Documentation
¶
Overview ¶
Index ¶
- Constants
- func BuildProxy(config *Config) *goproxy.ProxyHttpServer
- func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
- func IsMissingRoleError(err error) bool
- func MissingRoleError(s string) error
- func NewTimeoutConn(conn net.Conn, timeout time.Duration) net.Conn
- func StartWithConfig(config *Config, quit <-chan interface{})
- type Config
- func (config *Config) SetAllowAddresses(addressStrings []string) error
- func (config *Config) SetAllowRanges(rangeStrings []string) error
- func (config *Config) SetDenyAddresses(addressStrings []string) error
- func (config *Config) SetDenyRanges(rangeStrings []string) error
- func (config *Config) SetResolverAddresses(resolverAddresses []string) error
- func (config *Config) SetupCrls(crlFiles []string) error
- func (config *Config) SetupEgressAcl(aclFile string) error
- func (config *Config) SetupPrometheus(endpoint string, port string) error
- func (config *Config) SetupStatsd(addr string) error
- func (config *Config) SetupStatsdWithNamespace(addr, namespace string) error
- func (config *Config) SetupTls(certFile, keyFile string, clientCAFiles []string) error
- func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error
- type ExitStatus
- type HealthcheckMiddleware
- type Log2LogrusWriter
- type RuleRange
- type StatsServer
- type TimeoutConn
Constants ¶
View Source
const ( LogFieldID = "id" LogFieldOutLocalAddr = "outbound_local_addr" LogFieldOutRemoteAddr = "outbound_remote_addr" LogFieldInRemoteAddr = "inbound_remote_addr" LogFieldProxyType = "proxy_type" LogFieldRequestedHost = "requested_host" LogFieldStartTime = "start_time" LogFieldTraceID = "trace_id" LogFieldInRemoteX509CN = "inbound_remote_x509_cn" LogFieldInRemoteX509OU = "inbound_remote_x509_ou" LogFieldRole = "role" LogFieldProject = "project" LogFieldContentLength = "content_length" LogFieldDecisionReason = "decision_reason" LogFieldEnforceWouldDeny = "enforce_would_deny" LogFieldAllow = "allow" LogFieldError = "error" CanonicalProxyDecision = "CANONICAL-PROXY-DECISION" LogFieldConnEstablishMS = "conn_establish_time_ms" LogFieldDNSLookupTime = "dns_lookup_time_ms" )
View Source
const DefaultStatsdNamespace = "smokescreen."
Variables ¶
This section is empty.
Functions ¶
func BuildProxy ¶
func BuildProxy(config *Config) *goproxy.ProxyHttpServer
func HTTPErrorHandler ¶
func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
HTTPErrorHandler allows returning a custom error response when smokescreen fails to connect to the proxy target.
func IsMissingRoleError ¶
func MissingRoleError ¶
func StartWithConfig ¶
func StartWithConfig(config *Config, quit <-chan interface{})
Types ¶
type Config ¶
type Config struct {
Ip string
Port uint16
Listener net.Listener
DenyRanges []RuleRange
AllowRanges []RuleRange
Resolver *net.Resolver
ConnectTimeout time.Duration
ExitTimeout time.Duration
MetricsClient metrics.MetricsClientInterface
EgressACL acl.Decider
SupportProxyProtocol bool
TlsConfig *tls.Config
CrlByAuthorityKeyId map[string]*pkix.CertificateList
RoleFromRequest func(subject *http.Request) (string, error)
AdditionalErrorMessageOnDeny string
Log *log.Logger
DisabledAclPolicyActions []string
AllowMissingRole bool
StatsSocketDir string
StatsSocketFileMode os.FileMode
StatsServer *StatsServer // StatsServer
ConnTracker conntrack.TrackerInterface
Healthcheck http.Handler // User defined http.Handler for optional requests to a /healthcheck endpoint
ShuttingDown atomic.Value // Stores a boolean value indicating whether the proxy is actively shutting down
// Network type to use when performing DNS lookups. Must be one of "ip", "ip4" or "ip6".
Network string
// A connection is idle if it has been inactive (no bytes in/out) for this many seconds.
IdleTimeout time.Duration
// These are *only* used for traditional HTTP proxy requests
TransportMaxIdleConns int
TransportMaxIdleConnsPerHost int
// Used for logging connection time
TimeConnect bool
// Custom Dial Timeout function to be called
ProxyDialTimeout func(ctx context.Context, network, address string, timeout time.Duration) (net.Conn, error)
// Customer handler to allow clients to modify reject responses
RejectResponseHandler func(*http.Response)
// UnsafeAllowPrivateRanges inverts the default behavior, telling smokescreen to allow private IP
// ranges by default (exempting loopback and unicast ranges)
// This setting can be used to configure Smokescreen with a blocklist, rather than an allowlist
UnsafeAllowPrivateRanges bool
// contains filtered or unexported fields
}
func LoadConfig ¶
func (*Config) SetAllowAddresses ¶
func (*Config) SetAllowRanges ¶
func (*Config) SetDenyAddresses ¶
func (*Config) SetDenyRanges ¶
func (*Config) SetResolverAddresses ¶
func (*Config) SetupEgressAcl ¶
func (*Config) SetupPrometheus ¶
func (*Config) SetupStatsd ¶
func (*Config) SetupStatsdWithNamespace ¶
func (*Config) SetupTls ¶
certFile and keyFile may be the same file containing concatenated PEM blocks
func (*Config) UnmarshalYAML ¶
type ExitStatus ¶
type ExitStatus int
ExitStatus is used to log Smokescreen's connection status at shutdown time
const ( Closed ExitStatus = iota Idle Timeout )
func (ExitStatus) String ¶
func (e ExitStatus) String() string
type HealthcheckMiddleware ¶
HealthcheckMiddleware allows a user defined http.Handler to be invoked by requests to the /healthcheck endpoint. This function is set in the smokescreen config.
func (HealthcheckMiddleware) ServeHTTP ¶
func (h HealthcheckMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Log2LogrusWriter ¶
type StatsServer ¶
type StatsServer struct {
// contains filtered or unexported fields
}
func StartStatsServer ¶
func StartStatsServer(config *Config) *StatsServer
func (*StatsServer) Serve ¶
func (s *StatsServer) Serve()
func (*StatsServer) ServeHTTP ¶
func (s *StatsServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
func (*StatsServer) Shutdown ¶
func (s *StatsServer) Shutdown()
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.