multiplexer

package
v11.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package multiplexer implements SSH and TLS multiplexing on the same listener

mux, _ := multiplexer.New(Config{Listener: listener}) mux.SSH() // returns listener getting SSH connections mux.TLS() // returns listener getting TLS connections

Index

Constants

View Source 
const (
	// TCP4 is TCP over IPv4
	TCP4 = "TCP4"
	// TCP6 is tCP over IPv6
	TCP6 = "TCP6"
	// Unknown is unsupported or unknown protocol
	UNKNOWN = "UNKNOWN"

	PP2TypeNOOP PP2Type = 0x04 // No-op used for padding

	// Known custom types, spec allows to use 0xE0 - 0xEF for custom types
	PP2TypeGCP   PP2Type = 0xE0 // https://cloud.google.com/vpc/docs/configure-private-service-connect-producer
	PP2TypeAWS   PP2Type = 0xEA // https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html
	PP2TypeAzure PP2Type = 0xEE // https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview

	PP2TypeTeleport PP2Type = 0xE4 // Teleport own type for transferring our custom data such as connection metadata
)
View Source 
const (
	Version2     = 2
	ProxyCommand = 1
	LocalCommand = 0
	ProtocolTCP4 = 0x11
	ProtocolTCP6 = 0x21
)

Variables

View Source 
var (

	// ErrTruncatedTLV is returned when there's no enough bytes to read full TLV
	ErrTruncatedTLV = errors.New("TLV value was truncated")
)

Functions

func MarshalTLVs 

func MarshalTLVs(tlvs []TLV) ([]byte, error)

MarshalTLVs marshals provided slice of TLVs into slice of bytes.

Types

type Config 

type Config struct {
	// Listener is listener to multiplex connection on
	Listener net.Listener
	// Context is a context to signal stops, cancellations
	Context context.Context
	// ReadDeadline is a connection read deadline,
	// set to defaults.ReadHeadersTimeout if unspecified
	ReadDeadline time.Duration
	// Clock is a clock to override in tests, set to real time clock
	// by default
	Clock clockwork.Clock
	// EnableProxyProtocol enables proxy protocol
	EnableProxyProtocol bool
	// ID is an identifier used for debugging purposes
	ID string
}

Config is a multiplexer config

func (*Config) CheckAndSetDefaults 

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults verifies configuration and sets defaults

type Conn 

type Conn struct {
	net.Conn
	// contains filtered or unexported fields
}

Conn is a connection wrapper that supports communicating remote address from proxy protocol and replays first several bytes read during protocol detection

func NewConn 

func NewConn(conn net.Conn) *Conn

NewConn returns a net.Conn wrapper that supports peeking into the connection.

func (*Conn) Detect 

func (c *Conn) Detect() (Protocol, error)

Detect detects the connection protocol by peeking into the first few bytes.

func (*Conn) LocalAddr 

func (c *Conn) LocalAddr() net.Addr

LocalAddr returns local address of the connection

func (*Conn) Protocol 

func (c *Conn) Protocol() Protocol

Protocol returns the detected connection protocol

func (*Conn) Read 

func (c *Conn) Read(p []byte) (int, error)

Read reads from connection

func (*Conn) ReadProxyLine 

func (c *Conn) ReadProxyLine() (*ProxyLine, error)

ReadProxyLine reads proxy-line from the connection.

func (*Conn) RemoteAddr 

func (c *Conn) RemoteAddr() net.Addr

RemoteAddr returns remote address of the connection

type Listener 

type Listener struct {
	// contains filtered or unexported fields
}

Listener is a listener that receives connections from multiplexer based on the connection type

func (*Listener) Accept 

func (l *Listener) Accept() (net.Conn, error)

Accept accepts connections from parent multiplexer listener

func (*Listener) Addr 

func (l *Listener) Addr() net.Addr

Addr returns listener addr, the address of multiplexer listener

func (*Listener) Close 

func (l *Listener) Close() error

Close closes the listener.

func (*Listener) HandleConnection 

func (l *Listener) HandleConnection(ctx context.Context, conn net.Conn)

HandleConnection injects the connection into the Listener, blocking until the context expires, the connection is accepted or the Listener is closed.

type Mux 

type Mux struct {
	sync.RWMutex
	*log.Entry
	Config
	// contains filtered or unexported fields
}

Mux supports having both SSH and TLS on the same listener socket

func New 

func New(cfg Config) (*Mux, error)

New returns a new instance of multiplexer

func (*Mux) Close 

func (m *Mux) Close() error

Close closes listener

func (*Mux) DB 

func (m *Mux) DB() net.Listener

DB returns listener that receives database connections

func (*Mux) SSH 

func (m *Mux) SSH() net.Listener

SSH returns listener that receives SSH connections

func (*Mux) Serve 

func (m *Mux) Serve() error

Serve is a blocking function that serves on the listening socket and accepts requests. Every request is served in a separate goroutine

func (*Mux) TLS 

func (m *Mux) TLS() net.Listener

TLS returns listener that receives TLS connections

func (*Mux) Wait 

func (m *Mux) Wait()

Wait waits until listener shuts down and stops accepting new connections this is to workaround issue https://github.com/golang/go/issues/10527 in tests

type PP2Type 

type PP2Type byte

PP2Type is the PROXY protocol v2 TLV type

type Protocol 

type Protocol int

Protocol defines detected protocol type. 

const (
	// ProtoUnknown is for unknown protocol
	ProtoUnknown Protocol = iota
	// ProtoTLS is TLS protocol
	ProtoTLS
	// ProtoSSH is SSH protocol
	ProtoSSH
	// ProtoProxy is a HAProxy proxy line protocol
	ProtoProxy
	// ProtoProxyV2 is a HAProxy binary protocol
	ProtoProxyV2
	// ProtoHTTP is HTTP protocol
	ProtoHTTP
	// ProtoPostgres is PostgreSQL wire protocol
	ProtoPostgres
)

func (Protocol) String 

func (p Protocol) String() string

String returns the string representation of Protocol p. An empty string is returned when the protocol is not defined.

type ProxyLine 

type ProxyLine struct {
	Protocol    string
	Source      net.TCPAddr
	Destination net.TCPAddr
	TLVs        []TLV // PROXY protocol extensions
}

ProxyLine implements PROXY protocol version 1 and 2 Spec: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt Original implementation here: https://github.com/racker/go-proxy-protocol TLV: https://github.com/pires/go-proxyproto

func ReadProxyLine 

func ReadProxyLine(reader *bufio.Reader) (*ProxyLine, error)

ReadProxyLine reads proxy line protocol from the reader

func ReadProxyLineV2 

func ReadProxyLineV2(reader *bufio.Reader) (*ProxyLine, error)

ReadProxyLineV2 reads PROXY protocol v2 line from the reader

func (*ProxyLine) Bytes 

func (p *ProxyLine) Bytes() ([]byte, error)

Bytes returns on-the wire bytes representation of proxy line conforming to the proxy v2 protocol

func (*ProxyLine) String 

func (p *ProxyLine) String() string

String returns on-the wire string representation of the proxy line

type TLSListener 

type TLSListener struct {
	// contains filtered or unexported fields
}

TLSListener wraps tls.Listener and detects negotiated protocol (assuming it's either http/1.1 or http/2) and forwards the appropriate responses to either HTTP/1.1 or HTTP/2 listeners

func NewTLSListener 

func NewTLSListener(cfg TLSListenerConfig) (*TLSListener, error)

NewTLSListener returns a new TLS listener

func (*TLSListener) Addr 

func (l *TLSListener) Addr() net.Addr

Addr returns the listener's network address.

func (*TLSListener) Close 

func (l *TLSListener) Close() error

Close closes the listener. Any blocked Accept operations will be unblocked and return errors.

func (*TLSListener) HTTP 

func (l *TLSListener) HTTP() net.Listener

HTTP returns HTTP listener

func (*TLSListener) HTTP2 

func (l *TLSListener) HTTP2() net.Listener

HTTP2 returns HTTP2 listener

func (*TLSListener) Serve 

func (l *TLSListener) Serve() error

Serve accepts and forwards tls.Conn connections

type TLSListenerConfig 

type TLSListenerConfig struct {
	// Listener is the listener returning *tls.Conn
	// connections on Accept
	Listener net.Listener
	// ID is an identifier used for debugging purposes
	ID string
	// ReadDeadline is a connection read deadline during the TLS handshake (start
	// of the connection). It is set to defaults.HandshakeReadDeadline if
	// unspecified.
	ReadDeadline time.Duration
	// Clock is a clock to override in tests, set to real time clock
	// by default
	Clock clockwork.Clock
}

TLSListenerConfig specifies listener configuration

func (*TLSListenerConfig) CheckAndSetDefaults 

func (c *TLSListenerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults verifies configuration and sets defaults

type TLV 

type TLV struct {
	Type  PP2Type
	Value []byte
}

TLV (Type-Length-Value) is an extension mechanism in PROXY protocol v2, see end of section 2.2

func UnmarshalTLVs 

func UnmarshalTLVs(rawBytes []byte) ([]TLV, error)

UnmarshalTLVs parses provided bytes slice into slice of TLVs

type TestProxy 

type TestProxy struct {
	// contains filtered or unexported fields
}

TestProxy is tcp passthrough proxy that sends a proxy-line when connecting to the target server.

func NewTestProxy 

func NewTestProxy(target string, v2 bool) (*TestProxy, error)

NewTestProxy creates a new test proxy that sends a proxy-line when proxying connections to the provided target address.

func (*TestProxy) Address 

func (p *TestProxy) Address() string

Address returns the proxy listen address.

func (*TestProxy) Close 

func (p *TestProxy) Close() error

Close closes the proxy listener.

func (*TestProxy) Serve 

func (p *TestProxy) Serve() error

Serve starts accepting client connections and proxying them to the target.

type WebListener 

type WebListener struct {
	// contains filtered or unexported fields
}

WebListener multiplexes tls connections between web and database listeners based on the client certificate.

func NewWebListener 

func NewWebListener(cfg WebListenerConfig) (*WebListener, error)

NewWebListener returns a new web listener.

func (*WebListener) Addr 

func (l *WebListener) Addr() net.Addr

Addr returns the listener's network address.

func (*WebListener) Close 

func (l *WebListener) Close() error

Close closes the listener.

Any blocked Accept operations will be unblocked and return errors.

func (*WebListener) DB 

func (l *WebListener) DB() net.Listener

DB returns database access listener.

func (*WebListener) Serve 

func (l *WebListener) Serve() error

Serve starts accepting and forwarding tls connections to appropriate listeners.

func (*WebListener) Web 

func (l *WebListener) Web() net.Listener

Web returns web listener.

type WebListenerConfig 

type WebListenerConfig struct {
	// Listener is the listener that accepts tls connections.
	Listener net.Listener
	// ReadDeadline is a connection read deadline during the TLS handshake.
	ReadDeadline time.Duration
	// Clock is a clock to override in tests.
	Clock clockwork.Clock
}

WebListenerConfig is the web listener configuration.

func (*WebListenerConfig) CheckAndSetDefaults 

func (c *WebListenerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults verifies configuration and sets defaults.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.