Use the pluggable transport meek lite where obfs4 is blocked

2026-02-17 21:29:54 +01:00 · 2019-02-04 15:56:47 -02:00
parent 5ccf2cae1f
commit b023593a2c
7 changed files with 50 additions and 16 deletions
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java
@@ -17,16 +17,24 @@ public interface CircumventionProvider {
 	String[] BLOCKED = {"CN", "IR", "EG", "BY", "TR", "SY", "VE"};

 	/**
-	 * Countries where vanilla bridge connection are likely to work.
+	 * Countries where obfs4 bridge connection are likely to work.
 	 * Should be a subset of {@link #BLOCKED}.
 	 */
-	String[] BRIDGES = { "EG", "BY", "TR", "SY", "VE" };
+	String[] BRIDGES = { "CN", "IR", "EG", "BY", "TR", "SY", "VE" };
+
+	/**
+	 * Countries where obfs4 bridges won't work and meek is needed.
+	 * Should be a subset of {@link #BRIDGES}.
+	 */
+	String[] NEEDS_MEEK = {"CN", "IR"};

 	boolean isTorProbablyBlocked(String countryCode);

 	boolean doBridgesWork(String countryCode);

+	boolean needsMeek(String countryCode);
+
 	@IoExecutor
-	List<String> getBridges();
+	List<String> getBridges(boolean meek);

 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java
@@ -22,6 +22,8 @@ class CircumventionProviderImpl implements CircumventionProvider {
 			new HashSet<>(asList(BLOCKED));
 	private static final Set<String> BRIDGES_WORK_IN_COUNTRIES =
 			new HashSet<>(asList(BRIDGES));
+	private static final Set<String> BRIDGES_NEED_MEEK =
+			new HashSet<>(asList(NEEDS_MEEK));

 	@Nullable
 	private volatile List<String> bridges = null;
@@ -40,9 +42,14 @@ class CircumventionProviderImpl implements CircumventionProvider {
 		return BRIDGES_WORK_IN_COUNTRIES.contains(countryCode);
 	}

+	@Override
+	public boolean needsMeek(String countryCode) {
+		return BRIDGES_NEED_MEEK.contains(countryCode);
+	}
+
 	@Override
 	@IoExecutor
-	public List<String> getBridges() {
+	public List<String> getBridges(boolean useMeek) {
 		List<String> bridges = this.bridges;
 		if (bridges != null) return new ArrayList<>(bridges);

@@ -53,6 +60,8 @@ class CircumventionProviderImpl implements CircumventionProvider {
 		bridges = new ArrayList<>();
 		while (scanner.hasNextLine()) {
 			String line = scanner.nextLine();
+			boolean isMeekBridge = line.startsWith("Bridge meek");
+			if (useMeek && !isMeekBridge || !useMeek && isMeekBridge) continue;
 			if (!line.startsWith("#")) bridges.add(line);
 		}
 		scanner.close();
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
@@ -470,13 +470,19 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		if (!enable) callback.transportDisabled();
 	}

-	private void enableBridges(boolean enable) throws IOException {
+	private void enableBridges(boolean enable, boolean needsMeek)
+			throws IOException {
 		if (enable) {
 			Collection<String> conf = new ArrayList<>();
 			conf.add("UseBridges 1");
-			conf.add("ClientTransportPlugin obfs4 exec " +
-					obfs4File.getAbsolutePath());
-			conf.addAll(circumventionProvider.getBridges());
+			if (needsMeek) {
+				conf.add("ClientTransportPlugin meek_lite exec " +
+						obfs4File.getAbsolutePath());
+			} else {
+				conf.add("ClientTransportPlugin obfs4 exec " +
+						obfs4File.getAbsolutePath());
+			}
+			conf.addAll(circumventionProvider.getBridges(needsMeek));
 			controlConnection.setConf(conf);
 		} else {
 			controlConnection.setConf("UseBridges", "0");
@@ -716,12 +722,17 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 					enableNetwork(false);
 				} else if (network == PREF_TOR_NETWORK_WITH_BRIDGES ||
 						(automatic && bridgesWork)) {
-					LOG.info("Enabling network, using bridges");
-					enableBridges(true);
+					if (circumventionProvider.needsMeek(country)) {
+						LOG.info("Enabling network, using meek bridges");
+						enableBridges(true, true);
+					} else {
+						LOG.info("Enabling network, using obfs4 bridges");
+						enableBridges(true, false);
+					}
 					enableNetwork(true);
 				} else {
 					LOG.info("Enabling network, not using bridges");
-					enableBridges(false);
+					enableBridges(false, false);
 					enableNetwork(true);
 				}
 				if (online && wifi && charging) {
--- a/bramble-core/src/main/resources/bridges
+++ b/bramble-core/src/main/resources/bridges
@@ -1,4 +1,5 @@
 Bridge obfs4 78.46.188.239:37356 5A2D2F4158D0453E00C7C176978D3F41D69C45DB cert=3c0SwxpOisbohNxEc4tb875RVW8eOu1opRTVXJhafaKA/PNNtI7ElQIVOVZg1AdL5bxGCw iat-mode=0
 Bridge obfs4 52.15.78.72:9443 02069A3C5362476936B62BA6F5ACC41ABD573A9B cert=ijYG/OKc7kqu2YzKNFfeXN7/BG2BOgfEP2KyYEiGDQthnHbsOiTWHeIG0WJVW+BckzDgKw iat-mode=0
 Bridge obfs4 13.58.29.242:9443 0C58939A77DA6B6B29D4B5236A75865659607AE0 cert=OylWIEHb/ezpq1zWxW0sgKRn+9ARH2eOcQOZ8/Gew+4l+oKOhQ2jUX/Y+FSl61JorXZUWA iat-mode=0
-Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0
+Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0
+Bridge meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com