikhoo pushed a commit to branch main
in repository pluggable-transports/snowflake.
commit b18a9431b26af8c4e3c908f6e34c2340fc4911bc
Author: Shelikhoo <xiaokangwang@xxxxxxxxxxx>
AuthorDate: Thu Apr 14 11:15:35 2022 +0100
Add Broker Allowed Relay Pattern Indication Rejection for Proxy
---
broker/broker.go | 23 ++++++++++++++++++-----
broker/ipc.go | 6 ++++--
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/broker/broker.go b/broker/broker.go
index 476bc81..8ca0120 100644
--- a/broker/broker.go
+++ b/broker/broker.go
@@ -20,6 +20,7 @@ import (
"syscall"
"time"
+ "git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/safelog"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -38,8 +39,9 @@ type BrokerContext struct {
proxyPolls chan *ProxyPoll
metrics *Metrics
- bridgeList BridgeListHolderFileBased
- allowedRelayPattern string
+ bridgeList BridgeListHolderFileBased
+ allowedRelayPattern string
+ presumedPatternForLegacyClient string
}
func (ctx *BrokerContext) GetBridgeInfo(fingerprint [20]byte) (BridgeInfo, error) {
@@ -154,14 +156,24 @@ func (ctx *BrokerContext) AddSnowflake(id string, proxyType string, natType stri
return snowflake
}
-func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader, relayPattern string) error {
+func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader, relayPattern, presumedPatternForLegacyClient string) error {
if err := ctx.bridgeList.LoadBridgeInfo(reader); err != nil {
return err
}
ctx.allowedRelayPattern = relayPattern
+ ctx.presumedPatternForLegacyClient = presumedPatternForLegacyClient
return nil
}
+func (ctx *BrokerContext) CheckProxyRelayPattern(pattern string, nonSupported bool) bool {
+ if nonSupported {
+ pattern = ctx.presumedPatternForLegacyClient
+ }
+ proxyPattern := namematcher.NewNameMatcher(pattern)
+ brokerPattern := namematcher.NewNameMatcher(ctx.allowedRelayPattern)
+ return proxyPattern.IsSupersetOf(brokerPattern)
+}
+
// Client offer contains an SDP, bridge fingerprint and the NAT type of the client
type ClientOffer struct {
natType string
@@ -176,7 +188,7 @@ func main() {
var addr string
var geoipDatabase string
var geoip6Database string
- var bridgeListFilePath, allowedRelayPattern string
+ var bridgeListFilePath, allowedRelayPattern, presumedPatternForLegacyClient string
var disableTLS bool
var certFilename, keyFilename string
var disableGeoip bool
@@ -193,6 +205,7 @@ func main() {
flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes")
flag.StringVar(&bridgeListFilePath, "bridge-list-path", "", "file path for bridgeListFile")
flag.StringVar(&allowedRelayPattern, "allowed-relay-pattern", "", "allowed pattern for relay host name")
+ flag.StringVar(&presumedPatternForLegacyClient, "default-relay-pattern", "", "presumed pattern for legacy client")
flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
flag.BoolVar(&disableGeoip, "disable-geoip", false, "don't use geoip for stats collection")
flag.StringVar(&metricsFilename, "metrics-log", "", "path to metrics logging output")
@@ -230,7 +243,7 @@ func main() {
if err != nil {
log.Fatal(err.Error())
}
- err = ctx.InstallBridgeListProfile(bridgeListFile, allowedRelayPattern)
+ err = ctx.InstallBridgeListProfile(bridgeListFile, allowedRelayPattern, presumedPatternForLegacyClient)
if err != nil {
log.Fatal(err.Error())
}
diff --git a/broker/ipc.go b/broker/ipc.go
index fbaed48..97f26ef 100644
--- a/broker/ipc.go
+++ b/broker/ipc.go
@@ -67,12 +67,14 @@ func (i *IPC) Debug(_ interface{}, response *string) error {
func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error {
sid, proxyType, natType, clients, relayPattern, relayPatternSupported, err := messages.DecodeProxyPollRequestWithRelayPrefix(arg.Body)
- _ = relayPattern
- _ = relayPatternSupported
if err != nil {
return messages.ErrBadRequest
}
+ if !i.ctx.CheckProxyRelayPattern(relayPattern, !relayPatternSupported) {
+ return fmt.Errorf("bad request: rejected relay pattern from proxy = %v", messages.ErrBadRequest)
+ }
+
// Log geoip stats
remoteIP, _, err := net.SplitHostPort(arg.RemoteAddr)
if err != nil {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits