Skip to content

Commit

Permalink
Snowflake bridge support
Browse files Browse the repository at this point in the history
  • Loading branch information
akrigator committed Aug 17, 2023
1 parent d241652 commit d42332c
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 12 deletions.
22 changes: 21 additions & 1 deletion tor/DOCS.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,11 +151,30 @@ The accepted syntaxs of this configuration is:
If you do not define a published port, the local port will be used.
If you do not define a hostname or IP adress `homeassistant` will be used.

### Option: `snowflake_url`

URL of signaling broker for snowflake client

### Option: `snowflake_front`

Front domain for snowflake client

### Option: `snowflake_ice`

List of ICE servers for snowflake client

### Option: `bridges`

> The addon supports `obfs4` bridge only
> Keep the option value clean to avoid using of any transport plugins and bridges.

Bridges are Tor relays that help you circumvent censorship.
Access to bridges is provided by supported transport plugins:

#### Snowflake

Look [here][what-is-snowflake] about

#### OBFS

Because bridge addresses are not public, you will need to request them yourself. You have a few options:

Expand Down Expand Up @@ -282,3 +301,4 @@ SOFTWARE.
[semver]: http://semver.org/spec/v2.0.0.htm
[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en
[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4
[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/
12 changes: 8 additions & 4 deletions tor/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,20 @@ RUN mkdir -p /go/src /go/bin
RUN chmod -R 644 /go
ENV GOPATH /go
ENV PATH /go/bin:$PATH
WORKDIR /go

# Remove cache to reduce image size.
RUN rm -rf /var/cache/apk/*

# Install obfs4proxy
RUN git clone https://github.com/Yawning/obfs4.git
RUN git clone https://github.com/Yawning/obfs4.git /go/obfs4/
WORKDIR /go/obfs4/
RUN go build -o obfs4proxy/obfs4proxy ./obfs4proxy
RUN mv obfs4proxy/obfs4proxy /usr/local/bin/obfs4proxy
RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy

# Install snowflake
RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/
WORKDIR /go/snowflake/client/
RUN go get
RUN go build -o /usr/local/bin/snowflake

# Give obfs4proxy the capability to bind port 80. This line isn't necessary if
# you use a high (unprivileged) port.
Expand Down
22 changes: 20 additions & 2 deletions tor/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,21 @@ options:
ports:
- "8123"
- "8123:80"
bridges: []
snowflake_url: "https://snowflake-broker.torproject.net.global.prod.fastly.net/"
snowflake_front: "cdn.sstatic.net"
snowflake_ice:
- "stun:stun.voip.blackberry.com:3478"
- "stun:stun.antisip.com:3478"
- "stun:stun.bluesip.net:3478"
- "stun:stun.dus.net:3478"
- "stun:stun.epygi.com:3478"
- "stun:stun.sonetel.com:3478"
- "stun:stun.sonetel.net:3478"
- "stun:stun.uls.co.za:3478"
- "stun:stun.voipgate.com:3478"
- "stun:stun.voys.nl:3478"
bridges:
- "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA"
schema:
log_level: list(trace|debug|info|notice|warning|error|fatal)?
socks: bool
Expand All @@ -37,5 +51,9 @@ schema:
- match(^[A-Za-z0-9+-_]{1,16}$)
ports:
- match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)
snowflake_url: url
snowflake_front: str
snowflake_ice:
- str
bridges:
- match(^obfs4 ((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}:((6553[0-5])|(655[0-2][0-9])|(65[0-4][0-9]{2})|(6[0-4][0-9]{3})|([1-5][0-9]{4})|([0-5]{0,5})|([0-9]{1,4}))( \w{40})( cert=\S{70})( iat-mode=[0-2])?$)
- str
29 changes: 24 additions & 5 deletions tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run
Original file line number Diff line number Diff line change
Expand Up @@ -126,18 +126,37 @@ if bashio::config.true 'hidden_services'; then
fi

# Configure bridges
if bashio::config.exists 'bridges';
if bashio::config.exists 'bridges' \
&& ! bashio::config.is_empty 'bridges';
then
bashio::log.info 'Use bridges:'
echo "UseBridges 1" >> "${torrc}"
echo 'ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed' >> "${torrc}"

bashio::log.info 'Setup obfs4 bridges:'
# Add client for OBFS transport
echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}"

# Add client for Snowflake transport
snowflake_plugin_conf="ClientTransportPlugin snowflake exec /usr/local/bin/snowflake"
if bashio::config.exists 'snowflake_url';
then
snowflake_plugin_conf+=" -url $(bashio::config 'snowflake_url')"
fi
if bashio::config.exists 'snowflake_front';
then
snowflake_plugin_conf+=" -front $(bashio::config 'snowflake_front')"
fi
if bashio::config.exists 'snowflake_ice'\
&& ! bashio::config.is_empty 'snowflake_ice';
then
snowflake_plugin_conf+=" -ice `echo $(bashio::config 'snowflake_ice') | tr ' ' ','`"
fi
echo "$snowflake_plugin_conf" >> "${torrc}"

# Add bridges
while read -r bridge; do
bashio::log.info "Bridge ${bridge}"
echo "Bridge ${bridge}" >> "${torrc}"
done <<< "$(bashio::config 'bridges')"
else
bashio::log.info 'obfs4 bridges disabled'
fi

# Figure out the address
Expand Down

0 comments on commit d42332c

Please sign in to comment.