Remove proxy churn measurements from broker.

We've done the analysis we planned to do on these measurements. A program to analyze the proxy churn and extract hour-by-hour intersections is available at: https://github.com/turfed/snowflake-paper/tree/main/figures/proxy-churn Closes #40280.
2025-10-13 11:11:30 -04:00 · 2023-09-05 05:42:15 +00:00 · 2023-09-05 05:42:15 +00:00 · 6393af6bab
commit 6393af6bab
parent a615e8b1ab
12 changed files with 0 additions and 362 deletions
--- a/broker/broker.go
+++ b/broker/broker.go
@ -11,8 +11,6 @@ import (
 	"crypto/tls"
 	"flag"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/bridgefingerprint"
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink"
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink/sinkcluster"
 	"io"
 	"log"
 	"net/http"
@ -196,8 +194,6 @@ func main() {
 	var certFilename, keyFilename string
 	var disableGeoip bool
 	var metricsFilename string
-	var ipCountFilename, ipCountMaskingKey string
-	var ipCountInterval time.Duration
 	var unsafeLogging bool

 	flag.StringVar(&acmeEmail, "acme-email", "", "optional contact email for Let's Encrypt notifications")
@ -214,9 +210,6 @@ func main() {
 	flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
 	flag.BoolVar(&disableGeoip, "disable-geoip", false, "don't use geoip for stats collection")
 	flag.StringVar(&metricsFilename, "metrics-log", "", "path to metrics logging output")
-	flag.StringVar(&ipCountFilename, "ip-count-log", "", "path to ip count logging output")
-	flag.StringVar(&ipCountMaskingKey, "ip-count-mask", "", "masking key for ip count logging")
-	flag.DurationVar(&ipCountInterval, "ip-count-interval", time.Hour, "time interval between each chunk")
 	flag.BoolVar(&unsafeLogging, "unsafe-logging", false, "prevent logs from being scrubbed")
 	flag.Parse()

@ -264,16 +257,6 @@ func main() {
 		}
 	}

-	if ipCountFilename != "" {
-		ipCountFile, err := os.OpenFile(ipCountFilename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-
-		if err != nil {
-			log.Fatal(err.Error())
-		}
-		ipSetSink := ipsetsink.NewIPSetSink(ipCountMaskingKey)
-		ctx.metrics.distinctIPWriter = sinkcluster.NewClusterWriter(ipCountFile, ipCountInterval, ipSetSink)
-	}
-
 	go ctx.Broker()

 	i := &IPC{ctx}
--- a/broker/ipc.go
+++ b/broker/ipc.go
@ -107,7 +107,6 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error {
 	} else {
 		i.ctx.metrics.lock.Lock()
 		i.ctx.metrics.UpdateCountryStats(remoteIP, proxyType, natType)
-		i.ctx.metrics.RecordIPAddress(remoteIP)
 		i.ctx.metrics.lock.Unlock()
 	}

--- a/broker/metrics.go
+++ b/broker/metrics.go
@ -16,7 +16,6 @@ import (

 	"github.com/prometheus/client_golang/prometheus"
 	"gitlab.torproject.org/tpo/anti-censorship/geoip"
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink/sinkcluster"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages"
 )

@ -42,8 +41,6 @@ type Metrics struct {
 	logger  *log.Logger
 	geoipdb *geoip.Geoip

-	distinctIPWriter *sinkcluster.ClusterWriter
-
 	countryStats                  CountryStats
 	clientRoundtripEstimate       time.Duration
 	proxyIdleCount                uint
@ -327,13 +324,3 @@ func initPrometheus() *PromMetrics {

 	return promMetrics
 }
-
-func (m *Metrics) RecordIPAddress(ip string) {
-	if m.distinctIPWriter != nil {
-		m.distinctIPWriter.AddIPToSet(ip)
-	}
-}
-
-func (m *Metrics) SetIPAddressRecorder(recorder *sinkcluster.ClusterWriter) {
-	m.distinctIPWriter = recorder
-}
--- a/common/ipsetsink/sink.go
+++ b/common/ipsetsink/sink.go
@ -1,55 +0,0 @@
-package ipsetsink
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"encoding/binary"
-	"hash"
-
-	"github.com/clarkduvall/hyperloglog"
-	"golang.org/x/crypto/sha3"
-)
-
-func NewIPSetSink(maskingKey string) *IPSetSink {
-	countDistinct, _ := hyperloglog.NewPlus(18)
-	return &IPSetSink{
-		ipMaskingKey:  maskingKey,
-		countDistinct: countDistinct,
-	}
-}
-
-type IPSetSink struct {
-	ipMaskingKey  string
-	countDistinct *hyperloglog.HyperLogLogPlus
-}
-
-func (s *IPSetSink) maskIPAddress(ipAddress string) []byte {
-	hmacIPMasker := hmac.New(func() hash.Hash {
-		return sha3.New256()
-	}, []byte(s.ipMaskingKey))
-	hmacIPMasker.Write([]byte(ipAddress))
-	return hmacIPMasker.Sum(nil)
-}
-
-func (s *IPSetSink) AddIPToSet(ipAddress string) {
-	s.countDistinct.Add(truncatedHash64FromBytes{hashValue(s.maskIPAddress(ipAddress))})
-}
-
-func (s *IPSetSink) Dump() ([]byte, error) {
-	return s.countDistinct.GobEncode()
-}
-
-func (s *IPSetSink) Reset() {
-	s.countDistinct.Clear()
-}
-
-type hashValue []byte
-type truncatedHash64FromBytes struct {
-	hashValue
-}
-
-func (c truncatedHash64FromBytes) Sum64() uint64 {
-	var value uint64
-	binary.Read(bytes.NewReader(c.hashValue), binary.BigEndian, &value)
-	return value
-}
--- a/common/ipsetsink/sink_test.go
+++ b/common/ipsetsink/sink_test.go
@ -1,47 +0,0 @@
-package ipsetsink
-
-import (
-	"fmt"
-	"github.com/clarkduvall/hyperloglog"
-	"testing"
-)
-import . "github.com/smartystreets/goconvey/convey"
-
-func TestSinkInit(t *testing.T) {
-	Convey("Context", t, func() {
-		sink := NewIPSetSink("demo")
-		sink.AddIPToSet("test1")
-		sink.AddIPToSet("test2")
-		data, err := sink.Dump()
-		So(err, ShouldBeNil)
-		structure, err := hyperloglog.NewPlus(18)
-		So(err, ShouldBeNil)
-		err = structure.GobDecode(data)
-		So(err, ShouldBeNil)
-		count := structure.Count()
-		So(count, ShouldBeBetweenOrEqual, 1, 3)
-	})
-}
-
-func TestSinkCounting(t *testing.T) {
-	Convey("Context", t, func() {
-		for itemCount := 300; itemCount <= 10000; itemCount += 200 {
-			sink := NewIPSetSink("demo")
-			for i := 0; i <= itemCount; i++ {
-				sink.AddIPToSet(fmt.Sprintf("demo%v", i))
-			}
-			for i := 0; i <= itemCount; i++ {
-				sink.AddIPToSet(fmt.Sprintf("demo%v", i))
-			}
-			data, err := sink.Dump()
-			So(err, ShouldBeNil)
-			structure, err := hyperloglog.NewPlus(18)
-			So(err, ShouldBeNil)
-			err = structure.GobDecode(data)
-			So(err, ShouldBeNil)
-			count := structure.Count()
-			So((float64(count)/float64(itemCount))-1.0, ShouldAlmostEqual, 0, 0.01)
-		}
-
-	})
-}
--- a/common/ipsetsink/sinkcluster/common.go
+++ b/common/ipsetsink/sinkcluster/common.go
@ -1,24 +0,0 @@
-package sinkcluster
-
-/* ClusterWriter, and (ClusterCountResult).Count output a streamed IP set journal file to remember distinct IP address
-
-   its format is as follows:
-
-   This file should be in newline-delimited JSON format(https://jsonlines.org/).
-   For each line, the format of json data should be in the format of:
-   {"recordingStart":"2022-05-30T14:38:44.678610091Z","recordingEnd":"2022-05-30T14:39:48.157630926Z","recorded":""}
-
-	recordingStart:datetime is the time this chunk of recording start.
-
-	recordingEnd:datetime is the time this chunk of recording end.
-
-	recorded is the checkpoint data generated by hyperloglog.
-*/
-
-import "time"
-
-type SinkEntry struct {
-	RecordingStart time.Time `json:"recordingStart"`
-	RecordingEnd   time.Time `json:"recordingEnd"`
-	Recorded       []byte    `json:"recorded"`
-}
--- a/common/ipsetsink/sinkcluster/reader.go
+++ b/common/ipsetsink/sinkcluster/reader.go
@ -1,64 +0,0 @@
-package sinkcluster
-
-import (
-	"bufio"
-	"encoding/json"
-	"github.com/clarkduvall/hyperloglog"
-	"io"
-	"time"
-)
-
-func NewClusterCounter(from time.Time, to time.Time) *ClusterCounter {
-	return &ClusterCounter{from: from, to: to}
-}
-
-type ClusterCounter struct {
-	from time.Time
-	to   time.Time
-}
-
-type ClusterCountResult struct {
-	Sum           uint64
-	ChunkIncluded int64
-}
-
-func (c ClusterCounter) Count(reader io.Reader) (*ClusterCountResult, error) {
-	result := ClusterCountResult{}
-	counter, err := hyperloglog.NewPlus(18)
-	if err != nil {
-		return nil, err
-	}
-	inputScanner := bufio.NewScanner(reader)
-	for inputScanner.Scan() {
-		inputLine := inputScanner.Bytes()
-		sinkInfo := SinkEntry{}
-		if err := json.Unmarshal(inputLine, &sinkInfo); err != nil {
-			return nil, err
-		}
-
-		if (sinkInfo.RecordingStart.Before(c.from) && !sinkInfo.RecordingStart.Equal(c.from)) ||
-			sinkInfo.RecordingEnd.After(c.to) {
-			continue
-		}
-
-		restoredCounter, err := hyperloglog.NewPlus(18)
-		if err != nil {
-			return nil, err
-		}
-		err = restoredCounter.GobDecode(sinkInfo.Recorded)
-		if err != nil {
-			return nil, err
-		}
-		result.ChunkIncluded++
-		err = counter.Merge(restoredCounter)
-		if err != nil {
-			return nil, err
-		}
-	}
-	err = inputScanner.Err()
-	if err != nil {
-		return nil, err
-	}
-	result.Sum = counter.Count()
-	return &result, nil
-}
--- a/common/ipsetsink/sinkcluster/writer.go
+++ b/common/ipsetsink/sinkcluster/writer.go
@ -1,68 +0,0 @@
-package sinkcluster
-
-import (
-	"bytes"
-	"encoding/json"
-	"io"
-	"log"
-	"time"
-
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink"
-)
-
-func NewClusterWriter(writer WriteSyncer, writeInterval time.Duration, sink *ipsetsink.IPSetSink) *ClusterWriter {
-	c := &ClusterWriter{
-		writer:        writer,
-		lastWriteTime: time.Now(),
-		writeInterval: writeInterval,
-		current:       sink,
-	}
-	return c
-}
-
-type ClusterWriter struct {
-	writer        WriteSyncer
-	lastWriteTime time.Time
-	writeInterval time.Duration
-	current       *ipsetsink.IPSetSink
-}
-
-type WriteSyncer interface {
-	Sync() error
-	io.Writer
-}
-
-func (c *ClusterWriter) WriteIPSetToDisk() {
-	currentTime := time.Now()
-	data, err := c.current.Dump()
-	if err != nil {
-		log.Println("unable able to write ipset to file:", err)
-		return
-	}
-	entry := &SinkEntry{
-		RecordingStart: c.lastWriteTime,
-		RecordingEnd:   currentTime,
-		Recorded:       data,
-	}
-	jsonData, err := json.Marshal(entry)
-	if err != nil {
-		log.Println("unable able to write ipset to file:", err)
-		return
-	}
-	jsonData = append(jsonData, byte('\n'))
-	_, err = io.Copy(c.writer, bytes.NewReader(jsonData))
-	if err != nil {
-		log.Println("unable able to write ipset to file:", err)
-		return
-	}
-	c.writer.Sync()
-	c.lastWriteTime = currentTime
-	c.current.Reset()
-}
-
-func (c *ClusterWriter) AddIPToSet(ipAddress string) {
-	if c.lastWriteTime.Add(c.writeInterval).Before(time.Now()) {
-		c.WriteIPSetToDisk()
-	}
-	c.current.AddIPToSet(ipAddress)
-}
--- a/common/ipsetsink/sinkcluster/writer_test.go
+++ b/common/ipsetsink/sinkcluster/writer_test.go
@ -1,33 +0,0 @@
-package sinkcluster
-
-import (
-	"bytes"
-	"io"
-	"testing"
-	"time"
-
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink"
-
-	. "github.com/smartystreets/goconvey/convey"
-)
-
-type writerStub struct {
-	io.Writer
-}
-
-func (w writerStub) Sync() error {
-	return nil
-}
-
-func TestSinkWriter(t *testing.T) {
-
-	Convey("Context", t, func() {
-		buffer := bytes.NewBuffer(nil)
-		writerStubInst := &writerStub{buffer}
-		sink := ipsetsink.NewIPSetSink("demo")
-		clusterWriter := NewClusterWriter(writerStubInst, time.Minute, sink)
-		clusterWriter.AddIPToSet("1")
-		clusterWriter.WriteIPSetToDisk()
-		So(buffer.Bytes(), ShouldNotBeNil)
-	})
-}
--- a/distinctcounter/counter.go
+++ b/distinctcounter/counter.go
@ -1,37 +0,0 @@
-package main
-
-import (
-	"flag"
-	"fmt"
-	"log"
-	"os"
-	"time"
-
-	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/ipsetsink/sinkcluster"
-)
-
-func main() {
-	inputFile := flag.String("in", "", "")
-	start := flag.String("from", "", "")
-	end := flag.String("to", "", "")
-	flag.Parse()
-	startTime, err := time.Parse(time.RFC3339, *start)
-	if err != nil {
-		log.Fatal("unable to parse start time:", err)
-	}
-	endTime, err := time.Parse(time.RFC3339, *end)
-	if err != nil {
-		log.Fatal("unable to parse end time:", err)
-	}
-	fd, err := os.Open(*inputFile)
-	if err != nil {
-		log.Fatal("unable to open input file:", err)
-	}
-	counter := sinkcluster.NewClusterCounter(startTime, endTime)
-	result, err := counter.Count(fd)
-	if err != nil {
-		log.Fatal("unable to count:", err)
-	}
-	fmt.Printf("sum = %v\n", result.Sum)
-	fmt.Printf("chunkIncluded = %v\n", result.ChunkIncluded)
-}
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,6 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/
 go 1.21

 require (
-	github.com/clarkduvall/hyperloglog v0.0.0-20171127014514-a0107a5d8004
 	github.com/gorilla/websocket v1.5.0
 	github.com/pion/ice/v2 v2.3.11
 	github.com/pion/sdp/v3 v3.0.6
--- a/go.sum
+++ b/go.sum
@ -7,8 +7,6 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/clarkduvall/hyperloglog v0.0.0-20171127014514-a0107a5d8004 h1:mK6JroY6bLiPS3s6QCYOSjRyErFc2iHNkhhmRfF0nHo=
-github.com/clarkduvall/hyperloglog v0.0.0-20171127014514-a0107a5d8004/go.mod h1:drodPoQNro6QBO6TJ/MpMZbz8Bn2eSDtRN6jpG4VGw8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=