From e6b06efc4456581b3dc966c98bd558462d516a4e Mon Sep 17 00:00:00 2001
From: cyBerta <cyberta@riseup.net>
Date: Thu, 21 Nov 2024 14:51:02 +0100
Subject: [PATCH] Test custom port range in quic hopping integration test.

The test also proofes that reading the appropriate environment variables work as expected on the server side.
The obfsvpn client doesn't read environment variables and thus need to be invoked with the corresponding command line flags.
---
 .env                           |  7 ++++++-
 .env.1ive.bridge               |  4 ++++
 .env.hopping                   |  6 +++++-
 .env.hopping.kcp               |  6 +++++-
 .env.hopping.quic              |  4 ++++
 .env.hoppingkcp.live.bridge    |  4 ++++
 .env.kcp                       |  6 +++++-
 .env.kcp.live.bridge           |  4 ++++
 .env.kcp.live.gw               |  6 +++++-
 .env.quic                      |  4 ++++
 docker-compose.yml             | 12 ++++++++++++
 images/obfsvpn-client/start.sh | 26 +++++++++++++++++++++++++-
 12 files changed, 83 insertions(+), 6 deletions(-)

diff --git a/.env b/.env
index 860c24e..c23d50b 100644
--- a/.env
+++ b/.env
@@ -1,9 +1,14 @@
 HOP_PT="0"
 KCP="0"
+QUIC="0"
 OPENVPN_HOST="openvpn-server"
 OPENVPN_PORT="5540"
 LIVE_TEST="0"
 OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2=
 OBFS4_PORT="4430"
-TUN_MTU="48000"
\ No newline at end of file
+TUN_MTU="48000"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.1ive.bridge b/.env.1ive.bridge
index 765730d..a427b65 100644
--- a/.env.1ive.bridge
+++ b/.env.1ive.bridge
@@ -12,3 +12,7 @@ OBFS4_HOST="135.181.103.26"
 OBFS4_HOST2=
 OBFS4_PORT="4445"
 TUN_MTU="1500"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.hopping b/.env.hopping
index 3c18d8a..3f6014d 100644
--- a/.env.hopping
+++ b/.env.hopping
@@ -7,4 +7,8 @@ LIVE_TEST="0"
 OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2="obfsvpn-2"
 OBFS4_PORT="4430"
-TUN_MTU="48000"
\ No newline at end of file
+TUN_MTU="48000"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.hopping.kcp b/.env.hopping.kcp
index 7ca042c..193c95e 100644
--- a/.env.hopping.kcp
+++ b/.env.hopping.kcp
@@ -7,4 +7,8 @@ LIVE_TEST="0"
 OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2="obfsvpn-2"
 OBFS4_PORT="4430"
-TUN_MTU="48000"
\ No newline at end of file
+TUN_MTU="48000"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.hopping.quic b/.env.hopping.quic
index 0ccaad1..5fd60bb 100644
--- a/.env.hopping.quic
+++ b/.env.hopping.quic
@@ -8,3 +8,7 @@ OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2="obfsvpn-2"
 OBFS4_PORT="4430"
 TUN_MTU="48000"
+OBFSVPN_PORT_SEED="1"
+OBFSVPN_MIN_HOP_PORT="45000"
+OBFSVPN_MAX_HOP_PORT="50000"
+OBFSVPN_PORT_COUNT="50"
diff --git a/.env.hoppingkcp.live.bridge b/.env.hoppingkcp.live.bridge
index 4702e92..c1525d8 100644
--- a/.env.hoppingkcp.live.bridge
+++ b/.env.hoppingkcp.live.bridge
@@ -12,3 +12,7 @@ OBFS4_HOST="135.181.103.26"
 OBFS4_HOST2="95.217.28.167"
 OBFS4_PORT="4446"
 TUN_MTU="1500"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.kcp b/.env.kcp
index f03a924..e5fccee 100644
--- a/.env.kcp
+++ b/.env.kcp
@@ -7,4 +7,8 @@ LIVE_TEST="0"
 OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2=
 OBFS4_PORT="4430"
-TUN_MTU="48000"
\ No newline at end of file
+TUN_MTU="48000"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.kcp.live.bridge b/.env.kcp.live.bridge
index 4f545be..54048f8 100644
--- a/.env.kcp.live.bridge
+++ b/.env.kcp.live.bridge
@@ -12,3 +12,7 @@ OBFS4_HOST="135.181.103.26"
 OBFS4_HOST2=
 OBFS4_PORT="4444"
 TUN_MTU="1500"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.kcp.live.gw b/.env.kcp.live.gw
index a185488..3ca54fa 100644
--- a/.env.kcp.live.gw
+++ b/.env.kcp.live.gw
@@ -11,4 +11,8 @@ OPENVPN_PORT="53"
 OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2=
 OBFS4_PORT="4430"
-TUN_MTU="1500"
\ No newline at end of file
+TUN_MTU="1500"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/.env.quic b/.env.quic
index eaacba6..e6c5c3f 100644
--- a/.env.quic
+++ b/.env.quic
@@ -8,3 +8,7 @@ OBFS4_HOST="obfsvpn-1"
 OBFS4_HOST2=
 OBFS4_PORT="4430"
 TUN_MTU="48000"
+OBFSVPN_PORT_SEED=""
+OBFSVPN_MIN_HOP_PORT=""
+OBFSVPN_MAX_HOP_PORT=""
+OBFSVPN_PORT_COUNT=""
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index c78cecb..be0ad3d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,10 @@ services:
       HOP_PT: "$HOP_PT"
       KCP: "$KCP"
       QUIC: "$QUIC"
+      OBFSVPN_PORT_SEED: "$OBFSVPN_PORT_SEED"
+      OBFSVPN_MIN_HOP_PORT: "$OBFSVPN_MIN_HOP_PORT"
+      OBFSVPN_MAX_HOP_PORT: "$OBFSVPN_MAX_HOP_PORT"
+      OBFSVPN_PORT_COUNT: "$OBFSVPN_PORT_COUNT"
       QUIC_TLS_CERT: "/opt/openvpn/data/pki/ca.crt"
       QUIC_TLS_KEY: "/opt/openvpn/data/pki/private/ca.key"
       OBFS4_KEY_FILE: "/opt/obfsvpn/data/obfs4.json"
@@ -62,6 +66,10 @@ services:
       QUIC_TLS_CERT: "/opt/openvpn/data/MyReq.crt"
       QUIC_TLS_KEY: "/opt/openvpn/data/MyReq.key"
       OBFS4_KEY_FILE: "/opt/obfsvpn/data/obfs4.json"
+      OBFSVPN_PORT_SEED: "$OBFSVPN_PORT_SEED"
+      OBFSVPN_MIN_HOP_PORT: "$OBFSVPN_MIN_HOP_PORT"
+      OBFSVPN_MAX_HOP_PORT: "$OBFSVPN_MAX_HOP_PORT"
+      OBFSVPN_PORT_COUNT: "$OBFSVPN_PORT_COUNT"
       # only necessary for traditional/non-hopping mode
       OBFS4_PORT: "$OBFS4_PORT"
     command: "/opt/obfsvpn/start_obfsvpn.sh"
@@ -84,6 +92,10 @@ services:
       HOP_PT: "$HOP_PT"
       KCP: "$KCP"
       QUIC: "$QUIC"
+      OBFSVPN_PORT_SEED: "$OBFSVPN_PORT_SEED"
+      OBFSVPN_MIN_HOP_PORT: "$OBFSVPN_MIN_HOP_PORT"
+      OBFSVPN_MAX_HOP_PORT: "$OBFSVPN_MAX_HOP_PORT"
+      OBFSVPN_PORT_COUNT: "$OBFSVPN_PORT_COUNT"
       # the minimum number of seconds to wait before hopping
       MIN_HOP_SECONDS: 5
       # a random range to wait in addition to the minimum hop time
diff --git a/images/obfsvpn-client/start.sh b/images/obfsvpn-client/start.sh
index 65d3d75..6fb97ad 100755
--- a/images/obfsvpn-client/start.sh
+++ b/images/obfsvpn-client/start.sh
@@ -30,8 +30,32 @@ fi
 
 if [[ "$HOP_PT" == "1" ]]; then
     echo "Starting obfsvpn-client in hopping mode"
+    # set a couple of optional hopping flags
+    FLAG_MIN_HOP_PORT=""
+    if [[ -n $OBFSVPN_MIN_HOP_PORT ]]; then
+        FLAG_MIN_HOP_PORT="-min-port $OBFSVPN_MIN_HOP_PORT"
+        echo "Setting Min hopping port to $OBFSVPN_MIN_HOP_PORT"
+    fi
+
+    FLAG_MAX_HOP_PORT=""
+    if [[ -n $OBFSVPN_MAX_HOP_PORT ]]; then
+        FLAG_MAX_HOP_PORT="-max-port $OBFSVPN_MAX_HOP_PORT"
+        echo "Setting max hopping port to $OBFSVPN_MAX_HOP_PORT"
+    fi
+
+    FLAG_SEED=""
+    if [[ -n $OBFSVPN_SEED ]]; then
+        FLAG_SEED="-ps $OBFSVPN_SEED"
+        echo "Setting hopping port seed to $OBFSVPN_SEED"
+    fi
+
+    FLAG_PORT_COUNT=""
+    if [[ -n $OBFSVPN_PORT_COUNT ]]; then
+        FLAG_PORT_COUNT="-pc $OBFSVPN_PORT_COUNT"
+        echo "Setting hopping port count to $OBFSVPN_PORT_COUNT"
+    fi
     /usr/bin/obfsvpn-client $FLAG_KCP $FLAG_QUIC -h -c "$OBFS4_CERT1,$OBFS4_CERT1" -r "$OBFS4_SERVER_HOST1,$OBFS4_SERVER_HOST2" \
-      -m "$MIN_HOP_SECONDS" -j "$HOP_JITTER" -v &
+      -m "$MIN_HOP_SECONDS" -j "$HOP_JITTER" $FLAG_MAX_HOP_PORT $FLAG_MIN_HOP_PORT $FLAG_SEED $FLAG_PORT_COUNT &
 
     # start openvpn in udp
     # set connect-retry low to help facilitate integration test
-- 
GitLab