ooni-probe-cli/internal/engine/geolocate/stun.go

package geolocate

import (
	"context"
	"net/http"

	"github.com/pion/stun"
)

// TODO(bassosimone): we should modify the stun code to use
// the session resolver rather than using its own.
//
// See https://github.com/ooni/probe/issues/1383.

type stunClient interface {
	Close() error
	Start(m *stun.Message, h stun.Handler) error
}

type stunConfig struct {
	Dial     func(network string, address string) (stunClient, error)
	Endpoint string
	Logger   Logger
}

func stunDialer(network string, address string) (stunClient, error) {
	return stun.Dial(network, address)
}

func stunIPLookup(ctx context.Context, config stunConfig) (string, error) {
	config.Logger.Debugf("STUNIPLookup: start using %s", config.Endpoint)
	ip, err := func() (string, error) {
		dial := config.Dial
		if dial == nil {
			dial = stunDialer
		}
		clnt, err := dial("udp", config.Endpoint)
		if err != nil {
			return DefaultProbeIP, err
		}
		defer clnt.Close()
		message := stun.MustBuild(stun.TransactionID, stun.BindingRequest)
		errch, ipch := make(chan error, 1), make(chan string, 1)
		err = clnt.Start(message, func(ev stun.Event) {
			if ev.Error != nil {
				errch <- ev.Error
				return
			}
			var xorAddr stun.XORMappedAddress
			if err := xorAddr.GetFrom(ev.Message); err != nil {
				errch <- err
				return
			}
			ipch <- xorAddr.IP.String()
		})
		if err != nil {
			return DefaultProbeIP, err
		}
		select {
		case err := <-errch:
			return DefaultProbeIP, err
		case ip := <-ipch:
			return ip, nil
		case <-ctx.Done():
			return DefaultProbeIP, ctx.Err()
		}
	}()
	if err != nil {
		config.Logger.Debugf("STUNIPLookup: failure using %s: %+v", config.Endpoint, err)
		return DefaultProbeIP, err
	}
	return ip, nil
}

func stunEkigaIPLookup(
	ctx context.Context,
	httpClient *http.Client,
	logger Logger,
	userAgent string,
) (string, error) {
	return stunIPLookup(ctx, stunConfig{
		Endpoint: "stun.ekiga.net:3478",
		Logger:   logger,
	})
}

func stunGoogleIPLookup(
	ctx context.Context,
	httpClient *http.Client,
	logger Logger,
	userAgent string,
) (string, error) {
	return stunIPLookup(ctx, stunConfig{
		Endpoint: "stun.l.google.com:19302",
		Logger:   logger,
	})
}
chore: merge probe-engine into probe-cli (#201) This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335 2021-02-02 12:05:47 +01:00			`package geolocate`

			`import (`
			`"context"`
			`"net/http"`

			`"github.com/pion/stun"`
			`)`

fix(geolocate): no proxy when discovering our IP address (#251) * fix(geolocate): no proxy when discovering our IP address The use case of --proxy is that you cannot contact the OONI backend otherwise. It is wrong, though, using the proxy when discovering our IP address. The measurement won't use the proxy anyway. Therefore, we need to use the IP address that is performing the measurement. Not the one of the proxy. What's more, stun is not using a proxy. Therefore, it does not make much sense that http IP resolvers use a proxy. This leads to inconsistencies. So, here's anothe reason why this patch is a good thing (TM). Finally, because knowing the IP address enables us to sanitize the data, it's important we discover the correct IP. Now, up until this point, the `--proxy` option has mostly been a developers toy. But, users have asked us to have the possibility of configuring a proxy. This explains why I have been looking into making `--proxy` right for a couple of hours now. See https://github.com/ooni/probe/issues/1382 * fix(session): properly configure the IP lookupper 2021-03-10 12:01:08 +01:00			`// TODO(bassosimone): we should modify the stun code to use`
			`// the session resolver rather than using its own.`
			`//`
			`// See https://github.com/ooni/probe/issues/1383.`

chore: merge probe-engine into probe-cli (#201) This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335 2021-02-02 12:05:47 +01:00			`type stunClient interface {`
			`Close() error`
			`Start(m *stun.Message, h stun.Handler) error`
			`}`

			`type stunConfig struct {`
			`Dial func(network string, address string) (stunClient, error)`
			`Endpoint string`
			`Logger Logger`
			`}`

			`func stunDialer(network string, address string) (stunClient, error) {`
			`return stun.Dial(network, address)`
			`}`

			`func stunIPLookup(ctx context.Context, config stunConfig) (string, error) {`
			`config.Logger.Debugf("STUNIPLookup: start using %s", config.Endpoint)`
			`ip, err := func() (string, error) {`
			`dial := config.Dial`
			`if dial == nil {`
			`dial = stunDialer`
			`}`
			`clnt, err := dial("udp", config.Endpoint)`
			`if err != nil {`
			`return DefaultProbeIP, err`
			`}`
			`defer clnt.Close()`
			`message := stun.MustBuild(stun.TransactionID, stun.BindingRequest)`
			`errch, ipch := make(chan error, 1), make(chan string, 1)`
			`err = clnt.Start(message, func(ev stun.Event) {`
			`if ev.Error != nil {`
			`errch <- ev.Error`
			`return`
			`}`
			`var xorAddr stun.XORMappedAddress`
			`if err := xorAddr.GetFrom(ev.Message); err != nil {`
			`errch <- err`
			`return`
			`}`
			`ipch <- xorAddr.IP.String()`
			`})`
			`if err != nil {`
			`return DefaultProbeIP, err`
			`}`
			`select {`
			`case err := <-errch:`
			`return DefaultProbeIP, err`
			`case ip := <-ipch:`
			`return ip, nil`
			`case <-ctx.Done():`
			`return DefaultProbeIP, ctx.Err()`
			`}`
			`}()`
			`if err != nil {`
			`config.Logger.Debugf("STUNIPLookup: failure using %s: %+v", config.Endpoint, err)`
			`return DefaultProbeIP, err`
			`}`
			`return ip, nil`
			`}`

			`func stunEkigaIPLookup(`
			`ctx context.Context,`
			`httpClient *http.Client,`
			`logger Logger,`
			`userAgent string,`
			`) (string, error) {`
			`return stunIPLookup(ctx, stunConfig{`
			`Endpoint: "stun.ekiga.net:3478",`
			`Logger: logger,`
			`})`
			`}`

			`func stunGoogleIPLookup(`
			`ctx context.Context,`
			`httpClient *http.Client,`
			`logger Logger,`
			`userAgent string,`
			`) (string, error) {`
			`return stunIPLookup(ctx, stunConfig{`
			`Endpoint: "stun.l.google.com:19302",`
			`Logger: logger,`
			`})`
			`}`