hbone

package
v0.0.0-...-cac5726 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2022 License: Apache-2.0 Imports: 15 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Debug = false

Functions

func HandshakeTimeout 

func HandshakeTimeout(tlsConn *tls.Conn, d time.Duration, plainConn net.Conn) error

HandshakeTimeout wraps tlsConn.Handshake with a timeout, to prevent hanging connection.

func ListenAndServeTCP 

func ListenAndServeTCP(addr string, f func(conn net.Conn)) (net.Listener, error)

func ParseTLS 

func ParseTLS(acc *BufferReader) (string, error)

TODO: if a session ID is provided, use it as a cookie and attempt to find the corresponding host. On server side generate session IDs !

TODO: in mesh, use one cypher suite (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) maybe 2 ( since keys are ECDSA )

func ServeListener 

func ServeListener(l net.Listener, f func(conn net.Conn)) error

Types

type BufferReader 

type BufferReader struct {
	Reader io.Reader
	// contains filtered or unexported fields
}

BufferReader wraps a buffer and a Reader. The Fill method will populate the buffer. Read will first return data from the buffer, and if buffer is empty will read directly from the source reader.

func NewBufferReader 

func NewBufferReader(in io.Reader) *BufferReader

func (*BufferReader) Close 

func (s *BufferReader) Close() error

func (*BufferReader) Fill 

func (s *BufferReader) Fill(i int) ([]byte, error)

func (*BufferReader) Read 

func (s *BufferReader) Read(d []byte) (int, error)

Read will first return the buffered data, then read. For SNI routing we don't actually need this - in is a TcpConn and we'll use in.ReadFrom to take advantage of splice.

type ClientHelloMsg 

type ClientHelloMsg struct {

	//CipherSuites        []uint16
	//compressionMethods  []uint8
	ServerName string
	// contains filtered or unexported fields
}

type CloseWriter 

type CloseWriter interface {
	CloseWrite() error
}

CloseWriter is one of possible interfaces implemented by Out to send a FIN, without closing the input. Some writers only do this when Close is called.

type Endpoint 

type Endpoint struct {

	// URL used to reach the H2 endpoint providing the proxy.
	URL string

	// SNI name to use - defaults to service name
	SNI string

	// SNIGate is the endpoint address of a SNI gate. It can be a normal Istio SNI, a SNI to HBone or other protocols,
	// or a H2R gate.
	// If empty, the endpoint will use the URL and HBone protocol directly.
	// If set, the endpoint will use the nomal in-cluster Istio protocol.
	SNIGate string

	// H2Gate is the endpoint of a HTTP/2 gateway. Will be used to dial.
	// It is expected to have a spiffee identity, and request client certs -
	// similar with an egress gateway.
	H2Gate string
	// contains filtered or unexported fields
}

Endpoint is a client for a specific destination.

func (*Endpoint) Proxy 

func (hc *Endpoint) Proxy(ctx context.Context, stdin io.Reader, stdout io.WriteCloser) error

type HBone 

type HBone struct {
	Cert *tls.Certificate

	// Non-local endpoints. Key is the 'pod id' of a H2R client
	Endpoints map[string]*Endpoint

	// H2R holds H2 client (reverse) connections to the local server.
	// Will be used to route requests directly. Key is the SNI expected in forwarding requests.
	H2R map[string]http.RoundTripper

	SNIAddr string

	HTTPClientSystem *http.Client
	HTTPClientMesh   *http.Client

	// Ports is the equivalent of container ports in k8s.
	// Name follows the same conventions as Istio and should match the port name in the Service.
	// Port "*" means 'any' port - if set, allows connections to any port by number.
	// Currently this is loaded from env variables named PORT_name=value, with the default PORT_http=8080
	// TODO: refine the 'wildcard' to indicate http1/2 protocol
	// TODO: this can be populated from a WorkloadGroup object, loaded from XDS or mesh env.
	Ports map[string]string

	TokenCallback func(ctx context.Context, host string) (string, error)
	Mux           http.ServeMux

	// Timeout used for TLS handshakes. If not set, 3 seconds is used.
	HandsahakeTimeout time.Duration

	EndpointResolver func(sni string) *Endpoint

	H2RConn     map[*http2.ClientConn]string
	H2RCallback func(string, *http2.ClientConn)
	// contains filtered or unexported fields
}

HBone represents a node using a HTTP/2 or HTTP/3 based overlay network environment.

Each HBone node has a Istio (spiffee) certificate.

HBone can be used as a client, server or gateway.

func New 

func New() *HBone

New creates a new HBone node. It requires a workload identity, including mTLS certificates.

func (*HBone) HandleAcceptedH2C 

func (hb *HBone) HandleAcceptedH2C(conn net.Conn)

func (*HBone) HandleSNIConn 

func (hb *HBone) HandleSNIConn(conn net.Conn)

func (*HBone) HandleTCPProxy 

func (hb *HBone) HandleTCPProxy(w io.Writer, r io.Reader, hostPort string) error

HandleTCPProxy connects and forwards r/w to the hostPort

func (*HBone) NewClient 

func (hb *HBone) NewClient() *HBoneClient

func (*HBone) NewEndpoint 

func (hb *HBone) NewEndpoint(urlOrHost string) *Endpoint

NewEndpoint creates a client for connecting to a specific service:port

The service is mapped to an endpoint URL, protocol, etc. using a config callback, to isolate XDS or discovery dependency.

func (*HBone) Proxy 

func (hb *HBone) Proxy(svc string, hbURL string, stdin io.ReadCloser, stdout io.WriteCloser) error

Proxy will proxy in/out (plain text) to a remote service, using mTLS tunnel over H2 POST. used for testing.

type HBoneAcceptedConn 

type HBoneAcceptedConn struct {
	// contains filtered or unexported fields
}

func (*HBoneAcceptedConn) ServeHTTP 

func (hac *HBoneAcceptedConn) ServeHTTP(w http.ResponseWriter, r *http.Request)

type HBoneClient 

type HBoneClient struct {
	// contains filtered or unexported fields
}

Client for mTLS-over-HTTP/2. Primarily for testing and for the CLI debug helper.

func (HBoneClient) NewEndpoint 

func (c HBoneClient) NewEndpoint(url string) *Endpoint

type HTTPConn 

type HTTPConn struct {
	// contains filtered or unexported fields
}

HTTPConn wraps a http server request/response in a net.Conn

func (*HTTPConn) Close 

func (hc *HTTPConn) Close() error

func (*HTTPConn) LocalAddr 

func (hc *HTTPConn) LocalAddr() net.Addr

func (*HTTPConn) Read 

func (hc *HTTPConn) Read(b []byte) (n int, err error)

func (*HTTPConn) RemoteAddr 

func (hc *HTTPConn) RemoteAddr() net.Addr

func (*HTTPConn) SetDeadline 

func (hc *HTTPConn) SetDeadline(t time.Time) error

func (*HTTPConn) SetReadDeadline 

func (hc *HTTPConn) SetReadDeadline(t time.Time) error

func (*HTTPConn) SetWriteDeadline 

func (hc *HTTPConn) SetWriteDeadline(t time.Time) error

func (*HTTPConn) Write 

func (hc *HTTPConn) Write(b []byte) (n int, err error)

Write wraps the writer, which can be a http.ResponseWriter. Will make sure Flush() is called - normal http is buffering.

type Stream 

type Stream struct {
	Written int64
	Err     error
	InError bool

	Src io.Reader
	Dst io.Writer
	ID  string
}

func (Stream) CopyBuffered 

func (s Stream) CopyBuffered(ch chan int, close bool)

CopyBuffered will copy src to dst, using a pooled intermediary buffer.

Blocking, returns when src returned an error or EOF/graceful close. May also return with error if src or dst return errors.

CopyBuffered may be called in a go routine, for one of the streams in the connection - the stats and error are returned on a channel.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.