tunnel

package
v0.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2023 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultBackoffInterval    = 500 * time.Millisecond
	DefaultBackoffMultiplier  = 1.5
	DefaultBackoffMaxInterval = 20 * time.Second
	DefaultBackoffMaxTime     = 2 * time.Minute
)

Default backoff configuration.

Variables

View Source
var (
	//Config server config
	Config *ServerConfig
	//Servers map, key by ServerName
	Servers = make(map[string]*Server)
	//ServerAddrs Servers grouped with listen address
	ServerAddrs = make(map[string][]*Server)
	//ServerListeners list of listen objects
	ServerListeners []*ServerListen
)
View Source
var (
	//PeerProbeChanel to push cluster connection probe.
	//The RPC picks the sni and sends to core
	PeerProbeChanel = make(chan string, 256)
)
View Source
var (

	//Clients map, key by ServerName
	//Clients = make(map[string]*Client)
	ScaleClients = make(chan bool, 5)
)

Functions

func ClientTLSConfig

func ClientTLSConfig(tlsCrt string, tlsKey string, rootCA string, addr string) (*tls.Config, error)

ClientTLSConfig sets tls config

func ClientTLSConfigFromBytes

func ClientTLSConfigFromBytes(tlsCrt []byte, tlsKey []byte, rootPEM []byte, addr string) (*tls.Config, error)

ClientTLSConfigFromBytes sets tls config

func DialinMetric

func DialinMetric(w http.ResponseWriter)

DialinMetric for cluster connection

func GetRemoteCertID

func GetRemoteCertID(conn *tls.Conn) (string, error)

GetRemoteCertID extract peer ID

func SendPeerProbe

func SendPeerProbe(chnl chan<- string, clustersni string)

func ServerTLSConfigFromBytes

func ServerTLSConfigFromBytes(certList []utils.SNICertificate, rootCAs []string, nextprotos ...string) (*tls.Config, error)

ServerTLSConfigFromBytes prepare a tls config from cert,key,rootCA

func StartCDServer

func StartCDServer(ctx context.Context, log *relaylogger.RelayLog, auditPath string, exitChan chan<- bool)

StartCDServer starts server

func StartClient

func StartClient(ctx context.Context, log *relaylogger.RelayLog, file string, rnc utils.RelayNetworkConfig, exitChan chan<- bool)

StartClient starts relay clients

func StartDialinPoolMgr

func StartDialinPoolMgr(ctx context.Context, log *relaylogger.RelayLog, exitChan chan<- bool)

StartDialinPoolMgr starting dialin connection manager

func StartPeeringMgr

func StartPeeringMgr(ctx context.Context, log *relaylogger.RelayLog, exitChan chan<- bool, config *ServerConfig)

StartPeeringMgr will start the peering RPCs

func StartServer

func StartServer(ctx context.Context, log *relaylogger.RelayLog, auditPath string, exitChan chan<- bool)

StartServer starts server

Types

type Backoff

type Backoff interface {
	// Next returns the duration to sleep before retrying to reconnect.
	// If the returned value is negative, the retry is aborted.
	NextBackOff() time.Duration

	// Reset is used to signal a reconnection was successful and next
	// call to Next should return desired time duration for 1st reconnection
	// attempt.
	Reset()
}

Backoff defines behavior of staggering reconnection retries.

type BackoffConfig

type BackoffConfig struct {
	Interval    time.Duration
	Multiplier  float64
	MaxInterval time.Duration
	MaxTime     time.Duration
}

BackoffConfig defines behavior of staggering reconnection retries.

type Client

type Client struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Client struct

func (*Client) Start

func (c *Client) Start(ctx context.Context) error

Start relay client

type ClientConfig

type ClientConfig struct {
	//ServiceName name of the service
	ServiceName string
	// ServerAddr specifies  address of the tunnel server.
	ServerAddr string
	//Upstream upstream address
	Upstream string
	//Protocol ..
	Protocol string
	// TLSClientConfig specifies the tls configuration to use with
	// tls.Client.
	TLSClientConfig *tls.Config
	// Backoff specifies backoff policy on server connection retry. If nil
	// when dial fails it will not be retried.
	Backoff Backoff

	//ServiceProxy is Func responsible for transferring data between server and local services.
	ServiceProxy proxy.Func
	// Logger is optional logger. If nil logging is disabled.
	Logger *relaylogger.RelayLog
}

ClientConfig ..

type ControllerInfo

type ControllerInfo struct {
	Addr         string
	PeerProbeSNI string
	RootCA       string
	ClientCRT    string
	ClientKEY    string
}

ControllerInfo defines controller info.

type Dialin

type Dialin struct {
	Protocol   string
	Addr       string
	ServerName string
	RootCA     []byte
	ServerCRT  []byte
	ServerKEY  []byte
	Version    string
}

Dialin defines a dialin.

type Dialout

type Dialout struct {
	Protocol           string
	Addr               string
	ServiceSNI         string
	RootCA             string
	ClientCRT          string
	ClientKEY          string
	Upstream           string
	UpstreamClientCRT  string
	UpstreamClientKEY  string
	UpstreamRootCA     string
	UpstreamSkipVerify bool
	UpstreamKubeConfig string
	Version            string
}

Dialout defines the dialout.

type Relay

type Relay struct {
	Protocol   string
	Addr       string
	DialinSfx  string
	ServerName string
	RootCA     []byte
	ServerCRT  []byte
	ServerKEY  []byte
	Version    string
}

Relay defines a relay.

type RelayConn

type RelayConn struct {
	// Conn is the network connection
	Conn net.Conn

	// Type of the server. Relay means user-facing
	// Dialin means cluster-facing
	Type string

	// ServerName of the server which accepted the connection
	ServerName string

	// CertSNI derived from client certificate
	CertSNI string

	// PeerID derived from client certificate
	PeerID string
	// contains filtered or unexported fields
}

RelayConn connection info

type Server

type Server struct {
	// Type of the server. Relay means user-facing
	// Dialin means cluster-facing
	Type string

	// Name specifies the service names example kubectl, kubeweb, etc.
	Name string

	// ServerName of the listening server.
	ServerName string

	// Protocol specifies protocol used http(s)
	Protocol string

	// RootCA used to verify TLS client connections
	RootCA []byte

	// ServerCRT used for the server
	ServerCRT []byte

	// ServerKEY used for the server
	ServerKEY []byte

	// DialinServerName specify the dialin server name
	// valid only for relay server types.
	DialinServerName string

	// DialinPool where dialin connections are parked
	// valid only for dialin server types
	DialinPool *dialinPool

	Provisioner *authzProvisioner
	// contains filtered or unexported fields
}

Server server definition

func (*Server) AddToDialinPool

func (srv *Server) AddToDialinPool(rconn *RelayConn, remoteAddr string) (string, error)

AddToDialinPool add connection to dialin pool of the server

func (*Server) ProcessCDPeerForwards

func (srv *Server) ProcessCDPeerForwards(ctx context.Context, conn net.Conn, lg *relaylogger.RelayLog, relayIP string, state tls.ConnectionState)

ProcessCDPeerForwards ...

func (*Server) ProcessPeerForwards

func (srv *Server) ProcessPeerForwards(w http.ResponseWriter, r *http.Request, lg *relaylogger.RelayLog, relayIP string, certIssue int64)

ProcessPeerForwards ...

func (*Server) ProcessRelayRequest

func (srv *Server) ProcessRelayRequest(w http.ResponseWriter, r *http.Request, lg *relaylogger.RelayLog)

ProcessRelayRequest process user-facing request

func (*Server) ServeHTTP

func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP requests from userfacing connection

type ServerConfig

type ServerConfig struct {
	RelayAddr  string
	Relays     map[string]*Relay
	CDRelays   map[string]*Relay
	Dialins    map[string]*Dialin
	Controller ControllerInfo
	AuditPath  string
}

ServerConfig is the configuration for relay server

type ServerListen

type ServerListen struct {
	// Addr specifies the listen address
	Addr string
	// Protocol of all servers listening in above address
	Protocol string
	// RootCAs used to verify TLS client connections
	RootCAs []string
	// List of certs used to terminate listening *.format supported
	Certs []utils.SNICertificate
	// ServerList are the servers using above listen address
	ServerList []*Server

	//Mux tls sni muxer
	Mux *vhost.TLSMuxer
}

ServerListen defines a listen object

func (*ServerListen) StartHTTPSListen

func (sl *ServerListen) StartHTTPSListen(ctx context.Context)

StartHTTPSListen start TLS listen on address Both user & dialin endpoint listen on 443 Based on SNI traffic is routed/muxed to appropriate handler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL