Commit graph

67 commits

Author SHA1 Message Date
Cecylia Bocovich
00eb4aadf5 Modified broker /debug page to display counts only
The broker /debug page was displaying proxy IDs and roundtrip times. As
serna pointed out in bug #31460, the proxy IDs can be used to launch a
denial of service attack. As the metrics team pointed out on #21315, the
round trip time average can be potentially sensitive.

This change displays only proxy counts and uses ID lengths to
distinguish between standalone proxy-go instances and browser-based
snowflake proxies.
2019-08-27 10:01:00 -04:00
Cecylia Bocovich
0aef40100a Implemented handler to fetch broker stats
This implements a handler at https://[snowflake-broker]/metrics for the
snowflake collecTor module to fetch stats from the broker. Logged
metrics are copied out to the response with a text/plain; charset=utf-8
content type. This implements bug #31376.
2019-08-16 09:12:49 -04:00
Cecylia Bocovich
19244c7146 Merge branch 'ticket21315' 2019-06-28 17:31:02 -04:00
Cecylia Bocovich
908cf3fc64 Updated tests to check new stats
Updated the tests to pass with our new snowflake-ips-total stat
2019-06-25 10:06:00 -04:00
Cecylia Bocovich
8f2dc3563b Added a metric that sums available snowflakes
Added another metrics item that counts the total availabel snowflakes
(unique by IP address)
2019-06-25 09:33:45 -04:00
Cecylia Bocovich
f779013b2d Fixed small formatting errors of log output
- removed trailing ","s
- removed unecessary space before seconds
2019-06-14 17:09:06 -04:00
Cecylia Bocovich
0767a637c1 Changed variable names/types to be more reasonable
Also moved the geoip check to occur after we've make sure the proxy IP
hasn't yet been recorded. This is will cut down on unecessary
computation.
2019-06-14 17:00:31 -04:00
Cecylia Bocovich
92d61f2555 Added a comment for the metrics specification 2019-06-12 10:17:55 -04:00
Cecylia Bocovich
fe3356a54d Unit tests for metrics code
Added unit tests for metrics logging. Refactored the logMetrics()
function to allow for easier testing
2019-06-12 10:14:21 -04:00
Cecylia Bocovich
25f059f4c4 Log geoip stats of proxies by unique IP
Change it so that we log the geoip country code of proxies if they poll
within the current metrics epoch. We make sure we log by unique IP
address
2019-06-11 15:43:59 -04:00
Cecylia Bocovich
c782ebdcea Format output to meet specification
Output is now printed out in Tor Directory Protocol Format, as specified
in https://trac.torproject.org/projects/tor/ticket/21315#comment:19.
2019-06-11 15:01:05 -04:00
Cecylia Bocovich
175b8efb04 Bin metrics to nearest mult of 8 2019-06-11 14:27:42 -04:00
Cecylia Bocovich
0293674e38 Zero out counts for next time step 2019-06-11 14:19:14 -04:00
Cecylia Bocovich
d57cd07599 Implemented count metrics for broker events
Added three new metrics:
- proxyIdleCount counts the number of times a proxy polls and receives
no snowflakes
- clientDeniedCount counts the number of times a client requested a
snowflake but none were available
- clientProxyMatchCount counts the number of times a client successfully
received a snowflake
2019-06-11 14:16:01 -04:00
Cecylia Bocovich
64ce7dff1b Changed time resolution for metrics collection
Set the resolution of metrics data collection to be every 24 hours
2019-06-11 13:44:59 -04:00
Philipp Winter
11efa42e4c
Cache certificates across program restarts.
So far, we request a certificate each time we start the broker.  Let's
Encrypt maintains several rate limiters and if we exceed one of them, we
won't get a certificate.  Worse, since we don't store certificates, we
won't even be able to use an old one.

This patch uses autocert's DirCache structure to cache certificates on
disk.

This patch fixes <https://bugs.torproject.org/30512>.
2019-06-03 15:50:35 -07:00
Cecylia Bocovich
0842dad38e Added tests to check large read guards 2019-05-28 13:29:59 -04:00
Cecylia Bocovich
1d76d3ca2e Implement limitedRead function for client side
MaxBytesReader is only documented for server side reads, so we're using
a local limitedRead function instead that uses an io.LimitedReader.

Declared limits in a commented constant
2019-05-28 13:29:59 -04:00
Cecylia Bocovich
ce3101d016 Guard against large reads
This is a fix for #26348
2019-05-28 13:29:59 -04:00
Arlo Breault
dd927050d9 Appease go vets complaints about passing locks by value 2019-05-16 12:58:25 -04:00
Arlo Breault
b77a99b565 Fix broker tests
NewBrokerContext now requires a logger so give it one to discard the
logs.
2019-05-16 12:34:21 -04:00
Cecylia Bocovich
6b002c5f22 Merge branch 'geoip_squashed' 2019-05-15 11:07:33 -04:00
Cecylia Bocovich
1133e01363 Added an option to use a conventional certificate 2019-05-14 17:14:39 -04:00
Cecylia Bocovich
ba4fe1a73e Added an option to specify metrics log file
Previously the metrics log file was hardcoded and the broker wasn't
behaving properly if it was unable to open the file for logging.

Added a commandline option to specify the logfile that defaults to
Stdout.

Fixed up some documentation and log output formatting
2019-05-14 12:53:01 -04:00
Cecylia Bocovich
72e54bdc2e Remove geoip metrics from /debug
For now we can just log the proxy geoip statistics locally
2019-05-09 18:13:48 -04:00
Cecylia Bocovich
171c55a9b1 Implemented geoip lookups for the snowflake broker. This heavily based off of how tor maps IP addresses to country codes, and relies on the provided ipv4 and ipv6 files. 2019-04-29 17:10:15 -04:00
Cecylia Bocovich
d11e55aabe Merge branch 'ticket30125' 2019-04-16 12:59:56 -04:00
Cecylia Bocovich
d4c5d4e65b Updated robots.txt handler on broker
Updated robots.txt file to disallow crawling as in ticket #29565.
2019-04-15 16:43:21 -04:00
Cecylia Bocovich
482d60d9d3 Use safelog scrubber in broker and proxy-go 2019-04-11 14:47:31 -04:00
Cecylia Bocovich
3eb9064438 Removed unecessary output from logs
Removed raw bytes of ICE answers from broker logs and the SDP stanzas
from the client logs
2019-03-25 15:15:22 -04:00
Arlo Breault
10ad59fc9d Appease go fmt after fcc274a 2018-03-05 19:35:54 -05:00
David Fifield
fcc274ac68 Use Manager.HTTPHandler for automatic TLS support.
This is needed since the recent removal of the TLS-SNI challenge types.
https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316
The HTTP-01 challenge type requires an additional listener on port 80.
2018-02-24 11:40:02 -08:00
David Fifield
8dcd337ce4 Re-remove ipHandler function.
Had been removed in 2a46db2c01 and was
erroneously restored in the merge
36debdfdd2.
2017-08-11 13:08:36 -07:00
David Fifield
36debdfdd2 Merge branch 'standalone-broker' 2017-08-02 19:34:00 -07:00
David Fifield
2a46db2c01 Remove broker /ip endpoint.
Doesn't seem to be used anywhere; may have been inherited from flash
proxy.
2017-07-15 14:34:18 -07:00
David Fifield
afe7716903 Replace --webPort and --tlsPort with a single --addr option. 2017-07-14 20:33:42 -07:00
David Fifield
2d89aa0b7b autocert (Let's Encrypt) for broker.
Replaces --cert and --key with --acme-hostnames and --acme-email.
2017-07-14 20:33:30 -07:00
David Fifield
2242be7a55 Have the broker log in UTC. 2017-07-14 20:07:50 -07:00
David Fifield
1966612113 go fmt 2017-07-14 20:06:00 -07:00
David Fifield
eaa82b8f9a Move flag code out of init into main. 2017-07-14 20:00:25 -07:00
Hooman
3f4f5d2292 Server ports as parameters 2017-07-12 12:07:28 -07:00
Hooman
edbe18d411 Fixed README.md and added cert and key options 2017-07-11 13:33:00 -07:00
Hooman
b7df69fa55 Make Broker run standalone 2017-06-29 13:51:55 -07:00
Arlo Breault
5cd2a226aa Enable tls websockets on the server
* Code lifted from meek-server
2016-12-19 16:07:02 -08:00
Serene H
7e9066a29d fix broker offer answer test 2016-09-20 08:52:45 -07:00
Serene H
47e1338290 initial client roundtrip estimate on broker 2016-09-20 06:28:11 -07:00
Arlo Breault
bdbabe5e0c Return after bad request 2016-05-11 07:27:42 -07:00
Serene Han
0f952408d3 remove more dead code from broker 2016-04-05 10:29:17 -07:00
Serene Han
661286894a another goconvey test for RequestOffer, fix data race in the Broker test 2016-02-17 12:52:51 -08:00
Serene Han
2ae6559001 move CORS early return into the ServeHTTP wrapper, rename handlers 2016-02-16 21:44:49 -08:00