commit 00eb4aadf57b66bc4d53801d4113e8402f31cd6f Author: Cecylia Bocovich cohosh@torproject.org Date: Fri Aug 23 10:58:20 2019 -0400
Modified broker /debug page to display counts only
The broker /debug page was displaying proxy IDs and roundtrip times. As serna pointed out in bug #31460, the proxy IDs can be used to launch a denial of service attack. As the metrics team pointed out on #21315, the round trip time average can be potentially sensitive.
This change displays only proxy counts and uses ID lengths to distinguish between standalone proxy-go instances and browser-based snowflake proxies. --- broker/broker.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/broker/broker.go b/broker/broker.go index 259b75a..4a88b94 100644 --- a/broker/broker.go +++ b/broker/broker.go @@ -255,10 +255,17 @@ func proxyAnswers(ctx *BrokerContext, w http.ResponseWriter, r *http.Request) {
func debugHandler(ctx *BrokerContext, w http.ResponseWriter, r *http.Request) { s := fmt.Sprintf("current snowflakes available: %d\n", ctx.snowflakes.Len()) + + var browsers, standalones int for _, snowflake := range ctx.idToSnowflake { - s += fmt.Sprintf("\nsnowflake %d: %s", snowflake.index, snowflake.id) + if len(snowflake.id) < 16 { + browsers++ + } else { + standalones++ + } } - s += fmt.Sprintf("\n\nroundtrip avg: %d", ctx.metrics.clientRoundtripEstimate) + s += fmt.Sprintf("\tstandalone proxies: %d", standalones) + s += fmt.Sprintf("\n\tbrowser proxies: %d", browsers) w.Write([]byte(s)) }