Skip to content
This repository was archived by the owner on Feb 25, 2020. It is now read-only.

makes the mapping of real ports to stunnel ports random #74

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions provider_base/lib/macros/secrets.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,15 @@ def base32_secret(name, length=20)
manager.secrets.set(name, @node.environment) { Base32.encode(Util::Secret.generate(length)) }
end

# Picks a random obfsproxy port from given range
def rand_range(name, range)
manager.secrets.set(name, @node.environment) { rand(range) }
# Picks a random number in the given range, ensuring it is unique over keys that
# match the specified regexp.
def rand_range(name, range, unique_regexp=nil)
manager.secrets.set(name, @node.environment) do
begin
value = rand(range)
end until (unique_regexp.nil? || !manager.secrets.taken?(unique_regexp, value, @node.environment))
value
end
end

#
Expand Down
14 changes: 8 additions & 6 deletions provider_base/lib/macros/stunnel.rb
Original file line number Diff line number Diff line change
Expand Up @@ -82,14 +82,16 @@ def stunnel_server(port)
# maps a real port to a stunnel port (used as the connect_port in the client config
# and the accept_port in the server config)
#
def stunnel_port(port)
port = port.to_i
if port < 50000
return port + 10000
# generates a port in the range 10000 -> 20000.
#
def stunnel_port(real_port)
if manager.secrets.respond_to?(:taken?)
# if secrets library supports it, use a truly random, non-colliding port
rand_range("stunnel_map_port_#{real_port}_to", 10000..20000, /^stunnel_map_port_/)
else
return port - 10000
(real_port.to_i % 20000) + 10000
end
end

end
end
end