ooni-probe-cli/internal/ptx/snowflake.go

package ptx

import (
	"context"
	"net"

	sflib "git.torproject.org/pluggable-transports/snowflake.git/client/lib"
)

// SnowflakeDialer is a dialer for snowflake. When optional fields are
// not specified, we use defaults from the snowflake repository.
type SnowflakeDialer struct {
	// BrokerURL is the optional broker URL. If not specified,
	// we will be using a sensible default value.
	BrokerURL string

	// FrontDomain is the domain to use for fronting. If not
	// specified, we will be using a sensible default.
	FrontDomain string

	// ICEAddresses contains the addresses to use for ICE. If not
	// specified, we will be using a sensible default.
	ICEAddresses []string

	// MaxSnowflakes is the maximum number of snowflakes we
	// should create per dialer. If negative or zero, we will
	// be using a sensible default.
	MaxSnowflakes int

	// newClientTransport is an optional hook for creating
	// an alternative snowflakeTransport in testing.
	newClientTransport func(brokerURL string, frontDomain string,
		iceAddresses []string, keepLocalAddresses bool,
		maxSnowflakes int) (snowflakeTransport, error)
}

// snowflakeTransport is anything that allows us to dial a snowflake
type snowflakeTransport interface {
	Dial() (net.Conn, error)
}

// DialContext establishes a connection with the given SF proxy. The context
// argument allows to interrupt this operation midway.
func (d *SnowflakeDialer) DialContext(ctx context.Context) (net.Conn, error) {
	conn, _, err := d.dialContext(ctx)
	return conn, err
}

func (d *SnowflakeDialer) dialContext(
	ctx context.Context) (net.Conn, chan interface{}, error) {
	done := make(chan interface{})
	txp, err := d.newSnowflakeClient(
		d.brokerURL(), d.frontDomain(), d.iceAddresses(),
		false, d.maxSnowflakes(),
	)
	if err != nil {
		return nil, nil, err
	}
	connch, errch := make(chan net.Conn), make(chan error, 1)
	go func() {
		defer close(done) // allow tests to synchronize with this goroutine's exit
		conn, err := txp.Dial()
		if err != nil {
			errch <- err // buffered channel
			return
		}
		select {
		case connch <- conn:
		default:
			conn.Close() // context won the race
		}
	}()
	select {
	case conn := <-connch:
		return conn, done, nil
	case err := <-errch:
		return nil, done, err
	case <-ctx.Done():
		return nil, done, ctx.Err()
	}
}

// newSnowflakeClient allows us to call a mock rather than
// the real sflib.NewSnowflakeClient.
func (d *SnowflakeDialer) newSnowflakeClient(brokerURL string, frontDomain string,
	iceAddresses []string, keepLocalAddresses bool,
	maxSnowflakes int) (snowflakeTransport, error) {
	if d.newClientTransport != nil {
		return d.newClientTransport(brokerURL, frontDomain, iceAddresses,
			keepLocalAddresses, maxSnowflakes)
	}
	return sflib.NewSnowflakeClient(
		brokerURL, frontDomain, iceAddresses,
		keepLocalAddresses, maxSnowflakes)
}

// brokerURL returns a suitable broker URL.
func (d *SnowflakeDialer) brokerURL() string {
	if d.BrokerURL != "" {
		return d.BrokerURL
	}
	return "https://snowflake-broker.torproject.net.global.prod.fastly.net/"
}

// frontDomain returns a suitable front domain.
func (d *SnowflakeDialer) frontDomain() string {
	if d.FrontDomain != "" {
		return d.FrontDomain
	}
	return "cdn.sstatic.net"
}

// iceAddresses returns suitable ICE addresses.
func (d *SnowflakeDialer) iceAddresses() []string {
	if len(d.ICEAddresses) > 0 {
		return d.ICEAddresses
	}
	return []string{
		"stun:stun.voip.blackberry.com:3478",
		"stun:stun.altar.com.pl:3478",
		"stun:stun.antisip.com:3478",
		"stun:stun.bluesip.net:3478",
		"stun:stun.dus.net:3478",
		"stun:stun.epygi.com:3478",
		"stun:stun.sonetel.com:3478",
		"stun:stun.sonetel.net:3478",
		"stun:stun.stunprotocol.org:3478",
		"stun:stun.uls.co.za:3478",
		"stun:stun.voipgate.com:3478",
		"stun:stun.voys.nl:3478",
	}
}

// maxSnowflakes returns the number of snowflakes to collect.
func (d *SnowflakeDialer) maxSnowflakes() int {
	if d.MaxSnowflakes > 0 {
		return d.MaxSnowflakes
	}
	return 3
}

// AsBridgeArgument returns the argument to be passed to
// the tor command line to declare this bridge.
func (d *SnowflakeDialer) AsBridgeArgument() string {
	return "snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72"
}

// Name returns the pluggable transport name.
func (d *SnowflakeDialer) Name() string {
	return "snowflake"
}
feat: introduce ptx package for pluggable transports dialers (#373) * feat: introduce ptx package for pluggable transports dialers Version 2 of the pluggable transports specification defines a function that's like `Dial() (net.Conn, error`). Because we use contexts as much as possible in `probe-cli`, we are wrapping such an interface into a `DialContext` func. The code for obfs4 is adapted from https://github.com/ooni/probe-cli/pull/341. The code for snowflake is significantly easier than it is in https://github.com/ooni/probe-cli/pull/341, because now Snowflake supports the PTv2 spec (thanks @cohosh!). The code for setting up a pluggable transport listener has also been adapted from https://github.com/ooni/probe-cli/pull/341. We cannot merge this code yet, because we need unit testing, yet the newly added code already seems suitable for these use cases: 1. testing by dialing and seeing whether we can dial (which is not very useful but still better than not doing it); 2. spawning tor+pluggable transports for circumvention (we need a little more hammering like we did in https://github.com/ooni/probe-cli/pull/341, which is basically https://github.com/ooni/probe/issues/1565, and then we will be able to do that, as demonstrated by the new, simple client which already allows us to use pluggable transports with tor); 3. testing by launching tor (when available) with a set of pluggable transports (which depends on https://github.com/ooni/probe-engine/issues/897 and has not been assigned an issue yet). * fix: tweaks after self code-review * feat: write quick tests for ptx/obfs4 (They run in 0.4s, so I think it's fine for them to always run.) * feat(ptx/snowflake): write unit and integration tests * feat: create a fake PTDialer The idea is that we'll use this simpler PTDialer for testing. * feat: finish writing tests for new package * Apply suggestions from code review * Update internal/ptx/dependencies_test.go Co-authored-by: Arturo Filastò <arturo@openobservatory.org> * Update internal/ptx/dependencies_test.go Co-authored-by: Arturo Filastò <arturo@openobservatory.org> * chore: use as testing bridge one that's used by tor browser The previous testing bridge used to be used by tor browser but it was subsequently removed here: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e26e91bef8bd8d04d79bdd69f087efd808bc925d See https://github.com/ooni/probe-cli/pull/373#discussion_r649820724 Co-authored-by: Arturo Filastò <arturo@openobservatory.org> 2021-06-14 10:20:54 +02:00			`package ptx`

			`import (`
			`"context"`
			`"net"`

			`sflib "git.torproject.org/pluggable-transports/snowflake.git/client/lib"`
			`)`

			`// SnowflakeDialer is a dialer for snowflake. When optional fields are`
			`// not specified, we use defaults from the snowflake repository.`
			`type SnowflakeDialer struct {`
			`// BrokerURL is the optional broker URL. If not specified,`
			`// we will be using a sensible default value.`
			`BrokerURL string`

			`// FrontDomain is the domain to use for fronting. If not`
			`// specified, we will be using a sensible default.`
			`FrontDomain string`

			`// ICEAddresses contains the addresses to use for ICE. If not`
			`// specified, we will be using a sensible default.`
			`ICEAddresses []string`

			`// MaxSnowflakes is the maximum number of snowflakes we`
			`// should create per dialer. If negative or zero, we will`
			`// be using a sensible default.`
			`MaxSnowflakes int`

			`// newClientTransport is an optional hook for creating`
			`// an alternative snowflakeTransport in testing.`
			`newClientTransport func(brokerURL string, frontDomain string,`
			`iceAddresses []string, keepLocalAddresses bool,`
			`maxSnowflakes int) (snowflakeTransport, error)`
			`}`

			`// snowflakeTransport is anything that allows us to dial a snowflake`
			`type snowflakeTransport interface {`
			`Dial() (net.Conn, error)`
			`}`

			`// DialContext establishes a connection with the given SF proxy. The context`
			`// argument allows to interrupt this operation midway.`
			`func (d *SnowflakeDialer) DialContext(ctx context.Context) (net.Conn, error) {`
			`conn, _, err := d.dialContext(ctx)`
			`return conn, err`
			`}`

			`func (d *SnowflakeDialer) dialContext(`
			`ctx context.Context) (net.Conn, chan interface{}, error) {`
			`done := make(chan interface{})`
			`txp, err := d.newSnowflakeClient(`
			`d.brokerURL(), d.frontDomain(), d.iceAddresses(),`
			`false, d.maxSnowflakes(),`
			`)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`connch, errch := make(chan net.Conn), make(chan error, 1)`
			`go func() {`
			`defer close(done) // allow tests to synchronize with this goroutine's exit`
			`conn, err := txp.Dial()`
			`if err != nil {`
			`errch <- err // buffered channel`
			`return`
			`}`
			`select {`
			`case connch <- conn:`
			`default:`
			`conn.Close() // context won the race`
			`}`
			`}()`
			`select {`
			`case conn := <-connch:`
			`return conn, done, nil`
			`case err := <-errch:`
			`return nil, done, err`
			`case <-ctx.Done():`
			`return nil, done, ctx.Err()`
			`}`
			`}`

			`// newSnowflakeClient allows us to call a mock rather than`
			`// the real sflib.NewSnowflakeClient.`
			`func (d *SnowflakeDialer) newSnowflakeClient(brokerURL string, frontDomain string,`
			`iceAddresses []string, keepLocalAddresses bool,`
			`maxSnowflakes int) (snowflakeTransport, error) {`
			`if d.newClientTransport != nil {`
			`return d.newClientTransport(brokerURL, frontDomain, iceAddresses,`
			`keepLocalAddresses, maxSnowflakes)`
			`}`
			`return sflib.NewSnowflakeClient(`
			`brokerURL, frontDomain, iceAddresses,`
			`keepLocalAddresses, maxSnowflakes)`
			`}`

			`// brokerURL returns a suitable broker URL.`
			`func (d *SnowflakeDialer) brokerURL() string {`
			`if d.BrokerURL != "" {`
			`return d.BrokerURL`
			`}`
			`return "https://snowflake-broker.torproject.net.global.prod.fastly.net/"`
			`}`

			`// frontDomain returns a suitable front domain.`
			`func (d *SnowflakeDialer) frontDomain() string {`
			`if d.FrontDomain != "" {`
			`return d.FrontDomain`
			`}`
			`return "cdn.sstatic.net"`
			`}`

			`// iceAddresses returns suitable ICE addresses.`
			`func (d *SnowflakeDialer) iceAddresses() []string {`
			`if len(d.ICEAddresses) > 0 {`
			`return d.ICEAddresses`
			`}`
			`return []string{`
			`"stun:stun.voip.blackberry.com:3478",`
			`"stun:stun.altar.com.pl:3478",`
			`"stun:stun.antisip.com:3478",`
			`"stun:stun.bluesip.net:3478",`
			`"stun:stun.dus.net:3478",`
			`"stun:stun.epygi.com:3478",`
			`"stun:stun.sonetel.com:3478",`
			`"stun:stun.sonetel.net:3478",`
			`"stun:stun.stunprotocol.org:3478",`
			`"stun:stun.uls.co.za:3478",`
			`"stun:stun.voipgate.com:3478",`
			`"stun:stun.voys.nl:3478",`
			`}`
			`}`

			`// maxSnowflakes returns the number of snowflakes to collect.`
			`func (d *SnowflakeDialer) maxSnowflakes() int {`
			`if d.MaxSnowflakes > 0 {`
			`return d.MaxSnowflakes`
			`}`
			`return 3`
			`}`

			`// AsBridgeArgument returns the argument to be passed to`
			`// the tor command line to declare this bridge.`
			`func (d *SnowflakeDialer) AsBridgeArgument() string {`
			`return "snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72"`
			`}`

			`// Name returns the pluggable transport name.`
			`func (d *SnowflakeDialer) Name() string {`
			`return "snowflake"`
			`}`