Add EventReplayAttack

events/event_stream.go

@@ -83,6 +83,8 @@ func eventStreamProcessor(ctx context.Context, eventChan <-chan mtglib.Event, ob
 				observer.EventIPBlocklisted(typedEvt)
 			case mtglib.EventConcurrencyLimited:
 				observer.EventConcurrencyLimited(typedEvt)
+			case mtglib.EventReplayAttack:
+				observer.EventReplayAttack(typedEvt)
 			}
 		}
 	}

events/event_stream_test.go

@@ -206,6 +206,28 @@ func (suite *EventStreamTestSuite) TestEventIPBlocklisted() {
 	time.Sleep(100 * time.Millisecond)
 }
 
+func (suite *EventStreamTestSuite) TestEventReplayAttack() {
+	evt := mtglib.EventReplayAttack{
+		CreatedAt: time.Now(),
+		ConnID:    "CONNID",
+	}
+
+	for _, v := range []*ObserverMock{suite.observerMock1, suite.observerMock2} {
+		v.
+			On("EventReplayAttack", mock.Anything).
+			Once().
+			Run(func(args mock.Arguments) {
+				caught := args.Get(0).(mtglib.EventReplayAttack)
+
+				suite.Equal(evt.CreatedAt, caught.CreatedAt)
+				suite.Equal(evt.StreamID(), caught.StreamID())
+			})
+	}
+
+	suite.stream.Send(suite.ctx, evt)
+	time.Sleep(100 * time.Millisecond)
+}
+
 func (suite *EventStreamTestSuite) TearDownTest() {
 	suite.stream.Shutdown()
 	suite.ctxCancel()

events/init.go

@@ -10,6 +10,7 @@ type Observer interface {
 	EventTraffic(mtglib.EventTraffic)
 	EventConcurrencyLimited(mtglib.EventConcurrencyLimited)
 	EventIPBlocklisted(mtglib.EventIPBlocklisted)
+	EventReplayAttack(mtglib.EventReplayAttack)
 
 	Shutdown()
 }

events/init_test.go

@@ -37,6 +37,10 @@ func (o *ObserverMock) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
 	o.Called(evt)
 }
 
+func (o *ObserverMock) EventReplayAttack(evt mtglib.EventReplayAttack) {
+	o.Called(evt)
+}
+
 func (o *ObserverMock) Shutdown() {
 	o.Called()
 }

events/multi_observer.go

@@ -115,6 +115,21 @@ func (m multiObserver) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
 	wg.Wait()
 }
 
+func (m multiObserver) EventReplayAttack(evt mtglib.EventReplayAttack) {
+	wg := &sync.WaitGroup{}
+	wg.Add(len(m.observers))
+
+	for _, v := range m.observers {
+		go func(obs Observer) {
+			defer wg.Done()
+
+			obs.EventReplayAttack(evt)
+		}(v)
+	}
+
+	wg.Wait()
+}
+
 func (m multiObserver) Shutdown() {
 	for _, v := range m.observers {
 		v.Shutdown()

events/noop.go

@@ -24,6 +24,7 @@ func (n noopObserver) EventTraffic(_ mtglib.EventTraffic)
 func (n noopObserver) EventFinish(_ mtglib.EventFinish)                         {}
 func (n noopObserver) EventConcurrencyLimited(_ mtglib.EventConcurrencyLimited) {}
 func (n noopObserver) EventIPBlocklisted(_ mtglib.EventIPBlocklisted)           {}
+func (n noopObserver) EventReplayAttack(_ mtglib.EventReplayAttack)             {}
 func (n noopObserver) Shutdown()                                                {}
 
 func NewNoopObserver() Observer {

events/noop_test.go

@@ -45,11 +45,17 @@ func (suite *NoopTestSuite) SetupSuite() {
 			CreatedAt: time.Now(),
 			ConnID:    "connID",
 		},
-		"concurrency-limited": mtglib.EventConcurrencyLimited{},
+		"concurrency-limited": mtglib.EventConcurrencyLimited{
+			CreatedAt: time.Now(),
+		},
 		"ip-blacklisted": mtglib.EventIPBlocklisted{
 			RemoteIP:  net.ParseIP("10.0.0.10"),
 			CreatedAt: time.Now(),
 		},
+		"replay-attack": mtglib.EventReplayAttack{
+			CreatedAt: time.Now(),
+			ConnID:    "connID",
+		},
 	}
 	suite.ctx = context.Background()
 }
@@ -88,6 +94,8 @@ func (suite *NoopTestSuite) TestObserver() {
 				observer.EventConcurrencyLimited(typedEvt)
 			case mtglib.EventIPBlocklisted:
 				observer.EventIPBlocklisted(typedEvt)
+			case mtglib.EventReplayAttack:
+				observer.EventReplayAttack(typedEvt)
 			}
 		})
 	}

mtglib/events.go

@@ -99,3 +99,16 @@ func (e EventIPBlocklisted) StreamID() string {
 func (e EventIPBlocklisted) Timestamp() time.Time {
 	return e.CreatedAt
 }
+
+type EventReplayAttack struct {
+	CreatedAt time.Time
+	ConnID    string
+}
+
+func (e EventReplayAttack) StreamID() string {
+	return e.ConnID
+}
+
+func (e EventReplayAttack) Timestamp() time.Time {
+	return e.CreatedAt
+}

mtglib/events_test.go

@@ -87,6 +87,16 @@ func (suite *EventsTestSuite) TestEventIPBlocklisted() {
 	suite.WithinDuration(time.Now(), evt.Timestamp(), 10*time.Millisecond)
 }
 
+func (suite *EventsTestSuite) TestEventReplayAttack() {
+	evt := mtglib.EventReplayAttack{
+		CreatedAt: time.Now(),
+		ConnID:    "CONNID",
+	}
+
+	suite.Equal("CONNID", evt.StreamID())
+	suite.WithinDuration(time.Now(), evt.Timestamp(), 10*time.Millisecond)
+}
+
 func TestEvents(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &EventsTestSuite{})

mtglib/proxy.go

@@ -166,6 +166,10 @@ func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) bool {
 
 	if p.antiReplayCache.SeenBefore(hello.SessionID) {
 		p.logger.Warning("replay attack has been detected!")
+		p.eventStream.Send(p.ctx, EventReplayAttack{
+			CreatedAt: time.Now(),
+			ConnID:    ctx.connID,
+		})
 		p.doDomainFronting(ctx, rewind)
 
 		return false

stats/prometheus.go

@@ -110,10 +110,14 @@ func (p prometheusProcessor) EventConcurrencyLimited(_ mtglib.EventConcurrencyLi
 	p.factory.metricConcurrencyLimited.Inc()
 }
 
-func (p prometheusProcessor) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
+func (p prometheusProcessor) EventIPBlocklisted(_ mtglib.EventIPBlocklisted) {
 	p.factory.metricIPBlocklisted.Inc()
 }
 
+func (p prometheusProcessor) EventReplayAttack(_ mtglib.EventReplayAttack) {
+	p.factory.metricReplayAttacks.Inc()
+}
+
 func (p prometheusProcessor) Shutdown() {
 	for _, v := range p.streams {
 		releaseStreamInfo(v)

stats/prometheus_test.go

@@ -198,6 +198,19 @@ func (suite *PrometheusTestSuite) TestEventIPBlocklisted() {
 	suite.Contains(data, `mtg_ip_blocklisted 1`)
 }
 
+func (suite *PrometheusTestSuite) TestEventReplayAttack() {
+	suite.prometheus.EventReplayAttack(mtglib.EventReplayAttack{
+		CreatedAt: time.Now(),
+		ConnID:    "connID",
+	})
+
+	time.Sleep(100 * time.Millisecond)
+
+	data, err := suite.Get()
+	suite.NoError(err)
+	suite.Contains(data, `mtg_replay_attacks 1`)
+}
+
 func TestPrometheus(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &PrometheusTestSuite{})

stats/statsd.go

@@ -114,10 +114,14 @@ func (s statsdProcessor) EventConcurrencyLimited(_ mtglib.EventConcurrencyLimite
 	s.client.Incr(MetricConcurrencyLimited, 1)
 }
 
-func (s statsdProcessor) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
+func (s statsdProcessor) EventIPBlocklisted(_ mtglib.EventIPBlocklisted) {
 	s.client.Incr(MetricIPBlocklisted, 1)
 }
 
+func (s statsdProcessor) EventReplayAttack(_ mtglib.EventReplayAttack) {
+	s.client.Incr(MetricReplayAttacks, 1)
+}
+
 func (s statsdProcessor) Shutdown() {
 	now := time.Now()
 	events := make([]mtglib.EventFinish, 0, len(s.streams))

stats/statsd_test.go

@@ -228,6 +228,16 @@ func (suite *StatsdTestSuite) TestEventIPBlocklisted() {
 	suite.Equal("mtg.ip_blocklisted:1|c", suite.statsdServer.String())
 }
 
+func (suite *StatsdTestSuite) TestEventReplayAttack() {
+	suite.statsd.EventReplayAttack(mtglib.EventReplayAttack{
+		CreatedAt: time.Now(),
+		ConnID:    "connID",
+	})
+
+	time.Sleep(statsdSleepTime)
+	suite.Equal("mtg.replay_attacks:1|c", suite.statsdServer.String())
+}
+
 func TestStatsd(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &StatsdTestSuite{})