l4tls

package
v0.0.0-...-4907280 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetConnectionStates

func GetConnectionStates(cx *layer4.Connection) []*tls.ConnectionState

GetConnectionStates gets the tls.ConnectionState for all the terminated TLS connections.

func ParseCaddyfileNestedMatcherSet

func ParseCaddyfileNestedMatcherSet(d *caddyfile.Dispenser) (caddy.ModuleMap, error)

ParseCaddyfileNestedMatcherSet parses the Caddyfile tokens for a nested matcher set, and returns its raw module map value.

Types

type ClientHelloInfo

type ClientHelloInfo struct {
	tls.ClientHelloInfo

	Version                      uint16
	Random                       []byte
	SessionID                    []byte
	SecureRenegotiationSupported bool
	SecureRenegotiation          []byte
	CompressionMethods           []byte

	Extensions []uint16

	OCSPStapling         bool
	TicketSupported      bool
	SessionTicket        []uint8
	SupportedSchemesCert []tls.SignatureScheme
	SCTs                 bool
	Cookie               []byte
	KeyShares            []KeyShare
	EarlyData            bool
	PSKModes             []uint8
	PSKIdentities        []PSKIdentity
	PSKBinders           [][]byte
}

ClientHelloInfo holds information about a TLS ClientHello. Our own parser collects a little more information than the standard library's struct holds.

func GetClientHelloInfos

func GetClientHelloInfos(cx *layer4.Connection) []ClientHelloInfo

GetClientHelloInfos gets ClientHello information for all the terminated TLS connections.

func (ClientHelloInfo) FillTLSClientConfig

func (chi ClientHelloInfo) FillTLSClientConfig(cfg *tls.Config)

FillTLSClientConfig fills cfg (a client-side TLS config) with information from chi. It does not overwrite any fields in cfg that are already non-zero.

type Handler

type Handler struct {
	ConnectionPolicies caddytls.ConnectionPolicies `json:"connection_policies,omitempty"`
	// contains filtered or unexported fields
}

Handler is a connection handler that terminates TLS.

func (*Handler) CaddyModule

func (*Handler) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*Handler) Handle

func (t *Handler) Handle(cx *layer4.Connection, next layer4.Handler) error

Handle handles the connections.

func (*Handler) Provision

func (t *Handler) Provision(ctx caddy.Context) error

Provision sets up the module.

func (*Handler) UnmarshalCaddyfile

func (t *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile sets up the Handler from Caddyfile tokens. Syntax:

tls {
	connection_policy {
		...
	}
	connection_policy {
		...
	}
}
tls

type KeyShare

type KeyShare struct {
	Group tls.CurveID
	Data  []byte
}

KeyShare is a TLS 1.3 Key Share. See RFC 8446, Section 4.2.8.

type MatchALPN

type MatchALPN []string

func (*MatchALPN) CaddyModule

func (*MatchALPN) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*MatchALPN) Match

func (m *MatchALPN) Match(hello *tls.ClientHelloInfo) bool

func (*MatchALPN) UnmarshalCaddyfile

func (m *MatchALPN) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile sets up the MatchALPN from Caddyfile tokens. Syntax:

alpn <values...>

type MatchTLS

type MatchTLS struct {
	MatchersRaw caddy.ModuleMap `json:"-" caddy:"namespace=tls.handshake_match"`
	// contains filtered or unexported fields
}

MatchTLS is able to match TLS connections. Its structure is different from the auto-generated documentation. This value should be a map of matcher names to their values.

func (*MatchTLS) CaddyModule

func (*MatchTLS) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*MatchTLS) MarshalJSON

func (m *MatchTLS) MarshalJSON() ([]byte, error)

MarshalJSON satisfies the json.Marshaler interface.

func (*MatchTLS) Match

func (m *MatchTLS) Match(cx *layer4.Connection) (bool, error)

Match returns true if the connection is a TLS handshake.

func (*MatchTLS) Provision

func (m *MatchTLS) Provision(ctx caddy.Context) error

Provision sets up the handler.

func (*MatchTLS) UnmarshalCaddyfile

func (m *MatchTLS) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile sets up the MatchTLS from Caddyfile tokens. Syntax:

tls {
	matcher [<args...>]
	matcher [<args...>]
}
tls matcher [<args...>]
tls

func (*MatchTLS) UnmarshalJSON

func (m *MatchTLS) UnmarshalJSON(b []byte) error

UnmarshalJSON satisfies the json.Unmarshaler interface.

type PSKIdentity

type PSKIdentity struct {
	// contains filtered or unexported fields
}

PSKIdentity is a TLS 1.3 PSK Identity. Can be a Session Ticket, or a reference to a saved session. See RFC 8446, Section 4.2.11.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL