Merge remote-tracking branch 'origin/master' into stable

.golangci.toml

@@ -10,4 +10,4 @@ format = "colored-line-number"
 
 [linters]
 enable-all = true
-disable = ["gochecknoglobals"]
+disable = ["gochecknoglobals", "gomnd"]

Makefile

@@ -4,7 +4,7 @@ APP_NAME     := $(IMAGE_NAME)
 
 CC_BINARIES  := $(shell bash -c "echo -n $(APP_NAME)-{linux,freebsd,openbsd}-{386,amd64} $(APP_NAME)-linux-{arm,arm64}")
 
-GOLANGCI_LINT_VERSION := v1.21.0
+GOLANGCI_LINT_VERSION := v1.23.3
 
 VERSION_GO         := $(shell go version)
 VERSION_DATE       := $(shell date -Ru)

README.md

@@ -159,6 +159,9 @@ by design and we have the negligible possibility of duplication
 (probability is 1/(2^64)) but it could be quite effective to prevent
 replays.
 
+It is possible to disable this cache. To do that, please explicitly set
+its size to 0.
+
 
 ## FakeTLS
 
@@ -191,8 +194,8 @@ supported environment variables:
 | `MTG_STATSD_PREFIX`           | `--statsd-prefix`            | `mtg`                             | Which bucket prefix we should use. For example, if you set `mtg`, then metric `traffic.ingress` would be send as `mtg.traffic.ingress`.                                                                                                                                         |
 | `MTG_STATSD_TAGS_FORMAT`      | `--statsd-tags-format`       |                                   | Which tags format we should use. By default, we are using default vanilla statsd tags format but if you want to send directly to InfluxDB or Datadog, please specify it there. Possible options are `influxdb` and `datadog`.                                                   |
 | `MTG_STATSD_TAGS`             | `--statsd-tags`              |                                   | Which tags should we send to statsd with our metrics. Please specify them as `key=value` pairs.                                                                                                                                                                                 |
-| `MTG_BUFFER_WRITE`            | `-w`, `--write-buffer`       | `65536`                           | The size of TCP write buffer in bytes. Write buffer is the buffer for messages which are going from client to Telegram.                                                                                                                                                         |
-| `MTG_BUFFER_READ`             | `-r`, `--read-buffer`        | `131072`                          | The size of TCP read buffer in bytes. Read buffer is the buffer for messages from Telegram to client.                                                                                                                                                                           |
+| `MTG_BUFFER_WRITE`            | `-w`, `--write-buffer`       | `64KB`                           | The size of TCP write buffer in bytes. Write buffer is the buffer for messages which are going from client to Telegram.                                                                                                                                                         |
+| `MTG_BUFFER_READ`             | `-r`, `--read-buffer`        | `128KB`                          | The size of TCP read buffer in bytes. Read buffer is the buffer for messages from Telegram to client.                                                                                                                                                                           |
 | `MTG_ANTIREPLAY_MAXSIZE`      | `--anti-replay-max-size`     | `128MB`                           | Max size of antireplay cache.                                                                                                                                                                                                                                                   |
 | `MTG_CLOAK_PORT`              | `--cloak-port`               | `443`                             | Which port we should use to connect to cloaked host in FakeTLS mode.                                                                                                                                                                                                            |
 | `MTG_MULTIPLEX_PERCONNECTION` | `--multiplex-per-connection` | `50`                              | How many client connections can share a single Telegram connection in adtag mode                                                                                                                                                                                                |

antireplay/cache.go

@@ -11,19 +11,19 @@ type cache struct {
 	data *fastcache.Cache
 }
 
-func (c *cache) AddObfuscated2(data []byte) {
+func (c cache) AddObfuscated2(data []byte) {
 	c.data.Set(keyObfuscated2(data), nil)
 }
 
-func (c *cache) AddTLS(data []byte) {
+func (c cache) AddTLS(data []byte) {
 	c.data.Set(keyTLS(data), nil)
 }
 
-func (c *cache) HasObfuscated2(data []byte) bool {
+func (c cache) HasObfuscated2(data []byte) bool {
 	return c.data.Has(keyObfuscated2(data))
 }
 
-func (c *cache) HasTLS(data []byte) bool {
+func (c cache) HasTLS(data []byte) bool {
 	return c.data.Has(keyTLS(data))
 }
 

antireplay/init.go

@@ -8,13 +8,24 @@ import (
 	"github.com/9seconds/mtg/config"
 )
 
+type CacheInterface interface {
+	AddObfuscated2([]byte)
+	AddTLS([]byte)
+	HasObfuscated2([]byte) bool
+	HasTLS([]byte) bool
+}
+
 var (
-	Cache    cache
+	Cache    CacheInterface
 	initOnce sync.Once
 )
 
 func Init() {
 	initOnce.Do(func() {
-		Cache.data = fastcache.New(config.C.AntiReplayMaxSize)
+		if config.C.AntiReplayMaxSize == 0 {
+			Cache = nilCache{}
+		} else {
+			Cache = cache{fastcache.New(config.C.AntiReplayMaxSize)}
+		}
 	})
 }

antireplay/nilcache.go

@@ -0,0 +1,8 @@
+package antireplay
+
+type nilCache struct{}
+
+func (n nilCache) AddObfuscated2(_ []byte)      {}
+func (n nilCache) AddTLS(_ []byte)              {}
+func (n nilCache) HasObfuscated2(_ []byte) bool { return false }
+func (n nilCache) HasTLS(_ []byte) bool         { return false }

faketls/client_protocol.go

@@ -8,7 +8,6 @@ import (
 	"io"
 	"net"
 	"strconv"
-	"sync"
 	"time"
 
 	"github.com/9seconds/mtg/antireplay"
@@ -101,32 +100,16 @@ func (c *ClientProtocol) tlsHandshake(conn io.ReadWriter) error {
 }
 
 func (c *ClientProtocol) cloakHost(clientConn io.ReadWriteCloser) {
+	stats.Stats.CloakedRequest()
+
 	addr := net.JoinHostPort(config.C.CloakHost, strconv.Itoa(config.C.CloakPort))
 	hostConn, err := net.Dial("tcp", addr)
 
 	if err != nil {
 		return
 	}
 
-	defer hostConn.Close()
-
-	wg := &sync.WaitGroup{}
-	wg.Add(2)
-
-	go c.pipe(hostConn, clientConn, wg)
-
-	go c.pipe(clientConn, hostConn, wg)
-
-	wg.Wait()
-}
-
-func (c *ClientProtocol) pipe(dst io.WriteCloser, src io.Reader, wg *sync.WaitGroup) {
-	defer func() {
-		wg.Done()
-		dst.Close()
-	}()
-
-	io.Copy(dst, src) // nolint: errcheck
+	cloak(clientConn, hostConn)
 }
 
 func MakeClientProtocol() protocol.ClientProtocol {

faketls/cloak.go

@@ -0,0 +1,71 @@
+package faketls
+
+import (
+	"context"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/9seconds/mtg/wrappers/rwc"
+)
+
+const (
+	cloakLastActivityTimeout = 5 * time.Second
+	cloakMaxTimeout          = 30 * time.Second
+)
+
+func cloak(one, another io.ReadWriteCloser) {
+	defer func() {
+		one.Close()
+		another.Close()
+	}()
+
+	channelPing := make(chan struct{}, 1)
+	ctx, cancel := context.WithCancel(context.Background())
+	one = rwc.NewPing(ctx, one, channelPing)
+	another = rwc.NewPing(ctx, another, channelPing)
+	wg := &sync.WaitGroup{}
+
+	wg.Add(2)
+
+	go func() {
+		defer wg.Done()
+		io.Copy(one, another) // nolint: errcheck
+	}()
+
+	go func() {
+		defer wg.Done()
+		io.Copy(another, one) // nolint: errcheck
+	}()
+
+	go func() {
+		wg.Wait()
+		cancel()
+	}()
+
+	go func() {
+		lastActivityTimer := time.NewTimer(cloakLastActivityTimeout)
+		defer lastActivityTimer.Stop()
+
+		maxTimer := time.NewTimer(cloakMaxTimeout)
+		defer maxTimer.Stop()
+
+		for {
+			select {
+			case <-channelPing:
+				lastActivityTimer.Stop()
+				lastActivityTimer = time.NewTimer(cloakLastActivityTimeout)
+			case <-ctx.Done():
+				return
+			case <-lastActivityTimer.C:
+				cancel()
+				return
+			case <-maxTimer.C:
+				cancel()
+				return
+			}
+		}
+	}()
+
+	<-ctx.Done()
+}

go.mod

@@ -3,18 +3,19 @@ module github.com/9seconds/mtg
 go 1.13
 
 require (
-	github.com/VictoriaMetrics/fastcache v1.5.2
+	github.com/VictoriaMetrics/fastcache v1.5.7
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d
 	github.com/beevik/ntp v0.2.0
-	github.com/cespare/xxhash/v2 v2.1.1 // indirect
-	github.com/prometheus/client_golang v1.2.1
-	github.com/prometheus/procfs v0.0.7 // indirect
+	github.com/golang/protobuf v1.3.3 // indirect
+	github.com/prometheus/client_golang v1.4.0
 	github.com/smira/go-statsd v1.3.1
+	go.uber.org/atomic v1.5.1 // indirect
 	go.uber.org/multierr v1.4.0 // indirect
 	go.uber.org/zap v1.13.0
-	golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f
-	golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 // indirect
-	golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2
-	golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98 // indirect
+	golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
+	golang.org/x/lint v0.0.0-20200130185559-910be7a94367 // indirect
+	golang.org/x/net v0.0.0-20200202094626-16171245cfb2 // indirect
+	golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5
+	golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 )