Documentation
¶
Index ¶
- Constants
- Variables
- func DialQuic(ctx context.Context, quicConfig *quic.Config, tlsConfig *tls.Config, ...) (quic.Connection, error)
- func FindCfRayHeader(req *http.Request) string
- func IsControlResponseHeader(headerName string) bool
- func IsLBProbeRequest(req *http.Request) bool
- func IsTCPStream(r *http.Request) bool
- func IsWebsocketClientHeader(headerName string) bool
- func NewHTTP2RespWriter(r *http.Request, w http.ResponseWriter, connType Type, log *zerolog.Logger) (*http2RespWriter, error)
- func SerializeHeaders(h1Headers http.Header) string
- type ClassicTunnelProperties
- type ConfigurationUpdateBody
- type ConnectedFuse
- type ControlStreamHandler
- type Credentials
- type DatagramSessionHandler
- type DupConnRegisterTunnelError
- type EdgeQuicDialError
- type Event
- type EventSink
- type EventSinkFunc
- type HTTP2Connection
- type HTTPHeader
- type HTTPResponseReadWriteAcker
- type Observer
- type Orchestrator
- type OriginProxy
- type Protocol
- type ProtocolSelector
- type ReadWriteAcker
- type ResponseWriter
- type ServerRegisterTunnelError
- type Status
- type TCPRequest
- type TLSSettings
- type TunnelConfigJSONGetter
- type TunnelConnection
- type TunnelProperties
- type TunnelToken
- type Type
Constants ¶
const ( LogFieldConnIndex = "connIndex" MaxGracePeriod = time.Minute * 3 MaxConcurrentStreams = math.MaxUint32 )
const ( InternalUpgradeHeader = "Cf-Cloudflared-Proxy-Connection-Upgrade" InternalTCPProxySrcHeader = "Cf-Cloudflared-Proxy-Src" WebsocketUpgrade = "websocket" ControlStreamUpgrade = "control-stream" ConfigurationUpdate = "update-configuration" )
note: these constants are exported so we can reuse them in the edge-side code
const ( MetricsNamespace = "cloudflared" TunnelSubsystem = "tunnel" )
const ( LogFieldConnectionID = "connection" LogFieldLocation = "location" LogFieldIPAddress = "ip" LogFieldProtocol = "protocol" )
const ( AvailableProtocolFlagMessage = "" /* 267-byte string literal not displayed */ AutoSelectFlag = "auto" // SRV and TXT record resolution TTL ResolveTTL = time.Hour )
const ( // HTTPHeaderKey is used to get or set http headers in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPHeaderKey = "HttpHeader" // HTTPMethodKey is used to get or set http method in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPMethodKey = "HttpMethod" // HTTPHostKey is used to get or set http host in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPHostKey = "HttpHost" QUICMetadataFlowID = "FlowID" )
const (
DuplicateConnectionError = "EDUPCONN"
)
Variables ¶
var ( // internal special headers RequestUserHeaders = "cf-cloudflared-request-headers" ResponseUserHeaders = "cf-cloudflared-response-headers" ResponseMetaHeader = "cf-cloudflared-response-meta" // internal special headers CanonicalResponseUserHeaders = http.CanonicalHeaderKey(ResponseUserHeaders) CanonicalResponseMetaHeader = http.CanonicalHeaderKey(ResponseMetaHeader) )
var ProtocolList = []Protocol{QUIC, HTTP2}
ProtocolList represents a list of supported protocols for communication with the edge in order of precedence for remote percentage fetcher.
Functions ¶
func FindCfRayHeader ¶
func IsControlResponseHeader ¶
IsControlResponseHeader is called in the direction of eyeball <- origin.
func IsLBProbeRequest ¶
func IsTCPStream ¶
IsTCPStream discerns if the connection request needs a tcp stream proxy.
func IsWebsocketClientHeader ¶
isWebsocketClientHeader returns true if the header name is required by the client to upgrade properly
func NewHTTP2RespWriter ¶
func SerializeHeaders ¶
Serialize HTTP1.x headers by base64-encoding each header name and value, and then joining them in the format of [key:value;]
Types ¶
type ClassicTunnelProperties ¶
type ConfigurationUpdateBody ¶
type ConfigurationUpdateBody struct {
Version int32 `json:"version"`
Config gojson.RawMessage `json:"config"`
}
ConfigurationUpdateBody is the representation followed by the edge to send updates to cloudflared.
type ConnectedFuse ¶
type ConnectedFuse interface {
Connected()
IsConnected() bool
}
type ControlStreamHandler ¶
type ControlStreamHandler interface {
// ServeControlStream handles the control plane of the transport in the current goroutine calling this
ServeControlStream(ctx context.Context, rw io.ReadWriteCloser, connOptions *tunnelpogs.ConnectionOptions, tunnelConfigGetter TunnelConfigJSONGetter) error
// IsStopped tells whether the method above has finished
IsStopped() bool
}
ControlStreamHandler registers connections with origintunneld and initiates graceful shutdown.
func NewControlStream ¶
func NewControlStream( observer *Observer, connectedFuse ConnectedFuse, tunnelProperties *TunnelProperties, connIndex uint8, edgeAddress net.IP, registerClientFunc registerClientFunc, registerTimeout time.Duration, gracefulShutdownC <-chan struct{}, gracePeriod time.Duration, protocol Protocol, ) ControlStreamHandler
NewControlStream returns a new instance of ControlStreamHandler
type Credentials ¶
type Credentials struct {
AccountTag string
TunnelSecret []byte
TunnelID uuid.UUID
Endpoint string
}
Credentials are stored in the credentials file and contain all info needed to run a tunnel.
func (*Credentials) Auth ¶
func (c *Credentials) Auth() pogs.TunnelAuth
type DatagramSessionHandler ¶
type DatagramSessionHandler interface {
Serve(context.Context) error
pogs.SessionManager
}
DatagramSessionHandler is a service that can serve datagrams for a connection and handle sessions from incoming connection streams.
func NewDatagramV2Connection ¶
func NewDatagramV3Connection ¶
func NewDatagramV3Connection(ctx context.Context, conn quic.Connection, sessionManager cfdquic.SessionManager, icmpRouter ingress.ICMPRouter, index uint8, metrics cfdquic.Metrics, logger *zerolog.Logger, ) DatagramSessionHandler
type DupConnRegisterTunnelError ¶
type DupConnRegisterTunnelError struct{}
func (DupConnRegisterTunnelError) Error ¶
func (e DupConnRegisterTunnelError) Error() string
type EdgeQuicDialError ¶
type EdgeQuicDialError struct {
Cause error
}
Dial to edge server with quic failed
func (*EdgeQuicDialError) Error ¶
func (e *EdgeQuicDialError) Error() string
func (*EdgeQuicDialError) Unwrap ¶
func (e *EdgeQuicDialError) Unwrap() error
type Event ¶
type Event struct {
Index uint8
EventType Status
Location string
Protocol Protocol
URL string
EdgeAddress net.IP
}
Event is something that happened to a connection, e.g. disconnection or registration.
type EventSinkFunc ¶
type EventSinkFunc func(event Event)
func (EventSinkFunc) OnTunnelEvent ¶
func (f EventSinkFunc) OnTunnelEvent(event Event)
type HTTP2Connection ¶
type HTTP2Connection struct {
// contains filtered or unexported fields
}
HTTP2Connection represents a net.Conn that uses HTTP2 frames to proxy traffic from the edge to cloudflared on the origin.
func NewHTTP2Connection ¶
func NewHTTP2Connection( conn net.Conn, orchestrator Orchestrator, connOptions *tunnelpogs.ConnectionOptions, observer *Observer, connIndex uint8, controlStreamHandler ControlStreamHandler, log *zerolog.Logger, ) *HTTP2Connection
NewHTTP2Connection returns a new instance of HTTP2Connection.
func (*HTTP2Connection) Serve ¶
func (c *HTTP2Connection) Serve(ctx context.Context) error
Serve serves an HTTP2 server that the edge can talk to.
func (*HTTP2Connection) ServeHTTP ¶
func (c *HTTP2Connection) ServeHTTP(w http.ResponseWriter, r *http.Request)
type HTTPHeader ¶
HTTPHeader is a custom header struct that expects only ever one value for the header. This structure is used to serialize the headers and attach them to the HTTP2 request when proxying.
func DeserializeHeaders ¶
func DeserializeHeaders(serializedHeaders string) ([]HTTPHeader, error)
Deserialize headers serialized by `SerializeHeader`
type HTTPResponseReadWriteAcker ¶
type HTTPResponseReadWriteAcker struct {
// contains filtered or unexported fields
}
HTTPResponseReadWriteAcker is an HTTP implementation of ReadWriteAcker.
func NewHTTPResponseReadWriterAcker ¶
func NewHTTPResponseReadWriterAcker(w ResponseWriter, flusher http.Flusher, req *http.Request) *HTTPResponseReadWriteAcker
NewHTTPResponseReadWriterAcker returns a new instance of HTTPResponseReadWriteAcker.
func (*HTTPResponseReadWriteAcker) AckConnection ¶
func (h *HTTPResponseReadWriteAcker) AckConnection(tracePropagation string) error
AckConnection acks an HTTP connection by sending a switch protocols status code that enables the caller to upgrade to streams.
type Observer ¶
type Observer struct {
// contains filtered or unexported fields
}
func NewObserver ¶
func (*Observer) RegisterSink ¶
func (*Observer) SendDisconnect ¶
func (*Observer) SendReconnect ¶
type Orchestrator ¶
type Orchestrator interface {
UpdateConfig(version int32, config []byte) *pogs.UpdateConfigurationResponse
GetConfigJSON() ([]byte, error)
GetOriginProxy() (OriginProxy, error)
}
type OriginProxy ¶
type OriginProxy interface {
ProxyHTTP(w ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool) error
ProxyTCP(ctx context.Context, rwa ReadWriteAcker, req *TCPRequest) error
}
OriginProxy is how data flows from cloudflared to the origin services running behind it.
type Protocol ¶
type Protocol int64
func (Protocol) TLSSettings ¶
func (p Protocol) TLSSettings() *TLSSettings
type ProtocolSelector ¶
func NewProtocolSelector ¶
func NewProtocolSelector( protocolFlag string, accountTag string, tunnelTokenProvided bool, needPQ bool, protocolFetcher edgediscovery.PercentageFetcher, resolveTTL time.Duration, log *zerolog.Logger, ) (ProtocolSelector, error)
type ReadWriteAcker ¶
type ReadWriteAcker interface {
io.ReadWriter
AckConnection(tracePropagation string) error
}
ReadWriteAcker is a readwriter with the ability to Acknowledge to the downstream (edge) that the origin has accepted the connection.
type ResponseWriter ¶
type ResponseWriter interface {
WriteRespHeaders(status int, header http.Header) error
AddTrailer(trailerName, trailerValue string)
http.ResponseWriter
http.Hijacker
io.Writer
}
ResponseWriter is the response path for a request back through cloudflared's tunnel.
type ServerRegisterTunnelError ¶
RegisterTunnel error from server
func (ServerRegisterTunnelError) Error ¶
func (e ServerRegisterTunnelError) Error() string
type Status ¶
type Status int
Status is the status of a connection.
const ( // Disconnected means the connection to the edge was broken. Disconnected Status = iota // Connected means the connection to the edge was successfully established. Connected // Reconnecting means the connection to the edge is being re-established. Reconnecting // SetURL means this connection's tunnel was given a URL by the edge. Used for quick tunnels. SetURL // RegisteringTunnel means the non-named tunnel is registering its connection. RegisteringTunnel // We're unregistering tunnel from the edge in preparation for a disconnect Unregistering )
type TCPRequest ¶
type TCPRequest struct {
Dest string
CFRay string
LBProbe bool
FlowID string
CfTraceID string
ConnIndex uint8
}
TCPRequest defines the input format needed to perform a TCP proxy.
type TLSSettings ¶
type TunnelConfigJSONGetter ¶
type TunnelConnection ¶
TunnelConnection represents the connection to the edge. The Serve method is provided to allow clients to handle any errors from the connection encountered during processing of the connection. Cancelling of the context provided to Serve will close the connection.
func NewTunnelConnection ¶
func NewTunnelConnection( ctx context.Context, conn quic.Connection, connIndex uint8, orchestrator Orchestrator, datagramSessionHandler DatagramSessionHandler, controlStreamHandler ControlStreamHandler, connOptions *pogs.ConnectionOptions, rpcTimeout time.Duration, streamWriteTimeout time.Duration, gracePeriod time.Duration, logger *zerolog.Logger, ) (TunnelConnection, error)
NewTunnelConnection takes a quic.Connection to wrap it for use with cloudflared application logic.
type TunnelProperties ¶
type TunnelProperties struct {
Credentials Credentials
Client pogs.ClientInfo
QuickTunnelUrl string
}
type TunnelToken ¶
type TunnelToken struct {
AccountTag string `json:"a"`
TunnelSecret []byte `json:"s"`
TunnelID uuid.UUID `json:"t"`
Endpoint string `json:"e,omitempty"`
}
TunnelToken are Credentials but encoded with custom fields namings.
func (TunnelToken) Credentials ¶
func (t TunnelToken) Credentials() Credentials
func (TunnelToken) Encode ¶
func (t TunnelToken) Encode() (string, error)
Source Files