mirror of
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
synced 2025-10-14 05:11:19 -04:00
Arlo Breault
Arlo Breault
parent
0ef2250280
commit
e5d57647f0
5 changed files with 837 additions and 781 deletions
|
|
@ -7,22 +7,19 @@ package main
|
|||
|
||||
import (
|
||||
"container/heap"
|
||||
"crypto/tls"
|
||||
"flag"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"net"
|
||||
"net/rpc"
|
||||
"os"
|
||||
"os/signal"
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"git.torproject.org/pluggable-transports/snowflake.git/common/safelog"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||
"golang.org/x/crypto/acme/autocert"
|
||||
// "github.com/prometheus/client_golang/prometheus"
|
||||
)
|
||||
|
||||
type BrokerContext struct {
|
||||
|
|
@ -105,7 +102,7 @@ func (ctx *BrokerContext) Broker() {
|
|||
} else {
|
||||
heap.Remove(ctx.restrictedSnowflakes, snowflake.index)
|
||||
}
|
||||
ctx.metrics.promMetrics.AvailableProxies.With(prometheus.Labels{"nat": request.natType, "type": request.proxyType}).Dec()
|
||||
// ctx.metrics.promMetrics.AvailableProxies.With(prometheus.Labels{"nat": request.natType, "type": request.proxyType}).Dec()
|
||||
delete(ctx.idToSnowflake, snowflake.id)
|
||||
close(request.offerChannel)
|
||||
}
|
||||
|
|
@ -131,7 +128,7 @@ func (ctx *BrokerContext) AddSnowflake(id string, proxyType string, natType stri
|
|||
} else {
|
||||
heap.Push(ctx.restrictedSnowflakes, snowflake)
|
||||
}
|
||||
ctx.metrics.promMetrics.AvailableProxies.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc()
|
||||
// ctx.metrics.promMetrics.AvailableProxies.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc()
|
||||
ctx.snowflakeLock.Unlock()
|
||||
ctx.idToSnowflake[id] = snowflake
|
||||
return snowflake
|
||||
|
|
@ -144,34 +141,29 @@ type ClientOffer struct {
|
|||
}
|
||||
|
||||
func main() {
|
||||
var acmeEmail string
|
||||
var acmeHostnamesCommas string
|
||||
var acmeCertCacheDir string
|
||||
var addr string
|
||||
var geoipDatabase string
|
||||
var geoip6Database string
|
||||
var disableTLS bool
|
||||
var certFilename, keyFilename string
|
||||
var disableGeoip bool
|
||||
|
||||
var metricsFilename string
|
||||
var unsafeLogging bool
|
||||
|
||||
flag.StringVar(&acmeEmail, "acme-email", "", "optional contact email for Let's Encrypt notifications")
|
||||
flag.StringVar(&acmeHostnamesCommas, "acme-hostnames", "", "comma-separated hostnames for TLS certificate")
|
||||
flag.StringVar(&certFilename, "cert", "", "TLS certificate file")
|
||||
flag.StringVar(&keyFilename, "key", "", "TLS private key file")
|
||||
flag.StringVar(&acmeCertCacheDir, "acme-cert-cache", "acme-cert-cache", "directory in which certificates should be cached")
|
||||
flag.StringVar(&addr, "addr", ":443", "address to listen on")
|
||||
var socket string
|
||||
|
||||
flag.StringVar(&geoipDatabase, "geoipdb", "/usr/share/tor/geoip", "path to correctly formatted geoip database mapping IPv4 address ranges to country codes")
|
||||
flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes")
|
||||
flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
|
||||
flag.BoolVar(&disableGeoip, "disable-geoip", false, "don't use geoip for stats collection")
|
||||
|
||||
flag.StringVar(&metricsFilename, "metrics-log", "", "path to metrics logging output")
|
||||
flag.BoolVar(&unsafeLogging, "unsafe-logging", false, "prevent logs from being scrubbed")
|
||||
|
||||
flag.StringVar(&socket, "socket", "/tmp/broker.sock", "path to ipc socket")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
var err error
|
||||
var metricsFile io.Writer
|
||||
|
||||
var logOutput io.Writer = os.Stderr
|
||||
if unsafeLogging {
|
||||
log.SetOutput(logOutput)
|
||||
|
|
@ -179,7 +171,6 @@ func main() {
|
|||
// We want to send the log output through our scrubber first
|
||||
log.SetOutput(&safelog.LogScrubber{Output: logOutput})
|
||||
}
|
||||
|
||||
log.SetFlags(log.LstdFlags | log.LUTC)
|
||||
|
||||
if metricsFilename != "" {
|
||||
|
|
@ -205,21 +196,6 @@ func main() {
|
|||
|
||||
go ctx.Broker()
|
||||
|
||||
i := &IPC{ctx}
|
||||
|
||||
http.HandleFunc("/robots.txt", robotsTxtHandler)
|
||||
|
||||
http.Handle("/proxy", SnowflakeHandler{i, proxyPolls})
|
||||
http.Handle("/client", SnowflakeHandler{i, clientOffers})
|
||||
http.Handle("/answer", SnowflakeHandler{i, proxyAnswers})
|
||||
http.Handle("/debug", SnowflakeHandler{i, debugHandler})
|
||||
http.Handle("/metrics", MetricsHandler{metricsFilename, metricsHandler})
|
||||
http.Handle("/prometheus", promhttp.HandlerFor(ctx.metrics.promMetrics.registry, promhttp.HandlerOpts{}))
|
||||
|
||||
server := http.Server{
|
||||
Addr: addr,
|
||||
}
|
||||
|
||||
sigChan := make(chan os.Signal, 1)
|
||||
signal.Notify(sigChan, syscall.SIGHUP)
|
||||
|
||||
|
|
@ -236,49 +212,18 @@ func main() {
|
|||
}
|
||||
}()
|
||||
|
||||
// Handle the various ways of setting up TLS. The legal configurations
|
||||
// are:
|
||||
// --acme-hostnames (with optional --acme-email and/or --acme-cert-cache)
|
||||
// --cert and --key together
|
||||
// --disable-tls
|
||||
// The outputs of this block of code are the disableTLS,
|
||||
// needHTTP01Listener, certManager, and getCertificate variables.
|
||||
if acmeHostnamesCommas != "" {
|
||||
acmeHostnames := strings.Split(acmeHostnamesCommas, ",")
|
||||
log.Printf("ACME hostnames: %q", acmeHostnames)
|
||||
// if err := os.RemoveAll(socket); err != nil {
|
||||
// log.Fatal(err)
|
||||
// }
|
||||
|
||||
var cache autocert.Cache
|
||||
if err = os.MkdirAll(acmeCertCacheDir, 0700); err != nil {
|
||||
log.Printf("Warning: Couldn't create cache directory %q (reason: %s) so we're *not* using our certificate cache.", acmeCertCacheDir, err)
|
||||
} else {
|
||||
cache = autocert.DirCache(acmeCertCacheDir)
|
||||
}
|
||||
|
||||
certManager := autocert.Manager{
|
||||
Cache: cache,
|
||||
Prompt: autocert.AcceptTOS,
|
||||
HostPolicy: autocert.HostWhitelist(acmeHostnames...),
|
||||
Email: acmeEmail,
|
||||
}
|
||||
go func() {
|
||||
log.Printf("Starting HTTP-01 listener")
|
||||
log.Fatal(http.ListenAndServe(":80", certManager.HTTPHandler(nil)))
|
||||
}()
|
||||
|
||||
server.TLSConfig = &tls.Config{GetCertificate: certManager.GetCertificate}
|
||||
err = server.ListenAndServeTLS("", "")
|
||||
} else if certFilename != "" && keyFilename != "" {
|
||||
if acmeEmail != "" || acmeHostnamesCommas != "" {
|
||||
log.Fatalf("The --cert and --key options are not allowed with --acme-email or --acme-hostnames.")
|
||||
}
|
||||
err = server.ListenAndServeTLS(certFilename, keyFilename)
|
||||
} else if disableTLS {
|
||||
err = server.ListenAndServe()
|
||||
} else {
|
||||
log.Fatal("the --acme-hostnames, --cert and --key, or --disable-tls option is required")
|
||||
}
|
||||
ipc := &IPC{ctx}
|
||||
rpc.Register(ipc)
|
||||
|
||||
l, err := net.Listen("unix", socket)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer l.Close()
|
||||
|
||||
rpc.Accept(l)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue