2014-05-12 00:02:24 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
*
|
|
|
|
* * Redistributions of source code must retain the above copyright notice,
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
*
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
|
|
* and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* This file is based off goptlib's dummy-[client,server].go files.
|
|
|
|
*/
|
|
|
|
|
|
|
|
// obfs4 pluggable transport. Works only as a managed proxy.
|
|
|
|
//
|
|
|
|
// Client usage (in torrc):
|
|
|
|
// UseBridges 1
|
2014-05-15 19:08:03 +00:00
|
|
|
// Bridge obfs4 X.X.X.X:YYYY <fingerprint> public-key=<Base64 Bridge public key> node-id=<Base64 Bridge Node ID>
|
2014-05-12 00:02:24 +00:00
|
|
|
// ClientTransportPlugin obfs4 exec obfs4proxy
|
|
|
|
//
|
|
|
|
// Server usage (in torrc):
|
|
|
|
// BridgeRelay 1
|
|
|
|
// ORPort 9001
|
|
|
|
// ExtORPort 6669
|
|
|
|
// ServerTransportPlugin obfs4 exec obfs4proxy
|
2014-05-15 20:21:46 +00:00
|
|
|
// ServerTransportOptions obfs4 private-key=<Base64 Bridge private key> node-id=<Base64 Node ID> drbg-seed=<Base64 DRBG seed>
|
2014-05-12 00:02:24 +00:00
|
|
|
//
|
|
|
|
// Because the pluggable transport requires arguments, obfs4proxy requires
|
|
|
|
// tor-0.2.5.x to be useful.
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/hex"
|
|
|
|
"flag"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
2014-05-21 09:38:37 +00:00
|
|
|
"io/ioutil"
|
2014-05-12 00:02:24 +00:00
|
|
|
"log"
|
|
|
|
"net"
|
2014-05-25 09:14:14 +00:00
|
|
|
"net/url"
|
2014-05-12 00:02:24 +00:00
|
|
|
"os"
|
|
|
|
"os/signal"
|
|
|
|
"path"
|
|
|
|
"sync"
|
|
|
|
"syscall"
|
|
|
|
|
2014-05-13 07:01:25 +00:00
|
|
|
"git.torproject.org/pluggable-transports/goptlib"
|
2014-05-12 00:02:24 +00:00
|
|
|
"github.com/yawning/obfs4"
|
|
|
|
"github.com/yawning/obfs4/ntor"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2014-05-12 00:06:52 +00:00
|
|
|
obfs4Method = "obfs4"
|
2014-05-12 00:02:24 +00:00
|
|
|
obfs4LogFile = "obfs4proxy.log"
|
|
|
|
)
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
var enableLogging bool
|
2014-05-21 00:47:54 +00:00
|
|
|
var unsafeLogging bool
|
2014-05-23 05:23:36 +00:00
|
|
|
var iatObfuscation bool
|
2014-05-12 00:02:24 +00:00
|
|
|
var ptListeners []net.Listener
|
|
|
|
|
|
|
|
// When a connection handler starts, +1 is written to this channel; when it
|
|
|
|
// ends, -1 is written.
|
|
|
|
var handlerChan = make(chan int)
|
|
|
|
|
2014-05-21 00:47:54 +00:00
|
|
|
func logAndRecover(conn *obfs4.Obfs4Conn) {
|
2014-05-12 23:04:39 +00:00
|
|
|
if err := recover(); err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[ERROR] %p: Panic: %s", conn, err)
|
2014-05-12 23:04:39 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-21 00:47:54 +00:00
|
|
|
func copyLoop(a net.Conn, b *obfs4.Obfs4Conn) {
|
2014-05-12 00:02:24 +00:00
|
|
|
var wg sync.WaitGroup
|
|
|
|
wg.Add(2)
|
|
|
|
|
|
|
|
go func() {
|
2014-05-21 00:47:54 +00:00
|
|
|
defer logAndRecover(b)
|
2014-05-12 23:04:39 +00:00
|
|
|
defer wg.Done()
|
2014-05-13 03:19:55 +00:00
|
|
|
defer b.Close()
|
|
|
|
defer a.Close()
|
2014-05-12 23:04:39 +00:00
|
|
|
|
2014-05-12 05:08:04 +00:00
|
|
|
_, err := io.Copy(b, a)
|
|
|
|
if err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[WARN] copyLoop: %p: Connection closed: %s", b, err)
|
2014-05-12 05:08:04 +00:00
|
|
|
}
|
2014-05-12 00:02:24 +00:00
|
|
|
}()
|
|
|
|
go func() {
|
2014-05-21 00:47:54 +00:00
|
|
|
defer logAndRecover(b)
|
2014-05-12 23:04:39 +00:00
|
|
|
defer wg.Done()
|
2014-05-13 03:19:55 +00:00
|
|
|
defer a.Close()
|
|
|
|
defer b.Close()
|
2014-05-12 23:04:39 +00:00
|
|
|
|
2014-05-12 05:08:04 +00:00
|
|
|
_, err := io.Copy(a, b)
|
|
|
|
if err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[WARN] copyLoop: %p: Connection closed: %s", b, err)
|
2014-05-12 05:08:04 +00:00
|
|
|
}
|
2014-05-12 00:02:24 +00:00
|
|
|
}()
|
|
|
|
|
|
|
|
wg.Wait()
|
|
|
|
}
|
|
|
|
|
2014-05-21 00:26:25 +00:00
|
|
|
func serverHandler(conn *obfs4.Obfs4Conn, info *pt.ServerInfo) error {
|
2014-05-12 00:02:24 +00:00
|
|
|
defer conn.Close()
|
2014-05-21 00:47:54 +00:00
|
|
|
defer logAndRecover(conn)
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
handlerChan <- 1
|
|
|
|
defer func() {
|
|
|
|
handlerChan <- -1
|
|
|
|
}()
|
|
|
|
|
2014-05-21 00:47:54 +00:00
|
|
|
var addr string
|
|
|
|
if unsafeLogging {
|
|
|
|
addr = conn.RemoteAddr().String()
|
|
|
|
} else {
|
|
|
|
addr = "[scrubbed]"
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("[INFO] server: %p: New connection from %s", conn, addr)
|
|
|
|
|
2014-05-12 00:02:24 +00:00
|
|
|
// Handshake with the client.
|
2014-05-21 00:26:25 +00:00
|
|
|
err := conn.ServerHandshake()
|
2014-05-12 00:02:24 +00:00
|
|
|
if err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[WARN] server: %p: Handshake failed: %s", conn, err)
|
2014-05-12 00:02:24 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
or, err := pt.DialOr(info, conn.RemoteAddr().String(), obfs4Method)
|
|
|
|
if err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[ERROR] server: %p: DialOr failed: %s", conn, err)
|
2014-05-12 00:02:24 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer or.Close()
|
|
|
|
|
2014-05-12 05:08:04 +00:00
|
|
|
copyLoop(or, conn)
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2014-05-21 00:26:25 +00:00
|
|
|
func serverAcceptLoop(ln *obfs4.Obfs4Listener, info *pt.ServerInfo) error {
|
2014-05-12 00:02:24 +00:00
|
|
|
defer ln.Close()
|
|
|
|
for {
|
2014-05-21 00:26:25 +00:00
|
|
|
conn, err := ln.AcceptObfs4()
|
2014-05-12 00:02:24 +00:00
|
|
|
if err != nil {
|
|
|
|
if e, ok := err.(net.Error); ok && !e.Temporary() {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
go serverHandler(conn, info)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
func serverSetup() (launched bool) {
|
|
|
|
// Initialize pt logging.
|
|
|
|
err := ptInitializeLogging(enableLogging)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
ptServerInfo, err := pt.ServerSetup([]string{obfs4Method})
|
|
|
|
if err != nil {
|
2014-05-25 07:27:48 +00:00
|
|
|
return
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, bindaddr := range ptServerInfo.Bindaddrs {
|
|
|
|
switch bindaddr.MethodName {
|
|
|
|
case obfs4Method:
|
|
|
|
// Handle the mandetory arguments.
|
|
|
|
privateKey, ok := bindaddr.Options.Get("private-key")
|
|
|
|
if !ok {
|
2014-05-12 00:25:40 +00:00
|
|
|
pt.SmethodError(bindaddr.MethodName, "needs a private-key option")
|
2014-05-12 00:02:24 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
nodeID, ok := bindaddr.Options.Get("node-id")
|
|
|
|
if !ok {
|
2014-05-12 00:25:40 +00:00
|
|
|
pt.SmethodError(bindaddr.MethodName, "needs a node-id option")
|
2014-05-12 00:02:24 +00:00
|
|
|
break
|
|
|
|
}
|
2014-05-15 19:08:03 +00:00
|
|
|
seed, ok := bindaddr.Options.Get("drbg-seed")
|
|
|
|
if !ok {
|
|
|
|
pt.SmethodError(bindaddr.MethodName, "needs a drbg-seed option")
|
|
|
|
break
|
|
|
|
}
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
// Initialize the listener.
|
2014-05-21 00:26:25 +00:00
|
|
|
ln, err := obfs4.ListenObfs4("tcp", bindaddr.Addr.String(), nodeID,
|
2014-05-23 05:23:36 +00:00
|
|
|
privateKey, seed, iatObfuscation)
|
2014-05-12 00:02:24 +00:00
|
|
|
if err != nil {
|
|
|
|
pt.SmethodError(bindaddr.MethodName, err.Error())
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
// Report the SMETHOD including the parameters.
|
|
|
|
args := pt.Args{}
|
|
|
|
args.Add("node-id", nodeID)
|
2014-05-21 00:26:25 +00:00
|
|
|
args.Add("public-key", ln.PublicKey())
|
2014-05-12 00:02:24 +00:00
|
|
|
go serverAcceptLoop(ln, &ptServerInfo)
|
|
|
|
pt.SmethodArgs(bindaddr.MethodName, ln.Addr(), args)
|
|
|
|
ptListeners = append(ptListeners, ln)
|
2014-05-25 07:27:48 +00:00
|
|
|
launched = true
|
2014-05-12 00:02:24 +00:00
|
|
|
default:
|
|
|
|
pt.SmethodError(bindaddr.MethodName, "no such method")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
pt.SmethodsDone()
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
return
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
2014-05-25 09:14:14 +00:00
|
|
|
func clientHandler(conn *pt.SocksConn, proxyURI *url.URL) error {
|
2014-05-12 00:02:24 +00:00
|
|
|
defer conn.Close()
|
|
|
|
|
2014-05-21 00:47:54 +00:00
|
|
|
var addr string
|
|
|
|
if unsafeLogging {
|
|
|
|
addr = conn.Req.Target
|
|
|
|
} else {
|
|
|
|
addr = "[scrubbed]"
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("[INFO] client: New connection to %s", addr)
|
|
|
|
|
2014-05-12 00:02:24 +00:00
|
|
|
// Extract the peer's node ID and public key.
|
|
|
|
nodeID, ok := conn.Req.Args.Get("node-id")
|
|
|
|
if !ok {
|
2014-05-12 00:25:40 +00:00
|
|
|
log.Printf("[ERROR] client: missing node-id argument")
|
2014-05-12 00:02:24 +00:00
|
|
|
conn.Reject()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
publicKey, ok := conn.Req.Args.Get("public-key")
|
|
|
|
if !ok {
|
2014-05-12 00:25:40 +00:00
|
|
|
log.Printf("[ERROR] client: missing public-key argument")
|
2014-05-12 00:02:24 +00:00
|
|
|
conn.Reject()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
handlerChan <- 1
|
|
|
|
defer func() {
|
|
|
|
handlerChan <- -1
|
|
|
|
}()
|
|
|
|
|
2014-05-21 00:47:54 +00:00
|
|
|
defer logAndRecover(nil)
|
2014-05-25 09:14:14 +00:00
|
|
|
dialFn, err := getProxyDialer(proxyURI)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("[ERROR] client: failed to get proxy dialer: %s", err)
|
|
|
|
conn.Reject()
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
remote, err := obfs4.DialObfs4DialFn(dialFn, "tcp", conn.Req.Target, nodeID, publicKey, iatObfuscation)
|
2014-05-12 00:02:24 +00:00
|
|
|
if err != nil {
|
2014-05-21 00:47:54 +00:00
|
|
|
log.Printf("[ERROR] client: %p: Handshake failed: %s", remote, err)
|
2014-05-12 00:02:24 +00:00
|
|
|
conn.Reject()
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer remote.Close()
|
|
|
|
err = conn.Grant(remote.RemoteAddr().(*net.TCPAddr))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
copyLoop(conn, remote)
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2014-05-25 09:14:14 +00:00
|
|
|
func clientAcceptLoop(ln *pt.SocksListener, proxyURI *url.URL) error {
|
2014-05-12 00:02:24 +00:00
|
|
|
defer ln.Close()
|
|
|
|
for {
|
|
|
|
conn, err := ln.AcceptSocks()
|
|
|
|
if err != nil {
|
|
|
|
if e, ok := err.(net.Error); ok && !e.Temporary() {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
2014-05-25 09:14:14 +00:00
|
|
|
go clientHandler(conn, proxyURI)
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
func clientSetup() (launched bool) {
|
|
|
|
// Initialize pt logging.
|
|
|
|
err := ptInitializeLogging(enableLogging)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
ptClientInfo, err := pt.ClientSetup([]string{obfs4Method})
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2014-05-25 08:01:11 +00:00
|
|
|
ptClientProxy, err := ptGetProxy()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
if ptClientProxy != nil {
|
2014-05-25 09:14:14 +00:00
|
|
|
// XXX: Limit this to SOCKS5 for now.
|
|
|
|
if ptClientProxy.Scheme != "socks5" {
|
|
|
|
ptProxyError(fmt.Sprintf("proxy scheme not supported: %s",
|
|
|
|
ptClientProxy.Scheme))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ptProxyDone()
|
2014-05-25 08:01:11 +00:00
|
|
|
}
|
|
|
|
|
2014-05-12 00:02:24 +00:00
|
|
|
for _, methodName := range ptClientInfo.MethodNames {
|
|
|
|
switch methodName {
|
|
|
|
case obfs4Method:
|
|
|
|
ln, err := pt.ListenSocks("tcp", "127.0.0.1:0")
|
|
|
|
if err != nil {
|
|
|
|
pt.CmethodError(methodName, err.Error())
|
|
|
|
break
|
|
|
|
}
|
2014-05-25 09:14:14 +00:00
|
|
|
go clientAcceptLoop(ln, ptClientProxy)
|
2014-05-12 00:02:24 +00:00
|
|
|
pt.Cmethod(methodName, ln.Version(), ln.Addr())
|
|
|
|
ptListeners = append(ptListeners, ln)
|
2014-05-25 07:27:48 +00:00
|
|
|
launched = true
|
2014-05-12 00:02:24 +00:00
|
|
|
default:
|
|
|
|
pt.CmethodError(methodName, "no such method")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
pt.CmethodsDone()
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
return
|
2014-05-21 18:28:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func ptGetStateDir() (dir string, err error) {
|
|
|
|
dir = os.Getenv("TOR_PT_STATE_LOCATION")
|
|
|
|
if dir == "" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err = os.MkdirAll(dir, 0755)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("[ERROR] Failed to create path: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
func ptInitializeLogging(enable bool) error {
|
2014-05-21 18:28:50 +00:00
|
|
|
if enable {
|
2014-05-25 07:27:48 +00:00
|
|
|
// pt.MakeStateDir will ENV-ERROR for us.
|
|
|
|
dir, err := ptMakeStateDir()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2014-05-21 18:28:50 +00:00
|
|
|
}
|
|
|
|
|
2014-05-25 07:27:48 +00:00
|
|
|
// While we could just exit, log an ENV-ERROR so it will propagate to
|
|
|
|
// the tor log.
|
2014-05-20 17:12:19 +00:00
|
|
|
f, err := os.OpenFile(path.Join(dir, obfs4LogFile), os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
|
|
|
|
if err != nil {
|
2014-05-25 07:27:48 +00:00
|
|
|
return ptEnvError(fmt.Sprintf("Failed to open log file: %s\n", err))
|
2014-05-20 17:12:19 +00:00
|
|
|
}
|
|
|
|
log.SetOutput(f)
|
|
|
|
} else {
|
2014-05-21 09:38:37 +00:00
|
|
|
log.SetOutput(ioutil.Discard)
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
2014-05-25 07:27:48 +00:00
|
|
|
|
|
|
|
return nil
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func generateServerParams(id string) {
|
|
|
|
rawID, err := hex.DecodeString(id)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("Failed to hex decode id:", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
parsedID, err := ntor.NewNodeID(rawID)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("Failed to parse id:", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-05-15 06:49:11 +00:00
|
|
|
fmt.Println("Generated node-id:", parsedID.Base64())
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
keypair, err := ntor.NewKeypair(false)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("Failed to generate keypair:", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-05-15 19:08:03 +00:00
|
|
|
seed, err := obfs4.NewDrbgSeed()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("Failed to generate DRBG seed:", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-05-12 00:02:24 +00:00
|
|
|
fmt.Println("Generated private-key:", keypair.Private().Base64())
|
|
|
|
fmt.Println("Generated public-key:", keypair.Public().Base64())
|
2014-05-15 19:08:03 +00:00
|
|
|
fmt.Println("Generated drbg-seed:", seed.Base64())
|
2014-05-15 06:49:11 +00:00
|
|
|
fmt.Println()
|
|
|
|
fmt.Println("Client config: ")
|
|
|
|
fmt.Printf(" Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n",
|
|
|
|
id, parsedID.Base64(), keypair.Public().Base64())
|
|
|
|
fmt.Println()
|
|
|
|
fmt.Println("Server config:")
|
2014-05-15 19:08:03 +00:00
|
|
|
fmt.Printf(" ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n",
|
|
|
|
parsedID.Base64(), keypair.Private().Base64(), seed.Base64())
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
// Some command line args.
|
2014-05-20 17:12:19 +00:00
|
|
|
genParams := flag.String("genServerParams", "", "Generate server params given a bridge fingerprint.")
|
2014-05-25 07:27:48 +00:00
|
|
|
flag.BoolVar(&enableLogging, "enableLogging", false, "Log to TOR_PT_STATE_LOCATION/obfs4proxy.log")
|
2014-05-23 05:23:36 +00:00
|
|
|
flag.BoolVar(&iatObfuscation, "iatObfuscation", false, "Enable IAT obufscation (EXPENSIVE)")
|
2014-05-21 00:47:54 +00:00
|
|
|
flag.BoolVar(&unsafeLogging, "unsafeLogging", false, "Disable the address scrubber")
|
2014-05-12 00:02:24 +00:00
|
|
|
flag.Parse()
|
|
|
|
if *genParams != "" {
|
|
|
|
generateServerParams(*genParams)
|
2014-05-25 07:27:48 +00:00
|
|
|
return
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Go through the pt protocol and initialize client or server mode.
|
|
|
|
launched := false
|
2014-05-25 07:27:48 +00:00
|
|
|
isClient, err := ptIsClient()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal("[ERROR] obfs4proxy must be run as a managed transport or server")
|
|
|
|
} else if isClient {
|
2014-05-12 00:02:24 +00:00
|
|
|
launched = clientSetup()
|
2014-05-25 07:27:48 +00:00
|
|
|
} else {
|
2014-05-12 00:02:24 +00:00
|
|
|
launched = serverSetup()
|
|
|
|
}
|
|
|
|
if !launched {
|
2014-05-25 07:27:48 +00:00
|
|
|
// Something must have failed in client/server setup, just bail.
|
|
|
|
os.Exit(-1)
|
2014-05-12 00:02:24 +00:00
|
|
|
}
|
|
|
|
|
2014-05-12 00:25:40 +00:00
|
|
|
log.Println("[INFO] obfs4proxy - Launched and listening")
|
2014-05-20 17:12:19 +00:00
|
|
|
defer func() {
|
|
|
|
log.Println("[INFO] obfs4proxy - Terminated")
|
|
|
|
}()
|
2014-05-12 00:02:24 +00:00
|
|
|
|
|
|
|
// Handle termination notification.
|
|
|
|
numHandlers := 0
|
|
|
|
var sig os.Signal
|
|
|
|
sigChan := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
|
|
|
|
|
|
|
|
// wait for first signal
|
|
|
|
sig = nil
|
|
|
|
for sig == nil {
|
|
|
|
select {
|
|
|
|
case n := <-handlerChan:
|
|
|
|
numHandlers += n
|
|
|
|
case sig = <-sigChan:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, ln := range ptListeners {
|
|
|
|
ln.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
if sig == syscall.SIGTERM {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// wait for second signal or no more handlers
|
|
|
|
sig = nil
|
|
|
|
for sig == nil && numHandlers != 0 {
|
|
|
|
select {
|
|
|
|
case n := <-handlerChan:
|
|
|
|
numHandlers += n
|
|
|
|
case sig = <-sigChan:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-05-13 09:56:25 +00:00
|
|
|
|
|
|
|
/* vim :set ts=4 sw=4 sts=4 noet : */
|