Merge branch 'main' into daniellacosse/web-wrapper/asset-instructions

Jigsaw-Code · Jan 10, 2025 · cbe2ba5 · cbe2ba5
2 parents 34b1d99 + 316bb01
commit cbe2ba5
Show file tree

Hide file tree

Showing 13 changed files with 137 additions and 110 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,11 +2,11 @@ name: Build and Test
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
 
 jobs:
@@ -26,14 +26,14 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version-file: '${{ github.workspace }}/x/go.mod'
+          go-version-file: "${{ github.workspace }}/x/go.mod"
 
       - name: Build SDK
         run: go build -v ./...
 
       - name: Build X
         run: go build -C x -tags psiphon -o "${{ env.OUTPUT_DIR }}/" -v ./...
-      
+
       - name: Build Go Mobile
         if: matrix.os == 'macos-latest' || matrix.os == 'ubuntu-latest'
         run: go build -C x -o "${{ env.OUTPUT_DIR }}/" golang.org/x/mobile/cmd/gomobile golang.org/x/mobile/cmd/gobind
@@ -53,7 +53,7 @@ jobs:
         run: go run github.com/google/go-licenses check --ignore=golang.org/x --allowed_licenses=Apache-2.0,Apache-3,BSD-3-Clause,BSD-4-Clause,CC0-1.0,MIT ./...
 
       - name: Check x licenses
-        env: {GO_FLAGS: -C x}
+        env: { GO_FLAGS: -C x }
         run: go run github.com/google/go-licenses check --ignore=golang.org/x --allowed_licenses=Apache-2.0,Apache-3,BSD-3-Clause,BSD-4-Clause,CC0-1.0,MIT ./...
 
       - name: Test SDK

diff --git a/x/examples/smart-proxy/config.json b/x/examples/smart-proxy/config.json
diff --git a/x/examples/smart-proxy/config.yaml b/x/examples/smart-proxy/config.yaml
@@ -0,0 +1,66 @@
+# DNS strategies
+dns:
+  # Use the system resolver by default
+  - system: {}
+
+  # DNS-over-HTTPS
+
+  # Quad9
+  - https: { name: 2620:fe::fe }
+  - https: { name: 9.9.9.9 }
+  # Google
+  - https: { name: 2001:4860:4860::8888 }
+  - https: { name: 8.8.8.8 }
+  # Cloudflare
+  - https: { name: 2606:4700:4700::1111 }
+  - https: { name: 1.1.1.1 }
+  # Wikimedia DNS
+  - https: { name: 2001:67c:930::1 }
+  - https: { name: 185.71.138.138 }
+
+  # DNS-over-TLS
+
+  # Quad9
+  - tls: { name: 2620:fe::fe }
+  - tls: { name: 9.9.9.9 }
+  # Google
+  - tls: { name: 2001:4860:4860::8888 }
+  - tls: { name: 8.8.8.8 }
+  # Cloudflare
+  - tls: { name: 2606:4700:4700::1111 }
+  - tls: { name: 1.1.1.1 }
+  # Wikimedia DNS
+  - tls: { name: 2001:67c:930::1 }
+  - tls: { name: 185.71.138.138 }
+
+  # DNS-over-TCP
+
+  # Quad9
+  - tcp: { address: 2620:fe::fe }
+  - tcp: { address: 9.9.9.9 }
+  # Google
+  - tcp: { address: 2001:4860:4860::8888 }
+  - tcp: { address: 8.8.8.8 }
+  # Cloudflare
+  - tcp: { address: 2606:4700:4700::1111 }
+  - tcp: { address: 1.1.1.1 }
+
+  # DNS-over-UDP
+
+  # Quad9
+  - udp: { address: 2620:fe::fe }
+  - udp: { address: 9.9.9.9 }
+  # Google
+  - udp: { address: 2001:4860:4860::8888 }
+  - udp: { address: 8.8.8.8 }
+  # Cloudflare
+  - udp: { address: 2606:4700:4700::1111 }
+  - udp: { address: 1.1.1.1 }
+
+# TLS strategies
+tls:
+  - "" # Direct dialer
+  - split:1 # TCP stream split at position 1
+  - split:2,20*5 # TCP stream split at position 2, followed by 20 blocks of length 5.
+  - split:200|disorder:1 # TCP stream split at position 1, and send the second packet (packet #1) with zero TTL at first.
+  - tlsfrag:1 # TLS Record Fragmentation at position 1
diff --git a/x/examples/smart-proxy/config_broken.json b/x/examples/smart-proxy/config_broken.json
diff --git a/x/examples/smart-proxy/config_broken.yaml b/x/examples/smart-proxy/config_broken.yaml
@@ -0,0 +1,23 @@
+dns:
+  # We get censored DNS responses when we send queries to an IP in China.
+  - udp: { address: china.cn }
+  # We get censored DNS responses when we send queries to a resolver in Iran.
+  - udp: { address: ns1.tic.ir }
+  - tcp: { address: ns1.tic.ir }
+  # We get censored DNS responses when we send queries to an IP in Turkmenistan.
+  - udp: { address: tmcell.tm }
+  # We get censored DNS responses when we send queries to a resolver in Russia.
+  - udp: { address: dns1.transtelecom.net. }
+  # Testing captive portal.
+  - tls:
+      name: captive-portal.badssl.com
+      address: captive-portal.badssl.com:443
+  # Testing forged TLS certificate.
+  - https: { name: mitm-software.badssl.com }
+
+tls:
+  - ""
+  - split:1
+  - split:2
+  - split:5
+  - tlsfrag:1
diff --git a/x/examples/smart-proxy/main.go b/x/examples/smart-proxy/main.go
@@ -63,7 +63,7 @@ func supportsHappyEyeballs(dialer transport.StreamDialer) bool {
 func main() {
 	verboseFlag := flag.Bool("v", false, "Enable debug output")
 	addrFlag := flag.String("localAddr", "localhost:1080", "Local proxy address")
-	configFlag := flag.String("config", "config.json", "Address of the config file")
+	configFlag := flag.String("config", "config.yaml", "Address of the config file")
 	transportFlag := flag.String("transport", "", "The base transport for the connections")
 	var domainsFlag stringArrayFlagValue
 	flag.Var(&domainsFlag, "domain", "The test domains to find strategies.")

diff --git a/...erated/mobileproxy.xcframework/ios-arm64/Mobileproxy.framework/Headers/Mobileproxy.objc.h b/...erated/mobileproxy.xcframework/ios-arm64/Mobileproxy.framework/Headers/Mobileproxy.objc.h
@@ -111,7 +111,7 @@ FOUNDATION_EXPORT MobileproxyStringList* _Nullable MobileproxyNewListFromLines(N
 that will use the selected strategy.
 It uses testDomains to find a strategy that works when accessing those domains.
 The strategies to search are given in the searchConfig. An example can be found in
-https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.json
+https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.yaml
  */
 FOUNDATION_EXPORT MobileproxyStreamDialer* _Nullable MobileproxyNewSmartStreamDialer(MobileproxyStringList* _Nullable testDomains, NSString* _Nullable searchConfig, id<MobileproxyLogWriter> _Nullable logWriter, NSError* _Nullable* _Nullable error);
 

diff --git a/...y.xcframework/ios-arm64_x86_64-simulator/Mobileproxy.framework/Headers/Mobileproxy.objc.h b/...y.xcframework/ios-arm64_x86_64-simulator/Mobileproxy.framework/Headers/Mobileproxy.objc.h
@@ -111,7 +111,7 @@ FOUNDATION_EXPORT MobileproxyStringList* _Nullable MobileproxyNewListFromLines(N
 that will use the selected strategy.
 It uses testDomains to find a strategy that works when accessing those domains.
 The strategies to search are given in the searchConfig. An example can be found in
-https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.json
+https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.yaml
  */
 FOUNDATION_EXPORT MobileproxyStreamDialer* _Nullable MobileproxyNewSmartStreamDialer(MobileproxyStringList* _Nullable testDomains, NSString* _Nullable searchConfig, id<MobileproxyLogWriter> _Nullable logWriter, NSError* _Nullable* _Nullable error);
 

diff --git a/x/go.mod b/x/go.mod
@@ -16,6 +16,7 @@ require (
 	golang.org/x/net v0.28.0
 	golang.org/x/sys v0.23.0
 	golang.org/x/term v0.23.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
@@ -79,5 +80,4 @@ require (
 	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/x/mobileproxy/mobileproxy.go b/x/mobileproxy/mobileproxy.go
@@ -206,7 +206,7 @@ func toWriter(logWriter LogWriter) io.Writer {
 // that will use the selected strategy.
 // It uses testDomains to find a strategy that works when accessing those domains.
 // The strategies to search are given in the searchConfig. An example can be found in
-// https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.json
+// https://github.com/Jigsaw-Code/outline-sdk/x/examples/smart-proxy/config.yaml
 func NewSmartStreamDialer(testDomains *StringList, searchConfig string, logWriter LogWriter) (*StreamDialer, error) {
 	logBytesWriter := toWriter(logWriter)
 	// TODO: inject the base dialer for tests.

diff --git a/x/smart/stream_dialer.go b/x/smart/stream_dialer.go
@@ -17,7 +17,6 @@ package smart
 import (
 	"context"
 	"crypto/tls"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -29,6 +28,7 @@ import (
 	"github.com/Jigsaw-Code/outline-sdk/dns"
 	"github.com/Jigsaw-Code/outline-sdk/transport"
 	"github.com/Jigsaw-Code/outline-sdk/x/configurl"
+	"gopkg.in/yaml.v3"
 )
 
 // To test one strategy:
@@ -62,46 +62,46 @@ func (f *StrategyFinder) logCtx(ctx context.Context, format string, a ...any) {
 	f.log(format, a...)
 }
 
-type httpsEntryJSON struct {
+type httpsEntryConfig struct {
 	// Domain name of the host.
-	Name string `json:"name,omitempty"`
+	Name string `yaml:"name,omitempty"`
 	// Host:port. Defaults to Name:443.
-	Address string `json:"address,omitempty"`
+	Address string `yaml:"address,omitempty"`
 }
 
-type tlsEntryJSON struct {
+type tlsEntryConfig struct {
 	// Domain name of the host.
-	Name string `json:"name,omitempty"`
+	Name string `yaml:"name,omitempty"`
 	// Host:port. Defaults to Name:853.
-	Address string `json:"address,omitempty"`
+	Address string `yaml:"address,omitempty"`
 }
 
-type udpEntryJSON struct {
+type udpEntryConfig struct {
 	// Host:port.
-	Address string `json:"address,omitempty"`
+	Address string `yaml:"address,omitempty"`
 }
 
-type tcpEntryJSON struct {
+type tcpEntryConfig struct {
 	// Host:port.
-	Address string `json:"address,omitempty"`
+	Address string `yaml:"address,omitempty"`
 }
 
-type dnsEntryJSON struct {
-	System *struct{}       `json:"system,omitempty"`
-	HTTPS  *httpsEntryJSON `json:"https,omitempty"`
-	TLS    *tlsEntryJSON   `json:"tls,omitempty"`
-	UDP    *udpEntryJSON   `json:"udp,omitempty"`
-	TCP    *tcpEntryJSON   `json:"tcp,omitempty"`
+type dnsEntryConfig struct {
+	System *struct{}         `yaml:"system,omitempty"`
+	HTTPS  *httpsEntryConfig `yaml:"https,omitempty"`
+	TLS    *tlsEntryConfig   `yaml:"tls,omitempty"`
+	UDP    *udpEntryConfig   `yaml:"udp,omitempty"`
+	TCP    *tcpEntryConfig   `yaml:"tcp,omitempty"`
 }
 
-type configJSON struct {
-	DNS []dnsEntryJSON `json:"dns,omitempty"`
-	TLS []string       `json:"tls,omitempty"`
+type configConfig struct {
+	DNS []dnsEntryConfig `yaml:"dns,omitempty"`
+	TLS []string         `yaml:"tls,omitempty"`
 }
 
 // newDNSResolverFromEntry creates a [dns.Resolver] based on the config, returning the resolver and
 // a boolean indicating whether the resolver is secure (TLS, HTTPS) and a possible error.
-func (f *StrategyFinder) newDNSResolverFromEntry(entry dnsEntryJSON) (dns.Resolver, bool, error) {
+func (f *StrategyFinder) newDNSResolverFromEntry(entry dnsEntryConfig) (dns.Resolver, bool, error) {
 	if entry.System != nil {
 		return nil, false, nil
 	} else if cfg := entry.HTTPS; cfg != nil {
@@ -165,13 +165,13 @@ type smartResolver struct {
 	Secure bool
 }
 
-func (f *StrategyFinder) dnsConfigToResolver(dnsConfig []dnsEntryJSON) ([]*smartResolver, error) {
+func (f *StrategyFinder) dnsConfigToResolver(dnsConfig []dnsEntryConfig) ([]*smartResolver, error) {
 	if len(dnsConfig) == 0 {
 		return nil, errors.New("no DNS config entry")
 	}
 	rts := make([]*smartResolver, 0, len(dnsConfig))
 	for ei, entry := range dnsConfig {
-		idBytes, err := json.Marshal(entry)
+		idBytes, err := yaml.Marshal(entry)
 		if err != nil {
 			return nil, fmt.Errorf("cannot serialize entry %v: %w", ei, err)
 		}
@@ -185,7 +185,7 @@ func (f *StrategyFinder) dnsConfigToResolver(dnsConfig []dnsEntryJSON) ([]*smart
 	return rts, nil
 }
 
-func (f *StrategyFinder) findDNS(ctx context.Context, testDomains []string, dnsConfig []dnsEntryJSON) (dns.Resolver, error) {
+func (f *StrategyFinder) findDNS(ctx context.Context, testDomains []string, dnsConfig []dnsEntryConfig) (dns.Resolver, error) {
 	resolvers, err := f.dnsConfigToResolver(dnsConfig)
 	if err != nil {
 		return nil, err
@@ -296,8 +296,8 @@ func (f *StrategyFinder) findTLS(ctx context.Context, testDomains []string, base
 // It returns an error if no strategy was found that unblocks the testDomains.
 // The testDomains must be domains with a TLS service running on port 443.
 func (f *StrategyFinder) NewDialer(ctx context.Context, testDomains []string, configBytes []byte) (transport.StreamDialer, error) {
-	var parsedConfig configJSON
-	err := json.Unmarshal(configBytes, &parsedConfig)
+	var parsedConfig configConfig
+	err := yaml.Unmarshal(configBytes, &parsedConfig)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse config: %v", err)
 	}

diff --git a/x/sysproxy/sysproxy_linux.go b/x/sysproxy/sysproxy_linux.go
@@ -18,6 +18,7 @@ package sysproxy
 
 import (
 	"errors"
+	"fmt"
 	"os/exec"
 	"strings"
 )
@@ -95,7 +96,11 @@ func setProxySettings(p ProxyType, host string, port string) error {
 }
 
 func gnomeSettingsSetString(settings, key, value string) error {
-	return exec.Command("gsettings", "set", settings, key, value).Run()
+	err := exec.Command("gsettings", "set", settings, key, value).Run()
+	if err != nil {
+		return fmt.Errorf("gsettings command failed: %w", err)
+	}
+	return nil
 }
 
 func getWebProxy() (host string, port string, enabled bool, err error) {