connection

package
v0.0.0-...-455eedf Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2023 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	LogFieldConnIndex    = "connIndex"
	MaxGracePeriod       = time.Minute * 3
	MaxConcurrentStreams = math.MaxUint32
)
View Source
const (
	InternalUpgradeHeader     = "Cf-Cloudflared-Proxy-Connection-Upgrade"
	InternalTCPProxySrcHeader = "Cf-Cloudflared-Proxy-Src"
	WebsocketUpgrade          = "websocket"
	ControlStreamUpgrade      = "control-stream"
	ConfigurationUpdate       = "update-configuration"
)

note: these constants are exported so we can reuse them in the edge-side code

View Source
const (
	MetricsNamespace = "cloudflared"
	TunnelSubsystem  = "tunnel"
)
View Source
const (
	LogFieldConnectionID = "connection"
	LogFieldLocation     = "location"
	LogFieldIPAddress    = "ip"
	LogFieldProtocol     = "protocol"
)
View Source
const (
	AvailableProtocolFlagMessage = "" /* 267-byte string literal not displayed */

	AutoSelectFlag = "auto"
	// SRV and TXT record resolution TTL
	ResolveTTL = time.Hour
)
View Source
const (
	// HTTPHeaderKey is used to get or set http headers in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPHeaderKey = "HttpHeader"
	// HTTPMethodKey is used to get or set http method in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPMethodKey = "HttpMethod"
	// HTTPHostKey is used to get or set http Method in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPHostKey = "HttpHost"

	QUICMetadataFlowID = "FlowID"
)
View Source
const (
	DuplicateConnectionError = "EDUPCONN"
)

Variables

View Source
var (
	// h2mux-style special headers
	RequestUserHeaders  = "cf-cloudflared-request-headers"
	ResponseUserHeaders = "cf-cloudflared-response-headers"
	ResponseMetaHeader  = "cf-cloudflared-response-meta"

	// h2mux-style special headers
	CanonicalResponseUserHeaders = http.CanonicalHeaderKey(ResponseUserHeaders)
	CanonicalResponseMetaHeader  = http.CanonicalHeaderKey(ResponseMetaHeader)
)
View Source
var (
	// ProtocolList represents a list of supported protocols for communication with the edge
	// in order of precedence for remote percentage fetcher.
	ProtocolList = []Protocol{QUIC, HTTP2}
)

Functions

func DeserializeHeaders

func DeserializeHeaders(serializedHeaders string) ([]h2mux.Header, error)

Deserialize headers serialized by `SerializeHeader`

func FindCfRayHeader

func FindCfRayHeader(req *http.Request) string

func H1ResponseToH2ResponseHeaders

func H1ResponseToH2ResponseHeaders(status int, h1 http.Header) (h2 []h2mux.Header)

func H2RequestHeadersToH1Request

func H2RequestHeadersToH1Request(h2 []h2mux.Header, h1 *http.Request) error

H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld to an HTTP/1 Request object destined for the local origin web service. This operation includes conversion of the pseudo-headers into their closest HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3

func IsControlResponseHeader

func IsControlResponseHeader(headerName string) bool

IsControlResponseHeader is called in the direction of eyeball <- origin.

func IsH2muxControlRequestHeader

func IsH2muxControlRequestHeader(headerName string) bool

IsH2muxControlRequestHeader is called in the direction of eyeball -> origin.

func IsH2muxControlResponseHeader

func IsH2muxControlResponseHeader(headerName string) bool

IsH2muxControlResponseHeader is called in the direction of eyeball <- origin.

func IsLBProbeRequest

func IsLBProbeRequest(req *http.Request) bool

func IsTCPStream

func IsTCPStream(r *http.Request) bool

IsTCPStream discerns if the connection request needs a tcp stream proxy.

func IsWebsocketClientHeader

func IsWebsocketClientHeader(headerName string) bool

isWebsocketClientHeader returns true if the header name is required by the client to upgrade properly

func NewHTTP2RespWriter

func NewHTTP2RespWriter(r *http.Request, w http.ResponseWriter, connType Type, log *zerolog.Logger) (*http2RespWriter, error)

func NewTunnelServerClient

func NewTunnelServerClient(
	ctx context.Context,
	stream io.ReadWriteCloser,
	log *zerolog.Logger,
) *tunnelServerClient

NewTunnelRPCClient creates and returns a new RPC client, which will communicate using a stream on the given muxer. This method is exported for supervisor to call Authenticate RPC

func SerializeHeaders

func SerializeHeaders(h1Headers http.Header) string

Serialize HTTP1.x headers by base64-encoding each header name and value, and then joining them in the format of [key:value;]

Types

type ClassicTunnelProperties

type ClassicTunnelProperties struct {
	Hostname   string
	OriginCert []byte
	// feature-flag to use new edge reconnect tokens
	UseReconnectToken bool
}

type ConfigurationUpdateBody

type ConfigurationUpdateBody struct {
	Version int32             `json:"version"`
	Config  gojson.RawMessage `json:"config"`
}

ConfigurationUpdateBody is the representation followed by the edge to send updates to cloudflared.

type ConnectedFuse

type ConnectedFuse interface {
	Connected()
	IsConnected() bool
}

type ControlStreamHandler

type ControlStreamHandler interface {
	// ServeControlStream handles the control plane of the transport in the current goroutine calling this
	ServeControlStream(ctx context.Context, rw io.ReadWriteCloser, connOptions *tunnelpogs.ConnectionOptions, tunnelConfigGetter TunnelConfigJSONGetter) error
	// IsStopped tells whether the method above has finished
	IsStopped() bool
}

ControlStreamHandler registers connections with origintunneld and initiates graceful shutdown.

func NewControlStream

func NewControlStream(
	observer *Observer,
	connectedFuse ConnectedFuse,
	namedTunnelConfig *NamedTunnelProperties,
	connIndex uint8,
	edgeAddress net.IP,
	newRPCClientFunc RPCClientFunc,
	gracefulShutdownC <-chan struct{},
	gracePeriod time.Duration,
	protocol Protocol,
) ControlStreamHandler

NewControlStream returns a new instance of ControlStreamHandler

type Credentials

type Credentials struct {
	AccountTag   string
	TunnelSecret []byte
	TunnelID     uuid.UUID
}

Credentials are stored in the credentials file and contain all info needed to run a tunnel.

func (*Credentials) Auth

func (c *Credentials) Auth() pogs.TunnelAuth

type DupConnRegisterTunnelError

type DupConnRegisterTunnelError struct{}

func (DupConnRegisterTunnelError) Error

type EdgeQuicDialError

type EdgeQuicDialError struct {
	Cause error
}

Dial to edge server with quic failed

func (*EdgeQuicDialError) Error

func (e *EdgeQuicDialError) Error() string

func (*EdgeQuicDialError) Unwrap

func (e *EdgeQuicDialError) Unwrap() error

type Event

type Event struct {
	Index     uint8
	EventType Status
	Location  string
	Protocol  Protocol
	URL       string
}

Event is something that happened to a connection, e.g. disconnection or registration.

type EventSink

type EventSink interface {
	OnTunnelEvent(event Event)
}

type EventSinkFunc

type EventSinkFunc func(event Event)

func (EventSinkFunc) OnTunnelEvent

func (f EventSinkFunc) OnTunnelEvent(event Event)

type HTTP2Connection

type HTTP2Connection struct {
	// contains filtered or unexported fields
}

HTTP2Connection represents a net.Conn that uses HTTP2 frames to proxy traffic from the edge to cloudflared on the origin.

func NewHTTP2Connection

func NewHTTP2Connection(
	conn net.Conn,
	orchestrator Orchestrator,
	connOptions *tunnelpogs.ConnectionOptions,
	observer *Observer,
	connIndex uint8,
	controlStreamHandler ControlStreamHandler,
	log *zerolog.Logger,
) *HTTP2Connection

NewHTTP2Connection returns a new instance of HTTP2Connection.

func (*HTTP2Connection) Serve

func (c *HTTP2Connection) Serve(ctx context.Context) error

Serve serves an HTTP2 server that the edge can talk to.

func (*HTTP2Connection) ServeHTTP

func (c *HTTP2Connection) ServeHTTP(w http.ResponseWriter, r *http.Request)

type HTTPResponseReadWriteAcker

type HTTPResponseReadWriteAcker struct {
	// contains filtered or unexported fields
}

HTTPResponseReadWriteAcker is an HTTP implementation of ReadWriteAcker.

func NewHTTPResponseReadWriterAcker

func NewHTTPResponseReadWriterAcker(w ResponseWriter, flusher http.Flusher, req *http.Request) *HTTPResponseReadWriteAcker

NewHTTPResponseReadWriterAcker returns a new instance of HTTPResponseReadWriteAcker.

func (*HTTPResponseReadWriteAcker) AckConnection

func (h *HTTPResponseReadWriteAcker) AckConnection(tracePropagation string) error

AckConnection acks an HTTP connection by sending a switch protocols status code that enables the caller to upgrade to streams.

func (*HTTPResponseReadWriteAcker) Read

func (h *HTTPResponseReadWriteAcker) Read(p []byte) (int, error)

func (*HTTPResponseReadWriteAcker) Write

func (h *HTTPResponseReadWriteAcker) Write(p []byte) (int, error)

type MuxerConfig

type MuxerConfig struct {
	HeartbeatInterval  time.Duration
	MaxHeartbeats      uint64
	CompressionSetting h2mux.CompressionSetting
	MetricsUpdateFreq  time.Duration
}

func (*MuxerConfig) H2MuxerConfig

func (mc *MuxerConfig) H2MuxerConfig(h h2mux.MuxedStreamHandler, log *zerolog.Logger) *h2mux.MuxerConfig

type NamedTunnelProperties

type NamedTunnelProperties struct {
	Credentials    Credentials
	Client         pogs.ClientInfo
	QuickTunnelUrl string
}

type NamedTunnelRPCClient

type NamedTunnelRPCClient interface {
	RegisterConnection(
		c context.Context,
		config *NamedTunnelProperties,
		options *tunnelpogs.ConnectionOptions,
		connIndex uint8,
		edgeAddress net.IP,
		observer *Observer,
	) (*tunnelpogs.ConnectionDetails, error)
	SendLocalConfiguration(
		c context.Context,
		config []byte,
		observer *Observer,
	) error
	GracefulShutdown(ctx context.Context, gracePeriod time.Duration)
	Close()
}

type Observer

type Observer struct {
	// contains filtered or unexported fields
}

func NewObserver

func NewObserver(log, logTransport *zerolog.Logger) *Observer

func (*Observer) RegisterSink

func (o *Observer) RegisterSink(sink EventSink)

func (*Observer) SendDisconnect

func (o *Observer) SendDisconnect(connIndex uint8)

func (*Observer) SendReconnect

func (o *Observer) SendReconnect(connIndex uint8)

func (*Observer) SendURL

func (o *Observer) SendURL(url string)

type Orchestrator

type Orchestrator interface {
	UpdateConfig(version int32, config []byte) *pogs.UpdateConfigurationResponse
	GetConfigJSON() ([]byte, error)
	GetOriginProxy() (OriginProxy, error)
}

type OriginProxy

type OriginProxy interface {
	ProxyHTTP(w ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool) error
	ProxyTCP(ctx context.Context, rwa ReadWriteAcker, req *TCPRequest) error
}

OriginProxy is how data flows from cloudflared to the origin services running behind it.

type Protocol

type Protocol int64
const (
	// HTTP2 using golang HTTP2 library for edge connections.
	HTTP2 Protocol = iota
	// QUIC using quic-go for edge connections.
	QUIC
)

func (Protocol) String

func (p Protocol) String() string

func (Protocol) TLSSettings

func (p Protocol) TLSSettings() *TLSSettings

type ProtocolSelector

type ProtocolSelector interface {
	Current() Protocol
	Fallback() (Protocol, bool)
}

func NewProtocolSelector

func NewProtocolSelector(
	protocolFlag string,
	accountTag string,
	tunnelTokenProvided bool,
	needPQ bool,
	protocolFetcher edgediscovery.PercentageFetcher,
	resolveTTL time.Duration,
	log *zerolog.Logger,
) (ProtocolSelector, error)

type QUICConnection

type QUICConnection struct {
	// contains filtered or unexported fields
}

QUICConnection represents the type that facilitates Proxying via QUIC streams.

func NewQUICConnection

func NewQUICConnection(
	ctx context.Context,
	quicConfig *quic.Config,
	edgeAddr net.Addr,
	localAddr net.IP,
	connIndex uint8,
	tlsConfig *tls.Config,
	orchestrator Orchestrator,
	connOptions *tunnelpogs.ConnectionOptions,
	controlStreamHandler ControlStreamHandler,
	logger *zerolog.Logger,
	packetRouterConfig *ingress.GlobalRouterConfig,
	udpUnregisterTimeout time.Duration,
) (*QUICConnection, error)

NewQUICConnection returns a new instance of QUICConnection.

func (*QUICConnection) Close

func (q *QUICConnection) Close()

Close closes the session with no errors specified.

func (*QUICConnection) RegisterUdpSession

func (q *QUICConnection) RegisterUdpSession(ctx context.Context, sessionID uuid.UUID, dstIP net.IP, dstPort uint16, closeAfterIdleHint time.Duration, traceContext string) (*tunnelpogs.RegisterUdpSessionResponse, error)

RegisterUdpSession is the RPC method invoked by edge to register and run a session

func (*QUICConnection) Serve

func (q *QUICConnection) Serve(ctx context.Context) error

Serve starts a QUIC session that begins accepting streams.

func (*QUICConnection) UnregisterUdpSession

func (q *QUICConnection) UnregisterUdpSession(ctx context.Context, sessionID uuid.UUID, message string) error

UnregisterUdpSession is the RPC method invoked by edge to unregister and terminate a sesssion

func (*QUICConnection) UpdateConfiguration

func (q *QUICConnection) UpdateConfiguration(ctx context.Context, version int32, config []byte) *tunnelpogs.UpdateConfigurationResponse

UpdateConfiguration is the RPC method invoked by edge when there is a new configuration

type RPCClientFunc

RPCClientFunc derives a named tunnel rpc client that can then be used to register and unregister connections.

type ReadWriteAcker

type ReadWriteAcker interface {
	io.ReadWriter
	AckConnection(tracePropagation string) error
}

ReadWriteAcker is a readwriter with the ability to Acknowledge to the downstream (edge) that the origin has accepted the connection.

type ResponseWriter

type ResponseWriter interface {
	WriteRespHeaders(status int, header http.Header) error
	AddTrailer(trailerName, trailerValue string)
	http.ResponseWriter
	http.Hijacker
	io.Writer
}

ResponseWriter is the response path for a request back through cloudflared's tunnel.

type ServerRegisterTunnelError

type ServerRegisterTunnelError struct {
	Cause     error
	Permanent bool
}

RegisterTunnel error from server

func (ServerRegisterTunnelError) Error

type Status

type Status int

Status is the status of a connection.

const (
	// Disconnected means the connection to the edge was broken.
	Disconnected Status = iota
	// Connected means the connection to the edge was successfully established.
	Connected
	// Reconnecting means the connection to the edge is being re-established.
	Reconnecting
	// SetURL means this connection's tunnel was given a URL by the edge. Used for quick tunnels.
	SetURL
	// RegisteringTunnel means the non-named tunnel is registering its connection.
	RegisteringTunnel
	// We're unregistering tunnel from the edge in preparation for a disconnect
	Unregistering
)

type TCPRequest

type TCPRequest struct {
	Dest      string
	CFRay     string
	LBProbe   bool
	FlowID    string
	CfTraceID string
	ConnIndex uint8
}

TCPRequest defines the input format needed to perform a TCP proxy.

type TLSSettings

type TLSSettings struct {
	ServerName string
	NextProtos []string
}

type TunnelConfigJSONGetter

type TunnelConfigJSONGetter interface {
	GetConfigJSON() ([]byte, error)
}

type TunnelToken

type TunnelToken struct {
	AccountTag   string    `json:"a"`
	TunnelSecret []byte    `json:"s"`
	TunnelID     uuid.UUID `json:"t"`
}

TunnelToken are Credentials but encoded with custom fields namings.

func (TunnelToken) Credentials

func (t TunnelToken) Credentials() Credentials

func (TunnelToken) Encode

func (t TunnelToken) Encode() (string, error)

type Type

type Type int

Type indicates the connection type of the connection.

const (
	TypeWebsocket Type = iota
	TypeTCP
	TypeControlStream
	TypeHTTP
	TypeConfiguration
)

func (Type) String

func (t Type) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL