commit af6e2c30e1a6aacc6e7adf9a31df0a387891cc37 Author: Cecylia Bocovich <cohosh@torproject.org> Date: Thu Apr 1 14:21:12 2021 -0400 Replace default with custom prometheus registry The default prometheus registry exports data that may be useful for side-channel attacks. This removes all of the default metrics and makes sure we are only reporting snowflake metrics from the broker. --- broker/broker.go | 4 +--- broker/metrics.go | 15 ++++++++------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/broker/broker.go b/broker/broker.go index 77c62d8..8d7a314 100644 --- a/broker/broker.go +++ b/broker/broker.go @@ -506,9 +506,7 @@ func main() { http.Handle("/answer", SnowflakeHandler{ctx, proxyAnswers}) http.Handle("/debug", SnowflakeHandler{ctx, debugHandler}) http.Handle("/metrics", MetricsHandler{metricsFilename, metricsHandler}) - http.Handle("/prometheus", promhttp.Handler()) - - InitPrometheus() + http.Handle("/prometheus", promhttp.HandlerFor(promMetrics.registry, promhttp.HandlerOpts{})) server := http.Server{ Addr: addr, diff --git a/broker/metrics.go b/broker/metrics.go index be8cfd9..ad55bcb 100644 --- a/broker/metrics.go +++ b/broker/metrics.go @@ -15,7 +15,6 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" ) var ( @@ -261,6 +260,7 @@ func binCount(count uint) uint { } type PromMetrics struct { + registry *prometheus.Registry ProxyTotal *prometheus.CounterVec ProxyPollTotal *RoundedCounterVec ClientPollTotal *RoundedCounterVec @@ -272,7 +272,9 @@ func initPrometheus() *PromMetrics { promMetrics := &PromMetrics{} - promMetrics.ProxyTotal = promauto.NewCounterVec( + promMetrics.registry = prometheus.NewRegistry() + + promMetrics.ProxyTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: prometheusNamespace, Name: "proxy_total", @@ -281,7 +283,7 @@ func initPrometheus() *PromMetrics { []string{"type", "nat", "cc"}, ) - promMetrics.AvailableProxies = promauto.NewGaugeVec( + promMetrics.AvailableProxies = prometheus.NewGaugeVec( prometheus.GaugeOpts{ Namespace: prometheusNamespace, Name: "available_proxies", @@ -308,10 +310,9 @@ func initPrometheus() *PromMetrics { []string{"nat", "status"}, ) - // We need to register this new metric type because there is no constructor - // for it in promauto. - prometheus.DefaultRegisterer.MustRegister(promMetrics.ClientPollTotal) - prometheus.DefaultRegisterer.MustRegister(promMetrics.ProxyPollTotal) + // We need to register our metrics so they can be exported. + promMetrics.registry.MustRegister(promMetrics.ClientPollTotal, promMetrics.ProxyPollTotal, + promMetrics.ProxyTotal, promMetrics.AvailableProxies) return promMetrics