From fdac01ca9020190f3e199ecf0183c1ecdcecc78d Mon Sep 17 00:00:00 2001 From: meskio Date: Wed, 26 Feb 2025 19:25:49 +0100 Subject: [PATCH 01/78] CI: use Dependency Proxy when available This sets up CI to allow the use of the GitLab Dependency Proxy which caches images pulled from DockerHub, in order to bypass rate-limiting. The DOCKER_REGISTRY_URL variable is set dynamically by the check_dependency_proxy_access job defined in dependency_proxy.yml such that only pipelines triggered by users with the requisite access will be configured to use the proxy, while all others will continue to pull from DockerHub as before. When DOCKER_REGISTRY_URL is pre-set in a project's CI/CD variable settings, the extra job is skipped and the dependency proxy is used always, unconditionally. To avoid breaking CI pipelines on 3rd-party GitLab instances, we only include the dependency proxy template on gitlab.tpo See: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40335 --- .gitlab-ci.yml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8c03390..a0fac79 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,3 +1,10 @@ +include: + - project: tpo/tpa/ci-templates + file: [ dependency_proxy.yml ] + inputs: { namespace: tpo/anti-censorship } + rules: + - if: $CI_PROJECT_URL =~ /gitlab.torproject.org/ + stages: - test - deploy @@ -9,6 +16,9 @@ variables: DEBIAN_OLD_STABLE: buster DEBIAN_STABLE: bullseye REPRODUCIBLE_FLAGS: -trimpath -ldflags=-buildid= + # Don't fail pulling images if dependency_proxy.yml is not included + DOCKER_REGISTRY_URL: "docker.io" + # set up apt for automated use .apt-template: &apt-template @@ -92,7 +102,7 @@ variables: # -- jobs ------------------------------------------------------------ android: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.23-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE variables: ANDROID_HOME: /usr/lib/android-sdk LANG: C.UTF-8 @@ -143,28 +153,28 @@ android: - gomobile bind -v -target=android $REPRODUCIBLE_FLAGS . go-1.21: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: - *go-test go-1.23: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.23-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: - *go-test debian-testing: - image: debian:testing + image: containers.torproject.org/tpo/tpa/base-images/debian:testing <<: *debian-native-template <<: *test-template script: - *go-test shadow-integration: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE variables: SHADOW_VERSION: "193924aae0dab30ffda0abe29467f552949849fa" TGEN_VERSION: "v1.1.2" @@ -253,7 +263,7 @@ shadow-integration: generate_tarball: stage: deploy - image: golang:1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE rules: - if: $CI_COMMIT_TAG script: @@ -323,7 +333,7 @@ merge-manifests: - job: build-container artifacts: false image: - name: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:mplatform-manifest-tool-alpine + name: ${DOCKER_REGISTRY_URL}/mplatform/manifest-tool:alpine entrypoint: [""] script: - if [ $CI_COMMIT_REF_NAME == "main" ]; then export TAG='nightly'; fi From 116fe9f578acdb7656f02ef02a1bc8ad42cc1464 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Sat, 15 Mar 2025 11:00:10 -0400 Subject: [PATCH 02/78] Bump minimum version of go to 1.22 This fixes a pointer bug in our broker sqs code by enabling the loopvar feature https://go.dev/wiki/LoopvarExperiment See tpo/anti-censorship/pluggable-transports/snowflake#40363 --- .gitlab-ci.yml | 8 ++++---- go.mod | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0fac79..cb777f9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -152,8 +152,8 @@ android: - go get golang.org/x/mobile/bind - gomobile bind -v -target=android $REPRODUCIBLE_FLAGS . -go-1.21: - image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE +go-1.22: + image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: @@ -174,7 +174,7 @@ debian-testing: - *go-test shadow-integration: - image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE variables: SHADOW_VERSION: "193924aae0dab30ffda0abe29467f552949849fa" TGEN_VERSION: "v1.1.2" @@ -263,7 +263,7 @@ shadow-integration: generate_tarball: stage: deploy - image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE rules: - if: $CI_COMMIT_TAG script: diff --git a/go.mod b/go.mod index 622c4cc..4e7f496 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2 -go 1.21 +go 1.22 require ( github.com/aws/aws-sdk-go-v2 v1.36.1 From db0364ef872da499370e8c5377cb70e0c680a2a0 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Sat, 15 Mar 2025 11:01:11 -0400 Subject: [PATCH 03/78] Update DEBIAN_STABLE to bookworm in CI tests --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cb777f9..154b67c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,8 +13,8 @@ stages: variables: DEBIAN_FRONTEND: noninteractive - DEBIAN_OLD_STABLE: buster - DEBIAN_STABLE: bullseye + DEBIAN_OLD_STABLE: bullseye + DEBIAN_STABLE: bookworm REPRODUCIBLE_FLAGS: -trimpath -ldflags=-buildid= # Don't fail pulling images if dependency_proxy.yml is not included DOCKER_REGISTRY_URL: "docker.io" @@ -102,7 +102,7 @@ variables: # -- jobs ------------------------------------------------------------ android: - image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_OLD_STABLE variables: ANDROID_HOME: /usr/lib/android-sdk LANG: C.UTF-8 From 8343bbc336968c9b6adbb0c2f5d7958b59eab609 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 18 Mar 2025 16:11:42 -0400 Subject: [PATCH 04/78] Add context with timeout for client requests Client timeouts are currently counted from when the client is matched with a proxy. Instead, count client timeouts from the moment when the request is received. Closes #40449 --- broker/amp.go | 6 ++++++ broker/http.go | 6 ++++++ broker/ipc.go | 2 +- broker/sqs.go | 10 +++++++--- broker/sqs_test.go | 6 +++--- common/messages/ipc.go | 2 ++ 6 files changed, 25 insertions(+), 7 deletions(-) diff --git a/broker/amp.go b/broker/amp.go index 99289de..2bfcb71 100644 --- a/broker/amp.go +++ b/broker/amp.go @@ -1,9 +1,11 @@ package main import ( + "context" "log" "net/http" "strings" + "time" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/amp" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages" @@ -16,6 +18,9 @@ import ( // HTTP request body (because an AMP cache does not support POST), and the // encoded client poll response is sent back as AMP-armored HTML. func ampClientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { + ctx, cancel := context.WithTimeout(r.Context(), ClientTimeout*time.Second) + defer cancel() + // The encoded client poll message immediately follows the /amp/client/ // path prefix, so this function unfortunately needs to be aware of and // remote its own routing prefix. @@ -38,6 +43,7 @@ func ampClientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { Body: encPollReq, RemoteAddr: util.GetClientIp(r), RendezvousMethod: messages.RendezvousAmpCache, + Context: ctx, } err = i.ClientOffers(arg, &response) } else { diff --git a/broker/http.go b/broker/http.go index b6f449d..0cfbe64 100644 --- a/broker/http.go +++ b/broker/http.go @@ -2,12 +2,14 @@ package main import ( "bytes" + "context" "errors" "fmt" "io" "log" "net/http" "os" + "time" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util" @@ -132,6 +134,9 @@ snowflake proxy, which responds with the SDP answer to be sent in the HTTP response back to the client. */ func clientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { + ctx, cancel := context.WithTimeout(r.Context(), ClientTimeout*time.Second) + defer cancel() + body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit)) if err != nil { log.Printf("Error reading client request: %s", err.Error()) @@ -163,6 +168,7 @@ func clientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { Body: body, RemoteAddr: util.GetClientIp(r), RendezvousMethod: messages.RendezvousHttp, + Context: ctx, } var response []byte diff --git a/broker/ipc.go b/broker/ipc.go index 64cefcd..3a194f1 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -217,7 +217,7 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { i.ctx.metrics.lock.Lock() i.ctx.metrics.clientRoundtripEstimate = time.Since(startTime) / time.Millisecond i.ctx.metrics.lock.Unlock() - case <-time.After(time.Second * ClientTimeout): + case <-arg.Context.Done(): i.ctx.metrics.lock.Lock() i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "timeout") i.ctx.metrics.lock.Unlock() diff --git a/broker/sqs.go b/broker/sqs.go index fb1164e..cb77ba6 100644 --- a/broker/sqs.go +++ b/broker/sqs.go @@ -124,18 +124,21 @@ func (r *sqsHandler) cleanupClientQueues(ctx context.Context) { } } -func (r *sqsHandler) handleMessage(context context.Context, message *types.Message) { +func (r *sqsHandler) handleMessage(mainCtx context.Context, message *types.Message) { var encPollReq []byte var response []byte var err error + ctx, cancel := context.WithTimeout(mainCtx, ClientTimeout*time.Second) + defer cancel() + clientID := message.MessageAttributes["ClientID"].StringValue if clientID == nil { log.Println("SQSHandler: got SDP offer in SQS message with no client ID. ignoring this message.") return } - res, err := r.SQSClient.CreateQueue(context, &sqs.CreateQueueInput{ + res, err := r.SQSClient.CreateQueue(ctx, &sqs.CreateQueueInput{ QueueName: aws.String("snowflake-client-" + *clientID), }) if err != nil { @@ -167,6 +170,7 @@ func (r *sqsHandler) handleMessage(context context.Context, message *types.Messa Body: encPollReq, RemoteAddr: remoteAddr, RendezvousMethod: messages.RendezvousSqs, + Context: ctx, } err = r.IPC.ClientOffers(arg, &response) @@ -175,7 +179,7 @@ func (r *sqsHandler) handleMessage(context context.Context, message *types.Messa return } - r.SQSClient.SendMessage(context, &sqs.SendMessageInput{ + r.SQSClient.SendMessage(ctx, &sqs.SendMessageInput{ QueueUrl: answerSQSURL, MessageBody: aws.String(string(response)), }) diff --git a/broker/sqs_test.go b/broker/sqs_test.go index 33e38f1..708e3ef 100644 --- a/broker/sqs_test.go +++ b/broker/sqs_test.go @@ -138,7 +138,7 @@ func TestSQS(t *testing.T) { sqsHandlerContext, sqsCancelFunc := context.WithCancel(context.Background()) var numTimes atomic.Uint32 - mockSQSClient.EXPECT().ReceiveMessage(sqsHandlerContext, &sqsReceiveMessageInput).AnyTimes().DoAndReturn( + mockSQSClient.EXPECT().ReceiveMessage(gomock.Any(), &sqsReceiveMessageInput).AnyTimes().DoAndReturn( func(ctx context.Context, input *sqs.ReceiveMessageInput, optFns ...func(*sqs.Options)) (*sqs.ReceiveMessageOutput, error) { n := numTimes.Add(1) @@ -153,11 +153,11 @@ func TestSQS(t *testing.T) { return nil, errors.New("error") }) - mockSQSClient.EXPECT().CreateQueue(sqsHandlerContext, &sqsCreateQueueInput).Return(&sqs.CreateQueueOutput{ + mockSQSClient.EXPECT().CreateQueue(gomock.Any(), &sqsCreateQueueInput).Return(&sqs.CreateQueueOutput{ QueueUrl: responseQueueURL, }, nil).AnyTimes() mockSQSClient.EXPECT().DeleteMessage(gomock.Any(), gomock.Any()).AnyTimes() - mockSQSClient.EXPECT().SendMessage(sqsHandlerContext, gomock.Any()).Times(1).DoAndReturn( + mockSQSClient.EXPECT().SendMessage(gomock.Any(), gomock.Any()).Times(1).DoAndReturn( func(ctx context.Context, input *sqs.SendMessageInput, optFns ...func(*sqs.Options)) (*sqs.SendMessageOutput, error) { c.So(input.MessageBody, ShouldEqual, aws.String("{\"answer\":\"fake answer\"}")) // Ensure that match is correctly recorded in metrics diff --git a/common/messages/ipc.go b/common/messages/ipc.go index 2a61b9d..91eccdb 100644 --- a/common/messages/ipc.go +++ b/common/messages/ipc.go @@ -1,6 +1,7 @@ package messages import ( + "context" "errors" ) @@ -16,6 +17,7 @@ type Arg struct { Body []byte RemoteAddr string RendezvousMethod RendezvousMethod + Context context.Context } var ( From c0ac0186f1429e4838e81e1f05c8e3c770cac2ed Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 18 Mar 2025 13:07:41 -0400 Subject: [PATCH 05/78] Remove bad relay pattern log message We already count proxies rejected for their supported relay URL in snowflake metrics and these messages are filling up our broker logs. --- broker/ipc.go | 1 - 1 file changed, 1 deletion(-) diff --git a/broker/ipc.go b/broker/ipc.go index 3a194f1..4aa8945 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -91,7 +91,6 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { i.ctx.metrics.promMetrics.ProxyPollRejectedForRelayURLExtensionTotal.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc() i.ctx.metrics.lock.Unlock() - log.Printf("bad request: rejected relay pattern from proxy = %v", messages.ErrBadRequest) b, err := messages.EncodePollResponseWithRelayURL("", false, "", "", "incorrect relay pattern") *response = b if err != nil { From dd5fb03c496e6199b20cbefd6419d7d9c6992eb5 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 18 Mar 2025 13:25:00 -0400 Subject: [PATCH 06/78] Remove default relay pattern option from broker This was only useful to us when we first implemented the feature, to be able to support proxies that hadn't yet updated, when we had a single Snowflake bridge. Now that we have multiple bridges, it is unecessary as proxies that don't send their accepted relay pattern are rejected anyway. --- broker/broker.go | 30 +++++++++++++---------------- broker/snowflake-broker_test.go | 34 ++++++++++++++++----------------- broker/sqs_test.go | 2 +- 3 files changed, 31 insertions(+), 35 deletions(-) diff --git a/broker/broker.go b/broker/broker.go index a1252b7..8351d8f 100644 --- a/broker/broker.go +++ b/broker/broker.go @@ -44,9 +44,8 @@ type BrokerContext struct { proxyPolls chan *ProxyPoll metrics *Metrics - bridgeList BridgeListHolderFileBased - allowedRelayPattern string - presumedPatternForLegacyClient string + bridgeList BridgeListHolderFileBased + allowedRelayPattern string } func (ctx *BrokerContext) GetBridgeInfo(fingerprint bridgefingerprint.Fingerprint) (BridgeInfo, error) { @@ -55,8 +54,7 @@ func (ctx *BrokerContext) GetBridgeInfo(fingerprint bridgefingerprint.Fingerprin func NewBrokerContext( metricsLogger *log.Logger, - allowedRelayPattern, - presumedPatternForLegacyClient string, + allowedRelayPattern string, ) *BrokerContext { snowflakes := new(SnowflakeHeap) heap.Init(snowflakes) @@ -79,14 +77,13 @@ func NewBrokerContext( bridgeListHolder.LoadBridgeInfo(bytes.NewReader([]byte(DefaultBridges))) return &BrokerContext{ - snowflakes: snowflakes, - restrictedSnowflakes: rSnowflakes, - idToSnowflake: make(map[string]*Snowflake), - proxyPolls: make(chan *ProxyPoll), - metrics: metrics, - bridgeList: bridgeListHolder, - allowedRelayPattern: allowedRelayPattern, - presumedPatternForLegacyClient: presumedPatternForLegacyClient, + snowflakes: snowflakes, + restrictedSnowflakes: rSnowflakes, + idToSnowflake: make(map[string]*Snowflake), + proxyPolls: make(chan *ProxyPoll), + metrics: metrics, + bridgeList: bridgeListHolder, + allowedRelayPattern: allowedRelayPattern, } } @@ -176,7 +173,7 @@ func (ctx *BrokerContext) InstallBridgeListProfile(reader io.Reader) error { func (ctx *BrokerContext) CheckProxyRelayPattern(pattern string, nonSupported bool) bool { if nonSupported { - pattern = ctx.presumedPatternForLegacyClient + return false } proxyPattern := namematcher.NewNameMatcher(pattern) brokerPattern := namematcher.NewNameMatcher(ctx.allowedRelayPattern) @@ -197,7 +194,7 @@ func main() { var addr string var geoipDatabase string var geoip6Database string - var bridgeListFilePath, allowedRelayPattern, presumedPatternForLegacyClient string + var bridgeListFilePath, allowedRelayPattern string var brokerSQSQueueName, brokerSQSQueueRegion string var disableTLS bool var certFilename, keyFilename string @@ -215,7 +212,6 @@ func main() { flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes") flag.StringVar(&bridgeListFilePath, "bridge-list-path", "", "file path for bridgeListFile") flag.StringVar(&allowedRelayPattern, "allowed-relay-pattern", "", "allowed pattern for relay host name. The broker will reject proxies whose AcceptedRelayPattern is more restrictive than this") - flag.StringVar(&presumedPatternForLegacyClient, "default-relay-pattern", "", "presumed pattern for legacy client") flag.StringVar(&brokerSQSQueueName, "broker-sqs-name", "", "name of broker SQS queue to listen for incoming messages on") flag.StringVar(&brokerSQSQueueRegion, "broker-sqs-region", "", "name of AWS region of broker SQS queue") flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS") @@ -248,7 +244,7 @@ func main() { metricsLogger := log.New(metricsFile, "", 0) - ctx := NewBrokerContext(metricsLogger, allowedRelayPattern, presumedPatternForLegacyClient) + ctx := NewBrokerContext(metricsLogger, allowedRelayPattern) if bridgeListFilePath != "" { bridgeListFile, err := os.Open(bridgeListFilePath) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index 2f6f9e1..ddfa551 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -89,7 +89,7 @@ func TestBroker(t *testing.T) { Convey("Context", t, func() { buf := new(bytes.Buffer) - ctx := NewBrokerContext(log.New(buf, "", 0), "", "") + ctx := NewBrokerContext(log.New(buf, "", 0), "snowflake.torproject.net") i := &IPC{ctx} Convey("Adds Snowflake", func() { @@ -407,7 +407,7 @@ client-sqs-ips Convey("Responds to proxy polls...", func() { done := make(chan bool) w := httptest.NewRecorder() - data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`)) + data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0", "AcceptedRelayPattern": "snowflake.torproject.net"}`)) r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) So(err, ShouldBeNil) @@ -493,7 +493,7 @@ client-sqs-ips }) Convey("End-To-End", t, func() { - ctx := NewBrokerContext(NullLogger(), "", "") + ctx := NewBrokerContext(NullLogger(), "snowflake.torproject.net") i := &IPC{ctx} Convey("Check for client/proxy data race", func() { @@ -504,7 +504,7 @@ client-sqs-ips // Make proxy poll wp := httptest.NewRecorder() - datap := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`)) + datap := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`)) rp, err := http.NewRequest("POST", "snowflake.broker/proxy", datap) So(err, ShouldBeNil) @@ -549,7 +549,7 @@ client-sqs-ips polled := make(chan bool) // Proxy polls with its ID first... - dataP := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`)) + dataP := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`)) wP := httptest.NewRecorder() rP, err := http.NewRequest("POST", "snowflake.broker/proxy", dataP) So(err, ShouldBeNil) @@ -646,7 +646,7 @@ func TestSnowflakeHeap(t *testing.T) { func TestInvalidGeoipFile(t *testing.T) { Convey("Geoip", t, func() { // Make sure things behave properly if geoip file fails to load - ctx := NewBrokerContext(NullLogger(), "", "") + ctx := NewBrokerContext(NullLogger(), "") if err := ctx.metrics.LoadGeoipDatabases("invalid_filename", "invalid_filename6"); err != nil { log.Printf("loading geo ip databases returned error: %v", err) } @@ -660,7 +660,7 @@ func TestMetrics(t *testing.T) { Convey("Test metrics...", t, func() { done := make(chan bool) buf := new(bytes.Buffer) - ctx := NewBrokerContext(log.New(buf, "", 0), "", "") + ctx := NewBrokerContext(log.New(buf, "", 0), "snowflake.torproject.net") i := &IPC{ctx} err := ctx.metrics.LoadGeoipDatabases("test_geoip", "test_geoip6") @@ -669,7 +669,7 @@ func TestMetrics(t *testing.T) { //Test addition of proxy polls Convey("for proxy polls", func() { w := httptest.NewRecorder() - data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\"}")) + data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}")) r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -682,7 +682,7 @@ func TestMetrics(t *testing.T) { <-done w = httptest.NewRecorder() - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"standalone"}`)) + data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"standalone","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -695,7 +695,7 @@ func TestMetrics(t *testing.T) { <-done w = httptest.NewRecorder() - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"badge"}`)) + data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"badge","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -708,7 +708,7 @@ func TestMetrics(t *testing.T) { <-done w = httptest.NewRecorder() - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"webext"}`)) + data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"webext","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -728,8 +728,8 @@ func TestMetrics(t *testing.T) { So(metricsStr, ShouldContainSubstring, "\nsnowflake-ips-webext 1\n") So(metricsStr, ShouldEndWith, `snowflake-ips-total 4 snowflake-idle-count 8 -snowflake-proxy-poll-with-relay-url-count 0 -snowflake-proxy-poll-without-relay-url-count 8 +snowflake-proxy-poll-with-relay-url-count 8 +snowflake-proxy-poll-without-relay-url-count 0 snowflake-proxy-rejected-for-relay-url-count 0 client-denied-count 0 client-restricted-denied-count 0 @@ -899,7 +899,7 @@ snowflake-ips-nat-unknown 0 //Test unique ip Convey("proxy counts by unique ip", func() { w := httptest.NewRecorder() - data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`)) + data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -911,7 +911,7 @@ snowflake-ips-nat-unknown 0 p.offerChannel <- nil <-done - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`)) + data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) if err != nil { log.Printf("unable to get NewRequest with error: %v", err) @@ -933,7 +933,7 @@ snowflake-ips-nat-unknown 0 //Test NAT types Convey("proxy counts by NAT type", func() { w := httptest.NewRecorder() - data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"restricted"}`)) + data := bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"restricted","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) r.RemoteAddr = "129.97.208.23:8888" //CA geoip So(err, ShouldBeNil) @@ -948,7 +948,7 @@ snowflake-ips-nat-unknown 0 ctx.metrics.printMetrics() So(buf.String(), ShouldContainSubstring, "snowflake-ips-nat-restricted 1\nsnowflake-ips-nat-unrestricted 0\nsnowflake-ips-nat-unknown 0") - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"unrestricted"}`)) + data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"unrestricted","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) if err != nil { log.Printf("unable to get NewRequest with error: %v", err) diff --git a/broker/sqs_test.go b/broker/sqs_test.go index 708e3ef..59fe701 100644 --- a/broker/sqs_test.go +++ b/broker/sqs_test.go @@ -23,7 +23,7 @@ func TestSQS(t *testing.T) { Convey("Context", t, func() { buf := new(bytes.Buffer) - ipcCtx := NewBrokerContext(log.New(buf, "", 0), "", "") + ipcCtx := NewBrokerContext(log.New(buf, "", 0), "") i := &IPC{ipcCtx} Convey("Responds to SQS client offers...", func() { From 5ec92a5dd4c916eae63ac96f09677fc0c8a3e282 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 26 Mar 2025 17:44:49 +0000 Subject: [PATCH 07/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.64 --- go.mod | 20 ++++++++++---------- go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 4e7f496..c18a458 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.22 require ( - github.com/aws/aws-sdk-go-v2 v1.36.1 + github.com/aws/aws-sdk-go-v2 v1.36.3 github.com/aws/aws-sdk-go-v2/config v1.29.6 - github.com/aws/aws-sdk-go-v2/credentials v1.17.59 + github.com/aws/aws-sdk-go-v2/credentials v1.17.64 github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -33,15 +33,15 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index d0bc507..463b76e 100644 --- a/go.sum +++ b/go.sum @@ -2,32 +2,32 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.36.1 h1:iTDl5U6oAhkNPba0e1t1hrwAo02ZMqbrGq4k5JBWM5E= -github.com/aws/aws-sdk-go-v2 v1.36.1/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= +github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= +github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg= github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ= -github.com/aws/aws-sdk-go-v2/credentials v1.17.59 h1:9btwmrt//Q6JcSdgJOLI98sdr5p7tssS9yAsGe8aKP4= -github.com/aws/aws-sdk-go-v2/credentials v1.17.59/go.mod h1:NM8fM6ovI3zak23UISdWidyZuI1ghNe2xjzUZAyT+08= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.64 h1:NH4RAQJEXBDQDUudTqMNHdyyEVa5CvMn0tQicqv48jo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.64/go.mod h1:tUoJfj79lzEcalHDbyNkpnZZTRg/2ayYOK/iYnRfPbo= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 h1:KSVbQW2umLp7i4Lo6mvBUz5PqV+Ze/IL6LCTasxQWEk= github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14/go.mod h1:jiaEkIw2Bb6IsoY9PDAZqVXJjNaKSxQGGj10CiloDWU= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 h1:pdgODsAhGo4dvzC3JAG5Ce0PX8kWXrTZGx+jxADD+5E= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.2/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 h1:wK8O+j2dOolmpNVY1EWIbLgxrGCHJKVPm08Hv/u80M8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 08239cca2ada2d073ed5080956890ea15865bf04 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 26 Mar 2025 13:57:09 -0400 Subject: [PATCH 08/78] Remove broker log messages for invalid SDP and SQS cleanup --- broker/http.go | 1 - broker/sqs.go | 1 - 2 files changed, 2 deletions(-) diff --git a/broker/http.go b/broker/http.go index 0cfbe64..ed8e24a 100644 --- a/broker/http.go +++ b/broker/http.go @@ -220,7 +220,6 @@ func proxyAnswers(i *IPC, w http.ResponseWriter, r *http.Request) { err = validateSDP(body) if err != nil { - log.Println("Error proxy SDP: ", err.Error()) w.WriteHeader(http.StatusBadRequest) return } diff --git a/broker/sqs.go b/broker/sqs.go index cb77ba6..6ad6b8d 100644 --- a/broker/sqs.go +++ b/broker/sqs.go @@ -119,7 +119,6 @@ func (r *sqsHandler) cleanupClientQueues(ctx context.Context) { } } - log.Printf("SQSHandler: finished running iteration of client queue cleanup. found and deleted %d client queues.\n", numDeleted) } } } From f712dfdd72c70068bb059e8f1c96788c88e59d76 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 27 Mar 2025 16:10:09 -0400 Subject: [PATCH 09/78] Fix shadow and tgen cache in .gitlab-ci.yml Make sure shadow and tgen runtime dependencies are installed and the paths are correct --- .gitlab-ci.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 154b67c..d7107f9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -179,9 +179,12 @@ shadow-integration: SHADOW_VERSION: "193924aae0dab30ffda0abe29467f552949849fa" TGEN_VERSION: "v1.1.2" cache: - key: sf-integration-$SHADOW_VERSION-$TGEN_VERSION - paths: - - /opt/ + - key: sf-integration-shadow-$SHADOW_VERSION + paths: + - opt/shadow + - key: sf-integration-tgen-$TGEN_VERSION + paths: + - opt/tgen artifacts: paths: - shadow.data.tar.gz @@ -191,15 +194,15 @@ shadow-integration: - tpa script: - apt-get update - - apt-get install -y git tor + - apt-get install -y git tor libglib2.0-0 libigraph3 - mkdir -p ~/.local/bin - mkdir -p ~/.local/src - - export PATH=$PATH:$CI_PROJECT_DIR/opt/bin/ + - export PATH=$PATH:$CI_PROJECT_DIR/opt/shadow/bin/:$CI_PROJECT_DIR/opt/tgen/bin/ # Install shadow and tgen - pushd ~/.local/src - | - if [ ! -f opt/shadow/bin/shadow ] + if [ ! -f $CI_PROJECT_DIR/opt/shadow/bin/shadow ] then echo "The required version of shadow was not cached, building from source" git clone --shallow-since=2021-08-01 https://github.com/shadow/shadow.git @@ -208,24 +211,24 @@ shadow-integration: CONTAINER=debian:stable-slim ci/container_scripts/install_deps.sh CC=gcc CONTAINER=debian:stable-slim ci/container_scripts/install_extra_deps.sh export PATH="$HOME/.cargo/bin:${PATH}" - ./setup build --jobs $(nproc) --prefix $CI_PROJECT_DIR/opt/ + ./setup build --jobs $(nproc) --prefix $CI_PROJECT_DIR/opt/shadow ./setup install popd fi - | - if [ ! -f opt/shadow/bin/tgen ] + if [ ! -f $CI_PROJECT_DIR/opt/tgen/bin/tgen ] then echo "The required version of tgen was not cached, building from source" git clone --branch $TGEN_VERSION --depth 1 https://github.com/shadow/tgen.git pushd tgen/ apt-get install -y cmake libglib2.0-dev libigraph-dev mkdir build && cd build - cmake .. -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/opt/ + cmake .. -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/opt/tgen make make install popd fi - install $CI_PROJECT_DIR/opt/bin/tgen ~/.local/bin/tgen + install $CI_PROJECT_DIR/opt/tgen/bin/tgen ~/.local/bin/tgen - popd # Apply snowflake patch(es) From 61c797406b29d21ee351fb7c4b7d57f54d346a03 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 1 Apr 2025 14:59:13 +0000 Subject: [PATCH 10/78] chore(deps): update module github.com/prometheus/client_golang to v1.21.1 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c18a458..e9fec5d 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 github.com/pion/webrtc/v4 v4.0.13 - github.com/prometheus/client_golang v1.21.0 + github.com/prometheus/client_golang v1.21.1 github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 github.com/smartystreets/goconvey v1.8.1 diff --git a/go.sum b/go.sum index 463b76e..40e6491 100644 --- a/go.sum +++ b/go.sum @@ -127,8 +127,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.21.0 h1:DIsaGmiaBkSangBgMtWdNfxbMNdku5IK6iNhrEqWvdA= -github.com/prometheus/client_golang v1.21.0/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= +github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= +github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= From 9378c53d8e7d8bef069289ac6719af697b6f6b2b Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 4 Mar 2025 19:45:45 -0500 Subject: [PATCH 11/78] Bump version of shadow for CI tests --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7107f9..612f342 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -176,7 +176,7 @@ debian-testing: shadow-integration: image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE variables: - SHADOW_VERSION: "193924aae0dab30ffda0abe29467f552949849fa" + SHADOW_VERSION: "27d0bcf2cf1c7f0d403b6ad3efd575e45ae93126" TGEN_VERSION: "v1.1.2" cache: - key: sf-integration-shadow-$SHADOW_VERSION From 396f7b9941f46cade9bec793077a95e96e5e5eac Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 2 Apr 2025 15:46:43 +0000 Subject: [PATCH 12/78] chore(deps): update module github.com/pion/ice/v4 to v4.0.9 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e9fec5d..be155e9 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.63 - github.com/pion/ice/v4 v4.0.7 + github.com/pion/ice/v4 v4.0.9 github.com/pion/sdp/v3 v3.0.11 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 diff --git a/go.sum b/go.sum index 40e6491..e0a6d53 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= github.com/pion/dtls/v3 v3.0.4 h1:44CZekewMzfrn9pmGrj5BNnTMDCFwr+6sLH+cCuLM7U= github.com/pion/dtls/v3 v3.0.4/go.mod h1:R373CsjxWqNPf6MEkfdy3aSe9niZvL/JaKlGeFphtMg= -github.com/pion/ice/v4 v4.0.7 h1:mnwuT3n3RE/9va41/9QJqN5+Bhc0H/x/ZyiVlWMw35M= -github.com/pion/ice/v4 v4.0.7/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= +github.com/pion/ice/v4 v4.0.9 h1:VKgU4MwA2LUDVLq+WBkpEHTcAb8c5iCvFMECeuPOZNk= +github.com/pion/ice/v4 v4.0.9/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI= github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y= github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI= From a5ee60e3b5ae0581c0370f6305fb6096454953ed Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 3 Apr 2025 19:16:28 +0000 Subject: [PATCH 13/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.29.13 --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index be155e9..7c0e727 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,8 @@ go 1.22 require ( github.com/aws/aws-sdk-go-v2 v1.36.3 - github.com/aws/aws-sdk-go-v2/config v1.29.6 - github.com/aws/aws-sdk-go-v2/credentials v1.17.64 + github.com/aws/aws-sdk-go-v2/config v1.29.13 + github.com/aws/aws-sdk-go-v2/credentials v1.17.66 github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -36,12 +36,12 @@ require ( github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index e0a6d53..b938a98 100644 --- a/go.sum +++ b/go.sum @@ -4,30 +4,30 @@ github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sx github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= -github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg= -github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ= -github.com/aws/aws-sdk-go-v2/credentials v1.17.64 h1:NH4RAQJEXBDQDUudTqMNHdyyEVa5CvMn0tQicqv48jo= -github.com/aws/aws-sdk-go-v2/credentials v1.17.64/go.mod h1:tUoJfj79lzEcalHDbyNkpnZZTRg/2ayYOK/iYnRfPbo= +github.com/aws/aws-sdk-go-v2/config v1.29.13 h1:RgdPqWoE8nPpIekpVpDJsBckbqT4Liiaq9f35pbTh1Y= +github.com/aws/aws-sdk-go-v2/config v1.29.13/go.mod h1:NI28qs/IOUIRhsR7GQ/JdexoqRN9tDxkIrYZq0SOF44= +github.com/aws/aws-sdk-go-v2/credentials v1.17.66 h1:aKpEKaTy6n4CEJeYI1MNj97oSDLi4xro3UzQfwf5RWE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.66/go.mod h1:xQ5SusDmHb/fy55wU0QqTy0yNfLqxzec59YcsRZB+rI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 h1:KSVbQW2umLp7i4Lo6mvBUz5PqV+Ze/IL6LCTasxQWEk= github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14/go.mod h1:jiaEkIw2Bb6IsoY9PDAZqVXJjNaKSxQGGj10CiloDWU= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 h1:pdgODsAhGo4dvzC3JAG5Ce0PX8kWXrTZGx+jxADD+5E= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.2/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 h1:wK8O+j2dOolmpNVY1EWIbLgxrGCHJKVPm08Hv/u80M8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 h1:xz7WvTMfSStb9Y8NpCT82FXLNC3QasqBfuAFHY4Pk5g= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.18/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From d264cf2cdbbd427e4f0fe46c662d13686abbfa4a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 9 Apr 2025 15:21:10 +0000 Subject: [PATCH 14/78] chore(deps): update module github.com/miekg/dns to v1.1.65 --- go.mod | 8 ++++---- go.sum | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 7c0e727..9e0cec6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2 -go 1.22 +go 1.22.0 require ( github.com/aws/aws-sdk-go-v2 v1.36.3 @@ -9,7 +9,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 - github.com/miekg/dns v1.1.63 + github.com/miekg/dns v1.1.65 github.com/pion/ice/v4 v4.0.9 github.com/pion/sdp/v3 v3.0.11 github.com/pion/stun/v3 v3.0.0 @@ -77,10 +77,10 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/mod v0.23.0 // indirect golang.org/x/sync v0.11.0 // indirect golang.org/x/text v0.22.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.30.0 // indirect google.golang.org/protobuf v1.36.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index b938a98..a9e75ac 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c= -github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY= -github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs= +github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc= +github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= @@ -190,8 +190,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= +golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -247,8 +247,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= +golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 2a5a09e45147226f985b0d32f397224bd6800133 Mon Sep 17 00:00:00 2001 From: meskio Date: Wed, 16 Apr 2025 15:41:36 +0200 Subject: [PATCH 15/78] CI: use the parent group as namespace for the dependency proxy This should solve our problem failing to get images on CI runs. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 612f342..1bd67a8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ include: - project: tpo/tpa/ci-templates file: [ dependency_proxy.yml ] - inputs: { namespace: tpo/anti-censorship } + inputs: { namespace: tpo/anti-censorship/pluggable-transports/ } rules: - if: $CI_PROJECT_URL =~ /gitlab.torproject.org/ From 3d7dcfc55dd80af95701eed0e83956ce43540b83 Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Tue, 15 Apr 2025 13:12:23 +0100 Subject: [PATCH 16/78] Add updated docker compose file --- docker-compose.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e8d8724 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,15 @@ +services: + snowflake-proxy: + network_mode: host + image: containers.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake:latest + container_name: snowflake-proxy + restart: unless-stopped + # For a full list of Snowflake Proxy CLI parameters see + # https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tree/main/proxy?ref_type=heads#running-a-standalone-snowflake-proxy + #command: [ "-ephemeral-ports-range", "30000:60000" ] + watchtower: + image: containrrr/watchtower + container_name: watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: snowflake-proxy From ef276c8161eb093ba111c0776618e64904113608 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 24 Apr 2025 05:12:35 +0000 Subject: [PATCH 17/78] chore(deps): update module github.com/pion/ice/v4 to v4.0.10 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9e0cec6..abb908e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 - github.com/pion/ice/v4 v4.0.9 + github.com/pion/ice/v4 v4.0.10 github.com/pion/sdp/v3 v3.0.11 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 diff --git a/go.sum b/go.sum index a9e75ac..9c4a080 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= github.com/pion/dtls/v3 v3.0.4 h1:44CZekewMzfrn9pmGrj5BNnTMDCFwr+6sLH+cCuLM7U= github.com/pion/dtls/v3 v3.0.4/go.mod h1:R373CsjxWqNPf6MEkfdy3aSe9niZvL/JaKlGeFphtMg= -github.com/pion/ice/v4 v4.0.9 h1:VKgU4MwA2LUDVLq+WBkpEHTcAb8c5iCvFMECeuPOZNk= -github.com/pion/ice/v4 v4.0.9/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= +github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= +github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI= github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y= github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI= From a4a55e43984cf1a4e041a65c649260dca48ef0d0 Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Thu, 24 Apr 2025 15:51:59 +0100 Subject: [PATCH 18/78] CI: fix invalid group name by removing trail slash --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1bd67a8..2cb0cf1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ include: - project: tpo/tpa/ci-templates file: [ dependency_proxy.yml ] - inputs: { namespace: tpo/anti-censorship/pluggable-transports/ } + inputs: { namespace: tpo/anti-censorship/pluggable-transports } rules: - if: $CI_PROJECT_URL =~ /gitlab.torproject.org/ From 236f15f81cea69b2f9cf4614b825e2fc207bcc10 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 28 Apr 2025 12:40:45 +0000 Subject: [PATCH 19/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/credentials to v1.17.67 --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index abb908e..fa9d7b7 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.0 require ( github.com/aws/aws-sdk-go-v2 v1.36.3 github.com/aws/aws-sdk-go-v2/config v1.29.13 - github.com/aws/aws-sdk-go-v2/credentials v1.17.66 + github.com/aws/aws-sdk-go-v2/credentials v1.17.67 github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -41,7 +41,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 9c4a080..d5b00cc 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38y github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= github.com/aws/aws-sdk-go-v2/config v1.29.13 h1:RgdPqWoE8nPpIekpVpDJsBckbqT4Liiaq9f35pbTh1Y= github.com/aws/aws-sdk-go-v2/config v1.29.13/go.mod h1:NI28qs/IOUIRhsR7GQ/JdexoqRN9tDxkIrYZq0SOF44= -github.com/aws/aws-sdk-go-v2/credentials v1.17.66 h1:aKpEKaTy6n4CEJeYI1MNj97oSDLi4xro3UzQfwf5RWE= -github.com/aws/aws-sdk-go-v2/credentials v1.17.66/go.mod h1:xQ5SusDmHb/fy55wU0QqTy0yNfLqxzec59YcsRZB+rI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= @@ -26,8 +26,8 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2 github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 h1:xz7WvTMfSStb9Y8NpCT82FXLNC3QasqBfuAFHY4Pk5g= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.18/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 28fd1ecc2b04b4511d60fc26f12a0717a75cc856 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 28 Apr 2025 12:40:51 +0000 Subject: [PATCH 20/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.38.5 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index abb908e..438a654 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/aws/aws-sdk-go-v2 v1.36.3 github.com/aws/aws-sdk-go-v2/config v1.29.13 github.com/aws/aws-sdk-go-v2/credentials v1.17.66 - github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 + github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 diff --git a/go.sum b/go.sum index 9c4a080..5925208 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= -github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14 h1:KSVbQW2umLp7i4Lo6mvBUz5PqV+Ze/IL6LCTasxQWEk= -github.com/aws/aws-sdk-go-v2/service/sqs v1.37.14/go.mod h1:jiaEkIw2Bb6IsoY9PDAZqVXJjNaKSxQGGj10CiloDWU= +github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 h1:KNgVWw8qbPzjYnIF1gL0EAszy6VKGnmUK6VSm1huYY8= +github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= From 8fa0717552931bc04f7d0a1be2f55b5a58f4fc8d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 28 Apr 2025 12:40:55 +0000 Subject: [PATCH 21/78] chore(deps): update module github.com/pion/webrtc/v4 to v4.1.0 --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index abb908e..784f886 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pion/sdp/v3 v3.0.11 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 - github.com/pion/webrtc/v4 v4.0.13 + github.com/pion/webrtc/v4 v4.1.0 github.com/prometheus/client_golang v1.21.1 github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 @@ -56,14 +56,14 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/pion/datachannel v1.5.10 // indirect - github.com/pion/dtls/v3 v3.0.4 // indirect + github.com/pion/dtls/v3 v3.0.6 // indirect github.com/pion/interceptor v0.1.37 // indirect github.com/pion/logging v0.2.3 // indirect github.com/pion/mdns/v2 v2.0.7 // indirect github.com/pion/randutil v0.1.0 // indirect github.com/pion/rtcp v1.2.15 // indirect - github.com/pion/rtp v1.8.12 // indirect - github.com/pion/sctp v1.8.37 // indirect + github.com/pion/rtp v1.8.15 // indirect + github.com/pion/sctp v1.8.39 // indirect github.com/pion/srtp/v3 v3.0.4 // indirect github.com/pion/turn/v4 v4.0.0 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 9c4a080..d85a45d 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o= github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= -github.com/pion/dtls/v3 v3.0.4 h1:44CZekewMzfrn9pmGrj5BNnTMDCFwr+6sLH+cCuLM7U= -github.com/pion/dtls/v3 v3.0.4/go.mod h1:R373CsjxWqNPf6MEkfdy3aSe9niZvL/JaKlGeFphtMg= +github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E= +github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU= github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI= @@ -107,10 +107,10 @@ github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA= github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8= github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo= github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0= -github.com/pion/rtp v1.8.12 h1:nsKs8Wi0jQyBFHU3qmn/OvtZrhktVfJY0vRxwACsL5U= -github.com/pion/rtp v1.8.12/go.mod h1:8uMBJj32Pa1wwx8Fuv/AsFhn8jsgw+3rUC2PfoBZ8p4= -github.com/pion/sctp v1.8.37 h1:ZDmGPtRPX9mKCiVXtMbTWybFw3z/hVKAZgU81wcOrqs= -github.com/pion/sctp v1.8.37/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= +github.com/pion/rtp v1.8.15 h1:MuhuGn1cxpVCPLNY1lI7F1tQ8Spntpgf12ob+pOYT8s= +github.com/pion/rtp v1.8.15/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= +github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= +github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= github.com/pion/sdp/v3 v3.0.11 h1:VhgVSopdsBKwhCFoyyPmT1fKMeV9nLMrEKxNOdy3IVI= github.com/pion/sdp/v3 v3.0.11/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= github.com/pion/srtp/v3 v3.0.4 h1:2Z6vDVxzrX3UHEgrUyIGM4rRouoC7v+NiF1IHtp9B5M= @@ -121,8 +121,8 @@ github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1 github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo= github.com/pion/turn/v4 v4.0.0 h1:qxplo3Rxa9Yg1xXDxxH8xaqcyGUtbHYw4QSCvmFWvhM= github.com/pion/turn/v4 v4.0.0/go.mod h1:MuPDkm15nYSklKpN8vWJ9W2M0PlyQZqYt1McGuxG7mA= -github.com/pion/webrtc/v4 v4.0.13 h1:XuUaWTjRufsiGJRC+G71OgiSMe7tl7mQ0kkd4bAqIaQ= -github.com/pion/webrtc/v4 v4.0.13/go.mod h1:Fadzxm0CbY99YdCEfxrgiVr0L4jN1l8bf8DBkPPpJbs= +github.com/pion/webrtc/v4 v4.1.0 h1:yq/p0G5nKGbHISf0YKNA8Yk+kmijbblBvuSLwaJ4QYg= +github.com/pion/webrtc/v4 v4.1.0/go.mod h1:cgEGkcpxGkT6Di2ClBYO5lP9mFXbCfEOrkYUpjjCQO4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= From e5a8a16efc45430596aab059a41c4b5c4eda6fec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 29 Apr 2025 08:47:30 +0000 Subject: [PATCH 22/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.29.14 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 97f4baa..49bf8d7 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22.0 require ( github.com/aws/aws-sdk-go-v2 v1.36.3 - github.com/aws/aws-sdk-go-v2/config v1.29.13 + github.com/aws/aws-sdk-go-v2/config v1.29.14 github.com/aws/aws-sdk-go-v2/credentials v1.17.67 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 github.com/golang/mock v1.6.0 diff --git a/go.sum b/go.sum index f6aa7e5..fdc4ca7 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sx github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= -github.com/aws/aws-sdk-go-v2/config v1.29.13 h1:RgdPqWoE8nPpIekpVpDJsBckbqT4Liiaq9f35pbTh1Y= -github.com/aws/aws-sdk-go-v2/config v1.29.13/go.mod h1:NI28qs/IOUIRhsR7GQ/JdexoqRN9tDxkIrYZq0SOF44= +github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM= +github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g= github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM= github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= From 5d956456a5ff467c861e3fc54aad5a00a03b05c2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 1 May 2025 13:12:31 +0000 Subject: [PATCH 23/78] chore(deps): update module github.com/prometheus/client_golang to v1.22.0 --- go.mod | 6 +++--- go.sum | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 49bf8d7..dfb4423 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 github.com/pion/webrtc/v4 v4.1.0 - github.com/prometheus/client_golang v1.21.1 + github.com/prometheus/client_golang v1.22.0 github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 github.com/smartystreets/goconvey v1.8.1 @@ -50,7 +50,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/gopherjs/gopherjs v1.17.2 // indirect github.com/jtolds/gls v4.20.0+incompatible // indirect - github.com/klauspost/compress v1.17.11 // indirect + github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/klauspost/reedsolomon v1.12.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -81,6 +81,6 @@ require ( golang.org/x/sync v0.11.0 // indirect golang.org/x/text v0.22.0 // indirect golang.org/x/tools v0.30.0 // indirect - google.golang.org/protobuf v1.36.1 // indirect + google.golang.org/protobuf v1.36.5 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index fdc4ca7..49bb7dd 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -72,8 +72,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= -github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/klauspost/reedsolomon v1.12.0 h1:I5FEp3xSwVCcEh3F5A7dofEfhXdF/bWhQWPH+XwBFno= @@ -127,8 +127,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= -github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -267,8 +267,8 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 506c33a2fd6c043b1d939385f9b888c34840c78e Mon Sep 17 00:00:00 2001 From: Gus Date: Mon, 12 May 2025 20:03:54 +0100 Subject: [PATCH 24/78] Update Snowflake bridge lines - CDN77, ampcache, and SQS --- client/README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/client/README.md b/client/README.md index 1529e8d..5ae97bc 100644 --- a/client/README.md +++ b/client/README.md @@ -35,7 +35,18 @@ UseBridges 1 ClientTransportPlugin snowflake exec ./client -log snowflake.log -Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ fronts=foursquare.com,github.githubassets.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +# CDN77 + +Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn +Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn + +# ampcache +#Bridge snowflake 192.0.2.5:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn +#Bridge snowflake 192.0.2.6:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn + +# sqs +#Bridge snowflake 192.0.2.5:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 sqsqueue=https://sqs.us-east-1.amazonaws.com/893902434899/snowflake-broker sqscreds=eyJhd3MtYWNjZXNzLWtleS1pZCI6IkFLSUE1QUlGNFdKSlhTN1lIRUczIiwiYXdzLXNlY3JldC1rZXkiOiI3U0RNc0pBNHM1RitXZWJ1L3pMOHZrMFFXV0lsa1c2Y1dOZlVsQ0tRIn0= ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn +#Bridge snowflake 192.0.2.6:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA sqsqueue=https://sqs.us-east-1.amazonaws.com/893902434899/snowflake-broker sqscreds=eyJhd3MtYWNjZXNzLWtleS1pZCI6IkFLSUE1QUlGNFdKSlhTN1lIRUczIiwiYXdzLXNlY3JldC1rZXkiOiI3U0RNc0pBNHM1RitXZWJ1L3pMOHZrMFFXV0lsa1c2Y1dOZlVsQ0tRIn0= ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn ``` `fingerprint=` is the fingerprint of bridge that the client will ultimately be connecting to. From a377a4e0da5555a8e511f6631b34ffd026fff51d Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 20 May 2025 12:29:41 -0400 Subject: [PATCH 25/78] Add client-snowflake-timeout-count to broker spec We added a new snowflake metric on the number of timeouts. This brings doc/broker-spec.txt up to date on our current exported metrics. --- doc/broker-spec.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/broker-spec.txt b/doc/broker-spec.txt index 3f9ce7a..6d0ca40 100644 --- a/doc/broker-spec.txt +++ b/doc/broker-spec.txt @@ -82,6 +82,13 @@ Metrics data from the Snowflake broker can be retrieved by sending an HTTP GET r A count of the number of times a client successfully received a proxy from the broker, rounded up to the nearest multiple of 8. + "client-snowflake-timeout-count" NUM NL + [At most once.] + + A count of the number of times a client was matched with a proxy + but timed out before receiving the proxy's WebRTC answer, + rounded up to the nearest multiple of 8. + "client-http-count" NUM NL [At most once.] From 647d5d37c7fd38afc7ee1a3a5a64474e30541daa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 20 May 2025 07:41:09 +0000 Subject: [PATCH 26/78] chore(deps): update module github.com/pion/sdp/v3 to v3.0.12 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dfb4423..c199522 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 github.com/pion/ice/v4 v4.0.10 - github.com/pion/sdp/v3 v3.0.11 + github.com/pion/sdp/v3 v3.0.12 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 github.com/pion/webrtc/v4 v4.1.0 diff --git a/go.sum b/go.sum index 49bb7dd..9463211 100644 --- a/go.sum +++ b/go.sum @@ -111,8 +111,8 @@ github.com/pion/rtp v1.8.15 h1:MuhuGn1cxpVCPLNY1lI7F1tQ8Spntpgf12ob+pOYT8s= github.com/pion/rtp v1.8.15/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= -github.com/pion/sdp/v3 v3.0.11 h1:VhgVSopdsBKwhCFoyyPmT1fKMeV9nLMrEKxNOdy3IVI= -github.com/pion/sdp/v3 v3.0.11/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= +github.com/pion/sdp/v3 v3.0.12 h1:pwUpHQ4W8LhQR37kRVC9YvWa5/GSPqfgxr8ejnwyaL0= +github.com/pion/sdp/v3 v3.0.12/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= github.com/pion/srtp/v3 v3.0.4 h1:2Z6vDVxzrX3UHEgrUyIGM4rRouoC7v+NiF1IHtp9B5M= github.com/pion/srtp/v3 v3.0.4/go.mod h1:1Jx3FwDoxpRaTh1oRV8A/6G1BnFL+QI82eK4ms8EEJQ= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= From 2650ef74688d483c00f09260f38fd6b2b44c3f12 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 13 Jun 2025 08:42:01 +0000 Subject: [PATCH 27/78] chore(deps): update module github.com/pion/webrtc/v4 to v4.1.2 --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index c199522..9b1c03e 100644 --- a/go.mod +++ b/go.mod @@ -11,10 +11,10 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 github.com/pion/ice/v4 v4.0.10 - github.com/pion/sdp/v3 v3.0.12 + github.com/pion/sdp/v3 v3.0.13 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 - github.com/pion/webrtc/v4 v4.1.0 + github.com/pion/webrtc/v4 v4.1.2 github.com/prometheus/client_golang v1.22.0 github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 @@ -57,14 +57,14 @@ require ( github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/pion/datachannel v1.5.10 // indirect github.com/pion/dtls/v3 v3.0.6 // indirect - github.com/pion/interceptor v0.1.37 // indirect + github.com/pion/interceptor v0.1.40 // indirect github.com/pion/logging v0.2.3 // indirect github.com/pion/mdns/v2 v2.0.7 // indirect github.com/pion/randutil v0.1.0 // indirect github.com/pion/rtcp v1.2.15 // indirect - github.com/pion/rtp v1.8.15 // indirect + github.com/pion/rtp v1.8.18 // indirect github.com/pion/sctp v1.8.39 // indirect - github.com/pion/srtp/v3 v3.0.4 // indirect + github.com/pion/srtp/v3 v3.0.5 // indirect github.com/pion/turn/v4 v4.0.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect diff --git a/go.sum b/go.sum index 9463211..6828823 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E= github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU= github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= -github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI= -github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y= +github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4= +github.com/pion/interceptor v0.1.40/go.mod h1:Z6kqH7M/FYirg3frjGJ21VLSRJGBXB/KqaTIrdqnOic= github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI= github.com/pion/logging v0.2.3/go.mod h1:z8YfknkquMe1csOrxK5kc+5/ZPAzMxbKLX5aXpbpC90= github.com/pion/mdns/v2 v2.0.7 h1:c9kM8ewCgjslaAmicYMFQIde2H9/lrZpjBkN8VwoVtM= @@ -107,22 +107,22 @@ github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA= github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8= github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo= github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0= -github.com/pion/rtp v1.8.15 h1:MuhuGn1cxpVCPLNY1lI7F1tQ8Spntpgf12ob+pOYT8s= -github.com/pion/rtp v1.8.15/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= +github.com/pion/rtp v1.8.18 h1:yEAb4+4a8nkPCecWzQB6V/uEU18X1lQCGAQCjP+pyvU= +github.com/pion/rtp v1.8.18/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= -github.com/pion/sdp/v3 v3.0.12 h1:pwUpHQ4W8LhQR37kRVC9YvWa5/GSPqfgxr8ejnwyaL0= -github.com/pion/sdp/v3 v3.0.12/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= -github.com/pion/srtp/v3 v3.0.4 h1:2Z6vDVxzrX3UHEgrUyIGM4rRouoC7v+NiF1IHtp9B5M= -github.com/pion/srtp/v3 v3.0.4/go.mod h1:1Jx3FwDoxpRaTh1oRV8A/6G1BnFL+QI82eK4ms8EEJQ= +github.com/pion/sdp/v3 v3.0.13 h1:uN3SS2b+QDZnWXgdr69SM8KB4EbcnPnPf2Laxhty/l4= +github.com/pion/sdp/v3 v3.0.13/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= +github.com/pion/srtp/v3 v3.0.5 h1:8XLB6Dt3QXkMkRFpoqC3314BemkpMQK2mZeJc4pUKqo= +github.com/pion/srtp/v3 v3.0.5/go.mod h1:r1G7y5r1scZRLe2QJI/is+/O83W2d+JoEsuIexpw+uM= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU= github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0= github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo= github.com/pion/turn/v4 v4.0.0 h1:qxplo3Rxa9Yg1xXDxxH8xaqcyGUtbHYw4QSCvmFWvhM= github.com/pion/turn/v4 v4.0.0/go.mod h1:MuPDkm15nYSklKpN8vWJ9W2M0PlyQZqYt1McGuxG7mA= -github.com/pion/webrtc/v4 v4.1.0 h1:yq/p0G5nKGbHISf0YKNA8Yk+kmijbblBvuSLwaJ4QYg= -github.com/pion/webrtc/v4 v4.1.0/go.mod h1:cgEGkcpxGkT6Di2ClBYO5lP9mFXbCfEOrkYUpjjCQO4= +github.com/pion/webrtc/v4 v4.1.2 h1:mpuUo/EJ1zMNKGE79fAdYNFZBX790KE7kQQpLMjjR54= +github.com/pion/webrtc/v4 v4.1.2/go.mod h1:xsCXiNAmMEjIdFxAYU0MbB3RwRieJsegSB2JZsGN+8U= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= From 55a06f216ce398bbb0ff6947eb32e480e0ea0d61 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Thu, 19 Jun 2025 15:26:33 +0000 Subject: [PATCH 28/78] Delete stray space. --- client/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/README.md b/client/README.md index 5ae97bc..2cbfb8f 100644 --- a/client/README.md +++ b/client/README.md @@ -41,7 +41,7 @@ Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerpri Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn # ampcache -#Bridge snowflake 192.0.2.5:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn +#Bridge snowflake 192.0.2.5:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn #Bridge snowflake 192.0.2.6:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.antisip.com:3478,stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn # sqs From 64c7a2647506cb05c294270d34fe24a15097f753 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Thu, 19 Jun 2025 15:39:24 +0000 Subject: [PATCH 29/78] Comment typo. --- broker/amp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/broker/amp.go b/broker/amp.go index 2bfcb71..1333c63 100644 --- a/broker/amp.go +++ b/broker/amp.go @@ -23,7 +23,7 @@ func ampClientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { // The encoded client poll message immediately follows the /amp/client/ // path prefix, so this function unfortunately needs to be aware of and - // remote its own routing prefix. + // remove its own routing prefix. path := strings.TrimPrefix(r.URL.Path, "/amp/client/") if path == r.URL.Path { // The path didn't start with the expected prefix. This probably From 78cf8e68b27e045c8c73bc99b2e6b73b8f90f491 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 29 May 2025 17:36:36 -0400 Subject: [PATCH 30/78] Simplify broker metrics and remove mutexes This is a large change to how the snowflake broker metrics are implemented. This change removes all uses of mutexes from the metrics implementation in favor of atomic operations on counters stored in sync.Map. There is a small change to the actual metrics output. We used to count the same proxy ip multiple times in our snowflake-ips-total and snowflake-ips country stats if the same proxy ip address polled more than once with different proxy types. This was an overcounting of the number of unique proxy IP addresses that is now fixed. If a unique proxy ip polls with more than one proxy type or nat type, these polls will still be counted once for each proxy type or nat type in our proxy type and nat type specific stats (e.g., snowflake-ips-nat-restricted and snowflake-ips-nat-unrestricted). --- broker/ipc.go | 31 +-- broker/metrics.go | 344 ++++++++++++++------------------ broker/snowflake-broker_test.go | 32 ++- 3 files changed, 164 insertions(+), 243 deletions(-) diff --git a/broker/ipc.go b/broker/ipc.go index 4aa8945..b035703 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -5,7 +5,6 @@ import ( "encoding/hex" "fmt" "log" - "time" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/bridgefingerprint" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/constants" @@ -74,22 +73,16 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { } if !relayPatternSupported { - i.ctx.metrics.lock.Lock() - i.ctx.metrics.proxyPollWithoutRelayURLExtension++ + i.ctx.metrics.IncrementCounter("proxy-poll-without-relay-url") i.ctx.metrics.promMetrics.ProxyPollWithoutRelayURLExtensionTotal.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc() - i.ctx.metrics.lock.Unlock() } else { - i.ctx.metrics.lock.Lock() - i.ctx.metrics.proxyPollWithRelayURLExtension++ + i.ctx.metrics.IncrementCounter("proxy-poll-with-relay-url") i.ctx.metrics.promMetrics.ProxyPollWithRelayURLExtensionTotal.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc() - i.ctx.metrics.lock.Unlock() } if !i.ctx.CheckProxyRelayPattern(relayPattern, !relayPatternSupported) { - i.ctx.metrics.lock.Lock() - i.ctx.metrics.proxyPollRejectedWithRelayURLExtension++ + i.ctx.metrics.IncrementCounter("proxy-poll-rejected-relay-url") i.ctx.metrics.promMetrics.ProxyPollRejectedForRelayURLExtensionTotal.With(prometheus.Labels{"nat": natType, "type": proxyType}).Inc() - i.ctx.metrics.lock.Unlock() b, err := messages.EncodePollResponseWithRelayURL("", false, "", "", "incorrect relay pattern") *response = b @@ -104,9 +97,7 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { if err != nil { log.Println("Warning: cannot process proxy IP: ", err.Error()) } else { - i.ctx.metrics.lock.Lock() i.ctx.metrics.UpdateCountryStats(remoteIP, proxyType, natType) - i.ctx.metrics.lock.Unlock() } var b []byte @@ -115,10 +106,8 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { offer := i.ctx.RequestOffer(sid, proxyType, natType, clients) if offer == nil { - i.ctx.metrics.lock.Lock() - i.ctx.metrics.proxyIdleCount++ + i.ctx.metrics.IncrementCounter("proxy-idle") i.ctx.metrics.promMetrics.ProxyPollTotal.With(prometheus.Labels{"nat": natType, "status": "idle"}).Inc() - i.ctx.metrics.lock.Unlock() b, err = messages.EncodePollResponse("", false, "") if err != nil { @@ -162,8 +151,6 @@ func sendClientResponse(resp *messages.ClientPollResponse, response *[]byte) err func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { - startTime := time.Now() - req, err := messages.DecodeClientPollRequest(arg.Body) if err != nil { return sendClientResponse(&messages.ClientPollResponse{Error: err.Error()}, response) @@ -197,9 +184,7 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { if snowflake != nil { snowflake.offerChannel <- offer } else { - i.ctx.metrics.lock.Lock() i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "denied") - i.ctx.metrics.lock.Unlock() resp := &messages.ClientPollResponse{Error: messages.StrNoProxies} return sendClientResponse(resp, response) } @@ -207,19 +192,11 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { // Wait for the answer to be returned on the channel or timeout. select { case answer := <-snowflake.answerChannel: - i.ctx.metrics.lock.Lock() i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "matched") - i.ctx.metrics.lock.Unlock() resp := &messages.ClientPollResponse{Answer: answer} err = sendClientResponse(resp, response) - // Initial tracking of elapsed time. - i.ctx.metrics.lock.Lock() - i.ctx.metrics.clientRoundtripEstimate = time.Since(startTime) / time.Millisecond - i.ctx.metrics.lock.Unlock() case <-arg.Context.Done(): - i.ctx.metrics.lock.Lock() i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "timeout") - i.ctx.metrics.lock.Unlock() resp := &messages.ClientPollResponse{Error: messages.StrTimedOut} err = sendClientResponse(resp, response) } diff --git a/broker/metrics.go b/broker/metrics.go index 53f315b..cdad2d3 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -12,6 +12,7 @@ import ( "net" "sort" "sync" + "sync/atomic" "time" "github.com/prometheus/client_golang/prometheus" @@ -25,53 +26,9 @@ const ( metricsResolution = 60 * 60 * 24 * time.Second //86400 seconds ) -var rendezvoudMethodList = [...]messages.RendezvousMethod{ - messages.RendezvousHttp, - messages.RendezvousAmpCache, - messages.RendezvousSqs, -} - -type CountryStats struct { - // map[proxyType][address]bool - proxies map[string]map[string]bool - unknown map[string]bool - - natRestricted map[string]bool - natUnrestricted map[string]bool - natUnknown map[string]bool - - counts map[string]int -} - -// Implements Observable -type Metrics struct { - logger *log.Logger - geoipdb *geoip.Geoip - - countryStats CountryStats - clientRoundtripEstimate time.Duration - proxyIdleCount uint - clientDeniedCount map[messages.RendezvousMethod]uint - clientRestrictedDeniedCount map[messages.RendezvousMethod]uint - clientUnrestrictedDeniedCount map[messages.RendezvousMethod]uint - clientProxyMatchCount map[messages.RendezvousMethod]uint - clientProxyTimeoutCount map[messages.RendezvousMethod]uint - - rendezvousCountryStats map[messages.RendezvousMethod]map[string]int - - proxyPollWithRelayURLExtension uint - proxyPollWithoutRelayURLExtension uint - proxyPollRejectedWithRelayURLExtension uint - - // synchronization for access to snowflake metrics - lock sync.Mutex - - promMetrics *PromMetrics -} - type record struct { cc string - count int + count uint64 } type records []record @@ -84,68 +41,103 @@ func (r records) Less(i, j int) bool { return r[i].count < r[j].count } -func (s CountryStats) Display() string { - output := "" +type Metrics struct { + logger *log.Logger + geoipdb *geoip.Geoip - // Use the records struct to sort our counts map by value. - rs := records{} - for cc, count := range s.counts { - rs = append(rs, record{cc: cc, count: count}) - } - sort.Sort(sort.Reverse(rs)) - for _, r := range rs { - output += fmt.Sprintf("%s=%d,", r.cc, r.count) - } + ips *sync.Map // proxy IP addresses we've seen before + counters *sync.Map // counters for ip-based metrics - // cut off trailing "," - if len(output) > 0 { - return output[:len(output)-1] - } + // counters for country-based metrics + proxies *sync.Map // ip-based counts of proxy country codes + clientHTTPPolls *sync.Map // poll-based counts of client HTTP rendezvous + clientAMPPolls *sync.Map // poll-based counts of client AMP cache rendezvous + clientSQSPolls *sync.Map // poll-based counts of client SQS rendezvous - return output + promMetrics *PromMetrics +} + +func NewMetrics(metricsLogger *log.Logger) (*Metrics, error) { + m := new(Metrics) + + m.logger = metricsLogger + m.promMetrics = initPrometheus() + m.ips = new(sync.Map) + m.counters = new(sync.Map) + m.proxies = new(sync.Map) + m.clientHTTPPolls = new(sync.Map) + m.clientAMPPolls = new(sync.Map) + m.clientSQSPolls = new(sync.Map) + + // Write to log file every day with updated metrics + go m.logMetrics() + + return m, nil +} + +func incrementMapCounter(counters *sync.Map, key string) { + start := uint64(1) + val, loaded := counters.LoadOrStore(key, &start) + if loaded { + ptr := val.(*uint64) + atomic.AddUint64(ptr, 1) + } +} + +func (m *Metrics) IncrementCounter(key string) { + incrementMapCounter(m.counters, key) } func (m *Metrics) UpdateCountryStats(addr string, proxyType string, natType string) { - var country string - var ok bool - - addresses, ok := m.countryStats.proxies[proxyType] - if !ok { - if m.countryStats.unknown[addr] { - return - } - m.countryStats.unknown[addr] = true - } else { - if addresses[addr] { - return - } - addresses[addr] = true - } + // perform geolocation of IP address ip := net.ParseIP(addr) if m.geoipdb == nil { return } - country, ok = m.geoipdb.GetCountryByAddr(ip) + country, ok := m.geoipdb.GetCountryByAddr(ip) if !ok { country = "??" } - m.countryStats.counts[country]++ + + // check whether we've seen this proxy ip before + if _, loaded := m.ips.LoadOrStore(addr, true); !loaded { + m.IncrementCounter("proxy-total") + incrementMapCounter(m.proxies, country) + } + + // update unique IP proxy NAT metrics + key := fmt.Sprintf("%s-%s", addr, natType) + if _, loaded := m.ips.LoadOrStore(key, true); !loaded { + switch natType { + case NATRestricted: + m.IncrementCounter("proxy-nat-restricted") + case NATUnrestricted: + m.IncrementCounter("proxy-nat-unrestricted") + default: + m.IncrementCounter("proxy-nat-unknown") + } + } + // update unique IP proxy type metrics + key = fmt.Sprintf("%s-%s", addr, proxyType) + if _, loaded := m.ips.LoadOrStore(key, true); !loaded { + switch proxyType { + case "standalone": + m.IncrementCounter("proxy-standalone") + case "badge": + m.IncrementCounter("proxy-badge") + case "iptproxy": + m.IncrementCounter("proxy-iptproxy") + case "webext": + m.IncrementCounter("proxy-webext") + } + } m.promMetrics.ProxyTotal.With(prometheus.Labels{ "nat": natType, "type": proxyType, "cc": country, }).Inc() - - switch natType { - case NATRestricted: - m.countryStats.natRestricted[addr] = true - case NATUnrestricted: - m.countryStats.natUnrestricted[addr] = true - default: - m.countryStats.natUnknown[addr] = true - } } func (m *Metrics) UpdateRendezvousStats(addr string, rendezvousMethod messages.RendezvousMethod, natType, status string) { @@ -160,20 +152,31 @@ func (m *Metrics) UpdateRendezvousStats(addr string, rendezvousMethod messages.R switch status { case "denied": - m.clientDeniedCount[rendezvousMethod]++ + m.IncrementCounter("client-denied") if natType == NATUnrestricted { - m.clientUnrestrictedDeniedCount[rendezvousMethod]++ + m.IncrementCounter("client-unrestricted-denied") } else { - m.clientRestrictedDeniedCount[rendezvousMethod]++ + m.IncrementCounter("client-restricted-denied") } case "matched": - m.clientProxyMatchCount[rendezvousMethod]++ + m.IncrementCounter("client-match") case "timeout": - m.clientProxyTimeoutCount[rendezvousMethod]++ + m.IncrementCounter("client-timeout") default: log.Printf("Unknown rendezvous status: %s", status) } - m.rendezvousCountryStats[rendezvousMethod][country]++ + + switch rendezvousMethod { + case messages.RendezvousHttp: + m.IncrementCounter("client-http") + incrementMapCounter(m.clientHTTPPolls, country) + case messages.RendezvousAmpCache: + m.IncrementCounter("client-amp") + incrementMapCounter(m.clientAMPPolls, country) + case messages.RendezvousSqs: + m.IncrementCounter("client-sqs") + incrementMapCounter(m.clientSQSPolls, country) + } m.promMetrics.ClientPollTotal.With(prometheus.Labels{ "nat": natType, "status": status, @@ -182,17 +185,27 @@ func (m *Metrics) UpdateRendezvousStats(addr string, rendezvousMethod messages.R }).Inc() } -func (m *Metrics) DisplayRendezvousStatsByCountry(rendezvoudMethod messages.RendezvousMethod) string { +func displayCountryStats(m *sync.Map, binned bool) string { output := "" // Use the records struct to sort our counts map by value. rs := records{} - for cc, count := range m.rendezvousCountryStats[rendezvoudMethod] { - rs = append(rs, record{cc: cc, count: count}) - } + + m.Range(func(cc any, _ any) bool { + count, loaded := m.LoadAndDelete(cc) + ptr := count.(*uint64) + if loaded { + rs = append(rs, record{cc: cc.(string), count: *ptr}) + } + return true + }) sort.Sort(sort.Reverse(rs)) for _, r := range rs { - output += fmt.Sprintf("%s=%d,", r.cc, binCount(uint(r.count))) + count := uint64(r.count) + if binned { + count = binCount(count) + } + output += fmt.Sprintf("%s=%d,", r.cc, count) } // cut off trailing "," @@ -212,126 +225,61 @@ func (m *Metrics) LoadGeoipDatabases(geoipDB string, geoip6DB string) error { return err } -func NewMetrics(metricsLogger *log.Logger) (*Metrics, error) { - m := new(Metrics) - - m.clientDeniedCount = make(map[messages.RendezvousMethod]uint) - m.clientRestrictedDeniedCount = make(map[messages.RendezvousMethod]uint) - m.clientUnrestrictedDeniedCount = make(map[messages.RendezvousMethod]uint) - m.clientProxyMatchCount = make(map[messages.RendezvousMethod]uint) - m.clientProxyTimeoutCount = make(map[messages.RendezvousMethod]uint) - - m.rendezvousCountryStats = make(map[messages.RendezvousMethod]map[string]int) - for _, rendezvousMethod := range rendezvoudMethodList { - m.rendezvousCountryStats[rendezvousMethod] = make(map[string]int) - } - - m.countryStats = CountryStats{ - counts: make(map[string]int), - proxies: make(map[string]map[string]bool), - unknown: make(map[string]bool), - natRestricted: make(map[string]bool), - natUnrestricted: make(map[string]bool), - natUnknown: make(map[string]bool), - } - for pType := range messages.KnownProxyTypes { - m.countryStats.proxies[pType] = make(map[string]bool) - } - - m.logger = metricsLogger - m.promMetrics = initPrometheus() - - // Write to log file every day with updated metrics - go m.logMetrics() - - return m, nil -} - // Logs metrics in intervals specified by metricsResolution func (m *Metrics) logMetrics() { heartbeat := time.Tick(metricsResolution) for range heartbeat { m.printMetrics() - m.zeroMetrics() } } +func (m *Metrics) loadAndZero(key string) uint64 { + count, loaded := m.counters.LoadAndDelete(key) + if !loaded { + count = new(uint64) + } + ptr := count.(*uint64) + return *ptr +} + func (m *Metrics) printMetrics() { - m.lock.Lock() m.logger.Println( "snowflake-stats-end", time.Now().UTC().Format("2006-01-02 15:04:05"), fmt.Sprintf("(%d s)", int(metricsResolution.Seconds())), ) - m.logger.Println("snowflake-ips", m.countryStats.Display()) - total := len(m.countryStats.unknown) - for pType, addresses := range m.countryStats.proxies { - m.logger.Printf("snowflake-ips-%s %d\n", pType, len(addresses)) - total += len(addresses) - } - m.logger.Println("snowflake-ips-total", total) - m.logger.Println("snowflake-idle-count", binCount(m.proxyIdleCount)) - m.logger.Println("snowflake-proxy-poll-with-relay-url-count", binCount(m.proxyPollWithRelayURLExtension)) - m.logger.Println("snowflake-proxy-poll-without-relay-url-count", binCount(m.proxyPollWithoutRelayURLExtension)) - m.logger.Println("snowflake-proxy-rejected-for-relay-url-count", binCount(m.proxyPollRejectedWithRelayURLExtension)) + m.logger.Println("snowflake-ips", displayCountryStats(m.proxies, false)) + m.logger.Printf("snowflake-ips-iptproxy %d\n", m.loadAndZero("proxy-iptproxy")) + m.logger.Printf("snowflake-ips-standalone %d\n", m.loadAndZero("proxy-standalone")) + m.logger.Printf("snowflake-ips-webext %d\n", m.loadAndZero("proxy-webext")) + m.logger.Printf("snowflake-ips-badge %d\n", m.loadAndZero("proxy-badge")) + m.logger.Println("snowflake-ips-total", m.loadAndZero("proxy-total")) + m.logger.Println("snowflake-idle-count", binCount(m.loadAndZero("proxy-idle"))) + m.logger.Println("snowflake-proxy-poll-with-relay-url-count", binCount(m.loadAndZero("proxy-poll-with-relay-url"))) + m.logger.Println("snowflake-proxy-poll-without-relay-url-count", binCount(m.loadAndZero("proxy-poll-without-relay-url"))) + m.logger.Println("snowflake-proxy-rejected-for-relay-url-count", binCount(m.loadAndZero("proxy-poll-rejected-relay-url"))) - m.logger.Println("client-denied-count", binCount(sumMapValues(&m.clientDeniedCount))) - m.logger.Println("client-restricted-denied-count", binCount(sumMapValues(&m.clientRestrictedDeniedCount))) - m.logger.Println("client-unrestricted-denied-count", binCount(sumMapValues(&m.clientUnrestrictedDeniedCount))) - m.logger.Println("client-snowflake-match-count", binCount(sumMapValues(&m.clientProxyMatchCount))) - m.logger.Println("client-snowflake-timeout-count", binCount(sumMapValues(&m.clientProxyTimeoutCount))) + m.logger.Println("client-denied-count", binCount(m.loadAndZero("client-denied"))) + m.logger.Println("client-restricted-denied-count", binCount(m.loadAndZero("client-restricted-denied"))) + m.logger.Println("client-unrestricted-denied-count", binCount(m.loadAndZero("client-unrestricted-denied"))) + m.logger.Println("client-snowflake-match-count", binCount(m.loadAndZero("client-match"))) + m.logger.Println("client-snowflake-timeout-count", binCount(m.loadAndZero("client-timeout"))) - for _, rendezvousMethod := range rendezvoudMethodList { - m.logger.Printf("client-%s-count %d\n", rendezvousMethod, binCount( - m.clientDeniedCount[rendezvousMethod]+m.clientProxyMatchCount[rendezvousMethod], - )) - m.logger.Printf("client-%s-ips %s\n", rendezvousMethod, m.DisplayRendezvousStatsByCountry(rendezvousMethod)) - } + m.logger.Printf("client-http-count %d\n", binCount(m.loadAndZero("client-http"))) + m.logger.Printf("client-http-ips %s\n", displayCountryStats(m.clientHTTPPolls, true)) + m.logger.Printf("client-ampcache-count %d\n", binCount(m.loadAndZero("client-amp"))) + m.logger.Printf("client-ampcache-ips %s\n", displayCountryStats(m.clientAMPPolls, true)) + m.logger.Printf("client-sqs-count %d\n", binCount(m.loadAndZero("client-sqs"))) + m.logger.Printf("client-sqs-ips %s\n", displayCountryStats(m.clientSQSPolls, true)) - m.logger.Println("snowflake-ips-nat-restricted", len(m.countryStats.natRestricted)) - m.logger.Println("snowflake-ips-nat-unrestricted", len(m.countryStats.natUnrestricted)) - m.logger.Println("snowflake-ips-nat-unknown", len(m.countryStats.natUnknown)) - m.lock.Unlock() -} - -// Restores all metrics to original values -func (m *Metrics) zeroMetrics() { - m.proxyIdleCount = 0 - m.clientDeniedCount = make(map[messages.RendezvousMethod]uint) - m.clientRestrictedDeniedCount = make(map[messages.RendezvousMethod]uint) - m.clientUnrestrictedDeniedCount = make(map[messages.RendezvousMethod]uint) - m.proxyPollRejectedWithRelayURLExtension = 0 - m.proxyPollWithRelayURLExtension = 0 - m.proxyPollWithoutRelayURLExtension = 0 - m.clientProxyMatchCount = make(map[messages.RendezvousMethod]uint) - m.clientProxyTimeoutCount = make(map[messages.RendezvousMethod]uint) - - m.rendezvousCountryStats = make(map[messages.RendezvousMethod]map[string]int) - for _, rendezvousMethod := range rendezvoudMethodList { - m.rendezvousCountryStats[rendezvousMethod] = make(map[string]int) - } - - m.countryStats.counts = make(map[string]int) - for pType := range m.countryStats.proxies { - m.countryStats.proxies[pType] = make(map[string]bool) - } - m.countryStats.unknown = make(map[string]bool) - m.countryStats.natRestricted = make(map[string]bool) - m.countryStats.natUnrestricted = make(map[string]bool) - m.countryStats.natUnknown = make(map[string]bool) + m.logger.Println("snowflake-ips-nat-restricted", m.loadAndZero("proxy-nat-restricted")) + m.logger.Println("snowflake-ips-nat-unrestricted", m.loadAndZero("proxy-nat-unrestricted")) + m.logger.Println("snowflake-ips-nat-unknown", m.loadAndZero("proxy-nat-unknown")) } // Rounds up a count to the nearest multiple of 8. -func binCount(count uint) uint { - return uint((math.Ceil(float64(count) / 8)) * 8) -} - -func sumMapValues(m *map[messages.RendezvousMethod]uint) uint { - var s uint = 0 - for _, v := range *m { - s += v - } - return s +func binCount(count uint64) uint64 { + return uint64((math.Ceil(float64(count) / 8)) * 8) } type PromMetrics struct { diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index ddfa551..daf9aca 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -11,6 +11,7 @@ import ( "net/http/httptest" "os" "sync" + "sync/atomic" "testing" "time" @@ -671,7 +672,7 @@ func TestMetrics(t *testing.T) { w := httptest.NewRecorder() data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}")) r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) - r.RemoteAddr = "129.97.208.23:8888" //CA geoip + r.RemoteAddr = "129.97.208.23" //CA geoip So(err, ShouldBeNil) go func(i *IPC) { proxyPolls(i, w, r) @@ -684,7 +685,7 @@ func TestMetrics(t *testing.T) { w = httptest.NewRecorder() data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"standalone","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) - r.RemoteAddr = "129.97.208.23:8888" //CA geoip + r.RemoteAddr = "129.97.208.24" //CA geoip So(err, ShouldBeNil) go func(i *IPC) { proxyPolls(i, w, r) @@ -697,7 +698,7 @@ func TestMetrics(t *testing.T) { w = httptest.NewRecorder() data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"badge","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) - r.RemoteAddr = "129.97.208.23:8888" //CA geoip + r.RemoteAddr = "129.97.208.25" //CA geoip So(err, ShouldBeNil) go func(i *IPC) { proxyPolls(i, w, r) @@ -710,7 +711,7 @@ func TestMetrics(t *testing.T) { w = httptest.NewRecorder() data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0","Type":"webext","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) - r.RemoteAddr = "129.97.208.23:8888" //CA geoip + r.RemoteAddr = "129.97.208.26" //CA geoip So(err, ShouldBeNil) go func(i *IPC) { proxyPolls(i, w, r) @@ -744,7 +745,7 @@ client-sqs-count 0 client-sqs-ips snowflake-ips-nat-restricted 0 snowflake-ips-nat-unrestricted 0 -snowflake-ips-nat-unknown 1 +snowflake-ips-nat-unknown 4 `) }) @@ -774,7 +775,6 @@ client-sqs-ips `) // Test reset buf.Reset() - ctx.metrics.zeroMetrics() ctx.metrics.printMetrics() So(buf.String(), ShouldContainSubstring, "\nsnowflake-ips \n") So(buf.String(), ShouldContainSubstring, "\nsnowflake-ips-standalone 0\n") @@ -881,9 +881,6 @@ snowflake-ips-nat-unknown 0 So(err, ShouldBeNil) clientOffers(i, w, r) - ctx.metrics.printMetrics() - So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 8\nclient-unrestricted-denied-count 0\n") - w = httptest.NewRecorder() data, err = createClientOffer(sdp, NATRestricted, "") So(err, ShouldBeNil) @@ -945,9 +942,6 @@ snowflake-ips-nat-unknown 0 p.offerChannel <- nil <-done - ctx.metrics.printMetrics() - So(buf.String(), ShouldContainSubstring, "snowflake-ips-nat-restricted 1\nsnowflake-ips-nat-unrestricted 0\nsnowflake-ips-nat-unknown 0") - data = bytes.NewReader([]byte(`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.2","Type":"unknown","NAT":"unrestricted","AcceptedRelayPattern":"snowflake.torproject.net"}`)) r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) if err != nil { @@ -979,7 +973,6 @@ snowflake-ips-nat-unknown 0 So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 8\nclient-unrestricted-denied-count 0\nclient-snowflake-match-count 0") buf.Reset() - ctx.metrics.zeroMetrics() data, err = createClientOffer(sdp, NATUnrestricted, "") So(err, ShouldBeNil) @@ -992,7 +985,6 @@ snowflake-ips-nat-unknown 0 So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 0\nclient-unrestricted-denied-count 8\nclient-snowflake-match-count 0") buf.Reset() - ctx.metrics.zeroMetrics() data, err = createClientOffer(sdp, NATUnknown, "") So(err, ShouldBeNil) @@ -1005,8 +997,8 @@ snowflake-ips-nat-unknown 0 So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 8\nclient-unrestricted-denied-count 0\nclient-snowflake-match-count 0") }) Convey("for country stats order", func() { - - stats := map[string]int{ + stats := new(sync.Map) + for cc, count := range map[string]uint64{ "IT": 50, "FR": 200, "TZ": 100, @@ -1015,9 +1007,13 @@ snowflake-ips-nat-unknown 0 "CA": 1, "BE": 1, "PH": 1, + } { + stats.LoadOrStore(cc, new(uint64)) + val, _ := stats.Load(cc) + ptr := val.(*uint64) + atomic.AddUint64(ptr, count) } - ctx.metrics.countryStats.counts = stats - So(ctx.metrics.countryStats.Display(), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + So(displayCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") }) }) } From 1d73e14f343b7ff350b5009a0bfedb88fc492b07 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 29 May 2025 21:10:32 -0400 Subject: [PATCH 31/78] Rename metrics update functions This changes the metrics update functions to UpdateProxyStats and UpdateClientStats, which is more accurate and clear than the previous CountryStats and RendezvousStats names. --- broker/ipc.go | 8 ++++---- broker/metrics.go | 4 ++-- broker/snowflake-broker_test.go | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/broker/ipc.go b/broker/ipc.go index b035703..8154ef8 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -97,7 +97,7 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { if err != nil { log.Println("Warning: cannot process proxy IP: ", err.Error()) } else { - i.ctx.metrics.UpdateCountryStats(remoteIP, proxyType, natType) + i.ctx.metrics.UpdateProxyStats(remoteIP, proxyType, natType) } var b []byte @@ -184,7 +184,7 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { if snowflake != nil { snowflake.offerChannel <- offer } else { - i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "denied") + i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "denied") resp := &messages.ClientPollResponse{Error: messages.StrNoProxies} return sendClientResponse(resp, response) } @@ -192,11 +192,11 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { // Wait for the answer to be returned on the channel or timeout. select { case answer := <-snowflake.answerChannel: - i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "matched") + i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "matched") resp := &messages.ClientPollResponse{Answer: answer} err = sendClientResponse(resp, response) case <-arg.Context.Done(): - i.ctx.metrics.UpdateRendezvousStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "timeout") + i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "timeout") resp := &messages.ClientPollResponse{Error: messages.StrTimedOut} err = sendClientResponse(resp, response) } diff --git a/broker/metrics.go b/broker/metrics.go index cdad2d3..c540f07 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -88,7 +88,7 @@ func (m *Metrics) IncrementCounter(key string) { incrementMapCounter(m.counters, key) } -func (m *Metrics) UpdateCountryStats(addr string, proxyType string, natType string) { +func (m *Metrics) UpdateProxyStats(addr string, proxyType string, natType string) { // perform geolocation of IP address ip := net.ParseIP(addr) @@ -140,7 +140,7 @@ func (m *Metrics) UpdateCountryStats(addr string, proxyType string, natType stri }).Inc() } -func (m *Metrics) UpdateRendezvousStats(addr string, rendezvousMethod messages.RendezvousMethod, natType, status string) { +func (m *Metrics) UpdateClientStats(addr string, rendezvousMethod messages.RendezvousMethod, natType, status string) { ip := net.ParseIP(addr) country := "??" if m.geoipdb != nil { diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index daf9aca..90a6ef3 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -651,7 +651,7 @@ func TestInvalidGeoipFile(t *testing.T) { if err := ctx.metrics.LoadGeoipDatabases("invalid_filename", "invalid_filename6"); err != nil { log.Printf("loading geo ip databases returned error: %v", err) } - ctx.metrics.UpdateCountryStats("127.0.0.1", "", NATUnrestricted) + ctx.metrics.UpdateProxyStats("127.0.0.1", "", NATUnrestricted) So(ctx.metrics.geoipdb, ShouldBeNil) }) From 1dc9947d2affa3a23e3ae832c97ac59b723b4783 Mon Sep 17 00:00:00 2001 From: David Auer Date: Sat, 28 Jun 2025 17:47:48 +0200 Subject: [PATCH 32/78] Fix missing labels in Docker image In a multi stage Docker build, the LABEL commands need to be applied in the final stage. --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index f0344f4..716a371 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,5 @@ FROM docker.io/library/golang:1.23-bookworm AS build -# Set some labels -# io.containers.autoupdate label will instruct podman to reach out to the corres -# corresponding registry to check if the image has been updated. If an image -# must be updated, Podman pulls it down and restarts the systemd unit executing -# the container. See podman-auto-update(1) for more details, or -# https://docs.podman.io/en/latest/markdown/podman-auto-update.1.html -LABEL io.containers.autoupdate=registry -LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org" - RUN apt-get update && apt-get install -y tor-geoipdb ADD . /app @@ -25,3 +16,12 @@ COPY --from=build /usr/share/tor/geoip* /usr/share/tor/ COPY --from=build /app/proxy/proxy /bin/proxy ENTRYPOINT [ "/bin/proxy" ] + +# Set some labels +# io.containers.autoupdate label will instruct podman to reach out to the +# corresponding registry to check if the image has been updated. If an image +# must be updated, Podman pulls it down and restarts the systemd unit executing +# the container. See podman-auto-update(1) for more details, or +# https://docs.podman.io/en/latest/markdown/podman-auto-update.1.html +LABEL io.containers.autoupdate=registry +LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org" From d7ebb2f99ccf26101faee86d0d87ebae58000d11 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 8 Jul 2025 14:17:37 -0400 Subject: [PATCH 33/78] Add clarification to broker-spec on client-*-ips --- doc/broker-spec.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/broker-spec.txt b/doc/broker-spec.txt index 6d0ca40..b502cb4 100644 --- a/doc/broker-spec.txt +++ b/doc/broker-spec.txt @@ -104,6 +104,9 @@ Metrics data from the Snowflake broker can be retrieved by sending an HTTP GET r rounded up to the nearest multiple of 8. Each country code only appears once. + Note that this descriptor field name is misleading. We use IP addresses + to partition by country, but this metric counts polls, not unique IPs. + "client-ampcache-count" NUM NL [At most once.] @@ -119,6 +122,9 @@ Metrics data from the Snowflake broker can be retrieved by sending an HTTP GET r method, rounded up to the nearest multiple of 8. Each country code only appears once. + Note that this descriptor field name is misleading. We use IP addresses + to partition by country, but this metric counts polls, not unique IPs. + "client-sqs-count" NUM NL [At most once.] @@ -134,6 +140,9 @@ Metrics data from the Snowflake broker can be retrieved by sending an HTTP GET r rounded up to the nearest multiple of 8. Each country code only appears once. + Note that this descriptor field name is misleading. We use IP addresses + to partition by country, but this metric counts polls, not unique IPs. + "snowflake-ips-nat-restricted" NUM NL [At most once.] From 58b1d48e544b463005a18b09f69b1af53011ec3d Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 8 Jul 2025 11:35:56 -0400 Subject: [PATCH 34/78] Increment prometheus proxy_total count once per IP This fixes a regression from !574 that did not check whether the IP was unique before incrementing the counter. Closes https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40470 --- broker/metrics.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index c540f07..99779b9 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -104,6 +104,11 @@ func (m *Metrics) UpdateProxyStats(addr string, proxyType string, natType string if _, loaded := m.ips.LoadOrStore(addr, true); !loaded { m.IncrementCounter("proxy-total") incrementMapCounter(m.proxies, country) + m.promMetrics.ProxyTotal.With(prometheus.Labels{ + "nat": natType, + "type": proxyType, + "cc": country, + }).Inc() } // update unique IP proxy NAT metrics @@ -132,12 +137,6 @@ func (m *Metrics) UpdateProxyStats(addr string, proxyType string, natType string m.IncrementCounter("proxy-webext") } } - - m.promMetrics.ProxyTotal.With(prometheus.Labels{ - "nat": natType, - "type": proxyType, - "cc": country, - }).Inc() } func (m *Metrics) UpdateClientStats(addr string, rendezvousMethod messages.RendezvousMethod, natType, status string) { From 79c4dfbdc83a1e512f9d20acf506bbe7006d060f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 17 Jul 2025 21:54:40 +0000 Subject: [PATCH 35/78] chore(deps): update module github.com/pion/sdp/v3 to v3.0.15 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9b1c03e..9e0aee5 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 github.com/pion/ice/v4 v4.0.10 - github.com/pion/sdp/v3 v3.0.13 + github.com/pion/sdp/v3 v3.0.15 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 github.com/pion/webrtc/v4 v4.1.2 diff --git a/go.sum b/go.sum index 6828823..fbe6366 100644 --- a/go.sum +++ b/go.sum @@ -111,8 +111,8 @@ github.com/pion/rtp v1.8.18 h1:yEAb4+4a8nkPCecWzQB6V/uEU18X1lQCGAQCjP+pyvU= github.com/pion/rtp v1.8.18/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= -github.com/pion/sdp/v3 v3.0.13 h1:uN3SS2b+QDZnWXgdr69SM8KB4EbcnPnPf2Laxhty/l4= -github.com/pion/sdp/v3 v3.0.13/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= +github.com/pion/sdp/v3 v3.0.15 h1:F0I1zds+K/+37ZrzdADmx2Q44OFDOPRLhPnNTaUX9hk= +github.com/pion/sdp/v3 v3.0.15/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= github.com/pion/srtp/v3 v3.0.5 h1:8XLB6Dt3QXkMkRFpoqC3314BemkpMQK2mZeJc4pUKqo= github.com/pion/srtp/v3 v3.0.5/go.mod h1:r1G7y5r1scZRLe2QJI/is+/O83W2d+JoEsuIexpw+uM= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= From a176e7567d3fcadff167701fb5ec4f9d32719a3a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 19 Jul 2025 02:23:44 +0000 Subject: [PATCH 36/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.29.18 --- go.mod | 24 ++++++++++++------------ go.sum | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index 9e0aee5..7c7ff17 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.22.0 require ( - github.com/aws/aws-sdk-go-v2 v1.36.3 - github.com/aws/aws-sdk-go-v2/config v1.29.14 - github.com/aws/aws-sdk-go-v2/credentials v1.17.67 + github.com/aws/aws-sdk-go-v2 v1.36.6 + github.com/aws/aws-sdk-go-v2/config v1.29.18 + github.com/aws/aws-sdk-go-v2/credentials v1.17.71 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -33,16 +33,16 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect - github.com/aws/smithy-go v1.22.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 // indirect + github.com/aws/smithy-go v1.22.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect diff --git a/go.sum b/go.sum index fbe6366..47f927d 100644 --- a/go.sum +++ b/go.sum @@ -2,34 +2,34 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= -github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= -github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM= -github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g= -github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM= -github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q= +github.com/aws/aws-sdk-go-v2 v1.36.6 h1:zJqGjVbRdTPojeCGWn5IR5pbJwSQSBh5RWFTQcEQGdU= +github.com/aws/aws-sdk-go-v2 v1.36.6/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0= +github.com/aws/aws-sdk-go-v2/config v1.29.18 h1:x4T1GRPnqKV8HMJOMtNktbpQMl3bIsfx8KbqmveUO2I= +github.com/aws/aws-sdk-go-v2/config v1.29.18/go.mod h1:bvz8oXugIsH8K7HLhBv06vDqnFv3NsGDt2Znpk7zmOU= +github.com/aws/aws-sdk-go-v2/credentials v1.17.71 h1:r2w4mQWnrTMJjOyIsZtGp3R3XGY3nqHn8C26C2lQWgA= +github.com/aws/aws-sdk-go-v2/credentials v1.17.71/go.mod h1:E7VF3acIup4GB5ckzbKFrCK0vTvEQxOxgdq4U3vcMCY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 h1:D9ixiWSG4lyUBL2DDNK924Px9V/NBVpML90MHqyTADY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33/go.mod h1:caS/m4DI+cij2paz3rtProRBI4s/+TCiWoaWZuQ9010= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 h1:osMWfm/sC/L4tvEdQ65Gri5ZZDCUpuYJZbTTDrsn4I0= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37/go.mod h1:ZV2/1fbjOPr4G4v38G3Ww5TBT4+hmsK45s/rxu1fGy0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 h1:v+X21AvTb2wZ+ycg1gx+orkB/9U6L7AOp93R7qYxsxM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37/go.mod h1:G0uM1kyssELxmJ2VZEfG0q2npObR3BAkF3c1VsfVnfs= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 h1:vvbXsA2TVO80/KT7ZqCbx934dt6PY+vQ8hZpUZ/cpYg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18/go.mod h1:m2JJHledjBGNMsLOF1g9gbAxprzq3KjC8e4lxtn+eWg= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 h1:KNgVWw8qbPzjYnIF1gL0EAszy6VKGnmUK6VSm1huYY8= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= -github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= -github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 h1:rGtWqkQbPk7Bkwuv3NzpE/scwwL9sC1Ul3tn9x83DUI= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.6/go.mod h1:u4ku9OLv4TO4bCPdxf4fA1upaMaJmP9ZijGk3AAOC6Q= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 h1:OV/pxyXh+eMA0TExHEC4jyWdumLxNbzz1P0zJoezkJc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4/go.mod h1:8Mm5VGYwtm+r305FfPSuc+aFkrypeylGYhFim6XEPoc= +github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 h1:aUrLQwJfZtwv3/ZNG2xRtEen+NqI3iesuacjP51Mv1s= +github.com/aws/aws-sdk-go-v2/service/sts v1.34.1/go.mod h1:3wFBZKoWnX3r+Sm7in79i54fBmNfwhdNdQuscCw7QIk= +github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw= +github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= From 437cc37443c9763cd6b607ba93458b76a2f419fa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Jul 2025 19:29:12 +0000 Subject: [PATCH 37/78] chore(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.30.2 --- go.mod | 24 ++++++++++++------------ go.sum | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index 7c7ff17..5cb329d 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.22.0 require ( - github.com/aws/aws-sdk-go-v2 v1.36.6 - github.com/aws/aws-sdk-go-v2/config v1.29.18 - github.com/aws/aws-sdk-go-v2/credentials v1.17.71 + github.com/aws/aws-sdk-go-v2 v1.37.1 + github.com/aws/aws-sdk-go-v2/config v1.30.2 + github.com/aws/aws-sdk-go-v2/credentials v1.18.2 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -33,16 +33,16 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 // indirect - github.com/aws/smithy-go v1.22.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.35.1 // indirect + github.com/aws/smithy-go v1.22.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect diff --git a/go.sum b/go.sum index 47f927d..3d322b8 100644 --- a/go.sum +++ b/go.sum @@ -2,34 +2,34 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.36.6 h1:zJqGjVbRdTPojeCGWn5IR5pbJwSQSBh5RWFTQcEQGdU= -github.com/aws/aws-sdk-go-v2 v1.36.6/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0= -github.com/aws/aws-sdk-go-v2/config v1.29.18 h1:x4T1GRPnqKV8HMJOMtNktbpQMl3bIsfx8KbqmveUO2I= -github.com/aws/aws-sdk-go-v2/config v1.29.18/go.mod h1:bvz8oXugIsH8K7HLhBv06vDqnFv3NsGDt2Znpk7zmOU= -github.com/aws/aws-sdk-go-v2/credentials v1.17.71 h1:r2w4mQWnrTMJjOyIsZtGp3R3XGY3nqHn8C26C2lQWgA= -github.com/aws/aws-sdk-go-v2/credentials v1.17.71/go.mod h1:E7VF3acIup4GB5ckzbKFrCK0vTvEQxOxgdq4U3vcMCY= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 h1:D9ixiWSG4lyUBL2DDNK924Px9V/NBVpML90MHqyTADY= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33/go.mod h1:caS/m4DI+cij2paz3rtProRBI4s/+TCiWoaWZuQ9010= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 h1:osMWfm/sC/L4tvEdQ65Gri5ZZDCUpuYJZbTTDrsn4I0= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37/go.mod h1:ZV2/1fbjOPr4G4v38G3Ww5TBT4+hmsK45s/rxu1fGy0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 h1:v+X21AvTb2wZ+ycg1gx+orkB/9U6L7AOp93R7qYxsxM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37/go.mod h1:G0uM1kyssELxmJ2VZEfG0q2npObR3BAkF3c1VsfVnfs= +github.com/aws/aws-sdk-go-v2 v1.37.1 h1:SMUxeNz3Z6nqGsXv0JuJXc8w5YMtrQMuIBmDx//bBDY= +github.com/aws/aws-sdk-go-v2 v1.37.1/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= +github.com/aws/aws-sdk-go-v2/config v1.30.2 h1:YE1BmSc4fFYqFgN1mN8uzrtc7R9x+7oSWeX8ckoltAw= +github.com/aws/aws-sdk-go-v2/config v1.30.2/go.mod h1:UNrLGZ6jfAVjgVJpkIxjLufRJqTXCVYOpkeVf83kwBo= +github.com/aws/aws-sdk-go-v2/credentials v1.18.2 h1:mfm0GKY/PHLhs7KO0sUaOtFnIQ15Qqxt+wXbO/5fIfs= +github.com/aws/aws-sdk-go-v2/credentials v1.18.2/go.mod h1:v0SdJX6ayPeZFQxgXUKw5RhLpAoZUuynxWDfh8+Eknc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1 h1:owmNBboeA0kHKDcdF8KiSXmrIuXZustfMGGytv6OMkM= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1/go.mod h1:Bg1miN59SGxrZqlP8vJZSmXW+1N8Y1MjQDq1OfuNod8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 h1:ksZXBYv80EFTcgc8OJO48aQ8XDWXIQL7gGasPeCoTzI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1/go.mod h1:HSksQyyJETVZS7uM54cir0IgxttTD+8aEoJMPGepHBI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 h1:+dn/xF/05utS7tUhjIcndbuaPjfll2LhbH1cCDGLYUQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1/go.mod h1:hyAGz30LHdm5KBZDI58MXx5lDVZ5CUfvfTZvMu4HCZo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 h1:vvbXsA2TVO80/KT7ZqCbx934dt6PY+vQ8hZpUZ/cpYg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18/go.mod h1:m2JJHledjBGNMsLOF1g9gbAxprzq3KjC8e4lxtn+eWg= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 h1:ky79ysLMxhwk5rxJtS+ILd3Mc8kC5fhsLBrP27r6h4I= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1/go.mod h1:+2MmkvFvPYM1vsozBWduoLJUi5maxFk5B7KJFECujhY= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 h1:KNgVWw8qbPzjYnIF1gL0EAszy6VKGnmUK6VSm1huYY8= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 h1:rGtWqkQbPk7Bkwuv3NzpE/scwwL9sC1Ul3tn9x83DUI= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.6/go.mod h1:u4ku9OLv4TO4bCPdxf4fA1upaMaJmP9ZijGk3AAOC6Q= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 h1:OV/pxyXh+eMA0TExHEC4jyWdumLxNbzz1P0zJoezkJc= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4/go.mod h1:8Mm5VGYwtm+r305FfPSuc+aFkrypeylGYhFim6XEPoc= -github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 h1:aUrLQwJfZtwv3/ZNG2xRtEen+NqI3iesuacjP51Mv1s= -github.com/aws/aws-sdk-go-v2/service/sts v1.34.1/go.mod h1:3wFBZKoWnX3r+Sm7in79i54fBmNfwhdNdQuscCw7QIk= -github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw= -github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= +github.com/aws/aws-sdk-go-v2/service/sso v1.26.1 h1:uWaz3DoNK9MNhm7i6UGxqufwu3BEuJZm72WlpGwyVtY= +github.com/aws/aws-sdk-go-v2/service/sso v1.26.1/go.mod h1:ILpVNjL0BO+Z3Mm0SbEeUoYS9e0eJWV1BxNppp0fcb8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1 h1:XdG6/o1/ZDmn3wJU5SRAejHaWgKS4zHv0jBamuKuS2k= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1/go.mod h1:oiotGTKadCOCl3vg/tYh4k45JlDF81Ka8rdumNhEnIQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.35.1 h1:iF4Xxkc0H9c/K2dS0zZw3SCkj0Z7n6AMnUiiyoJND+I= +github.com/aws/aws-sdk-go-v2/service/sts v1.35.1/go.mod h1:0bxIatfN0aLq4mjoLDeBpOjOke68OsFlXPDFJ7V0MYw= +github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= +github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= From 8ae1994e4b1512975d65d09de4ebb95770ade286 Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Thu, 31 Jul 2025 13:29:04 +0100 Subject: [PATCH 38/78] Update snowflake proxy image to use most recent golang and geodb --- Dockerfile | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 716a371..77673dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ -FROM docker.io/library/golang:1.23-bookworm AS build +FROM docker.io/library/golang:latest AS build -RUN apt-get update && apt-get install -y tor-geoipdb ADD . /app @@ -8,11 +7,35 @@ WORKDIR /app/proxy RUN go get RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s' . +FROM containers.torproject.org/tpo/tpa/base-images/debian:bookworm as debian-base + +# Install dependencies to add Tor's repository. +RUN apt-get update && apt-get install -y \ + curl \ + gpg \ + gpg-agent \ + ca-certificates \ + libcap2-bin \ + --no-install-recommends + +# See: +RUN curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +RUN gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +RUN printf "deb https://deb.torproject.org/torproject.org bookworm main\n" >> /etc/apt/sources.list.d/tor.list + +# Install remaining dependencies. +RUN apt-get update && apt-get install -y \ + tor \ + tor-geoipdb \ + --no-install-recommends + + FROM scratch -COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo -COPY --from=build /usr/share/tor/geoip* /usr/share/tor/ +COPY --from=debian-base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=debian-base /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=debian-base /usr/share/tor/geoip* /usr/share/tor/ COPY --from=build /app/proxy/proxy /bin/proxy ENTRYPOINT [ "/bin/proxy" ] From 31f879aad56ff9e8209867e44d3a06a2bbbb3211 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 23 Jul 2025 12:03:03 -0400 Subject: [PATCH 39/78] Pull client IP from SDP for AMP cache rendezvous The remote address for AMP cache rendezvous is always geolocated to the AMP cache server address. For more accurate metrics on where this rendezvous method is used and working, we can pull the remote address directly from the client SDP sent in the poll request. --- broker/amp.go | 3 +-- broker/ipc.go | 20 +++++++++++++++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/broker/amp.go b/broker/amp.go index 1333c63..4d19a6c 100644 --- a/broker/amp.go +++ b/broker/amp.go @@ -9,7 +9,6 @@ import ( "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/amp" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages" - "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util" ) // ampClientOffers is the AMP-speaking endpoint for client poll messages, @@ -41,7 +40,7 @@ func ampClientOffers(i *IPC, w http.ResponseWriter, r *http.Request) { if err == nil { arg := messages.Arg{ Body: encPollReq, - RemoteAddr: util.GetClientIp(r), + RemoteAddr: "", RendezvousMethod: messages.RendezvousAmpCache, Context: ctx, } diff --git a/broker/ipc.go b/broker/ipc.go index 8154ef8..728363a 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -8,6 +8,7 @@ import ( "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/bridgefingerprint" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/constants" + "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util" "github.com/prometheus/client_golang/prometheus" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages" @@ -156,6 +157,19 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { return sendClientResponse(&messages.ClientPollResponse{Error: err.Error()}, response) } + // If we couldn't extract the remote IP from the rendezvous method + // pull it from the offer SDP + remoteAddr := arg.RemoteAddr + if remoteAddr == "" { + sdp, err := util.DeserializeSessionDescription(req.Offer) + if err == nil { + candidateAddrs := util.GetCandidateAddrs(sdp.SDP) + if len(candidateAddrs) > 0 { + remoteAddr = candidateAddrs[0].String() + } + } + } + offer := &ClientOffer{ natType: req.NAT, sdp: []byte(req.Offer), @@ -184,7 +198,7 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { if snowflake != nil { snowflake.offerChannel <- offer } else { - i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "denied") + i.ctx.metrics.UpdateClientStats(remoteAddr, arg.RendezvousMethod, offer.natType, "denied") resp := &messages.ClientPollResponse{Error: messages.StrNoProxies} return sendClientResponse(resp, response) } @@ -192,11 +206,11 @@ func (i *IPC) ClientOffers(arg messages.Arg, response *[]byte) error { // Wait for the answer to be returned on the channel or timeout. select { case answer := <-snowflake.answerChannel: - i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "matched") + i.ctx.metrics.UpdateClientStats(remoteAddr, arg.RendezvousMethod, offer.natType, "matched") resp := &messages.ClientPollResponse{Answer: answer} err = sendClientResponse(resp, response) case <-arg.Context.Done(): - i.ctx.metrics.UpdateClientStats(arg.RemoteAddr, arg.RendezvousMethod, offer.natType, "timeout") + i.ctx.metrics.UpdateClientStats(remoteAddr, arg.RendezvousMethod, offer.natType, "timeout") resp := &messages.ClientPollResponse{Error: messages.StrTimedOut} err = sendClientResponse(resp, response) } From 0bbcb1eca4b11a6c43a79158ce0fd8bcfdf5afb2 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 23 Jul 2025 12:44:44 -0400 Subject: [PATCH 40/78] Add test for AMP cache geolocation --- broker/snowflake-broker_test.go | 36 ++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index 90a6ef3..f7bbc16 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -47,7 +47,8 @@ var ( "a=candidate:1000 1 udp 2000 8.8.8.8 3000 typ host\r\n" + "a=end-of-candidates\r\n" - sid = "ymbcCMto7KHNGYlp" + rawOffer = `{"type":"offer","sdp":"v=0\r\no=- 4358805017720277108 2 IN IP4 0.0.0.0\r\ns=-\r\nt=0 0\r\na=group:BUNDLE data\r\na=msid-semantic: WMS\r\nm=application 56688 DTLS/SCTP 5000\r\nc=IN IP4 0.0.0.0\r\na=candidate:3769337065 1 udp 2122260223 129.97.208.23 56688 typ host generation 0 network-id 1 network-cost 50\r\na=candidate:2921887769 1 tcp 1518280447 129.97.208.23 35441 typ host tcptype passive generation 0 network-id 1 network-cost 50\r\na=ice-ufrag:aMAZ\r\na=ice-pwd:jcHb08Jjgrazp2dzjdrvPPvV\r\na=ice-options:trickle\r\na=fingerprint:sha-256 C8:88:EE:B9:E7:02:2E:21:37:ED:7A:D1:EB:2B:A3:15:A2:3B:5B:1C:3D:D4:D5:1F:06:CF:52:40:03:F8:DD:66\r\na=setup:actpass\r\na=mid:data\r\na=sctpmap:5000 webrtc-datachannel 1024\r\n"}` + sid = "ymbcCMto7KHNGYlp" ) func createClientOffer(sdp, nat, fingerprint string) (*bytes.Reader, error) { @@ -403,6 +404,39 @@ client-sqs-ips So(body, ShouldEqual, `{"error":"timed out waiting for answer!"}`) }) + Convey("and correctly geolocates remote addr.", func() { + err := ctx.metrics.LoadGeoipDatabases("test_geoip", "test_geoip6") + So(err, ShouldBeNil) + clientRequest := &messages.ClientPollRequest{ + Offer: rawOffer, + NAT: NATUnknown, + Fingerprint: "", + } + encOffer, err := clientRequest.EncodeClientPollRequest() + So(err, ShouldBeNil) + r, err = http.NewRequest("GET", "/amp/client/"+amp.EncodePath(encOffer), nil) + So(err, ShouldBeNil) + ampClientOffers(i, w, r) + So(w.Code, ShouldEqual, http.StatusOK) + body, err := decodeAMPArmorToString(w.Body) + So(err, ShouldBeNil) + So(body, ShouldEqual, `{"error":"no snowflake proxies currently available"}`) + + ctx.metrics.printMetrics() + So(buf.String(), ShouldContainSubstring, `client-denied-count 8 +client-restricted-denied-count 8 +client-unrestricted-denied-count 0 +client-snowflake-match-count 0 +client-snowflake-timeout-count 0 +client-http-count 0 +client-http-ips +client-ampcache-count 8 +client-ampcache-ips CA=8 +client-sqs-count 0 +client-sqs-ips +`) + }) + }) Convey("Responds to proxy polls...", func() { From 70974640ab35fd8b7d60a9c6875a40973fca8999 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 23 Jul 2025 12:45:37 -0400 Subject: [PATCH 41/78] Defer SQS client IP extraction to ClientOffers Now that both SQS and AMP cache are pulling remote addresses from the SDP, avoid duplicate decodings of the ClientPollRequest by extracting the remote addr in ClientOffers. --- broker/sqs.go | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/broker/sqs.go b/broker/sqs.go index 6ad6b8d..16a97c9 100644 --- a/broker/sqs.go +++ b/broker/sqs.go @@ -12,7 +12,6 @@ import ( "github.com/aws/aws-sdk-go-v2/service/sqs/types" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages" "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/sqsclient" - "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util" ) const ( @@ -148,26 +147,9 @@ func (r *sqsHandler) handleMessage(mainCtx context.Context, message *types.Messa encPollReq = []byte(*message.Body) - // Get best guess Client IP for geolocating - remoteAddr := "" - req, err := messages.DecodeClientPollRequest(encPollReq) - if err != nil { - log.Printf("SQSHandler: error encounted when decoding client poll request %s: %v\n", *clientID, err) - } else { - sdp, err := util.DeserializeSessionDescription(req.Offer) - if err != nil { - log.Printf("SQSHandler: error encounted when deserializing session desc %s: %v\n", *clientID, err) - } else { - candidateAddrs := util.GetCandidateAddrs(sdp.SDP) - if len(candidateAddrs) > 0 { - remoteAddr = candidateAddrs[0].String() - } - } - } - arg := messages.Arg{ Body: encPollReq, - RemoteAddr: remoteAddr, + RemoteAddr: "", RendezvousMethod: messages.RendezvousSqs, Context: ctx, } From b058b10a945bc7a2711487eefe227380761fcbd7 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 17:30:21 +0000 Subject: [PATCH 42/78] Express binCount using integer operations. No need to bring a float64 into this. --- broker/metrics.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index 99779b9..b40a898 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -8,7 +8,6 @@ package main import ( "fmt" "log" - "math" "net" "sort" "sync" @@ -276,9 +275,10 @@ func (m *Metrics) printMetrics() { m.logger.Println("snowflake-ips-nat-unknown", m.loadAndZero("proxy-nat-unknown")) } -// Rounds up a count to the nearest multiple of 8. +// binCount rounds count up to the next multiple of 8. Returns 0 on integer +// overflow. func binCount(count uint64) uint64 { - return uint64((math.Ceil(float64(count) / 8)) * 8) + return (count + 7) / 8 * 8 } type PromMetrics struct { From fed11184c7fc4fd6c375c822959344143d9c006c Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:00:38 +0000 Subject: [PATCH 43/78] Have records.Less express the order we want directly. The ordering is descending by count, then ascending by cc. Express that directly, rather than specifying the opposite ordering and using sort.Reverse. --- broker/metrics.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index b40a898..d9e0820 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -35,9 +35,9 @@ func (r records) Len() int { return len(r) } func (r records) Swap(i, j int) { r[i], r[j] = r[j], r[i] } func (r records) Less(i, j int) bool { if r[i].count == r[j].count { - return r[i].cc > r[j].cc + return r[i].cc < r[j].cc } - return r[i].count < r[j].count + return r[i].count > r[j].count } type Metrics struct { @@ -197,7 +197,7 @@ func displayCountryStats(m *sync.Map, binned bool) string { } return true }) - sort.Sort(sort.Reverse(rs)) + sort.Sort(rs) for _, r := range rs { count := uint64(r.count) if binned { From 6e0e5f9137f8073684545646806b50c56883fe7b Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:02:35 +0000 Subject: [PATCH 44/78] Express records.Less more clearly. --- broker/metrics.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index d9e0820..fa8f88e 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -34,10 +34,7 @@ type records []record func (r records) Len() int { return len(r) } func (r records) Swap(i, j int) { r[i], r[j] = r[j], r[i] } func (r records) Less(i, j int) bool { - if r[i].count == r[j].count { - return r[i].cc < r[j].cc - } - return r[i].count > r[j].count + return r[i].count > r[j].count || (r[i].count == r[j].count && r[i].cc < r[j].cc) } type Metrics struct { From 75daf2210fbc94a1e15e530d225179af4b3d8d98 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 17:53:55 +0000 Subject: [PATCH 45/78] Refactor displayCountryStats. Move the record types closer to where they are used. Use a strings.Builder rather than repeatedly concatenating strings (which creates garbage). Use the value that m.Range already provides us, don't look it up again with LoadAndDelete. Add documentation comments. --- broker/metrics.go | 69 +++++++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index fa8f88e..c4a9df7 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -10,6 +10,7 @@ import ( "log" "net" "sort" + "strings" "sync" "sync/atomic" "time" @@ -25,18 +26,6 @@ const ( metricsResolution = 60 * 60 * 24 * time.Second //86400 seconds ) -type record struct { - cc string - count uint64 -} -type records []record - -func (r records) Len() int { return len(r) } -func (r records) Swap(i, j int) { r[i], r[j] = r[j], r[i] } -func (r records) Less(i, j int) bool { - return r[i].count > r[j].count || (r[i].count == r[j].count && r[i].cc < r[j].cc) -} - type Metrics struct { logger *log.Logger geoipdb *geoip.Geoip @@ -180,35 +169,51 @@ func (m *Metrics) UpdateClientStats(addr string, rendezvousMethod messages.Rende }).Inc() } +// Types to facilitate sorting in displayCountryStats. +type record struct { + cc string + count uint64 +} +type records []record + +// Implementation of sort.Interface for records. The ordering is lexicographic: +// first by count (descending), then by cc (ascending). +func (r records) Len() int { return len(r) } +func (r records) Swap(i, j int) { r[i], r[j] = r[j], r[i] } +func (r records) Less(i, j int) bool { + return r[i].count > r[j].count || (r[i].count == r[j].count && r[i].cc < r[j].cc) +} + +// displayCountryStats takes a map from country codes to counts, and returns a +// formatted string of comma-separated CC=COUNT. Entries are sorted by count +// from largest to smallest. When counts are equal, entries are sorted by +// country code in ascending order. +// +// displayCountryStats has the side effect of deleting all entries in m. func displayCountryStats(m *sync.Map, binned bool) string { - output := "" - - // Use the records struct to sort our counts map by value. + // Extract entries from the map into a slice of records. rs := records{} - - m.Range(func(cc any, _ any) bool { - count, loaded := m.LoadAndDelete(cc) - ptr := count.(*uint64) - if loaded { - rs = append(rs, record{cc: cc.(string), count: *ptr}) - } + m.Range(func(cc, countPtr any) bool { + count := *countPtr.(*uint64) + rs = append(rs, record{cc: cc.(string), count: count}) + m.Delete(cc) return true }) + // Sort the records. sort.Sort(rs) - for _, r := range rs { - count := uint64(r.count) + // Format and concatenate. + var output strings.Builder + for i, r := range rs { + count := r.count if binned { count = binCount(count) } - output += fmt.Sprintf("%s=%d,", r.cc, count) + if i != 0 { + output.WriteString(",") + } + fmt.Fprintf(&output, "%s=%d", r.cc, count) } - - // cut off trailing "," - if len(output) > 0 { - return output[:len(output)-1] - } - - return output + return output.String() } func (m *Metrics) LoadGeoipDatabases(geoipDB string, geoip6DB string) error { From ed3bd99df6ecab8dfb461c035ed48a27218c9b6f Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:06:58 +0000 Subject: [PATCH 46/78] Rename displayCountryStats to formatAndClearCountryStats. The old name did not make it clear that the function has the side effect of clearing the map. --- broker/metrics.go | 20 ++++++++++---------- broker/snowflake-broker_test.go | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index c4a9df7..b735dfa 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -169,7 +169,7 @@ func (m *Metrics) UpdateClientStats(addr string, rendezvousMethod messages.Rende }).Inc() } -// Types to facilitate sorting in displayCountryStats. +// Types to facilitate sorting in formatAndClearCountryStats. type record struct { cc string count uint64 @@ -184,13 +184,13 @@ func (r records) Less(i, j int) bool { return r[i].count > r[j].count || (r[i].count == r[j].count && r[i].cc < r[j].cc) } -// displayCountryStats takes a map from country codes to counts, and returns a -// formatted string of comma-separated CC=COUNT. Entries are sorted by count -// from largest to smallest. When counts are equal, entries are sorted by +// formatAndClearCountryStats takes a map from country codes to counts, and +// returns a formatted string of comma-separated CC=COUNT. Entries are sorted by +// count from largest to smallest. When counts are equal, entries are sorted by // country code in ascending order. // -// displayCountryStats has the side effect of deleting all entries in m. -func displayCountryStats(m *sync.Map, binned bool) string { +// formatAndClearCountryStats has the side effect of deleting all entries in m. +func formatAndClearCountryStats(m *sync.Map, binned bool) string { // Extract entries from the map into a slice of records. rs := records{} m.Range(func(cc, countPtr any) bool { @@ -248,7 +248,7 @@ func (m *Metrics) printMetrics() { time.Now().UTC().Format("2006-01-02 15:04:05"), fmt.Sprintf("(%d s)", int(metricsResolution.Seconds())), ) - m.logger.Println("snowflake-ips", displayCountryStats(m.proxies, false)) + m.logger.Println("snowflake-ips", formatAndClearCountryStats(m.proxies, false)) m.logger.Printf("snowflake-ips-iptproxy %d\n", m.loadAndZero("proxy-iptproxy")) m.logger.Printf("snowflake-ips-standalone %d\n", m.loadAndZero("proxy-standalone")) m.logger.Printf("snowflake-ips-webext %d\n", m.loadAndZero("proxy-webext")) @@ -266,11 +266,11 @@ func (m *Metrics) printMetrics() { m.logger.Println("client-snowflake-timeout-count", binCount(m.loadAndZero("client-timeout"))) m.logger.Printf("client-http-count %d\n", binCount(m.loadAndZero("client-http"))) - m.logger.Printf("client-http-ips %s\n", displayCountryStats(m.clientHTTPPolls, true)) + m.logger.Printf("client-http-ips %s\n", formatAndClearCountryStats(m.clientHTTPPolls, true)) m.logger.Printf("client-ampcache-count %d\n", binCount(m.loadAndZero("client-amp"))) - m.logger.Printf("client-ampcache-ips %s\n", displayCountryStats(m.clientAMPPolls, true)) + m.logger.Printf("client-ampcache-ips %s\n", formatAndClearCountryStats(m.clientAMPPolls, true)) m.logger.Printf("client-sqs-count %d\n", binCount(m.loadAndZero("client-sqs"))) - m.logger.Printf("client-sqs-ips %s\n", displayCountryStats(m.clientSQSPolls, true)) + m.logger.Printf("client-sqs-ips %s\n", formatAndClearCountryStats(m.clientSQSPolls, true)) m.logger.Println("snowflake-ips-nat-restricted", m.loadAndZero("proxy-nat-restricted")) m.logger.Println("snowflake-ips-nat-unrestricted", m.loadAndZero("proxy-nat-unrestricted")) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index f7bbc16..04fa77d 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -1047,7 +1047,7 @@ snowflake-ips-nat-unknown 0 ptr := val.(*uint64) atomic.AddUint64(ptr, count) } - So(displayCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") }) }) } From ec39237e69f53ddc4c8ce2da70c53cf05da3c305 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:22:21 +0000 Subject: [PATCH 47/78] Add a test that formatAndClearCountryStats clears the map. --- broker/snowflake-broker_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index 04fa77d..c701753 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -1048,6 +1048,8 @@ snowflake-ips-nat-unknown 0 atomic.AddUint64(ptr, count) } So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + // The map should be cleared on return. + stats.Range(func(_, _ any) bool { panic("map was not cleared") }) }) }) } From cc0a33faeabd2db57f50c53ebaa9c33ebb050709 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:24:26 +0000 Subject: [PATCH 48/78] Move formatAndClearCountryStats test into a new metrics_test.go. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is more unit test–y. We don't need a full broker instantiation for testing this function, unlike other tests in snowflake-broker_test.go. --- broker/metrics_test.go | 33 +++++++++++++++++++++++++++++++++ broker/snowflake-broker_test.go | 22 ---------------------- 2 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 broker/metrics_test.go diff --git a/broker/metrics_test.go b/broker/metrics_test.go new file mode 100644 index 0000000..148bf4a --- /dev/null +++ b/broker/metrics_test.go @@ -0,0 +1,33 @@ +package main + +import ( + "sync" + "sync/atomic" + "testing" + + . "github.com/smartystreets/goconvey/convey" +) + +func TestFormatAndClearCountryStats(t *testing.T) { + Convey("for country stats order", t, func() { + stats := new(sync.Map) + for cc, count := range map[string]uint64{ + "IT": 50, + "FR": 200, + "TZ": 100, + "CN": 250, + "RU": 150, + "CA": 1, + "BE": 1, + "PH": 1, + } { + stats.LoadOrStore(cc, new(uint64)) + val, _ := stats.Load(cc) + ptr := val.(*uint64) + atomic.AddUint64(ptr, count) + } + So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + // The map should be cleared on return. + stats.Range(func(_, _ any) bool { panic("map was not cleared") }) + }) +} diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index c701753..152d527 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -11,7 +11,6 @@ import ( "net/http/httptest" "os" "sync" - "sync/atomic" "testing" "time" @@ -1030,26 +1029,5 @@ snowflake-ips-nat-unknown 0 ctx.metrics.printMetrics() So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 8\nclient-unrestricted-denied-count 0\nclient-snowflake-match-count 0") }) - Convey("for country stats order", func() { - stats := new(sync.Map) - for cc, count := range map[string]uint64{ - "IT": 50, - "FR": 200, - "TZ": 100, - "CN": 250, - "RU": 150, - "CA": 1, - "BE": 1, - "PH": 1, - } { - stats.LoadOrStore(cc, new(uint64)) - val, _ := stats.Load(cc) - ptr := val.(*uint64) - atomic.AddUint64(ptr, count) - } - So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") - // The map should be cleared on return. - stats.Range(func(_, _ any) bool { panic("map was not cleared") }) - }) }) } From bd04cd77527661f4bddc603b6e5bca8bebd1ae33 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 18:35:53 +0000 Subject: [PATCH 49/78] Refactor TestFormatAndClearCountryStats. --- broker/metrics_test.go | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/broker/metrics_test.go b/broker/metrics_test.go index 148bf4a..2507299 100644 --- a/broker/metrics_test.go +++ b/broker/metrics_test.go @@ -2,31 +2,34 @@ package main import ( "sync" - "sync/atomic" "testing" . "github.com/smartystreets/goconvey/convey" ) func TestFormatAndClearCountryStats(t *testing.T) { - Convey("for country stats order", t, func() { + Convey("given a mapping of country stats", t, func() { stats := new(sync.Map) - for cc, count := range map[string]uint64{ - "IT": 50, - "FR": 200, - "TZ": 100, - "CN": 250, - "RU": 150, - "CA": 1, - "BE": 1, - "PH": 1, + for _, record := range []struct { + cc string + count uint64 + }{ + {"IT", 50}, + {"FR", 200}, + {"TZ", 100}, + {"CN", 250}, + {"RU", 150}, + {"CA", 1}, + {"BE", 1}, + {"PH", 1}, } { - stats.LoadOrStore(cc, new(uint64)) - val, _ := stats.Load(cc) - ptr := val.(*uint64) - atomic.AddUint64(ptr, count) + stats.Store(record.cc, &record.count) } - So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + + Convey("the order should be correct with binned=false", func() { + So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + }) + // The map should be cleared on return. stats.Range(func(_, _ any) bool { panic("map was not cleared") }) }) From 9946c0f1d81674509f400d3f873a9d176ac2f906 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 19:02:07 +0000 Subject: [PATCH 50/78] Add a test for formatAndClearCountryStats with binned=true. --- broker/metrics_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/broker/metrics_test.go b/broker/metrics_test.go index 2507299..0715aad 100644 --- a/broker/metrics_test.go +++ b/broker/metrics_test.go @@ -30,6 +30,10 @@ func TestFormatAndClearCountryStats(t *testing.T) { So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") }) + Convey("the order should be correct with binned=true", func() { + So(formatAndClearCountryStats(stats, true), ShouldEqual, "CN=256,FR=200,RU=152,TZ=104,IT=56,BE=8,CA=8,PH=8") + }) + // The map should be cleared on return. stats.Range(func(_, _ any) bool { panic("map was not cleared") }) }) From 7a003c9bb128e02d9fd928145971c504a85ac18e Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 19:03:09 +0000 Subject: [PATCH 51/78] Add a failing test for ordering of country stats that bin to the same value. --- broker/metrics_test.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/broker/metrics_test.go b/broker/metrics_test.go index 0715aad..fad1958 100644 --- a/broker/metrics_test.go +++ b/broker/metrics_test.go @@ -22,16 +22,23 @@ func TestFormatAndClearCountryStats(t *testing.T) { {"CA", 1}, {"BE", 1}, {"PH", 1}, + // The next 3 bin to the same value, 112. When not + // binned, they should go in the order MY,ZA,AT (ordered + // by count). When binned, they should go in the order + // AT,MY,ZA (ordered by country code). + {"AT", 105}, + {"MY", 112}, + {"ZA", 108}, } { stats.Store(record.cc, &record.count) } Convey("the order should be correct with binned=false", func() { - So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,TZ=100,IT=50,BE=1,CA=1,PH=1") + So(formatAndClearCountryStats(stats, false), ShouldEqual, "CN=250,FR=200,RU=150,MY=112,ZA=108,AT=105,TZ=100,IT=50,BE=1,CA=1,PH=1") }) Convey("the order should be correct with binned=true", func() { - So(formatAndClearCountryStats(stats, true), ShouldEqual, "CN=256,FR=200,RU=152,TZ=104,IT=56,BE=8,CA=8,PH=8") + So(formatAndClearCountryStats(stats, true), ShouldEqual, "CN=256,FR=200,RU=152,AT=112,MY=112,ZA=112,TZ=104,IT=56,BE=8,CA=8,PH=8") }) // The map should be cleared on return. From 74c39cc8e9ceede41524be8c0fc5220579829e55 Mon Sep 17 00:00:00 2001 From: David Fifield Date: Fri, 15 Aug 2025 19:09:50 +0000 Subject: [PATCH 52/78] Bin country stats counts before sorting, not after. This avoids an information leak where, if two countries have the same count but are not in alphabetical order, you know the first one had a larger count than the second one before binning. Example: AA=25,BB=27 Without binning, these should sort descending by count: BB=27,AA=25 But with binning, the counts are the same, so it should sort ascending by country code: AA=32,BB=32 Before this change, BB would sort before AA even after binning, which lets you infer that the count of BB was greater than the count of AA *before* binning: BB=32,AA=32 --- broker/metrics.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/broker/metrics.go b/broker/metrics.go index b735dfa..748f42c 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -191,10 +191,14 @@ func (r records) Less(i, j int) bool { // // formatAndClearCountryStats has the side effect of deleting all entries in m. func formatAndClearCountryStats(m *sync.Map, binned bool) string { - // Extract entries from the map into a slice of records. + // Extract entries from the map into a slice of records, binning counts + // if asked to.. rs := records{} m.Range(func(cc, countPtr any) bool { count := *countPtr.(*uint64) + if binned { + count = binCount(count) + } rs = append(rs, record{cc: cc.(string), count: count}) m.Delete(cc) return true @@ -204,14 +208,10 @@ func formatAndClearCountryStats(m *sync.Map, binned bool) string { // Format and concatenate. var output strings.Builder for i, r := range rs { - count := r.count - if binned { - count = binCount(count) - } if i != 0 { output.WriteString(",") } - fmt.Fprintf(&output, "%s=%d", r.cc, count) + fmt.Fprintf(&output, "%s=%d", r.cc, r.count) } return output.String() } From fd42bcea8af64e1ffa6a7d5dcc10a2e293f5cafa Mon Sep 17 00:00:00 2001 From: David Fifield Date: Tue, 19 Aug 2025 14:50:23 +0000 Subject: [PATCH 53/78] Comment typo. --- broker/metrics.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/broker/metrics.go b/broker/metrics.go index 748f42c..cef62b3 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -192,7 +192,7 @@ func (r records) Less(i, j int) bool { // formatAndClearCountryStats has the side effect of deleting all entries in m. func formatAndClearCountryStats(m *sync.Map, binned bool) string { // Extract entries from the map into a slice of records, binning counts - // if asked to.. + // if asked to. rs := records{} m.Range(func(cc, countPtr any) bool { count := *countPtr.(*uint64) From f4027c11286b319e27aad5d8f7ccdf95caab2033 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 14 Aug 2025 14:30:32 -0400 Subject: [PATCH 54/78] Use Go 1.24 for android CI job gomobile now requres go >= 1.24.0 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2cb0cf1..ebdf462 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -102,7 +102,7 @@ variables: # -- jobs ------------------------------------------------------------ android: - image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_OLD_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.24-$DEBIAN_OLD_STABLE variables: ANDROID_HOME: /usr/lib/android-sdk LANG: C.UTF-8 From ca07f5744865e1d992693e52bc217dc1869e2d4d Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Tue, 5 Aug 2025 14:24:46 +0100 Subject: [PATCH 55/78] Remove s390x from container building targets --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ebdf462..f9cc46c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -311,7 +311,6 @@ build-container: matrix: - ARCH: amd64 - ARCH: arm64 - - ARCH: s390x tags: - $ARCH image: @@ -345,7 +344,7 @@ merge-manifests: --username="${CI_REGISTRY_USER}" --password="${CI_REGISTRY_PASSWORD}" push from-args - --platforms linux/amd64,linux/arm64,linux/s390x + --platforms linux/amd64,linux/arm64 --template "${CI_REGISTRY_IMAGE}:${TAG}_ARCH" --target "${CI_REGISTRY_IMAGE}:${TAG}" rules: From 14b8cde3da22c665027889bb1afc50c6d88df207 Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Tue, 5 Aug 2025 16:08:43 +0100 Subject: [PATCH 56/78] Update probetest container images to build binary and reduce final image size with multiple stages --- probetest/Dockerfile | 29 +++++++++++++++++++++++++++-- probetest/README.md | 7 +++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/probetest/Dockerfile b/probetest/Dockerfile index f73fbc1..63fdd44 100644 --- a/probetest/Dockerfile +++ b/probetest/Dockerfile @@ -1,3 +1,28 @@ -FROM golang:1.23 +FROM docker.io/library/golang:latest AS build -COPY probetest /go/bin + +ADD . /app + +WORKDIR /app/probetest +RUN go get +RUN CGO_ENABLED=0 go build -o probetest -ldflags '-extldflags "-static" -w -s' . + +FROM containers.torproject.org/tpo/tpa/base-images/debian:bookworm as debian-base + +RUN apt-get update && apt-get install -y \ + curl \ + gpg \ + gpg-agent \ + ca-certificates \ + libcap2-bin \ + --no-install-recommends + +FROM scratch + +COPY --from=debian-base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=debian-base /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=build /app/probetest/probetest /bin/probetest + +ENTRYPOINT [ "/bin/probetest" ] + +LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org" diff --git a/probetest/README.md b/probetest/README.md index 44c7837..41451a9 100644 --- a/probetest/README.md +++ b/probetest/README.md @@ -24,6 +24,13 @@ but you should use TLS in production. To build the probe server, run ```go build``` +Or alternatively: + +``` +cd .. # switch to the repo root directory or $(git rev-parse --show-toplevel) +docker build -t snowflake-probetest -f probetest/Dockerfile . +``` + To deploy the probe server, first set the necessary env variables with ``` export HOSTNAMES=${YOUR HOSTNAMES} From 43a35655ad5e48fa3963397a417cdbb133af218f Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 14 Aug 2025 14:03:37 -0400 Subject: [PATCH 57/78] Add failing test for cleared IP map We are not clearing the map of seen IP addresses when metrics are printed, resulting in lower than expected unique IP address counts for daily metrics. See https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40472 --- broker/snowflake-broker_test.go | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index 152d527..605ea37 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -1029,5 +1029,43 @@ snowflake-ips-nat-unknown 0 ctx.metrics.printMetrics() So(buf.String(), ShouldContainSubstring, "client-denied-count 8\nclient-restricted-denied-count 8\nclient-unrestricted-denied-count 0\nclient-snowflake-match-count 0") }) + Convey("that seen IPs map is cleared after each print", func() { + w := httptest.NewRecorder() + data := bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}")) + r, err := http.NewRequest("POST", "snowflake.broker/proxy", data) + r.RemoteAddr = "129.97.208.23" //CA geoip + So(err, ShouldBeNil) + go func(i *IPC) { + proxyPolls(i, w, r) + done <- true + }(i) + p := <-ctx.proxyPolls //manually unblock poll + p.offerChannel <- nil + <-done + + ctx.metrics.printMetrics() + So(buf.String(), ShouldContainSubstring, "snowflake-ips CA=1") + So(buf.String(), ShouldContainSubstring, "snowflake-ips-total 1") + buf.Reset() + + w = httptest.NewRecorder() + data = bytes.NewReader([]byte("{\"Sid\":\"ymbcCMto7KHNGYlp\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}")) + r, err = http.NewRequest("POST", "snowflake.broker/proxy", data) + r.RemoteAddr = "129.97.208.23" //CA geoip + So(err, ShouldBeNil) + go func(i *IPC) { + proxyPolls(i, w, r) + done <- true + }(i) + p = <-ctx.proxyPolls //manually unblock poll + p.offerChannel <- nil + <-done + + ctx.metrics.printMetrics() + So(buf.String(), ShouldContainSubstring, "snowflake-ips CA=1") + So(buf.String(), ShouldContainSubstring, "snowflake-ips-total 1") + buf.Reset() + + }) }) } From c8b0b3160147a0a3337c9f35596964decb7782a7 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 14 Aug 2025 14:06:46 -0400 Subject: [PATCH 58/78] Clear map of seen proxy IP addresses We were not previously clearing the map we keep of seen IP addresses, which resulted in our unique proxy IP counts representing churn rather than unique IP counts per day, except during broker process restarts. --- broker/metrics.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/broker/metrics.go b/broker/metrics.go index cef62b3..a09691b 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -275,6 +275,8 @@ func (m *Metrics) printMetrics() { m.logger.Println("snowflake-ips-nat-restricted", m.loadAndZero("proxy-nat-restricted")) m.logger.Println("snowflake-ips-nat-unrestricted", m.loadAndZero("proxy-nat-unrestricted")) m.logger.Println("snowflake-ips-nat-unknown", m.loadAndZero("proxy-nat-unknown")) + + m.ips.Clear() } // binCount rounds count up to the next multiple of 8. Returns 0 on integer From 2740e1bbf93b7e48f8cf8d27b2dfa4fe0841ed5e Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 14 Aug 2025 21:35:34 -0400 Subject: [PATCH 59/78] Bump minimum supported go version to 1.23.0 --- .gitlab-ci.yml | 10 +++++----- go.mod | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f9cc46c..face66e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -152,15 +152,15 @@ android: - go get golang.org/x/mobile/bind - gomobile bind -v -target=android $REPRODUCIBLE_FLAGS . -go-1.22: - image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE +go-1.23: + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: - *go-test -go-1.23: - image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE +go-1.24: + image: ${DOCKER_REGISTRY_URL}/golang:1.24-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: @@ -174,7 +174,7 @@ debian-testing: - *go-test shadow-integration: - image: ${DOCKER_REGISTRY_URL}/golang:1.22-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE variables: SHADOW_VERSION: "27d0bcf2cf1c7f0d403b6ad3efd575e45ae93126" TGEN_VERSION: "v1.1.2" diff --git a/go.mod b/go.mod index 5cb329d..8d4b700 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2 -go 1.22.0 +go 1.23.0 require ( github.com/aws/aws-sdk-go-v2 v1.37.1 From 06c6fd0683b91bd2821e6242c53cf6ebe784aca2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 20 Aug 2025 13:41:27 +0000 Subject: [PATCH 60/78] Update module golang.org/x/net to v0.38.0 [SECURITY] --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 8d4b700..39f4bc7 100644 --- a/go.mod +++ b/go.mod @@ -26,9 +26,9 @@ require ( gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 - golang.org/x/crypto v0.33.0 - golang.org/x/net v0.35.0 - golang.org/x/sys v0.30.0 + golang.org/x/crypto v0.36.0 + golang.org/x/net v0.38.0 + golang.org/x/sys v0.31.0 ) require ( @@ -78,8 +78,8 @@ require ( github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect golang.org/x/mod v0.23.0 // indirect - golang.org/x/sync v0.11.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/text v0.23.0 // indirect golang.org/x/tools v0.30.0 // indirect google.golang.org/protobuf v1.36.5 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 3d322b8..e95c7cc 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -203,8 +203,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= -golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -212,8 +212,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -226,8 +226,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -235,8 +235,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= From 3a38526aa15e64743419eb638144eca0c024a424 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 20 Aug 2025 13:52:32 +0000 Subject: [PATCH 61/78] Update module golang.org/x/sys to v0.35.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 39f4bc7..9b3c300 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 golang.org/x/crypto v0.36.0 golang.org/x/net v0.38.0 - golang.org/x/sys v0.31.0 + golang.org/x/sys v0.35.0 ) require ( diff --git a/go.sum b/go.sum index e95c7cc..64302a9 100644 --- a/go.sum +++ b/go.sum @@ -226,8 +226,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= From a5ffa128cff511b40f2cdfd7739cb9614fc85f7a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 20 Aug 2025 19:14:00 +0000 Subject: [PATCH 62/78] Update module github.com/aws/aws-sdk-go-v2/credentials to v1.18.5 --- go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 9b3c300..b734510 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.23.0 require ( - github.com/aws/aws-sdk-go-v2 v1.37.1 + github.com/aws/aws-sdk-go-v2 v1.38.0 github.com/aws/aws-sdk-go-v2/config v1.30.2 - github.com/aws/aws-sdk-go-v2/credentials v1.18.2 + github.com/aws/aws-sdk-go-v2/credentials v1.18.5 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -33,15 +33,15 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.26.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.35.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 // indirect github.com/aws/smithy-go v1.22.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 64302a9..349556d 100644 --- a/go.sum +++ b/go.sum @@ -2,32 +2,32 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.37.1 h1:SMUxeNz3Z6nqGsXv0JuJXc8w5YMtrQMuIBmDx//bBDY= -github.com/aws/aws-sdk-go-v2 v1.37.1/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= +github.com/aws/aws-sdk-go-v2 v1.38.0 h1:UCRQ5mlqcFk9HJDIqENSLR3wiG1VTWlyUfLDEvY7RxU= +github.com/aws/aws-sdk-go-v2 v1.38.0/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= github.com/aws/aws-sdk-go-v2/config v1.30.2 h1:YE1BmSc4fFYqFgN1mN8uzrtc7R9x+7oSWeX8ckoltAw= github.com/aws/aws-sdk-go-v2/config v1.30.2/go.mod h1:UNrLGZ6jfAVjgVJpkIxjLufRJqTXCVYOpkeVf83kwBo= -github.com/aws/aws-sdk-go-v2/credentials v1.18.2 h1:mfm0GKY/PHLhs7KO0sUaOtFnIQ15Qqxt+wXbO/5fIfs= -github.com/aws/aws-sdk-go-v2/credentials v1.18.2/go.mod h1:v0SdJX6ayPeZFQxgXUKw5RhLpAoZUuynxWDfh8+Eknc= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1 h1:owmNBboeA0kHKDcdF8KiSXmrIuXZustfMGGytv6OMkM= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.1/go.mod h1:Bg1miN59SGxrZqlP8vJZSmXW+1N8Y1MjQDq1OfuNod8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 h1:ksZXBYv80EFTcgc8OJO48aQ8XDWXIQL7gGasPeCoTzI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1/go.mod h1:HSksQyyJETVZS7uM54cir0IgxttTD+8aEoJMPGepHBI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 h1:+dn/xF/05utS7tUhjIcndbuaPjfll2LhbH1cCDGLYUQ= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1/go.mod h1:hyAGz30LHdm5KBZDI58MXx5lDVZ5CUfvfTZvMu4HCZo= +github.com/aws/aws-sdk-go-v2/credentials v1.18.5 h1:DATc1xnpHUV8VgvtnVQul+zuCwK6vz7gtkbKEUZcuNI= +github.com/aws/aws-sdk-go-v2/credentials v1.18.5/go.mod h1:y7aigZzjm1jUZuCgOrlBng+VJrKkknY2Cl0JWxG7vHU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 h1:o9RnO+YZ4X+kt5Z7Nvcishlz0nksIt2PIzDglLMP0vA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3/go.mod h1:+6aLJzOG1fvMOyzIySYjOFjcguGvVRL68R+uoRencN4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 h1:joyyUFhiTQQmVK6ImzNU9TQSNRNeD9kOklqTzyk5v6s= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3/go.mod h1:+vNIyZQP3b3B1tSLI0lxvrU9cfM7gpdRXMFfm67ZcPc= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 h1:ky79ysLMxhwk5rxJtS+ILd3Mc8kC5fhsLBrP27r6h4I= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1/go.mod h1:+2MmkvFvPYM1vsozBWduoLJUi5maxFk5B7KJFECujhY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 h1:KNgVWw8qbPzjYnIF1gL0EAszy6VKGnmUK6VSm1huYY8= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= -github.com/aws/aws-sdk-go-v2/service/sso v1.26.1 h1:uWaz3DoNK9MNhm7i6UGxqufwu3BEuJZm72WlpGwyVtY= -github.com/aws/aws-sdk-go-v2/service/sso v1.26.1/go.mod h1:ILpVNjL0BO+Z3Mm0SbEeUoYS9e0eJWV1BxNppp0fcb8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1 h1:XdG6/o1/ZDmn3wJU5SRAejHaWgKS4zHv0jBamuKuS2k= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.1/go.mod h1:oiotGTKadCOCl3vg/tYh4k45JlDF81Ka8rdumNhEnIQ= -github.com/aws/aws-sdk-go-v2/service/sts v1.35.1 h1:iF4Xxkc0H9c/K2dS0zZw3SCkj0Z7n6AMnUiiyoJND+I= -github.com/aws/aws-sdk-go-v2/service/sts v1.35.1/go.mod h1:0bxIatfN0aLq4mjoLDeBpOjOke68OsFlXPDFJ7V0MYw= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 h1:YfsU8hHGvVT+c6Q8MUs8haDbFQajAImrB7yZ9XnPcBY= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.1/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 h1:b4REsk5C0hooowAPmV8fS2haHb+HCyb5FKSKOZRBBfU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1/go.mod h1:59qHWaY5B+Rs7HGTuVGaC32m0rdpQ68N8QCN3khYiqs= +github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 h1:ssCHKyNJqTnqRH4Vlf+jI0brtGQYBvzWwnATsOMk1mk= +github.com/aws/aws-sdk-go-v2/service/sts v1.37.1/go.mod h1:JdeBDPgpJfuS6rU/hNglmOigKhyEZtBmbraLE4GK1J8= github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 21d0d913f4c13e7990d773bb372135144f86f1d2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 20 Aug 2025 14:18:03 +0000 Subject: [PATCH 63/78] Update module github.com/xtaci/smux to v1.5.35 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b734510..90fd447 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/stretchr/testify v1.10.0 github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 github.com/xtaci/kcp-go/v5 v5.6.8 - github.com/xtaci/smux v1.5.34 + github.com/xtaci/smux v1.5.35 gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 diff --git a/go.sum b/go.sum index 349556d..140454f 100644 --- a/go.sum +++ b/go.sum @@ -166,8 +166,8 @@ github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae/go.mod h1:gXtu8J62kEgmN++bm9BVICuT/e8yiLI2KFobd/TRFsE= -github.com/xtaci/smux v1.5.34 h1:OUA9JaDFHJDT8ZT3ebwLWPAgEfE6sWo2LaTy3anXqwg= -github.com/xtaci/smux v1.5.34/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7IGY= +github.com/xtaci/smux v1.5.35 h1:RosihGJBeaS8gxOZ17HNxbhONwnqQwNwusHx4+SEGhk= +github.com/xtaci/smux v1.5.35/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7IGY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 h1:4949mHh9Vj2/okk48yG8nhP6TosFWOUfSfSr502sKGE= From f777a93b29c5e36dca7fcb176e9572052bd66c63 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Thu, 14 Aug 2025 08:39:29 -0400 Subject: [PATCH 64/78] Add failing concurrency test This test fails when run with go test -v -race due to data races in calls to prometheus update functions. --- broker/snowflake-broker_test.go | 65 +++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/broker/snowflake-broker_test.go b/broker/snowflake-broker_test.go index 605ea37..3eb4ba5 100644 --- a/broker/snowflake-broker_test.go +++ b/broker/snowflake-broker_test.go @@ -3,6 +3,8 @@ package main import ( "bytes" "container/heap" + "crypto/rand" + "encoding/base64" "encoding/hex" "fmt" "io" @@ -10,6 +12,7 @@ import ( "net/http" "net/http/httptest" "os" + "strings" "sync" "testing" "time" @@ -1069,3 +1072,65 @@ snowflake-ips-nat-unknown 0 }) }) } + +func TestConcurrency(t *testing.T) { + Convey("Test concurency with", t, func() { + ctx := NewBrokerContext(NullLogger(), "snowflake.torproject.net") + i := &IPC{ctx} + Convey("multiple simultaneous polls", func(c C) { + go ctx.Broker() + + var proxies sync.WaitGroup + var wg sync.WaitGroup + + proxies.Add(1000) + // Multiple proxy polls + for x := 0; x < 1000; x++ { + wp := httptest.NewRecorder() + buf := make([]byte, 16) + _, err := rand.Read(buf) + id := strings.TrimRight(base64.StdEncoding.EncodeToString(buf), "=") + + datap := bytes.NewReader([]byte(fmt.Sprintf("{\"Sid\": \"%s\",\"Version\":\"1.0\",\"AcceptedRelayPattern\":\"snowflake.torproject.net\"}", id))) + rp, err := http.NewRequest("POST", "snowflake.broker/proxy", datap) + So(err, ShouldBeNil) + + go func() { + proxies.Done() + proxyPolls(i, wp, rp) + c.So(wp.Code, ShouldEqual, http.StatusOK) + + // Proxy answers + wp = httptest.NewRecorder() + datap, err = createProxyAnswer(sdp, id) + c.So(err, ShouldBeNil) + rp, err = http.NewRequest("POST", "snowflake.broker/answer", datap) + c.So(err, ShouldBeNil) + go func() { + proxyAnswers(i, wp, rp) + }() + }() + } + // Wait for all proxies to poll before sending client offers + proxies.Wait() + + // Multiple client offers + for x := 0; x < 500; x++ { + wg.Add(1) + wc := httptest.NewRecorder() + datac, err := createClientOffer(sdp, NATUnrestricted, "") + So(err, ShouldBeNil) + rc, err := http.NewRequest("POST", "snowflake.broker/client", datac) + So(err, ShouldBeNil) + + go func() { + clientOffers(i, wc, rc) + c.So(wc.Code, ShouldEqual, http.StatusOK) + c.So(wc.Body.String(), ShouldContainSubstring, "8.8.8.8") + wg.Done() + }() + } + wg.Wait() + }) + }) +} From 5b9f7fc7bdb946df93fd1ce1780aa41fef94a939 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 20 Aug 2025 16:42:16 -0400 Subject: [PATCH 65/78] Bump version of ptutil to fix safeprom data race --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 90fd447..c5c9963 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/xtaci/smux v1.5.35 gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 - gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 + gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315 golang.org/x/crypto v0.36.0 golang.org/x/net v0.38.0 golang.org/x/sys v0.35.0 diff --git a/go.sum b/go.sum index 140454f..99391e5 100644 --- a/go.sum +++ b/go.sum @@ -176,6 +176,8 @@ gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 h1 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0/go.mod h1:70bhd4JKW/+1HLfm+TMrgHJsUHG4coelMWwiVEJ2gAg= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 h1:pwWCiqrB6b3SynILsv3M+76utmcgMiTZ2aqfccjWmxo= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3/go.mod h1:PK7EvweKeypdelDyh1m7N922aldSeCAG8n0lJ7RAXWQ= +gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315 h1:9lmXguW9aH5sdZR5h5jOrdInCt0tQ9NRa7+wFD4MQBk= +gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315/go.mod h1:PK7EvweKeypdelDyh1m7N922aldSeCAG8n0lJ7RAXWQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= From 2114f02ae42278567448ce73b8d331f6e50d6d92 Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Wed, 27 Aug 2025 15:58:56 +0100 Subject: [PATCH 66/78] Replace utls with patch version with backport for tls downgrade fix --- go.mod | 2 ++ go.sum | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c5c9963..df9fa59 100644 --- a/go.mod +++ b/go.mod @@ -84,3 +84,5 @@ require ( google.golang.org/protobuf v1.36.5 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/refraction-networking/utls v1.6.7 => gitlab.torproject.org/shelikhoo/utls-temporary v0.0.0-20250428152032-7f32539913c8 diff --git a/go.sum b/go.sum index 99391e5..d4b9b0b 100644 --- a/go.sum +++ b/go.sum @@ -138,8 +138,6 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/realclientip/realclientip-go v1.0.0 h1:+yPxeC0mEaJzq1BfCt2h4BxlyrvIIBzR6suDc3BEF1U= github.com/realclientip/realclientip-go v1.0.0/go.mod h1:CXnUdVwFRcXFJIRb/dTYqbT7ud48+Pi2pFm80bxDmcI= -github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM= -github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY= @@ -170,12 +168,12 @@ github.com/xtaci/smux v1.5.35 h1:RosihGJBeaS8gxOZ17HNxbhONwnqQwNwusHx4+SEGhk= github.com/xtaci/smux v1.5.35/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7IGY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +gitlab.torproject.org/shelikhoo/utls-temporary v0.0.0-20250428152032-7f32539913c8 h1:zZ1r9UjJ4qSPoLZG/vzITRsO0Qacpm20HlRAg7JVJ8Y= +gitlab.torproject.org/shelikhoo/utls-temporary v0.0.0-20250428152032-7f32539913c8/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 h1:4949mHh9Vj2/okk48yG8nhP6TosFWOUfSfSr502sKGE= gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01/go.mod h1:K3LOI4H8fa6j+7E10ViHeGEQV10304FG4j94ypmKLjY= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 h1:KD9m+mRBwtEdqe94Sv72uiedMWeRdIr4sXbrRyzRiIo= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0/go.mod h1:70bhd4JKW/+1HLfm+TMrgHJsUHG4coelMWwiVEJ2gAg= -gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3 h1:pwWCiqrB6b3SynILsv3M+76utmcgMiTZ2aqfccjWmxo= -gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250130151315-efaf4e0ec0d3/go.mod h1:PK7EvweKeypdelDyh1m7N922aldSeCAG8n0lJ7RAXWQ= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315 h1:9lmXguW9aH5sdZR5h5jOrdInCt0tQ9NRa7+wFD4MQBk= gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315/go.mod h1:PK7EvweKeypdelDyh1m7N922aldSeCAG8n0lJ7RAXWQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= From 046946fbcb308c1b9791a1288e1225226c4ba77b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 29 Aug 2025 19:57:08 +0000 Subject: [PATCH 67/78] Update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.42.3 --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index df9fa59..a5379c1 100644 --- a/go.mod +++ b/go.mod @@ -3,10 +3,10 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.23.0 require ( - github.com/aws/aws-sdk-go-v2 v1.38.0 + github.com/aws/aws-sdk-go-v2 v1.38.3 github.com/aws/aws-sdk-go-v2/config v1.30.2 github.com/aws/aws-sdk-go-v2/credentials v1.18.5 - github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 + github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 @@ -34,15 +34,15 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 // indirect - github.com/aws/smithy-go v1.22.5 // indirect + github.com/aws/smithy-go v1.23.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect diff --git a/go.sum b/go.sum index d4b9b0b..b0cf45a 100644 --- a/go.sum +++ b/go.sum @@ -2,34 +2,34 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.38.0 h1:UCRQ5mlqcFk9HJDIqENSLR3wiG1VTWlyUfLDEvY7RxU= -github.com/aws/aws-sdk-go-v2 v1.38.0/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= +github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk= +github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= github.com/aws/aws-sdk-go-v2/config v1.30.2 h1:YE1BmSc4fFYqFgN1mN8uzrtc7R9x+7oSWeX8ckoltAw= github.com/aws/aws-sdk-go-v2/config v1.30.2/go.mod h1:UNrLGZ6jfAVjgVJpkIxjLufRJqTXCVYOpkeVf83kwBo= github.com/aws/aws-sdk-go-v2/credentials v1.18.5 h1:DATc1xnpHUV8VgvtnVQul+zuCwK6vz7gtkbKEUZcuNI= github.com/aws/aws-sdk-go-v2/credentials v1.18.5/go.mod h1:y7aigZzjm1jUZuCgOrlBng+VJrKkknY2Cl0JWxG7vHU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 h1:o9RnO+YZ4X+kt5Z7Nvcishlz0nksIt2PIzDglLMP0vA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3/go.mod h1:+6aLJzOG1fvMOyzIySYjOFjcguGvVRL68R+uoRencN4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 h1:joyyUFhiTQQmVK6ImzNU9TQSNRNeD9kOklqTzyk5v6s= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3/go.mod h1:+vNIyZQP3b3B1tSLI0lxvrU9cfM7gpdRXMFfm67ZcPc= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= -github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5 h1:KNgVWw8qbPzjYnIF1gL0EAszy6VKGnmUK6VSm1huYY8= -github.com/aws/aws-sdk-go-v2/service/sqs v1.38.5/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 h1:0dWg1Tkz3FnEo48DgAh7CT22hYyMShly8WMd3sGx0xI= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3/go.mod h1:hpOo4IGPfGPlHRcf2nizYAzKfz8GzbQ8tTDIUR4H4GQ= github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 h1:YfsU8hHGvVT+c6Q8MUs8haDbFQajAImrB7yZ9XnPcBY= github.com/aws/aws-sdk-go-v2/service/sso v1.28.1/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 h1:b4REsk5C0hooowAPmV8fS2haHb+HCyb5FKSKOZRBBfU= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1/go.mod h1:59qHWaY5B+Rs7HGTuVGaC32m0rdpQ68N8QCN3khYiqs= github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 h1:ssCHKyNJqTnqRH4Vlf+jI0brtGQYBvzWwnATsOMk1mk= github.com/aws/aws-sdk-go-v2/service/sts v1.37.1/go.mod h1:JdeBDPgpJfuS6rU/hNglmOigKhyEZtBmbraLE4GK1J8= -github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= -github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= +github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= +github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= From e4261cd54502a7633af37da8257e6bb1af53d7ec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 1 Sep 2025 14:03:10 +0000 Subject: [PATCH 68/78] Update module github.com/pion/webrtc/v4 to v4.1.4 --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index a5379c1..156231b 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pion/sdp/v3 v3.0.15 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 - github.com/pion/webrtc/v4 v4.1.2 + github.com/pion/webrtc/v4 v4.1.4 github.com/prometheus/client_golang v1.22.0 github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 @@ -56,16 +56,16 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/pion/datachannel v1.5.10 // indirect - github.com/pion/dtls/v3 v3.0.6 // indirect + github.com/pion/dtls/v3 v3.0.7 // indirect github.com/pion/interceptor v0.1.40 // indirect - github.com/pion/logging v0.2.3 // indirect + github.com/pion/logging v0.2.4 // indirect github.com/pion/mdns/v2 v2.0.7 // indirect github.com/pion/randutil v0.1.0 // indirect github.com/pion/rtcp v1.2.15 // indirect - github.com/pion/rtp v1.8.18 // indirect + github.com/pion/rtp v1.8.21 // indirect github.com/pion/sctp v1.8.39 // indirect - github.com/pion/srtp/v3 v3.0.5 // indirect - github.com/pion/turn/v4 v4.0.0 // indirect + github.com/pion/srtp/v3 v3.0.7 // indirect + github.com/pion/turn/v4 v4.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect diff --git a/go.sum b/go.sum index b0cf45a..4818f8c 100644 --- a/go.sum +++ b/go.sum @@ -93,36 +93,36 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o= github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= -github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E= -github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU= +github.com/pion/dtls/v3 v3.0.7 h1:bItXtTYYhZwkPFk4t1n3Kkf5TDrfj6+4wG+CZR8uI9Q= +github.com/pion/dtls/v3 v3.0.7/go.mod h1:uDlH5VPrgOQIw59irKYkMudSFprY9IEFCqz/eTz16f8= github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4= github.com/pion/interceptor v0.1.40/go.mod h1:Z6kqH7M/FYirg3frjGJ21VLSRJGBXB/KqaTIrdqnOic= -github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI= -github.com/pion/logging v0.2.3/go.mod h1:z8YfknkquMe1csOrxK5kc+5/ZPAzMxbKLX5aXpbpC90= +github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8= +github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so= github.com/pion/mdns/v2 v2.0.7 h1:c9kM8ewCgjslaAmicYMFQIde2H9/lrZpjBkN8VwoVtM= github.com/pion/mdns/v2 v2.0.7/go.mod h1:vAdSYNAT0Jy3Ru0zl2YiW3Rm/fJCwIeM0nToenfOJKA= github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA= github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8= github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo= github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0= -github.com/pion/rtp v1.8.18 h1:yEAb4+4a8nkPCecWzQB6V/uEU18X1lQCGAQCjP+pyvU= -github.com/pion/rtp v1.8.18/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= +github.com/pion/rtp v1.8.21 h1:3yrOwmZFyUpcIosNcWRpQaU+UXIJ6yxLuJ8Bx0mw37Y= +github.com/pion/rtp v1.8.21/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= github.com/pion/sdp/v3 v3.0.15 h1:F0I1zds+K/+37ZrzdADmx2Q44OFDOPRLhPnNTaUX9hk= github.com/pion/sdp/v3 v3.0.15/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= -github.com/pion/srtp/v3 v3.0.5 h1:8XLB6Dt3QXkMkRFpoqC3314BemkpMQK2mZeJc4pUKqo= -github.com/pion/srtp/v3 v3.0.5/go.mod h1:r1G7y5r1scZRLe2QJI/is+/O83W2d+JoEsuIexpw+uM= +github.com/pion/srtp/v3 v3.0.7 h1:QUElw0A/FUg3MP8/KNMZB3i0m8F9XeMnTum86F7S4bs= +github.com/pion/srtp/v3 v3.0.7/go.mod h1:qvnHeqbhT7kDdB+OGB05KA/P067G3mm7XBfLaLiaNF0= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU= github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0= github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo= -github.com/pion/turn/v4 v4.0.0 h1:qxplo3Rxa9Yg1xXDxxH8xaqcyGUtbHYw4QSCvmFWvhM= -github.com/pion/turn/v4 v4.0.0/go.mod h1:MuPDkm15nYSklKpN8vWJ9W2M0PlyQZqYt1McGuxG7mA= -github.com/pion/webrtc/v4 v4.1.2 h1:mpuUo/EJ1zMNKGE79fAdYNFZBX790KE7kQQpLMjjR54= -github.com/pion/webrtc/v4 v4.1.2/go.mod h1:xsCXiNAmMEjIdFxAYU0MbB3RwRieJsegSB2JZsGN+8U= +github.com/pion/turn/v4 v4.1.1 h1:9UnY2HB99tpDyz3cVVZguSxcqkJ1DsTSZ+8TGruh4fc= +github.com/pion/turn/v4 v4.1.1/go.mod h1:2123tHk1O++vmjI5VSD0awT50NywDAq5A2NNNU4Jjs8= +github.com/pion/webrtc/v4 v4.1.4 h1:/gK1ACGHXQmtyVVbJFQDxNoODg4eSRiFLB7t9r9pg8M= +github.com/pion/webrtc/v4 v4.1.4/go.mod h1:Oab9npu1iZtQRMic3K3toYq5zFPvToe/QBw7dMI2ok4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= From dd259faae1441421e0846972e68cd4a57500367f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 2 Sep 2025 13:00:24 +0000 Subject: [PATCH 69/78] Update module golang.org/x/crypto to v0.41.0 --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 156231b..11a2950 100644 --- a/go.mod +++ b/go.mod @@ -26,8 +26,8 @@ require ( gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/ptutil v0.0.0-20250815012447-418f76dcf315 - golang.org/x/crypto v0.36.0 - golang.org/x/net v0.38.0 + golang.org/x/crypto v0.41.0 + golang.org/x/net v0.42.0 golang.org/x/sys v0.35.0 ) @@ -77,10 +77,10 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect - golang.org/x/mod v0.23.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/text v0.23.0 // indirect - golang.org/x/tools v0.30.0 // indirect + golang.org/x/mod v0.26.0 // indirect + golang.org/x/sync v0.16.0 // indirect + golang.org/x/text v0.28.0 // indirect + golang.org/x/tools v0.35.0 // indirect google.golang.org/protobuf v1.36.5 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 4818f8c..c8b8eb5 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -190,8 +190,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= -golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= +golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -203,8 +203,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -212,8 +212,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -235,8 +235,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= +golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -247,8 +247,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= -golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= -golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= +golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= +golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 24c42dff1315fb03cb145e194d468e7439a5a588 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Jan 2025 17:11:33 +0000 Subject: [PATCH 70/78] Bump kcp-go to v5.6.24 --- go.mod | 6 +++--- go.sum | 14 ++++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 11a2950..a818e5e 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/smartystreets/goconvey v1.8.1 github.com/stretchr/testify v1.10.0 github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 - github.com/xtaci/kcp-go/v5 v5.6.8 + github.com/xtaci/kcp-go/v5 v5.6.24 github.com/xtaci/smux v1.5.35 gitlab.torproject.org/tpo/anti-censorship/geoip v0.0.0-20210928150955-7ce4b3d98d01 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 @@ -72,8 +72,8 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/smarty/assertions v1.15.0 // indirect - github.com/templexxx/cpu v0.1.0 // indirect - github.com/templexxx/xorsimd v0.4.2 // indirect + github.com/templexxx/cpu v0.1.1 // indirect + github.com/templexxx/xorsimd v0.4.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect diff --git a/go.sum b/go.sum index c8b8eb5..ad542a2 100644 --- a/go.sum +++ b/go.sum @@ -148,10 +148,10 @@ github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sS github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40= -github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk= -github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI= -github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI= +github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI= +github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk= +github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU= +github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0= @@ -160,8 +160,10 @@ github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= -github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI= -github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM= +github.com/xtaci/kcp-go/v5 v5.6.18 h1:7oV4mc272pcnn39/13BB11Bx7hJM4ogMIEokJYVWn4g= +github.com/xtaci/kcp-go/v5 v5.6.18/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM= +github.com/xtaci/kcp-go/v5 v5.6.24 h1:0tZL4NfpoESDrhaScrZfVDnYZ/3LhyVAbN/dQ2b4hbI= +github.com/xtaci/kcp-go/v5 v5.6.24/go.mod h1:7cAxNX/qFGeRUmUSnnDMoOg53FbXDK9IWBXAUfh+aBA= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae/go.mod h1:gXtu8J62kEgmN++bm9BVICuT/e8yiLI2KFobd/TRFsE= github.com/xtaci/smux v1.5.35 h1:RosihGJBeaS8gxOZ17HNxbhONwnqQwNwusHx4+SEGhk= From b9e7865c503bfa04a0ef329778a74182c5ae942d Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 26 Aug 2025 13:15:36 -0400 Subject: [PATCH 71/78] Fix data race in queuepacketconn_test.go Use mutex when checking the length of a TranscriptPacketConn. --- common/turbotunnel/queuepacketconn_test.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/common/turbotunnel/queuepacketconn_test.go b/common/turbotunnel/queuepacketconn_test.go index 30e69e3..3b4c848 100644 --- a/common/turbotunnel/queuepacketconn_test.go +++ b/common/turbotunnel/queuepacketconn_test.go @@ -150,6 +150,13 @@ func (c *TranscriptPacketConn) WriteTo(p []byte, addr net.Addr) (int, error) { return c.PacketConn.WriteTo(p, addr) } +func (c *TranscriptPacketConn) Length() int { + c.lock.Lock() + defer c.lock.Unlock() + + return len(c.Transcript) +} + // Tests that QueuePacketConn.WriteTo is compatible with the way kcp-go uses // PacketConn, allocating source buffers in a sync.Pool. // @@ -216,7 +223,7 @@ func TestQueuePacketConnWriteToKCP(t *testing.T) { // A sleep after the Write makes buffer reuse more likely. time.Sleep(100 * time.Millisecond) - if len(transcript.Transcript) == 0 { + if transcript.Length() == 0 { panic("empty transcript") } From 452a6d22b175bac5a5defcfcd3f11ad2254c088e Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 22 Jan 2025 14:55:58 -0500 Subject: [PATCH 72/78] Move and increase sleep time in queuepacketconn test This should give written data enough time to make it to the post processing queue before the connection is closed. See https://github.com/xtaci/kcp-go/issues/273 --- common/turbotunnel/queuepacketconn_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/common/turbotunnel/queuepacketconn_test.go b/common/turbotunnel/queuepacketconn_test.go index 3b4c848..0ff19b2 100644 --- a/common/turbotunnel/queuepacketconn_test.go +++ b/common/turbotunnel/queuepacketconn_test.go @@ -215,14 +215,15 @@ func TestQueuePacketConnWriteToKCP(t *testing.T) { panic(err) } + // A sleep after the Write makes buffer reuse more likely, + // and to allow the connection to flush before close + time.Sleep(500 * time.Millisecond) + err = conn.Close() if err != nil { panic(err) } - // A sleep after the Write makes buffer reuse more likely. - time.Sleep(100 * time.Millisecond) - if transcript.Length() == 0 { panic("empty transcript") } From c49a86e5a922d6f0e33f678838a2e237e9c0b72b Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Mon, 1 Sep 2025 14:38:34 +0100 Subject: [PATCH 73/78] Remove dependency proxy to use automatic mirror --- .gitlab-ci.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index face66e..3d433c8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,9 +1,5 @@ -include: - - project: tpo/tpa/ci-templates - file: [ dependency_proxy.yml ] - inputs: { namespace: tpo/anti-censorship/pluggable-transports } - rules: - - if: $CI_PROJECT_URL =~ /gitlab.torproject.org/ +variables: + DOCKER_REGISTRY_URL: docker.io stages: - test From d08efc34c38a951ff02c42dd007b77e94c809e01 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 9 Sep 2025 12:41:27 -0400 Subject: [PATCH 74/78] Add prometheus metric for proxy answer counts This adds a prometheus metric that tracks snowflake proxy answers. If the client has not timed out before the proxy responds with an answer, the proxy type is recorded along with a status of "success". If the client has timed out, the type is left blank and the status is recorded as "timeout". The goal of these metrics is to help us determine how many proxies fail to respond and to help narrow down which proxy implementations are causing client timeouts. --- broker/ipc.go | 2 ++ broker/metrics.go | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/broker/ipc.go b/broker/ipc.go index 728363a..7e2951c 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -253,6 +253,7 @@ func (i *IPC) ProxyAnswers(arg messages.Arg, response *[]byte) error { // The snowflake took too long to respond with an answer, so its client // disappeared / the snowflake is no longer recognized by the Broker. success = false + i.ctx.metrics.promMetrics.ProxyAnswerTotal.With(prometheus.Labels{"type": "", "status": "timeout"}).Inc() } b, err := messages.EncodeAnswerResponse(success) @@ -263,6 +264,7 @@ func (i *IPC) ProxyAnswers(arg messages.Arg, response *[]byte) error { *response = b if success { + i.ctx.metrics.promMetrics.ProxyAnswerTotal.With(prometheus.Labels{"type": snowflake.proxyType, "status": "success"}).Inc() snowflake.answerChannel <- answer } diff --git a/broker/metrics.go b/broker/metrics.go index a09691b..ae1183c 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -290,6 +290,7 @@ type PromMetrics struct { ProxyTotal *prometheus.CounterVec ProxyPollTotal *safeprom.CounterVec ClientPollTotal *safeprom.CounterVec + ProxyAnswerTotal *safeprom.CounterVec AvailableProxies *prometheus.GaugeVec ProxyPollWithRelayURLExtensionTotal *safeprom.CounterVec @@ -331,6 +332,15 @@ func initPrometheus() *PromMetrics { []string{"nat", "status"}, ) + promMetrics.ProxyAnswerTotal = safeprom.NewCounterVec( + prometheus.CounterOpts{ + Namespace: prometheusNamespace, + Name: "rounded_proxy_answer_total", + Help: "The number of snowflake proxy answers, rounded up to a multiple of 8", + }, + []string{"type", "status"}, + ) + promMetrics.ProxyPollWithRelayURLExtensionTotal = safeprom.NewCounterVec( prometheus.CounterOpts{ Namespace: prometheusNamespace, @@ -370,7 +380,7 @@ func initPrometheus() *PromMetrics { // We need to register our metrics so they can be exported. promMetrics.registry.MustRegister( promMetrics.ClientPollTotal, promMetrics.ProxyPollTotal, - promMetrics.ProxyTotal, promMetrics.AvailableProxies, + promMetrics.ProxyTotal, promMetrics.ProxyAnswerTotal, promMetrics.AvailableProxies, promMetrics.ProxyPollWithRelayURLExtensionTotal, promMetrics.ProxyPollWithoutRelayURLExtensionTotal, promMetrics.ProxyPollRejectedForRelayURLExtensionTotal, From 766988b77ba9b548f902526b9628fa65075b93e4 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 9 Sep 2025 18:18:42 -0400 Subject: [PATCH 75/78] Add proxy type label to ProxyPollTotal metric Annotate ProxyPollTotal prometheus metrics with the proxy type so that we can track counts of proxies that are matched and that answer by implementation. This will help us catch bugs by implementation or deployment. --- broker/ipc.go | 4 ++-- broker/metrics.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/broker/ipc.go b/broker/ipc.go index 7e2951c..d58baec 100644 --- a/broker/ipc.go +++ b/broker/ipc.go @@ -108,7 +108,7 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { if offer == nil { i.ctx.metrics.IncrementCounter("proxy-idle") - i.ctx.metrics.promMetrics.ProxyPollTotal.With(prometheus.Labels{"nat": natType, "status": "idle"}).Inc() + i.ctx.metrics.promMetrics.ProxyPollTotal.With(prometheus.Labels{"nat": natType, "type": proxyType, "status": "idle"}).Inc() b, err = messages.EncodePollResponse("", false, "") if err != nil { @@ -119,7 +119,7 @@ func (i *IPC) ProxyPolls(arg messages.Arg, response *[]byte) error { return nil } - i.ctx.metrics.promMetrics.ProxyPollTotal.With(prometheus.Labels{"nat": natType, "status": "matched"}).Inc() + i.ctx.metrics.promMetrics.ProxyPollTotal.With(prometheus.Labels{"nat": natType, "type": proxyType, "status": "matched"}).Inc() var relayURL string bridgeFingerprint, err := bridgefingerprint.FingerprintFromBytes(offer.fingerprint) if err != nil { diff --git a/broker/metrics.go b/broker/metrics.go index ae1183c..c1d4e4a 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -329,7 +329,7 @@ func initPrometheus() *PromMetrics { Name: "rounded_proxy_poll_total", Help: "The number of snowflake proxy polls, rounded up to a multiple of 8", }, - []string{"nat", "status"}, + []string{"nat", "type", "status"}, ) promMetrics.ProxyAnswerTotal = safeprom.NewCounterVec( From f2a9bed6ea9cf6bbef0ef42b704b16d17a747900 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Sep 2025 14:41:54 +0000 Subject: [PATCH 76/78] Update module github.com/pion/sdp/v3 to v3.0.16 --- go.mod | 6 ++---- go.sum | 14 ++++---------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index a818e5e..3ec8d8a 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 github.com/pion/ice/v4 v4.0.10 - github.com/pion/sdp/v3 v3.0.15 + github.com/pion/sdp/v3 v3.0.16 github.com/pion/stun/v3 v3.0.0 github.com/pion/transport/v3 v3.0.7 github.com/pion/webrtc/v4 v4.1.4 @@ -19,7 +19,7 @@ require ( github.com/realclientip/realclientip-go v1.0.0 github.com/refraction-networking/utls v1.6.7 github.com/smartystreets/goconvey v1.8.1 - github.com/stretchr/testify v1.10.0 + github.com/stretchr/testify v1.11.1 github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 github.com/xtaci/kcp-go/v5 v5.6.24 github.com/xtaci/smux v1.5.35 @@ -72,8 +72,6 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/smarty/assertions v1.15.0 // indirect - github.com/templexxx/cpu v0.1.1 // indirect - github.com/templexxx/xorsimd v0.4.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect diff --git a/go.sum b/go.sum index ad542a2..c123d6d 100644 --- a/go.sum +++ b/go.sum @@ -111,8 +111,8 @@ github.com/pion/rtp v1.8.21 h1:3yrOwmZFyUpcIosNcWRpQaU+UXIJ6yxLuJ8Bx0mw37Y= github.com/pion/rtp v1.8.21/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= -github.com/pion/sdp/v3 v3.0.15 h1:F0I1zds+K/+37ZrzdADmx2Q44OFDOPRLhPnNTaUX9hk= -github.com/pion/sdp/v3 v3.0.15/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= +github.com/pion/sdp/v3 v3.0.16 h1:0dKzYO6gTAvuLaAKQkC02eCPjMIi4NuAr/ibAwrGDCo= +github.com/pion/sdp/v3 v3.0.16/go.mod h1:9tyKzznud3qiweZcD86kS0ff1pGYB3VX+Bcsmkx6IXo= github.com/pion/srtp/v3 v3.0.7 h1:QUElw0A/FUg3MP8/KNMZB3i0m8F9XeMnTum86F7S4bs= github.com/pion/srtp/v3 v3.0.7/go.mod h1:qvnHeqbhT7kDdB+OGB05KA/P067G3mm7XBfLaLiaNF0= github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= @@ -146,12 +146,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY= github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI= -github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk= -github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU= -github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0= @@ -160,8 +156,6 @@ github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= -github.com/xtaci/kcp-go/v5 v5.6.18 h1:7oV4mc272pcnn39/13BB11Bx7hJM4ogMIEokJYVWn4g= -github.com/xtaci/kcp-go/v5 v5.6.18/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM= github.com/xtaci/kcp-go/v5 v5.6.24 h1:0tZL4NfpoESDrhaScrZfVDnYZ/3LhyVAbN/dQ2b4hbI= github.com/xtaci/kcp-go/v5 v5.6.24/go.mod h1:7cAxNX/qFGeRUmUSnnDMoOg53FbXDK9IWBXAUfh+aBA= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM= From c504ab262b34bf49dfb879f6007314fc29ad9efa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Sep 2025 20:09:45 +0000 Subject: [PATCH 77/78] Update module github.com/aws/aws-sdk-go-v2/service/sqs to v1.42.5 --- go.mod | 10 ++++------ go.sum | 22 ++++++++-------------- 2 files changed, 12 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index a818e5e..49e859b 100644 --- a/go.mod +++ b/go.mod @@ -3,10 +3,10 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.23.0 require ( - github.com/aws/aws-sdk-go-v2 v1.38.3 + github.com/aws/aws-sdk-go-v2 v1.39.0 github.com/aws/aws-sdk-go-v2/config v1.30.2 github.com/aws/aws-sdk-go-v2/credentials v1.18.5 - github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 + github.com/aws/aws-sdk-go-v2/service/sqs v1.42.5 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 github.com/miekg/dns v1.1.65 @@ -34,8 +34,8 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect @@ -72,8 +72,6 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/smarty/assertions v1.15.0 // indirect - github.com/templexxx/cpu v0.1.1 // indirect - github.com/templexxx/xorsimd v0.4.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect diff --git a/go.sum b/go.sum index ad542a2..a07afdf 100644 --- a/go.sum +++ b/go.sum @@ -2,26 +2,26 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk= -github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= +github.com/aws/aws-sdk-go-v2 v1.39.0 h1:xm5WV/2L4emMRmMjHFykqiA4M/ra0DJVSWUkDyBjbg4= +github.com/aws/aws-sdk-go-v2 v1.39.0/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= github.com/aws/aws-sdk-go-v2/config v1.30.2 h1:YE1BmSc4fFYqFgN1mN8uzrtc7R9x+7oSWeX8ckoltAw= github.com/aws/aws-sdk-go-v2/config v1.30.2/go.mod h1:UNrLGZ6jfAVjgVJpkIxjLufRJqTXCVYOpkeVf83kwBo= github.com/aws/aws-sdk-go-v2/credentials v1.18.5 h1:DATc1xnpHUV8VgvtnVQul+zuCwK6vz7gtkbKEUZcuNI= github.com/aws/aws-sdk-go-v2/credentials v1.18.5/go.mod h1:y7aigZzjm1jUZuCgOrlBng+VJrKkknY2Cl0JWxG7vHU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7 h1:UCxq0X9O3xrlENdKf1r9eRJoKz/b0AfGkpp3a7FPlhg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7/go.mod h1:rHRoJUNUASj5Z/0eqI4w32vKvC7atoWR0jC+IkmVH8k= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7 h1:Y6DTZUn7ZUC4th9FMBbo8LVE+1fyq3ofw+tRwkUd3PY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7/go.mod h1:x3XE6vMnU9QvHN/Wrx2s44kwzV2o2g5x/siw4ZUJ9g8= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= -github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 h1:0dWg1Tkz3FnEo48DgAh7CT22hYyMShly8WMd3sGx0xI= -github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3/go.mod h1:hpOo4IGPfGPlHRcf2nizYAzKfz8GzbQ8tTDIUR4H4GQ= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.5 h1:HbaHWaTkGec2pMa/UQa3+WNWtUaFFF1ZLfwCeVFtBns= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.5/go.mod h1:wCAPjT7bNg5+4HSNefwNEC2hM3d+NSD5w5DU/8jrPrI= github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 h1:YfsU8hHGvVT+c6Q8MUs8haDbFQajAImrB7yZ9XnPcBY= github.com/aws/aws-sdk-go-v2/service/sso v1.28.1/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 h1:b4REsk5C0hooowAPmV8fS2haHb+HCyb5FKSKOZRBBfU= @@ -148,10 +148,6 @@ github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sS github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI= -github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk= -github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU= -github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0= @@ -160,8 +156,6 @@ github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= -github.com/xtaci/kcp-go/v5 v5.6.18 h1:7oV4mc272pcnn39/13BB11Bx7hJM4ogMIEokJYVWn4g= -github.com/xtaci/kcp-go/v5 v5.6.18/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM= github.com/xtaci/kcp-go/v5 v5.6.24 h1:0tZL4NfpoESDrhaScrZfVDnYZ/3LhyVAbN/dQ2b4hbI= github.com/xtaci/kcp-go/v5 v5.6.24/go.mod h1:7cAxNX/qFGeRUmUSnnDMoOg53FbXDK9IWBXAUfh+aBA= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM= From e4715f8bff1fd5d69a2cc70c44f7b5fae56cecf7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Sep 2025 20:09:57 +0000 Subject: [PATCH 78/78] Update module github.com/aws/aws-sdk-go-v2/config to v1.31.8 --- go.mod | 24 +++++++++++------------- go.sum | 50 ++++++++++++++++++++++---------------------------- 2 files changed, 33 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index a818e5e..cd50dab 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/ go 1.23.0 require ( - github.com/aws/aws-sdk-go-v2 v1.38.3 - github.com/aws/aws-sdk-go-v2/config v1.30.2 - github.com/aws/aws-sdk-go-v2/credentials v1.18.5 + github.com/aws/aws-sdk-go-v2 v1.39.0 + github.com/aws/aws-sdk-go-v2/config v1.31.8 + github.com/aws/aws-sdk-go-v2/credentials v1.18.12 github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 github.com/golang/mock v1.6.0 github.com/gorilla/websocket v1.5.3 @@ -33,15 +33,15 @@ require ( require ( github.com/andybalholm/brotli v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.29.3 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.38.4 // indirect github.com/aws/smithy-go v1.23.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -72,8 +72,6 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/smarty/assertions v1.15.0 // indirect - github.com/templexxx/cpu v0.1.1 // indirect - github.com/templexxx/xorsimd v0.4.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/wlynxg/anet v0.0.5 // indirect diff --git a/go.sum b/go.sum index ad542a2..cea4a72 100644 --- a/go.sum +++ b/go.sum @@ -2,32 +2,32 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk= -github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= -github.com/aws/aws-sdk-go-v2/config v1.30.2 h1:YE1BmSc4fFYqFgN1mN8uzrtc7R9x+7oSWeX8ckoltAw= -github.com/aws/aws-sdk-go-v2/config v1.30.2/go.mod h1:UNrLGZ6jfAVjgVJpkIxjLufRJqTXCVYOpkeVf83kwBo= -github.com/aws/aws-sdk-go-v2/credentials v1.18.5 h1:DATc1xnpHUV8VgvtnVQul+zuCwK6vz7gtkbKEUZcuNI= -github.com/aws/aws-sdk-go-v2/credentials v1.18.5/go.mod h1:y7aigZzjm1jUZuCgOrlBng+VJrKkknY2Cl0JWxG7vHU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE= +github.com/aws/aws-sdk-go-v2 v1.39.0 h1:xm5WV/2L4emMRmMjHFykqiA4M/ra0DJVSWUkDyBjbg4= +github.com/aws/aws-sdk-go-v2 v1.39.0/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= +github.com/aws/aws-sdk-go-v2/config v1.31.8 h1:kQjtOLlTU4m4A64TsRcqwNChhGCwaPBt+zCQt/oWsHU= +github.com/aws/aws-sdk-go-v2/config v1.31.8/go.mod h1:QPpc7IgljrKwH0+E6/KolCgr4WPLerURiU592AYzfSY= +github.com/aws/aws-sdk-go-v2/credentials v1.18.12 h1:zmc9e1q90wMn8wQbjryy8IwA6Q4XlaL9Bx2zIqdNNbk= +github.com/aws/aws-sdk-go-v2/credentials v1.18.12/go.mod h1:3VzdRDR5u3sSJRI4kYcOSIBbeYsgtVk7dG5R/U6qLWY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.7 h1:Is2tPmieqGS2edBnmOJIbdvOA6Op+rRpaYR60iBAwXM= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.7/go.mod h1:F1i5V5421EGci570yABvpIXgRIBPb5JM+lSkHF6Dq5w= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7 h1:UCxq0X9O3xrlENdKf1r9eRJoKz/b0AfGkpp3a7FPlhg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7/go.mod h1:rHRoJUNUASj5Z/0eqI4w32vKvC7atoWR0jC+IkmVH8k= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7 h1:Y6DTZUn7ZUC4th9FMBbo8LVE+1fyq3ofw+tRwkUd3PY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7/go.mod h1:x3XE6vMnU9QvHN/Wrx2s44kwzV2o2g5x/siw4ZUJ9g8= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.7 h1:mLgc5QIgOy26qyh5bvW+nDoAppxgn3J2WV3m9ewq7+8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.7/go.mod h1:wXb/eQnqt8mDQIQTTmcw58B5mYGxzLGZGK8PWNFZ0BA= github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 h1:0dWg1Tkz3FnEo48DgAh7CT22hYyMShly8WMd3sGx0xI= github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3/go.mod h1:hpOo4IGPfGPlHRcf2nizYAzKfz8GzbQ8tTDIUR4H4GQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.1 h1:YfsU8hHGvVT+c6Q8MUs8haDbFQajAImrB7yZ9XnPcBY= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.1/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1 h1:b4REsk5C0hooowAPmV8fS2haHb+HCyb5FKSKOZRBBfU= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.1/go.mod h1:59qHWaY5B+Rs7HGTuVGaC32m0rdpQ68N8QCN3khYiqs= -github.com/aws/aws-sdk-go-v2/service/sts v1.37.1 h1:ssCHKyNJqTnqRH4Vlf+jI0brtGQYBvzWwnATsOMk1mk= -github.com/aws/aws-sdk-go-v2/service/sts v1.37.1/go.mod h1:JdeBDPgpJfuS6rU/hNglmOigKhyEZtBmbraLE4GK1J8= +github.com/aws/aws-sdk-go-v2/service/sso v1.29.3 h1:7PKX3VYsZ8LUWceVRuv0+PU+E7OtQb1lgmi5vmUE9CM= +github.com/aws/aws-sdk-go-v2/service/sso v1.29.3/go.mod h1:Ql6jE9kyyWI5JHn+61UT/Y5Z0oyVJGmgmJbZD5g4unY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.4 h1:e0XBRn3AptQotkyBFrHAxFB8mDhAIOfsG+7KyJ0dg98= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.4/go.mod h1:XclEty74bsGBCr1s0VSaA11hQ4ZidK4viWK7rRfO88I= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.4 h1:PR00NXRYgY4FWHqOGx3fC3lhVKjsp1GdloDv2ynMSd8= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.4/go.mod h1:Z+Gd23v97pX9zK97+tX4ppAgqCt3Z2dIXB02CtBncK8= github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -148,10 +148,6 @@ github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sS github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI= -github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk= -github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU= -github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0= @@ -160,8 +156,6 @@ github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= -github.com/xtaci/kcp-go/v5 v5.6.18 h1:7oV4mc272pcnn39/13BB11Bx7hJM4ogMIEokJYVWn4g= -github.com/xtaci/kcp-go/v5 v5.6.18/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM= github.com/xtaci/kcp-go/v5 v5.6.24 h1:0tZL4NfpoESDrhaScrZfVDnYZ/3LhyVAbN/dQ2b4hbI= github.com/xtaci/kcp-go/v5 v5.6.24/go.mod h1:7cAxNX/qFGeRUmUSnnDMoOg53FbXDK9IWBXAUfh+aBA= github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM=