Remove default relay pattern option from broker

This was only useful to us when we first implemented the feature, to be able to support proxies that hadn't yet updated, when we had a single Snowflake bridge. Now that we have multiple bridges, it is unecessary as proxies that don't send their accepted relay pattern are rejected anyway.
2025-10-13 11:11:30 -04:00 · 2025-03-18 13:25:00 -04:00 · 2025-03-18 13:25:00 -04:00 · dd5fb03c49
commit dd5fb03c49
parent c0ac0186f1
3 changed files with 31 additions and 35 deletions
--- a/broker/broker.go
+++ b/broker/broker.go
@ -44,9 +44,8 @@ type BrokerContext struct {
 	proxyPolls    chan *ProxyPoll
 	metrics       *Metrics

-	bridgeList                     BridgeListHolderFileBased
-	allowedRelayPattern            string
-	presumedPatternForLegacyClient string
+	bridgeList          BridgeListHolderFileBased
+	allowedRelayPattern string
 }

 func (ctx *BrokerContext) GetBridgeInfo(fingerprint bridgefingerprint.Fingerprint) (BridgeInfo, error) {
@ -55,8 +54,7 @@ func (ctx *BrokerContext) GetBridgeInfo(fingerprint bridgefingerprint.Fingerprin

 func NewBrokerContext(
 	metricsLogger *log.Logger,
-	allowedRelayPattern,
-	presumedPatternForLegacyClient string,
+	allowedRelayPattern string,
 ) *BrokerContext {
 	snowflakes := new(SnowflakeHeap)
 	heap.Init(snowflakes)
@ -79,14 +77,13 @@ func NewBrokerContext(
 	bridgeListHolder.LoadBridgeInfo(bytes.NewReader([]byte(DefaultBridges)))

 	return &BrokerContext{
-		snowflakes:                     snowflakes,
-		restrictedSnowflakes:           rSnowflakes,
-		idToSnowflake:                  make(map[string]*Snowflake),
-		proxyPolls:                     make(chan *ProxyPoll),
-		metrics:                        metrics,
-		bridgeList:                     bridgeListHolder,
-		allowedRelayPattern:            allowedRelayPattern,
-		presumedPatternForLegacyClient: presumedPatternForLegacyClient,
+		snowflakes:           snowflakes,
+		restrictedSnowflakes: rSnowflakes,
+		idToSnowflake:        make(map[string]*Snowflake),
+		proxyPolls:           make(chan *ProxyPoll),
+		metrics:              metrics,
+		bridgeList:           bridgeListHolder,
+		allowedRelayPattern:  allowedRelayPattern,
 	}
 }

@ -176,7 +173,7 @@ func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader) error {

 func (ctx *BrokerContext) CheckProxyRelayPattern(pattern string, nonSupported bool) bool {
 	if nonSupported {
-		pattern = ctx.presumedPatternForLegacyClient
+		return false
 	}
 	proxyPattern := namematcher.NewNameMatcher(pattern)
 	brokerPattern := namematcher.NewNameMatcher(ctx.allowedRelayPattern)
@ -197,7 +194,7 @@ func main() {
 	var addr string
 	var geoipDatabase string
 	var geoip6Database string
-	var bridgeListFilePath, allowedRelayPattern, presumedPatternForLegacyClient string
+	var bridgeListFilePath, allowedRelayPattern string
 	var brokerSQSQueueName, brokerSQSQueueRegion string
 	var disableTLS bool
 	var certFilename, keyFilename string
@ -215,7 +212,6 @@ func main() {
 	flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes")
 	flag.StringVar(&bridgeListFilePath, "bridge-list-path", "", "file path for bridgeListFile")
 	flag.StringVar(&allowedRelayPattern, "allowed-relay-pattern", "", "allowed pattern for relay host name. The broker will reject proxies whose AcceptedRelayPattern is more restrictive than this")
-	flag.StringVar(&presumedPatternForLegacyClient, "default-relay-pattern", "", "presumed pattern for legacy client")
 	flag.StringVar(&brokerSQSQueueName, "broker-sqs-name", "", "name of broker SQS queue to listen for incoming messages on")
 	flag.StringVar(&brokerSQSQueueRegion, "broker-sqs-region", "", "name of AWS region of broker SQS queue")
 	flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
@ -248,7 +244,7 @@ func main() {

 	metricsLogger := log.New(metricsFile, "", 0)

-	ctx := NewBrokerContext(metricsLogger, allowedRelayPattern, presumedPatternForLegacyClient)
+	ctx := NewBrokerContext(metricsLogger, allowedRelayPattern)

 	if bridgeListFilePath != "" {
 		bridgeListFile, err := os.Open(bridgeListFilePath)
--- a/broker/snowflake-broker_test.go
+++ b/broker/snowflake-broker_test.go
@ -89,7 +89,7 @@ func TestBroker(t *testing.T) {

 	Convey("Context", t, func() {
 		buf := new(bytes.Buffer)
-		ctx := NewBrokerContext(log.New(buf, "", 0), "", "")
+		ctx := NewBrokerContext(log.New(buf, "", 0), "snowflake.torproject.net")
 		i := &IPC{ctx}

 		Convey("Adds Snowflake", func() {
@ -407,7 +407,7 @@ client-sqs-ips
 		Convey("Responds to proxy polls...", func() {
 			done := make(chan bool)
 			w := httptest.NewRecorder()
-			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`))
+			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0", "AcceptedRelayPattern": "snowflake.torproject.net"}`))
 			r, err := http.NewRequest("POST", "snowflake.broker/proxy", data)
 			So(err, ShouldBeNil)

@ -493,7 +493,7 @@ client-sqs-ips
 	})

 	Convey("End-To-End", t, func() {
-		ctx := NewBrokerContext(NullLogger(), "", "")
+		ctx := NewBrokerContext(NullLogger(), "snowflake.torproject.net")
 		i := &IPC{ctx}

 		Convey("Check for client/proxy data race", func() {
@ -504,7 +504,7 @@ client-sqs-ips

 			// Make proxy poll
 			wp := httptest.NewRecorder()
-			datap := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`))
+			datap := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			rp, err := http.NewRequest("POST", "snowflake.broker/proxy", datap)
 			So(err, ShouldBeNil)

@ -549,7 +549,7 @@ client-sqs-ips
 			polled := make(chan bool)

 			// Proxy polls with its ID first...
-			dataP := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`))
+			dataP := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			wP := httptest.NewRecorder()
 			rP, err := http.NewRequest("POST", "snowflake.broker/proxy", dataP)
 			So(err, ShouldBeNil)
@ -646,7 +646,7 @@ func TestSnowflakeHeap(t *testing.T) {
 func TestInvalidGeoipFile(t *testing.T) {
 	Convey("Geoip", t, func() {
 		// Make sure things behave properly if geoip file fails to load
-		ctx := NewBrokerContext(NullLogger(), "", "")
+		ctx := NewBrokerContext(NullLogger(), "")
 		if err := ctx.metrics.LoadGeoipDatabases("invalid_filename", "invalid_filename6"); err != nil {
 			log.Printf("loading geo ip databases returned error: %v", err)
 		}
@ -660,7 +660,7 @@ func TestMetrics(t *testing.T) {
 	Convey("Test metrics...", t, func() {
 		done := make(chan bool)
 		buf := new(bytes.Buffer)
-		ctx := NewBrokerContext(log.New(buf, "", 0), "", "")
+		ctx := NewBrokerContext(log.New(buf, "", 0), "snowflake.torproject.net")
 		i := &IPC{ctx}

 		err := ctx.metrics.LoadGeoipDatabases("test_geoip", "test_geoip6")
@ -669,7 +669,7 @@ func TestMetrics(t *testing.T) {
 		//Test addition of proxy polls
 		Convey("for proxy polls", func() {
 			w := httptest.NewRecorder()
-			data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\"}"))
+			data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}"))
 			r, err := http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -682,7 +682,7 @@ func TestMetrics(t *testing.T) {
 			<-done

 			w = httptest.NewRecorder()
-			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"standalone"}`))
+			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"standalone","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err = http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -695,7 +695,7 @@ func TestMetrics(t *testing.T) {
 			<-done

 			w = httptest.NewRecorder()
-			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"badge"}`))
+			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"badge","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err = http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -708,7 +708,7 @@ func TestMetrics(t *testing.T) {
 			<-done

 			w = httptest.NewRecorder()
-			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"webext"}`))
+			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"webext","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err = http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -728,8 +728,8 @@ func TestMetrics(t *testing.T) {
 			So(metricsStr, ShouldContainSubstring, "\nsnowflake-ips-webext 1\n")
 			So(metricsStr, ShouldEndWith, `snowflake-ips-total 4
 snowflake-idle-count 8
-snowflake-proxy-poll-with-relay-url-count 0
-snowflake-proxy-poll-without-relay-url-count 8
+snowflake-proxy-poll-with-relay-url-count 8
+snowflake-proxy-poll-without-relay-url-count 0
 snowflake-proxy-rejected-for-relay-url-count 0
 client-denied-count 0
 client-restricted-denied-count 0
@ -899,7 +899,7 @@ snowflake-ips-nat-unknown 0
 		//Test unique ip
 		Convey("proxy counts by unique ip", func() {
 			w := httptest.NewRecorder()
-			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`))
+			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err := http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -911,7 +911,7 @@ snowflake-ips-nat-unknown 0
 			p.offerChannel <- nil
 			<-done

-			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`))
+			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err = http.NewRequest("POST", "snowflake.broker/proxy", data)
 			if err != nil {
 				log.Printf("unable to get NewRequest with error: %v", err)
@ -933,7 +933,7 @@ snowflake-ips-nat-unknown 0
 		//Test NAT types
 		Convey("proxy counts by NAT type", func() {
 			w := httptest.NewRecorder()
-			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"restricted"}`))
+			data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"restricted","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err := http.NewRequest("POST", "snowflake.broker/proxy", data)
 			r.RemoteAddr = "129.97.208.23:8888" //CA geoip
 			So(err, ShouldBeNil)
@ -948,7 +948,7 @@ snowflake-ips-nat-unknown 0
 			ctx.metrics.printMetrics()
 			So(buf.String(), ShouldContainSubstring, "snowflake-ips-nat-restricted 1\nsnowflake-ips-nat-unrestricted 0\nsnowflake-ips-nat-unknown 0")

-			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"unrestricted"}`))
+			data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"unrestricted","AcceptedRelayPattern":"snowflake.torproject.net"}`))
 			r, err = http.NewRequest("POST", "snowflake.broker/proxy", data)
 			if err != nil {
 				log.Printf("unable to get NewRequest with error: %v", err)
--- a/broker/sqs_test.go
+++ b/broker/sqs_test.go
@ -23,7 +23,7 @@ func TestSQS(t *testing.T) {

 	Convey("Context", t, func() {
 		buf := new(bytes.Buffer)
-		ipcCtx := NewBrokerContext(log.New(buf, "", 0), "", "")
+		ipcCtx := NewBrokerContext(log.New(buf, "", 0), "")
 		i := &IPC{ipcCtx}

 		Convey("Responds to SQS client offers...", func() {