connection

package
v0.0.0-...-455eedf Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2023 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	LogFieldConnIndex    = "connIndex"
	MaxGracePeriod       = time.Minute * 3
	MaxConcurrentStreams = math.MaxUint32
)
View Source 
const (
	InternalUpgradeHeader     = "Cf-Cloudflared-Proxy-Connection-Upgrade"
	InternalTCPProxySrcHeader = "Cf-Cloudflared-Proxy-Src"
	WebsocketUpgrade          = "websocket"
	ControlStreamUpgrade      = "control-stream"
	ConfigurationUpdate       = "update-configuration"
)

note: these constants are exported so we can reuse them in the edge-side code

View Source 
const (
	MetricsNamespace = "cloudflared"
	TunnelSubsystem  = "tunnel"
)
View Source 
const (
	LogFieldConnectionID = "connection"
	LogFieldLocation     = "location"
	LogFieldIPAddress    = "ip"
	LogFieldProtocol     = "protocol"
)
View Source 
const (
	AvailableProtocolFlagMessage = "" /* 267-byte string literal not displayed */

	AutoSelectFlag = "auto"
	// SRV and TXT record resolution TTL
	ResolveTTL = time.Hour
)
View Source 
const (
	// HTTPHeaderKey is used to get or set http headers in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPHeaderKey = "HttpHeader"
	// HTTPMethodKey is used to get or set http method in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPMethodKey = "HttpMethod"
	// HTTPHostKey is used to get or set http Method in QUIC ALPN if the underlying proxy connection type is HTTP.
	HTTPHostKey = "HttpHost"

	QUICMetadataFlowID = "FlowID"
)
View Source 
const (
	DuplicateConnectionError = "EDUPCONN"
)

Variables

View Source 
var (
	// h2mux-style special headers
	RequestUserHeaders  = "cf-cloudflared-request-headers"
	ResponseUserHeaders = "cf-cloudflared-response-headers"
	ResponseMetaHeader  = "cf-cloudflared-response-meta"

	// h2mux-style special headers
	CanonicalResponseUserHeaders = http.CanonicalHeaderKey(ResponseUserHeaders)
	CanonicalResponseMetaHeader  = http.CanonicalHeaderKey(ResponseMetaHeader)
)
View Source 
var (
	// ProtocolList represents a list of supported protocols for communication with the edge
	// in order of precedence for remote percentage fetcher.
	ProtocolList = []Protocol{QUIC, HTTP2}
)

Functions

func DeserializeHeaders 

func DeserializeHeaders(serializedHeaders string) ([]h2mux.Header, error)

Deserialize headers serialized by `SerializeHeader`

func FindCfRayHeader 

func FindCfRayHeader(req *http.Request) string

func H1ResponseToH2ResponseHeaders 

func H1ResponseToH2ResponseHeaders(status int, h1 http.Header) (h2 []h2mux.Header)

func H2RequestHeadersToH1Request 

func H2RequestHeadersToH1Request(h2 []h2mux.Header, h1 *http.Request) error

H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld to an HTTP/1 Request object destined for the local origin web service. This operation includes conversion of the pseudo-headers into their closest HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3

func IsControlResponseHeader 

func IsControlResponseHeader(headerName string) bool

IsControlResponseHeader is called in the direction of eyeball <- origin.

func IsH2muxControlRequestHeader 

func IsH2muxControlRequestHeader(headerName string) bool

IsH2muxControlRequestHeader is called in the direction of eyeball -> origin.

func IsH2muxControlResponseHeader 

func IsH2muxControlResponseHeader(headerName string) bool

IsH2muxControlResponseHeader is called in the direction of eyeball <- origin.

func IsLBProbeRequest 

func IsLBProbeRequest(req *http.Request) bool

func IsTCPStream 

func IsTCPStream(r *http.Request) bool

IsTCPStream discerns if the connection request needs a tcp stream proxy.

func IsWebsocketClientHeader 

func IsWebsocketClientHeader(headerName string) bool

isWebsocketClientHeader returns true if the header name is required by the client to upgrade properly

func NewHTTP2RespWriter 

func NewHTTP2RespWriter(r *http.Request, w http.ResponseWriter, connType Type, log *zerolog.Logger) (*http2RespWriter, error)

func NewTunnelServerClient 

func NewTunnelServerClient(
	ctx context.Context,
	stream io.ReadWriteCloser,
	log *zerolog.Logger,
) *tunnelServerClient

NewTunnelRPCClient creates and returns a new RPC client, which will communicate using a stream on the given muxer. This method is exported for supervisor to call Authenticate RPC

func SerializeHeaders 

func SerializeHeaders(h1Headers http.Header) string

Serialize HTTP1.x headers by base64-encoding each header name and value, and then joining them in the format of [key:value;]

Types

type ClassicTunnelProperties 

type ClassicTunnelProperties struct {
	Hostname   string
	OriginCert []byte
	// feature-flag to use new edge reconnect tokens
	UseReconnectToken bool
}

type ConfigurationUpdateBody 

type ConfigurationUpdateBody struct {
	Version int32             `json:"version"`
	Config  gojson.RawMessage `json:"config"`
}

ConfigurationUpdateBody is the representation followed by the edge to send updates to cloudflared.

type ConnectedFuse 

type ConnectedFuse interface {
	Connected()
	IsConnected() bool
}

type ControlStreamHandler 

type ControlStreamHandler interface {
	// ServeControlStream handles the control plane of the transport in the current goroutine calling this
	ServeControlStream(ctx context.Context, rw io.ReadWriteCloser, connOptions *tunnelpogs.ConnectionOptions, tunnelConfigGetter TunnelConfigJSONGetter) error
	// IsStopped tells whether the method above has finished
	IsStopped() bool
}

ControlStreamHandler registers connections with origintunneld and initiates graceful shutdown.

func NewControlStream 

func NewControlStream(
	observer *Observer,
	connectedFuse ConnectedFuse,
	namedTunnelConfig *NamedTunnelProperties,
	connIndex uint8,
	edgeAddress net.IP,
	newRPCClientFunc RPCClientFunc,
	gracefulShutdownC <-chan struct{},
	gracePeriod time.Duration,
	protocol Protocol,
) ControlStreamHandler

NewControlStream returns a new instance of ControlStreamHandler

type Credentials 

type Credentials struct {
	AccountTag   string
	TunnelSecret []byte
	TunnelID     uuid.UUID
}

Credentials are stored in the credentials file and contain all info needed to run a tunnel.

func (*Credentials) Auth 

func (c *Credentials) Auth() pogs.TunnelAuth

type DupConnRegisterTunnelError 

type DupConnRegisterTunnelError struct{}

func (DupConnRegisterTunnelError) Error 

func (e DupConnRegisterTunnelError) Error() string

type EdgeQuicDialError 

type EdgeQuicDialError struct {
	Cause error
}

Dial to edge server with quic failed

func (*EdgeQuicDialError) Error 

func (e *EdgeQuicDialError) Error() string

func (*EdgeQuicDialError) Unwrap 

func (e *EdgeQuicDialError) Unwrap() error

type Event 

type Event struct {
	Index     uint8
	EventType Status
	Location  string
	Protocol  Protocol
	URL       string
}

Event is something that happened to a connection, e.g. disconnection or registration.

type EventSink 

type EventSink interface {
	OnTunnelEvent(event Event)
}

type EventSinkFunc 

type EventSinkFunc func(event Event)

func (EventSinkFunc) OnTunnelEvent 

func (f EventSinkFunc) OnTunnelEvent(event Event)

type HTTP2Connection 

type HTTP2Connection struct {
	// contains filtered or unexported fields
}

HTTP2Connection represents a net.Conn that uses HTTP2 frames to proxy traffic from the edge to cloudflared on the origin.

func NewHTTP2Connection 

func NewHTTP2Connection(
	conn net.Conn,
	orchestrator Orchestrator,
	connOptions *tunnelpogs.ConnectionOptions,
	observer *Observer,
	connIndex uint8,
	controlStreamHandler ControlStreamHandler,
	log *zerolog.Logger,
) *HTTP2Connection

NewHTTP2Connection returns a new instance of HTTP2Connection.

func (*HTTP2Connection) Serve 

func (c *HTTP2Connection) Serve(ctx context.Context) error

Serve serves an HTTP2 server that the edge can talk to.

func (*HTTP2Connection) ServeHTTP 

func (c *HTTP2Connection) ServeHTTP(w http.ResponseWriter, r *http.Request)

type HTTPResponseReadWriteAcker 

type HTTPResponseReadWriteAcker struct {
	// contains filtered or unexported fields
}

HTTPResponseReadWriteAcker is an HTTP implementation of ReadWriteAcker.

func NewHTTPResponseReadWriterAcker 

func NewHTTPResponseReadWriterAcker(w ResponseWriter, flusher http.Flusher, req *http.Request) *HTTPResponseReadWriteAcker

NewHTTPResponseReadWriterAcker returns a new instance of HTTPResponseReadWriteAcker.

func (*HTTPResponseReadWriteAcker) AckConnection 

func (h *HTTPResponseReadWriteAcker) AckConnection(tracePropagation string) error

AckConnection acks an HTTP connection by sending a switch protocols status code that enables the caller to upgrade to streams.

func (*HTTPResponseReadWriteAcker) Read 

func (h *HTTPResponseReadWriteAcker) Read(p []byte) (int, error)

func (*HTTPResponseReadWriteAcker) Write 

func (h *HTTPResponseReadWriteAcker) Write(p []byte) (int, error)

type MuxerConfig 

type MuxerConfig struct {
	HeartbeatInterval  time.Duration
	MaxHeartbeats      uint64
	CompressionSetting h2mux.CompressionSetting
	MetricsUpdateFreq  time.Duration
}

func (*MuxerConfig) H2MuxerConfig 

func (mc *MuxerConfig) H2MuxerConfig(h h2mux.MuxedStreamHandler, log *zerolog.Logger) *h2mux.MuxerConfig

type NamedTunnelProperties 

type NamedTunnelProperties struct {
	Credentials    Credentials
	Client         pogs.ClientInfo
	QuickTunnelUrl string
}

type NamedTunnelRPCClient 

type NamedTunnelRPCClient interface {
	RegisterConnection(
		c context.Context,
		config *NamedTunnelProperties,
		options *tunnelpogs.ConnectionOptions,
		connIndex uint8,
		edgeAddress net.IP,
		observer *Observer,
	) (*tunnelpogs.ConnectionDetails, error)
	SendLocalConfiguration(
		c context.Context,
		config []byte,
		observer *Observer,
	) error
	GracefulShutdown(ctx context.Context, gracePeriod time.Duration)
	Close()
}

type Observer 

type Observer struct {
	// contains filtered or unexported fields
}

func NewObserver 

func NewObserver(log, logTransport *zerolog.Logger) *Observer

func (*Observer) RegisterSink 

func (o *Observer) RegisterSink(sink EventSink)

func (*Observer) SendDisconnect 

func (o *Observer) SendDisconnect(connIndex uint8)

func (*Observer) SendReconnect 

func (o *Observer) SendReconnect(connIndex uint8)

func (*Observer) SendURL 

func (o *Observer) SendURL(url string)

type Orchestrator 

type Orchestrator interface {
	UpdateConfig(version int32, config []byte) *pogs.UpdateConfigurationResponse
	GetConfigJSON() ([]byte, error)
	GetOriginProxy() (OriginProxy, error)
}

type OriginProxy 

type OriginProxy interface {
	ProxyHTTP(w ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool) error
	ProxyTCP(ctx context.Context, rwa ReadWriteAcker, req *TCPRequest) error
}

OriginProxy is how data flows from cloudflared to the origin services running behind it.

type Protocol 

type Protocol int64
const (
	// HTTP2 using golang HTTP2 library for edge connections.
	HTTP2 Protocol = iota
	// QUIC using quic-go for edge connections.
	QUIC
)

func (Protocol) String 

func (p Protocol) String() string

func (Protocol) TLSSettings 

func (p Protocol) TLSSettings() *TLSSettings

type ProtocolSelector 

type ProtocolSelector interface {
	Current() Protocol
	Fallback() (Protocol, bool)
}

func NewProtocolSelector 

func NewProtocolSelector(
	protocolFlag string,
	accountTag string,
	tunnelTokenProvided bool,
	needPQ bool,
	protocolFetcher edgediscovery.PercentageFetcher,
	resolveTTL time.Duration,
	log *zerolog.Logger,
) (ProtocolSelector, error)

type QUICConnection 

type QUICConnection struct {
	// contains filtered or unexported fields
}

QUICConnection represents the type that facilitates Proxying via QUIC streams.

func NewQUICConnection 

func NewQUICConnection(
	ctx context.Context,
	quicConfig *quic.Config,
	edgeAddr net.Addr,
	localAddr net.IP,
	connIndex uint8,
	tlsConfig *tls.Config,
	orchestrator Orchestrator,
	connOptions *tunnelpogs.ConnectionOptions,
	controlStreamHandler ControlStreamHandler,
	logger *zerolog.Logger,
	packetRouterConfig *ingress.GlobalRouterConfig,
	udpUnregisterTimeout time.Duration,
) (*QUICConnection, error)

NewQUICConnection returns a new instance of QUICConnection.

func (*QUICConnection) Close 

func (q *QUICConnection) Close()

Close closes the session with no errors specified.

func (*QUICConnection) RegisterUdpSession 

func (q *QUICConnection) RegisterUdpSession(ctx context.Context, sessionID uuid.UUID, dstIP net.IP, dstPort uint16, closeAfterIdleHint time.Duration, traceContext string) (*tunnelpogs.RegisterUdpSessionResponse, error)

RegisterUdpSession is the RPC method invoked by edge to register and run a session

func (*QUICConnection) Serve 

func (q *QUICConnection) Serve(ctx context.Context) error

Serve starts a QUIC session that begins accepting streams.

func (*QUICConnection) UnregisterUdpSession 

func (q *QUICConnection) UnregisterUdpSession(ctx context.Context, sessionID uuid.UUID, message string) error

UnregisterUdpSession is the RPC method invoked by edge to unregister and terminate a sesssion

func (*QUICConnection) UpdateConfiguration 

func (q *QUICConnection) UpdateConfiguration(ctx context.Context, version int32, config []byte) *tunnelpogs.UpdateConfigurationResponse

UpdateConfiguration is the RPC method invoked by edge when there is a new configuration

type RPCClientFunc 

type RPCClientFunc func(context.Context, io.ReadWriteCloser, *zerolog.Logger) NamedTunnelRPCClient

RPCClientFunc derives a named tunnel rpc client that can then be used to register and unregister connections.

type ReadWriteAcker 

type ReadWriteAcker interface {
	io.ReadWriter
	AckConnection(tracePropagation string) error
}

ReadWriteAcker is a readwriter with the ability to Acknowledge to the downstream (edge) that the origin has accepted the connection.

type ResponseWriter 

type ResponseWriter interface {
	WriteRespHeaders(status int, header http.Header) error
	AddTrailer(trailerName, trailerValue string)
	http.ResponseWriter
	http.Hijacker
	io.Writer
}

ResponseWriter is the response path for a request back through cloudflared's tunnel.

type ServerRegisterTunnelError 

type ServerRegisterTunnelError struct {
	Cause     error
	Permanent bool
}

RegisterTunnel error from server

func (ServerRegisterTunnelError) Error 

func (e ServerRegisterTunnelError) Error() string

type Status 

type Status int

Status is the status of a connection. 

const (
	// Disconnected means the connection to the edge was broken.
	Disconnected Status = iota
	// Connected means the connection to the edge was successfully established.
	Connected
	// Reconnecting means the connection to the edge is being re-established.
	Reconnecting
	// SetURL means this connection's tunnel was given a URL by the edge. Used for quick tunnels.
	SetURL
	// RegisteringTunnel means the non-named tunnel is registering its connection.
	RegisteringTunnel
	// We're unregistering tunnel from the edge in preparation for a disconnect
	Unregistering
)

type TCPRequest 

type TCPRequest struct {
	Dest      string
	CFRay     string
	LBProbe   bool
	FlowID    string
	CfTraceID string
	ConnIndex uint8
}

TCPRequest defines the input format needed to perform a TCP proxy.

type TLSSettings 

type TLSSettings struct {
	ServerName string
	NextProtos []string
}

type TunnelConfigJSONGetter 

type TunnelConfigJSONGetter interface {
	GetConfigJSON() ([]byte, error)
}

type TunnelToken 

type TunnelToken struct {
	AccountTag   string    `json:"a"`
	TunnelSecret []byte    `json:"s"`
	TunnelID     uuid.UUID `json:"t"`
}

TunnelToken are Credentials but encoded with custom fields namings.

func (TunnelToken) Credentials 

func (t TunnelToken) Credentials() Credentials

func (TunnelToken) Encode 

func (t TunnelToken) Encode() (string, error)

type Type 

type Type int

Type indicates the connection type of the connection. 

const (
	TypeWebsocket Type = iota
	TypeTCP
	TypeControlStream
	TypeHTTP
	TypeConfiguration
)

func (Type) String 

func (t Type) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.