Documentation
¶
Overview ¶
Package transport contains concrete dial implementations selected by the top-level [proxykit.Dialer].
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Connect ¶
type Connect struct {
// ProxyURL is the proxy address. Scheme must be http or https.
ProxyURL *url.URL
// Timeout bounds a single dial+CONNECT-handshake attempt. Zero
// means no timeout. ctx.Deadline() takes precedence when sooner.
Timeout time.Duration
// TLSConfig overrides the default {InsecureSkipVerify: true} used
// for https proxies. Cloned per dial. Ignored for http proxies.
TLSConfig *tls.Config
// Auth is the ordered list of Authenticators tried on HTTP 407.
// Each Authenticator whose Scheme matches an advertised
// Proxy-Authenticate scheme gets a fresh proxy connection. Empty
// means do not attempt auth — surface the 407 immediately.
Auth []auth.Authenticator
}
Connect dials a destination through an HTTP CONNECT proxy.
ProxyURL must have scheme http or https. For https the TLS connection to the proxy is established with InsecureSkipVerify=true by default — corporate CONNECT proxies frequently terminate TLS with self-signed or internally-issued certificates, and the security boundary is the inner protocol, not the proxy hop. Set TLSConfig to opt out.
On HTTP 407 each Authenticator in Auth whose Scheme matches one of the proxy-advertised schemes is tried in order on a fresh proxy connection. The first one that wins returns the tunnel; if none succeeds the original *ProxyAuthError is returned.
func (*Connect) DialContext ¶
DialContext opens a CONNECT tunnel through c.ProxyURL to address. On HTTP 200 the returned net.Conn is the raw tunnel. On HTTP 407 the authenticator chain is consulted; if none succeeds the error is a *ProxyAuthError. Any other status returns an opaque error wrapping the status line.
type Direct ¶
type Direct struct {
// Timeout bounds a single dial attempt. Zero means no timeout.
Timeout time.Duration
}
Direct dials network addresses without a proxy.
type ProxyAuthError ¶
type ProxyAuthError struct {
// Status is the raw status line from the final 407 response.
Status string
// Schemes are the lower-cased auth schemes advertised by the
// proxy in Proxy-Authenticate, e.g. {"basic", "ntlm", "negotiate"}.
Schemes []string
}
ProxyAuthError is returned from Connect.DialContext when the proxy answers with HTTP 407 Proxy Authentication Required and either no Authenticator is configured for an advertised scheme or every matching Authenticator finished without producing 200.
func (*ProxyAuthError) Error ¶
func (e *ProxyAuthError) Error() string
Error reports the proxy authentication failure including advertised schemes.
type SOCKS5 ¶
type SOCKS5 struct {
// ProxyURL is the proxy address. Scheme must be socks or socks5.
ProxyURL *url.URL
// Timeout bounds a single dial attempt to the proxy or destination.
// Zero means no timeout.
Timeout time.Duration
}
SOCKS5 dials destinations through a SOCKS5 proxy (RFC 1928 + RFC 1929 for username/password). It is a thin wrapper over golang.org/x/net/proxy.SOCKS5 that honours context.Context.
ProxyURL must have scheme socks or socks5. Userinfo, when present, is forwarded as RFC 1929 username/password authentication.
Source Files