summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
28 hourstcpproxy: support half-close with gvisor conns (#46)HEADmasterJames Tucker
gonet.TCPConn implements CloseRead and CloseWrite, but it is not a net.TCPConn. Use an interface to look for CloseRead and CloseWrite so that they are called on gonet.TCPConn. Updates tailscale/corp#25169 Signed-off-by: James Tucker <[email protected]>
2024-02-13go.mod: change import path after Taliban seized it or somethingBrad Fitzpatrick
Fixes #39 Signed-off-by: Brad Fitzpatrick <[email protected]>
2023-11-01tcpproxy: implement half-close dance in proxy (#38)James Tucker
Signed-off-by: James Tucker <[email protected]>
2022-10-16remove old ACME tls-sni-01 stuff that LetsEncrypt removed March 2019Brad Fitzpatrick
No point keeping it around. We can look at the git history to do something similar later if we end up doing TLS-ALPN-01 in a similar way.
2022-10-16add Proxy.AddSNIRouteFunc to do lookups by SNI dynamicallyBrad Fitzpatrick
2022-10-16gofmt for Go 1.19Brad Fitzpatrick
2022-03-26(doc): s/tlsproxy/tcpproxyignoramous
Signed-off-by: GitHub <[email protected]>
2021-08-24Modified TestProxyPROXYOut to conform with the fixed version of PROXY ↵AdamEr8
protocol header format original code sent the header in the format: PROXY <family> <srcIP> <srcPort> <dstIP> <dstPort> according to docs header format should be: PROXY <family> <srcIP> <dstIP> <srcPort> <dstPort> this is according to: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt section 2.1. Human-readable header format (Version 1).
2021-08-24Fixed HAProxy's PROXY protocol v1 Human-readable header format in DialProxyAdamEr8
original code sent the header in the format: PROXY <family> <srcIP> <srcPort> <dstIP> <dstPort> according to docs header format should be: PROXY <family> <srcIP> <dstIP> <srcPort> <dstPort> this is according to: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt section 2.1. Human-readable header format (Version 1).
2021-08-24fix(test): update travis and e2e selfSignedCert fnDominic Evans
- add go.mod/go.sum - update .travis.yml to test against supported Go versions - drop golint from CI checks To satisfy modern Go crypto in the tlsrouter e2e_test.go: - bump RSA keysize to minimum 2048 bits - set NotBefore to valid recent timestamp - include CommonName in SANs Signed-off-by: Dominic Evans <[email protected]>
2020-01-24Update import path to inet.af/tcpproxyBrad Fitzpatrick
2018-08-08tlsrouter/README: fix the go get urlVincent Batts
Fixes #19 Signed-off-by: Vincent Batts <[email protected]>
2018-06-20Take advantage of Go 1.11's splice support, unwrap Conns in DialProxy.HandleConnBrad Fitzpatrick
2018-06-20Work around deadlock with Go tip (at Go rev f3f7bd5)Brad Fitzpatrick
Not sure the root cause yet. See golang/go#25985.
2018-06-20Quiet log spam in test.Brad Fitzpatrick
2018-06-07Adding the HostName field to the Conn struct (#18)Nathan Johnson
Changing the internal-only match interface to return any parsed hostnames. It can be useful for implementers of Target to be able to inspect the already-parsed SNI header (in the case of TLS) or host header (in the case of http) to know what host was asked for by the client in order to make additional routing decisions. This can be used by transparent reverse proxies where the destination is not known in advance.
2018-03-06Link to docsKhionu Sybiern
Link to docs from the top level README. Fixes https://github.com/google/tcpproxy/issues/13
2017-07-14Add support for arbitrary matching against HTTP and SNI hostnames.David Anderson
Add{HTTPHost,SNI}Route remain so that the common case of exact matches remains trivial to use. Add{HTTPHost,SNI}MatchRoute allow you to specify your own matching function. Fixes #9
2017-07-06Support configurable routing of ACME tls-sni-01 challenges.David Anderson
By design, the tls-sni-01 challenge does not reveal information about the domain being verified, so the proxy cannot "naively" route such requests. Instead, it probes the Targets of all SNI routes, looking for one that responds plausibly to the challenge hostname, and routes the client connection to that. ACME support can be turned off by inserting AddStopAcmeSearch in the route chain. Subsequently registered SNI routes will not be probed by ACME challenges.
2017-07-06Merge matcher and route into an interface that yields a Target.David Anderson
This allows routes to compute a target at match time, instead of being statically mapped to a Target at register time.
2017-07-06Support HAProxy's PROXY protocol v1 in DialProxy.David Anderson
2017-07-05Fix golint nits by adding docstrings and simplifying execution flow.fix-golintDavid Anderson
2017-07-05Correct the package building command, and only deploy for master branch commits.David Anderson
2017-07-05Another attempt to fix Travis.David Anderson
Drop Go 1.7 from the build matrix, tcpproxy uses a 1.8 feature of crypto/tls. Make `go get` fetch the right test packages for cmd/tlsrouter.
2017-07-05Make Travis test all packages, and remove the go.universe.tf import path.David Anderson
2017-07-05Fix the godoc link to point to google/tcpproxy.David Anderson
2017-07-05Merge bradfitz's tcpproxy codebase with the software formerly known as ↵David Anderson
tlsrouter. Brad's code will be the place for future development, and the base for the binary formerly known as tlsrouter. This merge is the first step towards converging the codebases.
2017-07-05Move tlsrouter's readme to the command's directory.David Anderson
2017-07-05Switch license to Apache2, add Google copyright headers.David Anderson
This is prep work for merging with google/tcpproxy.
2017-07-02Correct the travis build to kinda work.David Anderson
2017-07-02Move tlsrouter to cmd/tlsrouter, in preparation for rewrite as a pkg.David Anderson
2017-06-22Fix copy/paste-o in doc example.Brad Fitzpatrick
2017-06-22Add vendor warningBrad Fitzpatrick
2017-06-22Add TargetListenerBrad Fitzpatrick
2017-06-22Start of tcpproxy. No Listener or reverse dialing yet.Brad Fitzpatrick
2017-05-14Make golint fail if lint errors are found, and fix said lint.David Anderson
2017-05-14Clean up the Travis build a bit more, moving more stuff to the deploy stage.David Anderson
2017-05-14Test Travis's new build stage support.David Anderson
This should only package and deploy if the build is clean on *all* Go versions in the test matrix.
2017-05-14Make travis fetch the test-only dependency.David Anderson
2017-05-14Add support for HAProxy's PROXY protocol.David Anderson
This allows backends that support it to receive the client's true ip:port as out-of-band information, despite the connection being proxied.
2017-05-14Upload packages based on Go 1.8, not 1.7.David Anderson
2017-05-14Add Go 1.8 to the build matrix.David Anderson
2017-02-09typoRyan Cox
2017-02-08Remove debug print in acme code.David Anderson
2017-02-08Stop testing against Go 1.6.David Anderson
1.6 lacks the builtin context package, and 1.8 will be out any day now, so 1.6 is on its last legs anyway.
2017-02-08Add ACME routing support.David Anderson
TLS connections that look like ACME verification get fanned out to all known backends, and the one that responds with the right cert to continue ACME verification is the winner.
2017-01-31Use nogroup as the group, not nobody.David Anderson
2017-01-31Port extra error checking over from netboot.David Anderson
2017-01-31Clean up travis config a bit, and add missing copyright notice.David Anderson
2017-01-31Add a deploy step to garbage-collect old packagecloud files.David Anderson
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-22 22:11:19 +0000