Documentation ¶
Overview ¶
Index ¶
- Constants
- Variables
- func BuildProxy(config *Config) *goproxy.ProxyHttpServer
- func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
- func IsMissingRoleError(err error) bool
- func MissingRoleError(s string) error
- func NewTimeoutConn(conn net.Conn, timeout time.Duration) net.Conn
- func StartWithConfig(config *Config, quit <-chan interface{})
- func Version() string
- type Config
- func (config *Config) SetAllowAddresses(addressStrings []string) error
- func (config *Config) SetAllowRanges(rangeStrings []string) error
- func (config *Config) SetDenyAddresses(addressStrings []string) error
- func (config *Config) SetDenyRanges(rangeStrings []string) error
- func (config *Config) SetResolverAddresses(resolverAddresses []string) error
- func (config *Config) SetupCrls(crlFiles []string) error
- func (config *Config) SetupEgressAcl(aclFile string) error
- func (config *Config) SetupStatsd(addr string) error
- func (config *Config) SetupStatsdWithNamespace(addr, namespace string) error
- func (config *Config) SetupTls(certFile, keyFile string, clientCAFiles []string) error
- func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error
- type ExitStatus
- type HealthcheckMiddleware
- type Log2LogrusWriter
- type MetricsClient
- func (mc *MetricsClient) AddMetricTags(metric string, mTags []string) error
- func (mc *MetricsClient) GetMetricTags(metric string) []string
- func (mc *MetricsClient) Incr(metric string, rate float64) error
- func (mc *MetricsClient) IncrWithTags(metric string, tags []string, rate float64) error
- func (mc *MetricsClient) Timing(metric string, d time.Duration, rate float64) error
- func (mc *MetricsClient) TimingWithTags(metric string, d time.Duration, rate float64, tags []string) error
- type RuleRange
- type StatsServer
- type TimeoutConn
Constants ¶
const ( LogFieldID = "id" LogFieldOutLocalAddr = "outbound_local_addr" LogFieldOutRemoteAddr = "outbound_remote_addr" LogFieldInRemoteAddr = "inbound_remote_addr" LogFieldProxyType = "proxy_type" LogFieldRequestedHost = "requested_host" LogFieldStartTime = "start_time" LogFieldTraceID = "trace_id" LogFieldInRemoteX509CN = "inbound_remote_x509_cn" LogFieldInRemoteX509OU = "inbound_remote_x509_ou" LogFieldRole = "role" LogFieldProject = "project" LogFieldContentLength = "content_length" LogFieldDecisionReason = "decision_reason" LogFieldEnforceWouldDeny = "enforce_would_deny" LogFieldAllow = "allow" LogFieldError = "error" CanonicalProxyDecision = "CANONICAL-PROXY-DECISION" LogFieldConnEstablishMS = "conn_establish_time_ms" LogFieldDNSLookupTime = "dns_lookup_time_ms" )
const DefaultStatsdNamespace = "smokescreen."
Variables ¶
var PrivateRuleRanges []RuleRange
var VersionID = "unknown"
This can be set at build time: go build -ldflags='-X github.com/stripe/smokescreen/pkg/smokescreen.VersionID=33955a3' .
Functions ¶
func BuildProxy ¶
func BuildProxy(config *Config) *goproxy.ProxyHttpServer
func HTTPErrorHandler ¶
func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
HTTPErrorHandler allows returning a custom error response when smokescreen fails to connect to the proxy target.
func IsMissingRoleError ¶
func MissingRoleError ¶
func StartWithConfig ¶
func StartWithConfig(config *Config, quit <-chan interface{})
Types ¶
type Config ¶
type Config struct { Ip string Port uint16 Listener net.Listener DenyRanges []RuleRange AllowRanges []RuleRange Resolver *net.Resolver ConnectTimeout time.Duration ExitTimeout time.Duration MetricsClient *MetricsClient EgressACL acl.Decider SupportProxyProtocol bool TlsConfig *tls.Config CrlByAuthorityKeyId map[string]*pkix.CertificateList RoleFromRequest func(subject *http.Request) (string, error) AdditionalErrorMessageOnDeny string Log *log.Logger DisabledAclPolicyActions []string AllowMissingRole bool StatsSocketDir string StatsSocketFileMode os.FileMode StatsServer *StatsServer // StatsServer ConnTracker *conntrack.Tracker Healthcheck http.Handler // User defined http.Handler for optional requests to a /healthcheck endpoint ShuttingDown atomic.Value // Stores a boolean value indicating whether the proxy is actively shutting down // Network type to use when performing DNS lookups. Must be one of "ip", "ip4" or "ip6". Network string // A connection is idle if it has been inactive (no bytes in/out) for this many seconds. IdleTimeout time.Duration // These are *only* used for traditional HTTP proxy requests TransportMaxIdleConns int TransportMaxIdleConnsPerHost int // Used for logging connection time TimeConnect bool // Custom Dial Timeout function to be called ProxyDialTimeout func(ctx context.Context, network, address string, timeout time.Duration) (net.Conn, error) // Customer handler to allow clients to modify reject responses RejectResponseHandler func(*http.Response) // UnsafeAllowPrivateRanges inverts the default behavior, telling smokescreen to allow private IP // ranges by default (exempting loopback and unicast ranges) // This setting can be used to configure Smokescreen with a blocklist, rather than an allowlist UnsafeAllowPrivateRanges bool // contains filtered or unexported fields }
func LoadConfig ¶
func (*Config) SetAllowAddresses ¶
func (*Config) SetAllowRanges ¶
func (*Config) SetDenyAddresses ¶
func (*Config) SetDenyRanges ¶
func (*Config) SetResolverAddresses ¶
func (*Config) SetupEgressAcl ¶
func (*Config) SetupStatsd ¶
func (*Config) SetupStatsdWithNamespace ¶
func (*Config) SetupTls ¶
certFile and keyFile may be the same file containing concatenated PEM blocks
func (*Config) UnmarshalYAML ¶
type ExitStatus ¶
type ExitStatus int
ExitStatus is used to log Smokescreen's connection status at shutdown time
const ( Closed ExitStatus = iota Idle Timeout )
func (ExitStatus) String ¶
func (e ExitStatus) String() string
type HealthcheckMiddleware ¶
HealthcheckMiddleware allows a user defined http.Handler to be invoked by requests to the /healthcheck endpoint. This function is set in the smokescreen config.
func (HealthcheckMiddleware) ServeHTTP ¶
func (h HealthcheckMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Log2LogrusWriter ¶
type MetricsClient ¶ added in v0.0.3
type MetricsClient struct { StatsdClient statsd.ClientInterface // contains filtered or unexported fields }
MetricsClient is a thin wrapper around statsd.ClientInterface. It is used to allow adding arbitrary tags to Smokescreen metrics.
MetricsClient is not thread safe and should not be used concurrently.
func NewMetricsClient ¶ added in v0.0.3
func NewMetricsClient(addr, namespace string) (*MetricsClient, error)
NewMetricsClient creates a new MetricsClient with the provided statsd address and namespace.
func NewNoOpMetricsClient ¶ added in v0.0.3
func NewNoOpMetricsClient() *MetricsClient
NewNoOpMetricsClient returns a MetricsClient with a no-op statsd client. This can be used when there's no statsd service available to smokescreen.
func (*MetricsClient) AddMetricTags ¶ added in v0.0.3
func (mc *MetricsClient) AddMetricTags(metric string, mTags []string) error
AddMetricTags associates the provided tags slice with a given metric. The metric must be present in the metrics slice.
This function is not thread safe, and adding persitent tags should only be done while initializing the configuration and prior to running smokescreen.
func (*MetricsClient) GetMetricTags ¶ added in v0.0.3
func (mc *MetricsClient) GetMetricTags(metric string) []string
GetMetricTags returns the slice of metrics associated with a given metric.
func (*MetricsClient) Incr ¶ added in v0.0.3
func (mc *MetricsClient) Incr(metric string, rate float64) error
func (*MetricsClient) IncrWithTags ¶ added in v0.0.3
func (mc *MetricsClient) IncrWithTags(metric string, tags []string, rate float64) error
func (*MetricsClient) TimingWithTags ¶ added in v0.0.3
type StatsServer ¶
type StatsServer struct {
// contains filtered or unexported fields
}
func StartStatsServer ¶
func StartStatsServer(config *Config) *StatsServer
func (*StatsServer) Serve ¶
func (s *StatsServer) Serve()
func (*StatsServer) ServeHTTP ¶
func (s *StatsServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
func (*StatsServer) Shutdown ¶
func (s *StatsServer) Shutdown()