func (t *Tunnel) HandlePublicConnection(publicConn conn.Conn) { defer publicConn.Close() defer func() { if r := recover(); r != nil { publicConn.Warn("HandlePublicConnection failed with error %v", r) } }() startTime := time.Now() metrics.OpenConnection(t, publicConn) var proxyConn conn.Conn var err error for i := 0; i < (2 * proxyMaxPoolSize); i++ { // get a proxy connection if proxyConn, err = t.ctl.GetProxy(); err != nil { t.Warn("Failed to get proxy connection: %v", err) return } defer proxyConn.Close() t.Info("Got proxy connection %s", proxyConn.Id()) proxyConn.AddLogPrefix(t.Id()) // tell the client we're going to start using this proxy connection startPxyMsg := &msg.StartProxy{ Url: t.url, ClientAddr: publicConn.RemoteAddr().String(), } if err = msg.WriteMsg(proxyConn, startPxyMsg); err != nil { proxyConn.Warn("Failed to write StartProxyMessage: %v, attempt %d", err, i) proxyConn.Close() } else { // success break } } if err != nil { // give up publicConn.Error("Too many failures starting proxy connection") return } // To reduce latency handling tunnel connections, we employ the following curde heuristic: // Whenever we take a proxy connection from the pool, replace it with a new one util.PanicToError(func() { t.ctl.out <- &msg.ReqProxy{} }) // no timeouts while connections are joined proxyConn.SetDeadline(time.Time{}) // join the public and proxy connections bytesIn, bytesOut := conn.Join(publicConn, proxyConn) metrics.CloseConnection(t, publicConn, startTime, bytesIn, bytesOut) //log.Info("Proxy authId=%s bytesIn=%d, bytesOut=%d\n", t.ctl.userInfo.Uc.UserId, bytesIn, bytesOut) atomic.AddInt32(&t.ctl.userInfo.TransPerDay, int32(bytesIn+bytesOut)) atomic.AddInt32(&t.ctl.userInfo.TransAll, int32(bytesIn+bytesOut)) }
// Handles a new http connection from the public internet func httpHandler(c conn.Conn, proto string) { defer c.Close() defer func() { // recover from failures if r := recover(); r != nil { c.Warn("httpHandler failed with error %v", r) } }() // Make sure we detect dead connections while we decide how to multiplex c.SetDeadline(time.Now().Add(connReadTimeout)) // multiplex by extracting the Host header, the vhost library vhostConn, err := vhost.HTTP(c) if err != nil { c.Warn("Failed to read valid %s request: %v", proto, err) c.Write([]byte(BadRequest)) return } // read out the Host header and auth from the request host := strings.ToLower(vhostConn.Host()) auth := vhostConn.Request.Header.Get("Authorization") // done reading mux data, free up the request memory vhostConn.Free() // We need to read from the vhost conn now since it mucked around reading the stream c = conn.Wrap(vhostConn, "pub") // multiplex to find the right backend host c.Debug("Found hostname %s in request", host) tunnel := tunnelRegistry.Get(fmt.Sprintf("%s://%s", proto, host)) if tunnel == nil { tunnel = tunnelRegistry.Get(fmt.Sprintf("%s://%s%s", proto, host, opts.httpAddr)) } if tunnel == nil { c.Info("No tunnel found for hostname %s", host) c.Write([]byte(fmt.Sprintf(NotFound, len(host)+18, host))) return } // If the client specified http auth and it doesn't match this request's auth // then fail the request with 401 Not Authorized and request the client reissue the // request with basic authdeny the request if tunnel.req.HttpAuth != "" && auth != tunnel.req.HttpAuth { c.Info("Authentication failed: %s", auth) c.Write([]byte(NotAuthorized)) return } // dead connections will now be handled by tunnel heartbeating and the client c.SetDeadline(time.Time{}) // let the tunnel handle the connection now tunnel.HandlePublicConnection(c) }
func (t *Tunnel) HandlePublicConnection(publicConn conn.Conn) { defer publicConn.Close() defer func() { if r := recover(); r != nil { publicConn.Warn("HandlePublicConnection failed with error %v", r) } }() startTime := time.Now() metrics.OpenConnection(t, publicConn) var proxyConn conn.Conn var attempts int var err error for { // get a proxy connection if proxyConn, err = t.ctl.GetProxy(); err != nil { t.Warn("Failed to get proxy connection: %v", err) return } defer proxyConn.Close() t.Info("Got proxy connection %s", proxyConn.Id()) proxyConn.AddLogPrefix(t.Id()) // tell the client we're going to start using this proxy connection startPxyMsg := &msg.StartProxy{ Url: t.url, ClientAddr: publicConn.RemoteAddr().String(), } if err = msg.WriteMsg(proxyConn, startPxyMsg); err != nil { attempts += 1 proxyConn.Warn("Failed to write StartProxyMessage: %v, attempt %d", err, attempts) if attempts > 3 { // give up publicConn.Error("Too many failures starting proxy connection") return } } else { // success break } } // join the public and proxy connections bytesIn, bytesOut := conn.Join(publicConn, proxyConn) metrics.CloseConnection(t, publicConn, startTime, bytesIn, bytesOut) }
func (t *Tunnel) HandlePublicConnection(publicConn conn.Conn) { defer publicConn.Close() defer func() { if r := recover(); r != nil { publicConn.Warn("HandlePublicConnection failed with error %v", r) } }() metrics.requestTimer.Time(func() { metrics.requestMeter.Mark(1) t.Debug("Requesting new proxy connection") t.ctl.out <- &msg.ReqProxyMsg{} proxyConn := <-t.proxies t.Info("Returning proxy connection %s", proxyConn.Id()) defer proxyConn.Close() conn.Join(publicConn, proxyConn) }) }
func (t *Tunnel) HandlePublicConnection(publicConn conn.Conn) { defer publicConn.Close() defer func() { if r := recover(); r != nil { publicConn.Warn("HandlePublicConnection failed with error %v", r) } }() startTime := time.Now() metrics.OpenConnection(t, publicConn) t.Debug("Requesting new proxy connection") t.ctl.out <- &msg.ReqProxyMsg{} proxyConn := <-t.proxies t.Info("Returning proxy connection %s", proxyConn.Id()) defer proxyConn.Close() bytesIn, bytesOut := conn.Join(publicConn, proxyConn) metrics.CloseConnection(t, publicConn, startTime, bytesIn, bytesOut) }
func NewProxy(pxyConn conn.Conn, regPxy *msg.RegProxy) { // fail gracefully if the proxy connection fails to register defer func() { if r := recover(); r != nil { pxyConn.Warn("Failed with error: %v", r) pxyConn.Close() } }() // set logging prefix pxyConn.SetType("pxy") // look up the control connection for this proxy pxyConn.Info("Registering new proxy for %s", regPxy.ClientId) ctl := controlRegistry.Get(regPxy.ClientId) if ctl == nil { panic("No client found for identifier: " + regPxy.ClientId) } ctl.RegisterProxy(pxyConn) }
// Establishes and manages a tunnel proxy connection with the server func (c *ClientModel) proxy() { var ( remoteConn conn.Conn err error ) if c.proxyUrl == "" { remoteConn, err = conn.Dial(c.serverAddr, "pxy", c.tlsConfig) } else { remoteConn, err = conn.DialHttpProxy(c.proxyUrl, c.serverAddr, "pxy", c.tlsConfig) } if err != nil { log.Error("Failed to establish proxy connection: %v", err) return } defer remoteConn.Close() err = msg.WriteMsg(remoteConn, &msg.RegProxy{ClientId: c.id}) if err != nil { remoteConn.Error("Failed to write RegProxy: %v", err) return } // wait for the server to ack our register var startPxy msg.StartProxy if err = msg.ReadMsgInto(remoteConn, &startPxy); err != nil { remoteConn.Error("Server failed to write StartProxy: %v", err) return } tunnel, ok := c.tunnels[startPxy.Url] if !ok { remoteConn.Error("Couldn't find tunnel for proxy: %s", startPxy.Url) return } // start up the private connection start := time.Now() localConn, err := conn.Dial(tunnel.LocalAddr, "prv", nil) if err != nil { remoteConn.Warn("Failed to open private leg %s: %v", tunnel.LocalAddr, err) if tunnel.Protocol.GetName() == "http" { // try to be helpful when you're in HTTP mode and a human might see the output badGatewayBody := fmt.Sprintf(BadGateway, tunnel.PublicUrl, tunnel.LocalAddr, tunnel.LocalAddr) remoteConn.Write([]byte(fmt.Sprintf(`HTTP/1.0 502 Bad Gateway Content-Type: text/html Content-Length: %d %s`, len(badGatewayBody), badGatewayBody))) } return } defer localConn.Close() m := c.metrics m.proxySetupTimer.Update(time.Since(start)) m.connMeter.Mark(1) c.update() m.connTimer.Time(func() { localConn := tunnel.Protocol.WrapConn(localConn, mvc.ConnectionContext{Tunnel: tunnel, ClientAddr: startPxy.ClientAddr}) bytesIn, bytesOut := conn.Join(localConn, remoteConn) m.bytesIn.Update(bytesIn) m.bytesOut.Update(bytesOut) m.bytesInCount.Inc(bytesIn) m.bytesOutCount.Inc(bytesOut) }) c.update() }
// Establishes and manages a tunnel control connection with the server func (c *ClientModel) control() { defer func() { if r := recover(); r != nil { log.Error("control recovering from failure %v", r) } }() // establish control channel var ( ctlConn conn.Conn err error ) if c.proxyUrl == "" { // simple non-proxied case, just connect to the server ctlConn, err = conn.Dial(c.serverAddr, "ctl", c.tlsConfig) } else { ctlConn, err = conn.DialHttpProxy(c.proxyUrl, c.serverAddr, "ctl", c.tlsConfig) } if err != nil { panic(err) } defer ctlConn.Close() // authenticate with the server auth := &msg.Auth{ ClientId: c.id, OS: runtime.GOOS, Arch: runtime.GOARCH, Version: version.Proto, MmVersion: version.MajorMinor(), User: c.authToken, } if err = msg.WriteMsg(ctlConn, auth); err != nil { panic(err) } // wait for the server to authenticate us var authResp msg.AuthResp if err = msg.ReadMsgInto(ctlConn, &authResp); err != nil { panic(err) } if authResp.Error != "" { emsg := fmt.Sprintf("Failed to authenticate to server: %s", authResp.Error) c.ctl.Shutdown(emsg) return } c.id = authResp.ClientId c.serverVersion = authResp.MmVersion c.Info("Authenticated with server, client id: %v", c.id) c.update() if err = SaveAuthToken(c.configPath, c.authToken); err != nil { c.Error("Failed to save auth token: %v", err) } // request tunnels reqIdToTunnelConfig := make(map[string]*TunnelConfiguration) for _, config := range c.tunnelConfig { // create the protocol list to ask for var protocols []string for proto, _ := range config.Protocols { protocols = append(protocols, proto) } reqTunnel := &msg.ReqTunnel{ ReqId: util.RandId(8), Protocol: strings.Join(protocols, "+"), Hostname: config.Hostname, Subdomain: config.Subdomain, HttpAuth: config.HttpAuth, RemotePort: config.RemotePort, } // send the tunnel request if err = msg.WriteMsg(ctlConn, reqTunnel); err != nil { panic(err) } // save request id association so we know which local address // to proxy to later reqIdToTunnelConfig[reqTunnel.ReqId] = config } // start the heartbeat lastPong := time.Now().UnixNano() c.ctl.Go(func() { c.heartbeat(&lastPong, ctlConn) }) // main control loop for { var rawMsg msg.Message if rawMsg, err = msg.ReadMsg(ctlConn); err != nil { panic(err) } switch m := rawMsg.(type) { case *msg.ReqProxy: c.ctl.Go(c.proxy) case *msg.Pong: atomic.StoreInt64(&lastPong, time.Now().UnixNano()) case *msg.NewTunnel: if m.Error != "" { emsg := fmt.Sprintf("Server failed to allocate tunnel: %s", m.Error) c.Error(emsg) c.ctl.Shutdown(emsg) continue } tunnel := mvc.Tunnel{ PublicUrl: m.Url, LocalAddr: reqIdToTunnelConfig[m.ReqId].Protocols[m.Protocol], Protocol: c.protoMap[m.Protocol], } c.tunnels[tunnel.PublicUrl] = tunnel c.connStatus = mvc.ConnOnline c.Info("Tunnel established at %v", tunnel.PublicUrl) c.update() default: ctlConn.Warn("Ignoring unknown control message %v ", m) } } }
// Handles a new http connection from the public internet func httpHandler(c conn.Conn, proto string) { defer c.Close() defer func() { // recover from failures if r := recover(); r != nil { c.Warn("httpHandler failed with error %v", r) } }() // Make sure we detect dead connections while we decide how to multiplex c.SetDeadline(time.Now().Add(connReadTimeout)) // multiplex by extracting the Host header, the vhost library vhostConn, err := vhost.HTTP(c) if err != nil { c.Warn("Failed to read valid %s request: %v", proto, err) c.Write([]byte(BadRequest)) return } // read out the Host header and auth from the request host := strings.ToLower(vhostConn.Host()) auth := vhostConn.Request.Header.Get("Authorization") hostname, _, err := net.SplitHostPort(host) if err != nil { hostname = host } else { _, port, _ := net.SplitHostPort(c.LocalAddr().String()) hostname = fmt.Sprintf("%s:%s", hostname, port) } paramSubdomain := vhostConn.Request.URL.Query().Get(SubDomainParamName) //url param if paramSubdomain == "" { //user-agent reg := regexp.MustCompile(fmt.Sprintf("%s/(\\w+)", SubDomainUserAgentName)) matches := reg.FindStringSubmatch(vhostConn.Request.UserAgent()) if len(matches) > 0 { paramSubdomain = matches[1] } } _, setCookieSubdomain := vhostConn.Request.URL.Query()[SetCookieSubDomainParamName] subdomainCookie, err := vhostConn.Request.Cookie(SubDomainCookieName) cookieSubdomain := "" if err == nil { cookieSubdomain = subdomainCookie.Value } // done reading mux data, free up the request memory vhostConn.Free() // We need to read from the vhost conn now since it mucked around reading the stream c = conn.Wrap(vhostConn, "pub") // multiplex to find the right backend host c.Debug("Found hostname %s in request", host) if paramSubdomain != "" { hostname = fmt.Sprintf("%s.%s", paramSubdomain, hostname) } else if cookieSubdomain != "" { hostname = fmt.Sprintf("%s.%s", cookieSubdomain, hostname) } tunnelKey := fmt.Sprintf("%s://%s", proto, hostname) tunnel := tunnelRegistry.Get(tunnelKey) if tunnel == nil { if setCookieSubdomain && paramSubdomain != "" { c.Info("Set %s to Cookie for hostname %s", paramSubdomain, tunnelKey) c.Write([]byte(fmt.Sprintf(SetCooikeResponse, len(proto)+len(hostname)+len(paramSubdomain)+48, SubDomainCookieName, paramSubdomain, proto, hostname, paramSubdomain))) } else { c.Info("No tunnel found for hostname %s", tunnelKey) c.Write([]byte(fmt.Sprintf(NotFound, len(hostname)+18, hostname))) } return } // If the client specified http auth and it doesn't match this request's auth // then fail the request with 401 Not Authorized and request the client reissue the // request with basic authdeny the request if tunnel.req.HttpAuth != "" && auth != tunnel.req.HttpAuth { c.Info("Authentication failed: %s", auth) c.Write([]byte(NotAuthorized)) return } // dead connections will now be handled by tunnel heartbeating and the client c.SetDeadline(time.Time{}) // let the tunnel handle the connection now tunnel.HandlePublicConnection(c) }