Documentation
¶
Index ¶
- func HostWithoutPort(s string) string
- func MatchHeaders(fromReq, fromDB map[string]string) bool
- func RetrieveServerKeys(db *storm.DB) (curvetls.Pubkey, curvetls.Privkey, error)
- type BackendData
- type KeyPair
- type Opt
- type Proxy
- func (p *Proxy) GetKVStream(key *server.Key, stream server.Proxy_GetKVStreamServer) error
- func (p *Proxy) Put(ctx context.Context, b *server.Backend) (*server.OpResult, error)
- func (p *Proxy) PutKVStream(stream server.Proxy_PutKVStreamServer) error
- func (p *Proxy) Remove(_ context.Context, b *server.Backend) (*server.OpResult, error)
- func (p *Proxy) State(_ context.Context, req *server.StateRequest) (*server.ProxyState, error)
- type StormKeystore
- type TCPForwarder
- type TimedRecord
- type Tunnel
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HostWithoutPort ¶
HostWithoutPort extracts a hostname from an request, omitting any ":PORT" portion, if present. This is the value from the "Host:" header in HTTP1, or the ":authority" header in HTTP2.
func MatchHeaders ¶
MatchHeaders compares headers from an HTTP2 request to values in our database.
Types ¶
type BackendData ¶
type BackendData struct {
ID int `storm:"id,increment"`
Domain string `storm:"unique"`
IPs []string
// An optional endpoint we can call, expecting HTTP 200
HealthCheck string
// one of HTTP1, HTTP2, GRPC
Protocol server.Backend_Protocol
// Our TLS certs and keys.
BackendCert, BackendKey []byte
// Headers to match on during backend selection when we first
// get a connection.
MatchHeaders map[string]string
}
BackendData is our type for the storm ORM. We can define field-level constraints and indexes on struct tags. It is unfortunate that we need an intermediary type, but it seems better than going in and adding storm struct tags to protobuf-generated code.
See issue: https://github.com/golang/protobuf/issues/52
func (BackendData) AsBackend ¶
func (bd BackendData) AsBackend() *server.Backend
AsBackend is a conversion method to a grpc-sendable type.
type KeyPair ¶
type KeyPair struct {
Name string `storm:"unique,id"`
// Pub and Priv are base64 strings that represent curvetls keys
// for servers or clients.
Pub string
Priv string
}
KeyPair is a database type that represents curvetls key pairs. A KeyPair must be in the database for each pure grpc client that wants to connect. Not used for grpc websocket clients. We rely on HTTPS for those.
type Opt ¶
type Opt func(*TCPForwarder)
An Opt lets us set values on a TCPForwarder.
func WithAddr ¶
WithAddr sets the ip:port our TCPForwarder will listen on. Has no effect if used in conjunction with WithListener.
func WithDBPath ¶
WithDBPath opens a DB at path and sets it on our TCPForwarder.
func WithListener ¶
WithListener sets our TCPForwarder's net.Listener.
func WithProxyClient ¶
func WithProxyClient(pc server.ProxyClient) Opt
WithProxyClient sets our grpc server.ProxyClient.
type Proxy ¶
Proxy is our server.ProxyServer implementation.
func (*Proxy) GetKVStream ¶
GetKVStream scans a keyspace.
func (*Proxy) PutKVStream ¶
func (p *Proxy) PutKVStream(stream server.Proxy_PutKVStreamServer) error
PutKVStream lets us stream key-value pairs into our db.
func (*Proxy) State ¶
func (p *Proxy) State(_ context.Context, req *server.StateRequest) (*server.ProxyState, error)
State returns the state of the proxy. The number of backends returned is controlled by the domain field of the request. A blank domain returns all.
type StormKeystore ¶
type TCPForwarder ¶
type TCPForwarder struct {
C server.ProxyClient
L net.Listener
DB *storm.DB
Addr string
// contains filtered or unexported fields
}
TCPForwarder is our actual listener type that clients will connect to. This implementation then inspects the requests that come in on connections, and selects an appropriate backend by talking gRPC to a Proxy instance via C, its embedded server.ProxyClient.
func NewTCPForwarder ¶
func NewTCPForwarder(opts ...Opt) (*TCPForwarder, error)
NewTCPForwarder constructs a TCPForwarder from a variable list of options. Passing a database (either by pass or by reference) is required or the TCPForwarder will fail at runtime.
func NewTCPForwarderFromGRPCClient ¶
func NewTCPForwarderFromGRPCClient(l net.Listener, pc server.ProxyClient, db *storm.DB, logger *logrus.Logger) *TCPForwarder
NewTCPForwarderFromGRPCClient ...
func (*TCPForwarder) DialAndTunnel ¶
func (f *TCPForwarder) DialAndTunnel(bd *BackendData, buffered *bytes.Buffer, conn net.Conn) error
DialAndTunnel connects to the passed in backend, and tunnels traffic to it and from it.
func (*TCPForwarder) GetCertificate ¶
func (f *TCPForwarder) GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate fetches tls.Certificate from the database for each connection. This lets us dynamically fetch certs.
Source Files