filtertransport

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 31, 2021 License: GPL-3.0, MIT Imports: 5 Imported by: 0

README

Filtering go http transport and proxy handler

Useful when you want to limit what clients can connect to. Default transport and proxy handler filters local, private and link local networks.

See client and proxy examples.

Known issues

  • Probably messes up IPv6 happy eyeballs

License

filtertransport is licensed under the MIT license. See LICENSE for the full license text.

Documentation

Overview

Package filtertransport implements filtering http transport and proxy handler

Index

Constants

This section is empty.

Variables

View Source 
var DefaultFilteredNetworks = []net.IPNet{
	MustParseCIDR("10.0.0.0/8"),
	MustParseCIDR("172.16.0.0/12"),
	MustParseCIDR("192.168.0.0/16"),
	MustParseCIDR("127.0.0.0/8"),
	MustParseCIDR("0.0.0.0/8"),
	MustParseCIDR("169.254.0.0/16"),
	MustParseCIDR("192.0.0.0/24"),
	MustParseCIDR("192.0.2.0/24"),
	MustParseCIDR("198.51.100.0/24"),
	MustParseCIDR("203.0.113.0/24"),
	MustParseCIDR("192.88.99.0/24"),
	MustParseCIDR("192.18.0.0/15"),
	MustParseCIDR("224.0.0.0/4"),
	MustParseCIDR("240.0.0.0/4"),
	MustParseCIDR("255.255.255.255/32"),
	MustParseCIDR("100.64.0.0/10"),
	MustParseCIDR("::/128"),
	MustParseCIDR("::1/128"),
	MustParseCIDR("100::/64"),
	MustParseCIDR("2001::/23"),
	MustParseCIDR("2001:2::/48"),
	MustParseCIDR("2001:db8::/32"),
	MustParseCIDR("2001::/32"),
	MustParseCIDR("fc00::/7"),
	MustParseCIDR("fe80::/10"),
	MustParseCIDR("ff00::/8"),
	MustParseCIDR("2002::/16"),
}

DefaultFilteredNetworks net.IPNets that are loopback, private, link local, default unicast based on https://github.com/ooni/psiphon/oopsi/github.com/letsencrypt/boulder/blob/master/bdns/dns.go

View Source 
var DefaultTransport = &http.Transport{

	DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
		return FilterDial(ctx, network, addr, DefaultFilter, (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
			DualStack: true,
		}).DialContext)
	},
	ForceAttemptHTTP2:     true,
	MaxIdleConns:          100,
	IdleConnTimeout:       90 * time.Second,
	TLSHandshakeTimeout:   10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
}

DefaultTransport http.DefaultTransport that filters using DefaultFilter

Functions

func DefaultFilter 

func DefaultFilter(addr net.TCPAddr) error

DefaultFilter filters DefaultFilteredNetworks

func FilterDial 

func FilterDial(ctx context.Context, network string, address string, filter FilterTCPAddrFn, dial DialFn) (net.Conn, error)

FilterDial http.Transport dial with filtering function

func FindIPNet 

func FindIPNet(ipnets []net.IPNet, ip net.IP) bool

FindIPNet true if any of the ipnets contains ip

func MustParseCIDR 

func MustParseCIDR(s string) net.IPNet

MustParseCIDR parses string into net.IPNet

Types

type DialFn 

type DialFn func(ctx context.Context, network string, address string) (net.Conn, error)

DialFn http.Transport dial function

type FilterError 

type FilterError struct {
	net.TCPAddr
}

FilterError TCP address filtered error

func (FilterError) Error 

func (e FilterError) Error() string

type FilterTCPAddrFn 

type FilterTCPAddrFn func(addr net.TCPAddr) error

FilterTCPAddrFn function deciding if to filter

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.