[tor-commits] [tor/master] conn: New Metrics listener port
ahf at torproject.org
ahf at torproject.org
Tue Oct 27 15:00:49 UTC 2020
commit 4f5cea1f592d9e9e6c69fc0e772dd46a0fa43799
Author: David Goulet <dgoulet at torproject.org>
Date: Tue Oct 20 10:57:24 2020 -0400
conn: New Metrics listener port
If MetricsPort is defined, listen on it and handle the incoming request.
Signed-off-by: David Goulet <dgoulet at torproject.org>
---
src/app/config/config.c | 7 ++
src/app/config/or_options_st.h | 6 +
src/core/mainloop/connection.c | 17 ++-
src/core/mainloop/connection.h | 6 +-
src/core/or/policies.c | 32 ++++++
src/core/or/policies.h | 1 +
src/feature/control/control_fmt.c | 2 +
src/feature/control/control_getinfo.c | 2 +
src/feature/metrics/metrics.c | 210 ++++++++++++++++++++++++++++++++--
src/feature/metrics/metrics.h | 16 ++-
10 files changed, 286 insertions(+), 13 deletions(-)
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 6c17bb0d8c..e14437aa6f 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -91,6 +91,7 @@
#include "feature/dirclient/dirclient_modes.h"
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_config.h"
+#include "feature/metrics/metrics.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nickname.h"
@@ -560,6 +561,8 @@ static const config_var_t option_vars_[] = {
OBSOLETE("MaxOnionsPending"),
V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"),
V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
+ VPORT(MetricsPort),
+ V(MetricsPortPolicy, LINELIST, NULL),
VAR("MyFamily", LINELIST, MyFamily_lines, NULL),
V(NewCircuitPeriod, INTERVAL, "30 seconds"),
OBSOLETE("NamingAuthoritativeDirectory"),
@@ -6461,6 +6464,10 @@ parse_ports(or_options_t *options, int validate_only,
*msg = tor_strdup("Invalid HTTPTunnelPort configuration");
goto err;
}
+ if (metrics_parse_ports(options, ports, msg) < 0) {
+ goto err;
+ }
+
{
unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
CL_PORT_WARN_NONLOCAL;
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 3ccd2c9761..7a72547fd3 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -164,6 +164,8 @@ struct or_options_t {
struct config_line_t *ORPort_lines;
/** Ports to listen on for extended OR connections. */
struct config_line_t *ExtORPort_lines;
+ /** Ports to listen on for Metrics connections. */
+ struct config_line_t *MetricsPort_lines;
/** Ports to listen on for SOCKS connections. */
struct config_line_t *SocksPort_lines;
/** Ports to listen on for transparent pf/netfilter connections. */
@@ -223,6 +225,7 @@ struct or_options_t {
unsigned int DNSPort_set : 1;
unsigned int ExtORPort_set : 1;
unsigned int HTTPTunnelPort_set : 1;
+ unsigned int MetricsPort_set : 1;
/**@}*/
/** Whether to publish our descriptor regardless of all our self-tests
@@ -1076,6 +1079,9 @@ struct or_options_t {
**/
int DormantCanceledByStartup;
+ /** List of policy allowed to query the Metrics port. */
+ struct config_line_t *MetricsPortPolicy;
+
/**
* Configuration objects for individual modules.
*
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index 7a17d7ff9d..ebf15fcc9e 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -99,6 +99,7 @@
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_common.h"
#include "feature/hs/hs_ident.h"
+#include "feature/metrics/metrics.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/dns.h"
@@ -218,7 +219,8 @@ static smartlist_t *outgoing_addrs = NULL;
case CONN_TYPE_AP_TRANS_LISTENER: \
case CONN_TYPE_AP_NATD_LISTENER: \
case CONN_TYPE_AP_DNS_LISTENER: \
- case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
+ case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \
+ case CONN_TYPE_METRICS_LISTENER
/**************************************************************/
@@ -283,6 +285,8 @@ conn_type_to_string(int type)
case CONN_TYPE_EXT_OR: return "Extended OR";
case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
+ case CONN_TYPE_METRICS_LISTENER: return "Metrics listener";
+ case CONN_TYPE_METRICS: return "Metrics";
default:
log_warn(LD_BUG, "unknown connection type %d", type);
tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
@@ -2025,6 +2029,10 @@ connection_handle_listener_read(connection_t *conn, int new_type)
log_notice(LD_CONTROL, "New control connection opened from %s.",
fmt_and_decorate_addr(&addr));
}
+ if (new_type == CONN_TYPE_METRICS) {
+ log_info(LD_CONTROL, "New metrics connection opened from %s.",
+ fmt_and_decorate_addr(&addr));
+ }
} else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
@@ -3893,6 +3901,8 @@ connection_handle_read_impl(connection_t *conn)
return connection_handle_listener_read(conn, CONN_TYPE_DIR);
case CONN_TYPE_CONTROL_LISTENER:
return connection_handle_listener_read(conn, CONN_TYPE_CONTROL);
+ case CONN_TYPE_METRICS_LISTENER:
+ return connection_handle_listener_read(conn, CONN_TYPE_METRICS);
case CONN_TYPE_AP_DNS_LISTENER:
/* This should never happen; eventdns.c handles the reads here. */
tor_fragile_assert();
@@ -5108,6 +5118,8 @@ connection_process_inbuf(connection_t *conn, int package_partial)
return connection_dir_process_inbuf(TO_DIR_CONN(conn));
case CONN_TYPE_CONTROL:
return connection_control_process_inbuf(TO_CONTROL_CONN(conn));
+ case CONN_TYPE_METRICS:
+ return metrics_connection_process_inbuf(conn);
default:
log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
tor_fragile_assert();
@@ -5671,6 +5683,9 @@ assert_connection_ok(connection_t *conn, time_t now)
tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
break;
+ case CONN_TYPE_METRICS:
+ /* No state. */
+ break;
default:
tor_assert(0);
}
diff --git a/src/core/mainloop/connection.h b/src/core/mainloop/connection.h
index ee3dce49f4..9dab28c3d9 100644
--- a/src/core/mainloop/connection.h
+++ b/src/core/mainloop/connection.h
@@ -73,8 +73,12 @@ struct buf_t;
#define CONN_TYPE_EXT_OR_LISTENER 17
/** Type for sockets listening for HTTP CONNECT tunnel connections. */
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18
+/** Type for sockets listening for Metrics query connections. */
+#define CONN_TYPE_METRICS_LISTENER 19
+/** Type for connections from metrics listener. */
+#define CONN_TYPE_METRICS 20
-#define CONN_TYPE_MAX_ 19
+#define CONN_TYPE_MAX_ 21
/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in
* struct connection_t. */
diff --git a/src/core/or/policies.c b/src/core/or/policies.c
index 0dc440cc96..24e9c0ce9f 100644
--- a/src/core/or/policies.c
+++ b/src/core/or/policies.c
@@ -48,6 +48,8 @@
static smartlist_t *socks_policy = NULL;
/** Policy that addresses for incoming directory connections must match. */
static smartlist_t *dir_policy = NULL;
+/** Policy for incoming MetricsPort connections that must match. */
+static smartlist_t *metrics_policy = NULL;
/** Policy that addresses for incoming router descriptors must match in order
* to be published by us. */
static smartlist_t *authdir_reject_policy = NULL;
@@ -1060,6 +1062,15 @@ socks_policy_permits_address(const tor_addr_t *addr)
return addr_policy_permits_tor_addr(addr, 1, socks_policy);
}
+/** Return 1 if <b>addr</b> is permitted to connect to our metrics port,
+ * based on <b>socks_policy</b>. Else return 0.
+ */
+int
+metrics_policy_permits_address(const tor_addr_t *addr)
+{
+ return addr_policy_permits_tor_addr(addr, 1, metrics_policy);
+}
+
/** Return true iff the address <b>addr</b> is in a country listed in the
* case-insensitive list of country codes <b>cc_list</b>. */
static int
@@ -1218,6 +1229,22 @@ load_policy_from_option(config_line_t *config, const char *option_name,
return 0;
}
+/** Helper: Parse the MetricsPortPolicy option into the metrics_policy and set
+ * the reject all by default.
+ *
+ * Return 0 on success else -1. */
+static int
+parse_metrics_port_policy(const or_options_t *options)
+{
+ if (load_policy_from_option(options->MetricsPortPolicy, "MetricsPortPolicy",
+ &metrics_policy, -1) < 0) {
+ return -1;
+ }
+ /* It is a reject all by default. */
+ append_exit_policy_string(&metrics_policy, "reject *:*");
+ return 0;
+}
+
/** Set all policies based on <b>options</b>, which should have been validated
* first by validate_addr_policies. */
int
@@ -1239,6 +1266,9 @@ policies_parse_from_options(const or_options_t *options)
if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
&authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
+ if (parse_metrics_port_policy(options) < 0) {
+ ret = -1;
+ }
if (parse_reachable_addresses() < 0)
ret = -1;
return ret;
@@ -3074,6 +3104,8 @@ policies_free_all(void)
socks_policy = NULL;
addr_policy_list_free(dir_policy);
dir_policy = NULL;
+ addr_policy_list_free(metrics_policy);
+ metrics_policy = NULL;
addr_policy_list_free(authdir_reject_policy);
authdir_reject_policy = NULL;
addr_policy_list_free(authdir_invalid_policy);
diff --git a/src/core/or/policies.h b/src/core/or/policies.h
index c8502a5516..17bd7c869f 100644
--- a/src/core/or/policies.h
+++ b/src/core/or/policies.h
@@ -102,6 +102,7 @@ void reachable_addr_choose_from_dir_server(const dir_server_t *ds,
int dir_policy_permits_address(const tor_addr_t *addr);
int socks_policy_permits_address(const tor_addr_t *addr);
+int metrics_policy_permits_address(const tor_addr_t *addr);
int authdir_policy_permits_address(const tor_addr_t *addr, uint16_t port);
int authdir_policy_valid_address(const tor_addr_t *addr, uint16_t port);
int authdir_policy_badexit_address(const tor_addr_t *addr, uint16_t port);
diff --git a/src/feature/control/control_fmt.c b/src/feature/control/control_fmt.c
index d76e6ad8dd..014427c5b5 100644
--- a/src/feature/control/control_fmt.c
+++ b/src/feature/control/control_fmt.c
@@ -206,6 +206,8 @@ entry_connection_describe_status_for_controller(const entry_connection_t *conn)
case CONN_TYPE_AP_DNS_LISTENER: client_protocol = "DNS"; break;
case CONN_TYPE_AP_HTTP_CONNECT_LISTENER:
client_protocol = "HTTPCONNECT"; break;
+ case CONN_TYPE_METRICS_LISTENER:
+ client_protocol = "METRICS"; break;
default: client_protocol = "UNKNOWN";
}
smartlist_add_asprintf(descparts, "CLIENT_PROTOCOL=%s",
diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c
index 461b8eeb94..cfac59d499 100644
--- a/src/feature/control/control_getinfo.c
+++ b/src/feature/control/control_getinfo.c
@@ -287,6 +287,8 @@ getinfo_helper_listeners(control_connection_t *control_conn,
type = CONN_TYPE_AP_DNS_LISTENER;
else if (!strcmp(question, "net/listeners/control"))
type = CONN_TYPE_CONTROL_LISTENER;
+ else if (!strcmp(question, "net/listeners/metrics"))
+ type = CONN_TYPE_METRICS_LISTENER;
else
return 0; /* unknown key */
diff --git a/src/feature/metrics/metrics.c b/src/feature/metrics/metrics.c
index 5f6fe776b7..886182bc90 100644
--- a/src/feature/metrics/metrics.c
+++ b/src/feature/metrics/metrics.c
@@ -8,25 +8,68 @@
#include "orconfig.h"
-#include "lib/container/smartlist.h"
+#include "core/or/or.h"
+
+#include "lib/encoding/confline.h"
#include "lib/log/util_bug.h"
#include "lib/malloc/malloc.h"
#include "lib/metrics/metrics_store.h"
+#include "lib/net/resolve.h"
#include "lib/string/printf.h"
+#include "lib/net/nettypes.h"
+#include "lib/net/address.h"
+
+#include "core/mainloop/connection.h"
+#include "core/or/connection_st.h"
+#include "core/or/policies.h"
+#include "core/or/port_cfg_st.h"
+#include "core/proto/proto_http.h"
+#include "feature/dircommon/directory.h"
#include "feature/metrics/metrics.h"
+#include "app/config/config.h"
#include "app/main/subsysmgr.h"
-/** Return newly allocated string containing the output of all subsystems
+/** Metrics format driver set by the MetricsPort option. */
+static metrics_format_t the_format = METRICS_FORMAT_PROMETHEUS;
+
+/** Return true iff the given peer address is allowed by our MetricsPortPolicy
+ * option that is is in that list. */
+static bool
+metrics_request_allowed(const tor_addr_t *peer_addr)
+{
+ tor_assert(peer_addr);
+
+ return metrics_policy_permits_address(peer_addr);
+}
+
+/** Helper: For a metrics port connection, write the HTTP response header
+ * using the data length passed. */
+static void
+write_metrics_http_response(const size_t data_len, connection_t *conn)
+{
+ char date[RFC1123_TIME_LEN+1];
+ buf_t *buf = buf_new_with_capacity(128 + data_len);
+
+ format_rfc1123_time(date, approx_time());
+ buf_add_printf(buf, "HTTP/1.0 200 OK\r\nDate: %s\r\n", date);
+ buf_add_printf(buf, "Content-Type: text/plain; charset=utf-8\r\n");
+ buf_add_printf(buf, "Content-Length: %" TOR_PRIuSZ "\r\n", data_len);
+ buf_add_string(buf, "\r\n");
+
+ connection_buf_add_buf(conn, buf);
+ buf_free(buf);
+}
+
+/** Return newly allocated buffer containing the output of all subsystems
* having metrics.
*
* This is used to output the content on the MetricsPort. */
-char *
+buf_t *
metrics_get_output(const metrics_format_t fmt)
{
- char *data;
- smartlist_t *chunks = smartlist_new();
+ buf_t *data = buf_new();
/* Go over all subsystems that exposes a metrics store. */
for (unsigned i = 0; i < n_tor_subsystems; ++i) {
@@ -40,17 +83,164 @@ metrics_get_output(const metrics_format_t fmt)
if (sys->get_metrics && (stores = sys->get_metrics())) {
SMARTLIST_FOREACH_BEGIN(stores, const metrics_store_t *, store) {
- smartlist_add(chunks, metrics_store_get_output(fmt, store));
+ metrics_store_get_output(fmt, store, data);
} SMARTLIST_FOREACH_END(store);
}
}
- data = smartlist_join_strings(chunks, "\n", 0, NULL);
+ return data;
+}
+
+/** Process what is in the inbuf of this connection of type metrics.
+ *
+ * Return 0 on success else -1 on error which will close the connection. */
+int
+metrics_connection_process_inbuf(connection_t *conn)
+{
+ int ret = -1;
+ char *headers = NULL, *command = NULL, *url = NULL;
+ const char *errmsg = NULL;
+
+ tor_assert(conn);
+ tor_assert(conn->type == CONN_TYPE_METRICS);
+
+ if (!metrics_request_allowed(&conn->addr)) {
+ /* Close connection. Don't bother returning anything if you are not
+ * allowed by being on the policy list. */
+ errmsg = NULL;
+ goto err;
+ }
+
+ const int http_status = fetch_from_buf_http(conn->inbuf, &headers, 1024,
+ NULL, NULL, 1024, 0);
+ if (http_status < 0) {
+ errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
+ goto err;
+ } else if (http_status == 0) {
+ /* no HTTP request yet. */
+ goto done;
+ }
+
+ const int cmd_status = parse_http_command(headers, &command, &url);
+ if (cmd_status < 0) {
+ errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
+ goto err;
+ } else if (strcmpstart(command, "GET")) {
+ errmsg = "HTTP/1.0 405 Method Not Allowed\r\n\r\n";
+ goto err;
+ }
+ tor_assert(url);
- SMARTLIST_FOREACH(chunks, char *, c, tor_free(c));
- smartlist_free(chunks);
+ /* Where we expect the query to come for. */
+#define EXPECTED_URL_PATH "/metrics"
+#define EXPECTED_URL_PATH_LEN (sizeof(EXPECTED_URL_PATH) - 1) /* No NUL */
- return data;
+ if (!strcmpstart(url, EXPECTED_URL_PATH) &&
+ strlen(url) == EXPECTED_URL_PATH_LEN) {
+ buf_t *data = metrics_get_output(the_format);
+
+ write_metrics_http_response(buf_datalen(data), conn);
+ connection_buf_add_buf(conn, data);
+ buf_free(data);
+ } else {
+ errmsg = "HTTP/1.0 404 Not Found\r\n\r\n";
+ goto err;
+ }
+
+ ret = 0;
+ goto done;
+
+ err:
+ if (errmsg) {
+ log_info(LD_EDGE, "HTTP metrics error: saying %s", escaped(errmsg));
+ connection_buf_add(errmsg, strlen(errmsg), conn);
+ }
+
+ done:
+ tor_free(headers);
+ tor_free(command);
+ tor_free(url);
+
+ return ret;
+}
+
+/** Parse metrics ports from options. On success, add the port to the ports
+ * list and return 0. On failure, set err_msg_out to a newly allocated string
+ * describing the problem and return -1. */
+int
+metrics_parse_ports(or_options_t *options, smartlist_t *ports,
+ char **err_msg_out)
+{
+ int num_elems, ok = 0, ret = -1;
+ const char *addrport_str = NULL, *fmt_str = NULL;
+ smartlist_t *elems = NULL;
+ port_cfg_t *cfg = NULL;
+
+ tor_assert(options);
+ tor_assert(ports);
+
+ /* No metrics port to configure, just move on . */
+ if (!options->MetricsPort_lines) {
+ return 0;
+ }
+
+ elems = smartlist_new();
+
+ /* Split between the protocol and the address/port. */
+ num_elems = smartlist_split_string(elems,
+ options->MetricsPort_lines->value, " ",
+ SPLIT_SKIP_SPACE | SPLIT_IGNORE_BLANK, 2);
+ if (num_elems < 1) {
+ *err_msg_out = tor_strdup("MetricsPort is missing port.");
+ goto end;
+ }
+
+ addrport_str = smartlist_get(elems, 0);
+ if (num_elems >= 2) {
+ /* Parse the format if any. */
+ fmt_str = smartlist_get(elems, 1);
+ if (!strcasecmp(fmt_str, "prometheus")) {
+ the_format = METRICS_FORMAT_PROMETHEUS;
+ } else {
+ tor_asprintf(err_msg_out, "MetricsPort unknown format: %s", fmt_str);
+ goto end;
+ }
+ }
+
+ /* Port configuration with default address. */
+ cfg = port_cfg_new(0);
+ cfg->type = CONN_TYPE_METRICS_LISTENER;
+
+ /* Parse the port first. Then an address if any can be found. */
+ cfg->port = (int) tor_parse_long(addrport_str, 10, 0, 65535, &ok, NULL);
+ if (ok) {
+ tor_addr_parse(&cfg->addr, "127.0.0.1");
+ } else {
+ /* We probably have a host:port situation */
+ if (tor_addr_port_lookup(addrport_str, &cfg->addr,
+ (uint16_t *) &cfg->port) < 0) {
+ *err_msg_out = tor_strdup("MetricsPort address/port failed to parse or "
+ "resolve.");
+ goto end;
+ }
+ }
+ /* Add it to the ports list. */
+ smartlist_add(ports, cfg);
+
+ /* It is set. MetricsPort doesn't support the NoListen options or such that
+ * would prevent from being a real listener port. */
+ options->MetricsPort_set = 1;
+
+ /* Success. */
+ ret = 0;
+
+ end:
+ if (ret != 0) {
+ port_cfg_free(cfg);
+ }
+ SMARTLIST_FOREACH(elems, char *, e, tor_free(e));
+ smartlist_free(elems);
+ return ret;
}
/** Initialize the subsystem. */
diff --git a/src/feature/metrics/metrics.h b/src/feature/metrics/metrics.h
index a30c271bea..b4bbe28b27 100644
--- a/src/feature/metrics/metrics.h
+++ b/src/feature/metrics/metrics.h
@@ -9,13 +9,27 @@
#ifndef TOR_FEATURE_METRICS_METRICS_H
#define TOR_FEATURE_METRICS_METRICS_H
+#include "lib/buf/buffers.h"
+#include "lib/container/smartlist.h"
+
+#include "app/config/or_options_st.h"
+
#include "lib/metrics/metrics_common.h"
+struct connection_t;
+
/* Initializer / Cleanup. */
void metrics_init(void);
void metrics_cleanup(void);
/* Accessors. */
-char *metrics_get_output(const metrics_format_t fmt);
+buf_t *metrics_get_output(const metrics_format_t fmt);
+
+/* Connection. */
+int metrics_connection_process_inbuf(struct connection_t *conn);
+
+/* Configuration. */
+int metrics_parse_ports(or_options_t *options, smartlist_t *ports,
+ char **err_msg_out);
#endif /* !defined(TOR_FEATURE_METRICS_METRICS_H) */
More information about the tor-commits
mailing list