Documentation ¶
Index ¶
- Constants
- Variables
- func DeserializeHeaders(serializedHeaders string) ([]h2mux.Header, error)
- func FindCfRayHeader(req *http.Request) string
- func H1ResponseToH2ResponseHeaders(status int, h1 http.Header) (h2 []h2mux.Header)
- func H2RequestHeadersToH1Request(h2 []h2mux.Header, h1 *http.Request) error
- func IsControlResponseHeader(headerName string) bool
- func IsH2muxControlRequestHeader(headerName string) bool
- func IsH2muxControlResponseHeader(headerName string) bool
- func IsLBProbeRequest(req *http.Request) bool
- func IsTCPStream(r *http.Request) bool
- func IsWebsocketClientHeader(headerName string) bool
- func NewHTTP2RespWriter(r *http.Request, w http.ResponseWriter, connType Type, log *zerolog.Logger) (*http2RespWriter, error)
- func NewTunnelServerClient(ctx context.Context, stream io.ReadWriteCloser, log *zerolog.Logger) *tunnelServerClient
- func SerializeHeaders(h1Headers http.Header) string
- type ClassicTunnelProperties
- type ConfigurationUpdateBody
- type ConnectedFuse
- type ControlStreamHandler
- type Credentials
- type DupConnRegisterTunnelError
- type EdgeQuicDialError
- type Event
- type EventSink
- type EventSinkFunc
- type HTTP2Connection
- type HTTPResponseReadWriteAcker
- type MuxerConfig
- type NamedTunnelProperties
- type NamedTunnelRPCClient
- type Observer
- type Orchestrator
- type OriginProxy
- type Protocol
- type ProtocolSelector
- type QUICConnection
- func (q *QUICConnection) Close()
- func (q *QUICConnection) RegisterUdpSession(ctx context.Context, sessionID uuid.UUID, dstIP net.IP, dstPort uint16, ...) (*tunnelpogs.RegisterUdpSessionResponse, error)
- func (q *QUICConnection) Serve(ctx context.Context) error
- func (q *QUICConnection) UnregisterUdpSession(ctx context.Context, sessionID uuid.UUID, message string) error
- func (q *QUICConnection) UpdateConfiguration(ctx context.Context, version int32, config []byte) *tunnelpogs.UpdateConfigurationResponse
- type RPCClientFunc
- type ReadWriteAcker
- type ResponseWriter
- type ServerRegisterTunnelError
- type Status
- type TCPRequest
- type TLSSettings
- type TunnelConfigJSONGetter
- type TunnelToken
- type Type
Constants ¶
const ( LogFieldConnIndex = "connIndex" MaxGracePeriod = time.Minute * 3 MaxConcurrentStreams = math.MaxUint32 )
const ( InternalUpgradeHeader = "Cf-Cloudflared-Proxy-Connection-Upgrade" InternalTCPProxySrcHeader = "Cf-Cloudflared-Proxy-Src" WebsocketUpgrade = "websocket" ControlStreamUpgrade = "control-stream" ConfigurationUpdate = "update-configuration" )
note: these constants are exported so we can reuse them in the edge-side code
const ( MetricsNamespace = "cloudflared" TunnelSubsystem = "tunnel" )
const ( LogFieldConnectionID = "connection" LogFieldLocation = "location" LogFieldIPAddress = "ip" LogFieldProtocol = "protocol" )
const ( AvailableProtocolFlagMessage = "" /* 267-byte string literal not displayed */ AutoSelectFlag = "auto" // SRV and TXT record resolution TTL ResolveTTL = time.Hour )
const ( // HTTPHeaderKey is used to get or set http headers in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPHeaderKey = "HttpHeader" // HTTPMethodKey is used to get or set http method in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPMethodKey = "HttpMethod" // HTTPHostKey is used to get or set http Method in QUIC ALPN if the underlying proxy connection type is HTTP. HTTPHostKey = "HttpHost" QUICMetadataFlowID = "FlowID" )
const (
DuplicateConnectionError = "EDUPCONN"
)
Variables ¶
var ( // h2mux-style special headers RequestUserHeaders = "cf-cloudflared-request-headers" ResponseUserHeaders = "cf-cloudflared-response-headers" ResponseMetaHeader = "cf-cloudflared-response-meta" // h2mux-style special headers CanonicalResponseUserHeaders = http.CanonicalHeaderKey(ResponseUserHeaders) CanonicalResponseMetaHeader = http.CanonicalHeaderKey(ResponseMetaHeader) )
var ( // ProtocolList represents a list of supported protocols for communication with the edge // in order of precedence for remote percentage fetcher. ProtocolList = []Protocol{QUIC, HTTP2} )
Functions ¶
func DeserializeHeaders ¶
Deserialize headers serialized by `SerializeHeader`
func FindCfRayHeader ¶
func H2RequestHeadersToH1Request ¶
H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld to an HTTP/1 Request object destined for the local origin web service. This operation includes conversion of the pseudo-headers into their closest HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
func IsControlResponseHeader ¶
IsControlResponseHeader is called in the direction of eyeball <- origin.
func IsH2muxControlRequestHeader ¶
IsH2muxControlRequestHeader is called in the direction of eyeball -> origin.
func IsH2muxControlResponseHeader ¶
IsH2muxControlResponseHeader is called in the direction of eyeball <- origin.
func IsLBProbeRequest ¶
func IsTCPStream ¶
IsTCPStream discerns if the connection request needs a tcp stream proxy.
func IsWebsocketClientHeader ¶
isWebsocketClientHeader returns true if the header name is required by the client to upgrade properly
func NewHTTP2RespWriter ¶
func NewTunnelServerClient ¶
func NewTunnelServerClient( ctx context.Context, stream io.ReadWriteCloser, log *zerolog.Logger, ) *tunnelServerClient
NewTunnelRPCClient creates and returns a new RPC client, which will communicate using a stream on the given muxer. This method is exported for supervisor to call Authenticate RPC
func SerializeHeaders ¶
Serialize HTTP1.x headers by base64-encoding each header name and value, and then joining them in the format of [key:value;]
Types ¶
type ClassicTunnelProperties ¶
type ConfigurationUpdateBody ¶
type ConfigurationUpdateBody struct { Version int32 `json:"version"` Config gojson.RawMessage `json:"config"` }
ConfigurationUpdateBody is the representation followed by the edge to send updates to cloudflared.
type ConnectedFuse ¶
type ConnectedFuse interface { Connected() IsConnected() bool }
type ControlStreamHandler ¶
type ControlStreamHandler interface { // ServeControlStream handles the control plane of the transport in the current goroutine calling this ServeControlStream(ctx context.Context, rw io.ReadWriteCloser, connOptions *tunnelpogs.ConnectionOptions, tunnelConfigGetter TunnelConfigJSONGetter) error // IsStopped tells whether the method above has finished IsStopped() bool }
ControlStreamHandler registers connections with origintunneld and initiates graceful shutdown.
func NewControlStream ¶
func NewControlStream( observer *Observer, connectedFuse ConnectedFuse, namedTunnelConfig *NamedTunnelProperties, connIndex uint8, edgeAddress net.IP, newRPCClientFunc RPCClientFunc, gracefulShutdownC <-chan struct{}, gracePeriod time.Duration, protocol Protocol, ) ControlStreamHandler
NewControlStream returns a new instance of ControlStreamHandler
type Credentials ¶
Credentials are stored in the credentials file and contain all info needed to run a tunnel.
func (*Credentials) Auth ¶
func (c *Credentials) Auth() pogs.TunnelAuth
type DupConnRegisterTunnelError ¶
type DupConnRegisterTunnelError struct{}
func (DupConnRegisterTunnelError) Error ¶
func (e DupConnRegisterTunnelError) Error() string
type EdgeQuicDialError ¶
type EdgeQuicDialError struct {
Cause error
}
Dial to edge server with quic failed
func (*EdgeQuicDialError) Error ¶
func (e *EdgeQuicDialError) Error() string
func (*EdgeQuicDialError) Unwrap ¶
func (e *EdgeQuicDialError) Unwrap() error
type EventSinkFunc ¶
type EventSinkFunc func(event Event)
func (EventSinkFunc) OnTunnelEvent ¶
func (f EventSinkFunc) OnTunnelEvent(event Event)
type HTTP2Connection ¶
type HTTP2Connection struct {
// contains filtered or unexported fields
}
HTTP2Connection represents a net.Conn that uses HTTP2 frames to proxy traffic from the edge to cloudflared on the origin.
func NewHTTP2Connection ¶
func NewHTTP2Connection( conn net.Conn, orchestrator Orchestrator, connOptions *tunnelpogs.ConnectionOptions, observer *Observer, connIndex uint8, controlStreamHandler ControlStreamHandler, log *zerolog.Logger, ) *HTTP2Connection
NewHTTP2Connection returns a new instance of HTTP2Connection.
func (*HTTP2Connection) Serve ¶
func (c *HTTP2Connection) Serve(ctx context.Context) error
Serve serves an HTTP2 server that the edge can talk to.
func (*HTTP2Connection) ServeHTTP ¶
func (c *HTTP2Connection) ServeHTTP(w http.ResponseWriter, r *http.Request)
type HTTPResponseReadWriteAcker ¶
type HTTPResponseReadWriteAcker struct {
// contains filtered or unexported fields
}
HTTPResponseReadWriteAcker is an HTTP implementation of ReadWriteAcker.
func NewHTTPResponseReadWriterAcker ¶
func NewHTTPResponseReadWriterAcker(w ResponseWriter, flusher http.Flusher, req *http.Request) *HTTPResponseReadWriteAcker
NewHTTPResponseReadWriterAcker returns a new instance of HTTPResponseReadWriteAcker.
func (*HTTPResponseReadWriteAcker) AckConnection ¶
func (h *HTTPResponseReadWriteAcker) AckConnection(tracePropagation string) error
AckConnection acks an HTTP connection by sending a switch protocols status code that enables the caller to upgrade to streams.
type MuxerConfig ¶
type MuxerConfig struct { HeartbeatInterval time.Duration MaxHeartbeats uint64 CompressionSetting h2mux.CompressionSetting MetricsUpdateFreq time.Duration }
func (*MuxerConfig) H2MuxerConfig ¶
func (mc *MuxerConfig) H2MuxerConfig(h h2mux.MuxedStreamHandler, log *zerolog.Logger) *h2mux.MuxerConfig
type NamedTunnelProperties ¶
type NamedTunnelProperties struct { Credentials Credentials Client pogs.ClientInfo QuickTunnelUrl string }
type NamedTunnelRPCClient ¶
type NamedTunnelRPCClient interface { RegisterConnection( c context.Context, config *NamedTunnelProperties, options *tunnelpogs.ConnectionOptions, connIndex uint8, edgeAddress net.IP, observer *Observer, ) (*tunnelpogs.ConnectionDetails, error) SendLocalConfiguration( c context.Context, config []byte, observer *Observer, ) error GracefulShutdown(ctx context.Context, gracePeriod time.Duration) Close() }
type Observer ¶
type Observer struct {
// contains filtered or unexported fields
}
func NewObserver ¶
func (*Observer) RegisterSink ¶
func (*Observer) SendDisconnect ¶
func (*Observer) SendReconnect ¶
type Orchestrator ¶
type Orchestrator interface { UpdateConfig(version int32, config []byte) *pogs.UpdateConfigurationResponse GetConfigJSON() ([]byte, error) GetOriginProxy() (OriginProxy, error) }
type OriginProxy ¶
type OriginProxy interface { ProxyHTTP(w ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool) error ProxyTCP(ctx context.Context, rwa ReadWriteAcker, req *TCPRequest) error }
OriginProxy is how data flows from cloudflared to the origin services running behind it.
type Protocol ¶
type Protocol int64
func (Protocol) TLSSettings ¶
func (p Protocol) TLSSettings() *TLSSettings
type ProtocolSelector ¶
func NewProtocolSelector ¶
func NewProtocolSelector( protocolFlag string, accountTag string, tunnelTokenProvided bool, needPQ bool, protocolFetcher edgediscovery.PercentageFetcher, resolveTTL time.Duration, log *zerolog.Logger, ) (ProtocolSelector, error)
type QUICConnection ¶
type QUICConnection struct {
// contains filtered or unexported fields
}
QUICConnection represents the type that facilitates Proxying via QUIC streams.
func NewQUICConnection ¶
func NewQUICConnection( ctx context.Context, quicConfig *quic.Config, edgeAddr net.Addr, localAddr net.IP, connIndex uint8, tlsConfig *tls.Config, orchestrator Orchestrator, connOptions *tunnelpogs.ConnectionOptions, controlStreamHandler ControlStreamHandler, logger *zerolog.Logger, packetRouterConfig *ingress.GlobalRouterConfig, udpUnregisterTimeout time.Duration, ) (*QUICConnection, error)
NewQUICConnection returns a new instance of QUICConnection.
func (*QUICConnection) Close ¶
func (q *QUICConnection) Close()
Close closes the session with no errors specified.
func (*QUICConnection) RegisterUdpSession ¶
func (q *QUICConnection) RegisterUdpSession(ctx context.Context, sessionID uuid.UUID, dstIP net.IP, dstPort uint16, closeAfterIdleHint time.Duration, traceContext string) (*tunnelpogs.RegisterUdpSessionResponse, error)
RegisterUdpSession is the RPC method invoked by edge to register and run a session
func (*QUICConnection) Serve ¶
func (q *QUICConnection) Serve(ctx context.Context) error
Serve starts a QUIC session that begins accepting streams.
func (*QUICConnection) UnregisterUdpSession ¶
func (q *QUICConnection) UnregisterUdpSession(ctx context.Context, sessionID uuid.UUID, message string) error
UnregisterUdpSession is the RPC method invoked by edge to unregister and terminate a sesssion
func (*QUICConnection) UpdateConfiguration ¶
func (q *QUICConnection) UpdateConfiguration(ctx context.Context, version int32, config []byte) *tunnelpogs.UpdateConfigurationResponse
UpdateConfiguration is the RPC method invoked by edge when there is a new configuration
type RPCClientFunc ¶
type RPCClientFunc func(context.Context, io.ReadWriteCloser, *zerolog.Logger) NamedTunnelRPCClient
RPCClientFunc derives a named tunnel rpc client that can then be used to register and unregister connections.
type ReadWriteAcker ¶
type ReadWriteAcker interface { io.ReadWriter AckConnection(tracePropagation string) error }
ReadWriteAcker is a readwriter with the ability to Acknowledge to the downstream (edge) that the origin has accepted the connection.
type ResponseWriter ¶
type ResponseWriter interface { WriteRespHeaders(status int, header http.Header) error AddTrailer(trailerName, trailerValue string) http.ResponseWriter http.Hijacker io.Writer }
ResponseWriter is the response path for a request back through cloudflared's tunnel.
type ServerRegisterTunnelError ¶
RegisterTunnel error from server
func (ServerRegisterTunnelError) Error ¶
func (e ServerRegisterTunnelError) Error() string
type Status ¶
type Status int
Status is the status of a connection.
const ( // Disconnected means the connection to the edge was broken. Disconnected Status = iota // Connected means the connection to the edge was successfully established. Connected // Reconnecting means the connection to the edge is being re-established. Reconnecting // SetURL means this connection's tunnel was given a URL by the edge. Used for quick tunnels. SetURL // RegisteringTunnel means the non-named tunnel is registering its connection. RegisteringTunnel // We're unregistering tunnel from the edge in preparation for a disconnect Unregistering )
type TCPRequest ¶
type TCPRequest struct { Dest string CFRay string LBProbe bool FlowID string CfTraceID string ConnIndex uint8 }
TCPRequest defines the input format needed to perform a TCP proxy.
type TLSSettings ¶
type TunnelConfigJSONGetter ¶
type TunnelToken ¶
type TunnelToken struct { AccountTag string `json:"a"` TunnelSecret []byte `json:"s"` TunnelID uuid.UUID `json:"t"` }
TunnelToken are Credentials but encoded with custom fields namings.
func (TunnelToken) Credentials ¶
func (t TunnelToken) Credentials() Credentials
func (TunnelToken) Encode ¶
func (t TunnelToken) Encode() (string, error)