func (t *Tunnel) HandlePublicConnection(publicConn conn.Conn) {
defer publicConn.Close()
defer func() {
if r := recover(); r != nil {
publicConn.Warn("HandlePublicConnection failed with error %v", r)
}
}()
startTime := time.Now()
metrics.OpenConnection(t, publicConn)
var proxyConn conn.Conn
var err error
for i := 0; i < (2 * proxyMaxPoolSize); i++ {
// get a proxy connection
if proxyConn, err = t.ctl.GetProxy(); err != nil {
t.Warn("Failed to get proxy connection: %v", err)
return
}
defer proxyConn.Close()
t.Info("Got proxy connection %s", proxyConn.Id())
proxyConn.AddLogPrefix(t.Id())
// tell the client we're going to start using this proxy connection
startPxyMsg := &msg.StartProxy{
Url: t.url,
ClientAddr: publicConn.RemoteAddr().String(),
}
if err = msg.WriteMsg(proxyConn, startPxyMsg); err != nil {
proxyConn.Warn("Failed to write StartProxyMessage: %v, attempt %d", err, i)
proxyConn.Close()
} else {
// success
break
}
}
if err != nil {
// give up
publicConn.Error("Too many failures starting proxy connection")
return
}
// To reduce latency handling tunnel connections, we employ the following curde heuristic:
// Whenever we take a proxy connection from the pool, replace it with a new one
util.PanicToError(func() { t.ctl.out <- &msg.ReqProxy{} })
// no timeouts while connections are joined
proxyConn.SetDeadline(time.Time{})
// join the public and proxy connections
bytesIn, bytesOut := conn.Join(publicConn, proxyConn)
metrics.CloseConnection(t, publicConn, startTime, bytesIn, bytesOut)
//log.Info("Proxy authId=%s bytesIn=%d, bytesOut=%d\n", t.ctl.userInfo.Uc.UserId, bytesIn, bytesOut)
atomic.AddInt32(&t.ctl.userInfo.TransPerDay, int32(bytesIn+bytesOut))
atomic.AddInt32(&t.ctl.userInfo.TransAll, int32(bytesIn+bytesOut))
}
// Handles a new http connection from the public internet
func httpHandler(c conn.Conn, proto string) {
defer c.Close()
defer func() {
// recover from failures
if r := recover(); r != nil {
c.Warn("httpHandler failed with error %v", r)
}
}()
// Make sure we detect dead connections while we decide how to multiplex
c.SetDeadline(time.Now().Add(connReadTimeout))
// multiplex by extracting the Host header, the vhost library
vhostConn, err := vhost.HTTP(c)
if err != nil {
c.Warn("Failed to read valid %s request: %v", proto, err)
c.Write([]byte(BadRequest))
return
}
// read out the Host header and auth from the request
host := strings.ToLower(vhostConn.Host())
auth := vhostConn.Request.Header.Get("Authorization")
// done reading mux data, free up the request memory
vhostConn.Free()
// We need to read from the vhost conn now since it mucked around reading the stream
c = conn.Wrap(vhostConn, "pub")
// multiplex to find the right backend host
c.Debug("Found hostname %s in request", host)
tunnel := tunnelRegistry.Get(fmt.Sprintf("%s://%s", proto, host))
if tunnel == nil {
tunnel = tunnelRegistry.Get(fmt.Sprintf("%s://%s%s", proto, host, opts.httpAddr))
}
if tunnel == nil {
c.Info("No tunnel found for hostname %s", host)
c.Write([]byte(fmt.Sprintf(NotFound, len(host)+18, host)))
return
}
// If the client specified http auth and it doesn't match this request's auth
// then fail the request with 401 Not Authorized and request the client reissue the
// request with basic authdeny the request
if tunnel.req.HttpAuth != "" && auth != tunnel.req.HttpAuth {
c.Info("Authentication failed: %s", auth)
c.Write([]byte(NotAuthorized))
return
}
// dead connections will now be handled by tunnel heartbeating and the client
c.SetDeadline(time.Time{})
// let the tunnel handle the connection now
tunnel.HandlePublicConnection(c)
}
func (c *Control) RegisterProxy(conn conn.Conn) {
conn.AddLogPrefix(c.id)
conn.SetDeadline(time.Now().Add(proxyStaleDuration))
select {
case c.proxies <- conn:
conn.Info("Registered")
default:
conn.Info("Proxies buffer is full, discarding.")
conn.Close()
}
}
// Handles a new http connection from the public internet
func httpHandler(c conn.Conn, proto string) {
defer c.Close()
defer func() {
// recover from failures
if r := recover(); r != nil {
c.Warn("httpHandler failed with error %v", r)
}
}()
// Make sure we detect dead connections while we decide how to multiplex
c.SetDeadline(time.Now().Add(connReadTimeout))
// multiplex by extracting the Host header, the vhost library
vhostConn, err := vhost.HTTP(c)
if err != nil {
c.Warn("Failed to read valid %s request: %v", proto, err)
c.Write([]byte(BadRequest))
return
}
// read out the Host header and auth from the request
host := strings.ToLower(vhostConn.Host())
auth := vhostConn.Request.Header.Get("Authorization")
hostname, _, err := net.SplitHostPort(host)
if err != nil {
hostname = host
} else {
_, port, _ := net.SplitHostPort(c.LocalAddr().String())
hostname = fmt.Sprintf("%s:%s", hostname, port)
}
paramSubdomain := vhostConn.Request.URL.Query().Get(SubDomainParamName) //url param
if paramSubdomain == "" { //user-agent
reg := regexp.MustCompile(fmt.Sprintf("%s/(\\w+)", SubDomainUserAgentName))
matches := reg.FindStringSubmatch(vhostConn.Request.UserAgent())
if len(matches) > 0 {
paramSubdomain = matches[1]
}
}
_, setCookieSubdomain := vhostConn.Request.URL.Query()[SetCookieSubDomainParamName]
subdomainCookie, err := vhostConn.Request.Cookie(SubDomainCookieName)
cookieSubdomain := ""
if err == nil {
cookieSubdomain = subdomainCookie.Value
}
// done reading mux data, free up the request memory
vhostConn.Free()
// We need to read from the vhost conn now since it mucked around reading the stream
c = conn.Wrap(vhostConn, "pub")
// multiplex to find the right backend host
c.Debug("Found hostname %s in request", host)
if paramSubdomain != "" {
hostname = fmt.Sprintf("%s.%s", paramSubdomain, hostname)
} else if cookieSubdomain != "" {
hostname = fmt.Sprintf("%s.%s", cookieSubdomain, hostname)
}
tunnelKey := fmt.Sprintf("%s://%s", proto, hostname)
tunnel := tunnelRegistry.Get(tunnelKey)
if tunnel == nil {
if setCookieSubdomain && paramSubdomain != "" {
c.Info("Set %s to Cookie for hostname %s", paramSubdomain, tunnelKey)
c.Write([]byte(fmt.Sprintf(SetCooikeResponse, len(proto)+len(hostname)+len(paramSubdomain)+48, SubDomainCookieName, paramSubdomain, proto, hostname, paramSubdomain)))
} else {
c.Info("No tunnel found for hostname %s", tunnelKey)
c.Write([]byte(fmt.Sprintf(NotFound, len(hostname)+18, hostname)))
}
return
}
// If the client specified http auth and it doesn't match this request's auth
// then fail the request with 401 Not Authorized and request the client reissue the
// request with basic authdeny the request
if tunnel.req.HttpAuth != "" && auth != tunnel.req.HttpAuth {
c.Info("Authentication failed: %s", auth)
c.Write([]byte(NotAuthorized))
return
}
// dead connections will now be handled by tunnel heartbeating and the client
c.SetDeadline(time.Time{})
// let the tunnel handle the connection now
tunnel.HandlePublicConnection(c)
}