commit 6b002c5f22e0e794c086d6655afe72dc3cd7bc43 Merge: 1133e01 ba4fe1a Author: Cecylia Bocovich cohosh@torproject.org Date: Wed May 15 11:07:33 2019 -0400

Merge branch 'geoip_squashed'

broker/broker.go | 73 ++- broker/geoip.go | 240 ++++++++ broker/metrics.go | 95 ++- broker/snowflake-broker_test.go | 103 ++++ broker/test_geoip | 1236 +++++++++++++++++++++++++++++++++++++++ broker/test_geoip6 | 693 ++++++++++++++++++++++ 6 files changed, 2434 insertions(+), 6 deletions(-)

diff --cc broker/broker.go index a18ca1b,361040a..ae27a47 --- a/broker/broker.go +++ b/broker/broker.go @@@ -13,12 -13,14 +13,15 @@@ import "io" "io/ioutil" "log" + "net" "net/http" "os" + "os/signal" "strings" + "syscall" "time"

+ "git.torproject.org/pluggable-transports/snowflake.git/common/safelog" "golang.org/x/crypto/acme/autocert" )

@@@ -206,7 -218,17 +219,17 @@@ func proxyAnswers(ctx *BrokerContext, w.WriteHeader(http.StatusBadRequest) return } + + // Get proxy country stats + remoteIP, _, err := net.SplitHostPort(r.RemoteAddr) + if err != nil { + log.Println("Error processing proxy IP: ", err.Error()) + } else { + + ctx.metrics.UpdateCountryStats(remoteIP) + } + - log.Println("Received answer: ", body) + log.Println("Received answer.") snowflake.answerChannel <- body }

@@@ -228,20 -250,24 +251,30 @@@ func main() var acmeEmail string var acmeHostnamesCommas string var addr string + var geoipDatabase string + var geoip6Database string var disableTLS bool + var certFilename, keyFilename string + var disableGeoip bool + var metricsFilename string

flag.StringVar(&acmeEmail, "acme-email", "", "optional contact email for Let's Encrypt notifications") flag.StringVar(&acmeHostnamesCommas, "acme-hostnames", "", "comma-separated hostnames for TLS certificate") + flag.StringVar(&certFilename, "cert", "", "TLS certificate file") + flag.StringVar(&keyFilename, "key", "", "TLS private key file") flag.StringVar(&addr, "addr", ":443", "address to listen on") + flag.StringVar(&geoipDatabase, "geoipdb", "/usr/share/tor/geoip", "path to correctly formatted geoip database mapping IPv4 address ranges to country codes") + flag.StringVar(&geoip6Database, "geoip6db", "/usr/share/tor/geoip6", "path to correctly formatted geoip database mapping IPv6 address ranges to country codes") flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS") + flag.BoolVar(&disableGeoip, "disable-geoip", false, "don't use geoip for stats collection") + flag.StringVar(&metricsFilename, "metrics-log", "", "path to metrics logging output") flag.Parse()

- var metricsFile io.Writer = os.Stdout + var err error ++ var metricsFile io.Writer = os.Stdout + var logOutput io.Writer = os.Stderr + //We want to send the log output through our scrubber first + log.SetOutput(&safelog.LogScrubber{Output: logOutput})

log.SetFlags(log.LstdFlags | log.LUTC)

@@@ -261,13 -305,20 +312,27 @@@ Addr: addr, }

+ sigChan := make(chan os.Signal, 1) + signal.Notify(sigChan, syscall.SIGHUP) + + // go routine to handle a SIGHUP signal to allow the broker operator to send + // a SIGHUP signal when the geoip database files are updated, without requiring + // a restart of the broker + go func() { + for { + signal := <-sigChan + log.Println("Received signal:", signal, ". Reloading geoip databases.") + ctx.metrics.LoadGeoipDatabases(geoipDatabase, geoip6Database) + } + }() + + // Handle the various ways of setting up TLS. The legal configurations + // are: + // --acme-hostnames (with optional --acme-email) + // --cert and --key together + // --disable-tls + // The outputs of this block of code are the disableTLS, + // needHTTP01Listener, certManager, and getCertificate variables. if acmeHostnamesCommas != "" { acmeHostnames := strings.Split(acmeHostnamesCommas, ",") log.Printf("ACME hostnames: %q", acmeHostnames)