Documentation ¶
Overview ¶
Index ¶
- Constants
- func BuildProxy(config *Config) *goproxy.ProxyHttpServer
- func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
- func IsMissingRoleError(err error) bool
- func MissingRoleError(s string) error
- func NewTimeoutConn(conn net.Conn, timeout time.Duration) net.Conn
- func StartWithConfig(config *Config, quit <-chan interface{})
- type Config
- func (config *Config) SetAllowAddresses(addressStrings []string) error
- func (config *Config) SetAllowRanges(rangeStrings []string) error
- func (config *Config) SetDenyAddresses(addressStrings []string) error
- func (config *Config) SetDenyRanges(rangeStrings []string) error
- func (config *Config) SetResolverAddresses(resolverAddresses []string) error
- func (config *Config) SetupCrls(crlFiles []string) error
- func (config *Config) SetupEgressAcl(aclFile string) error
- func (config *Config) SetupPrometheus(endpoint string, port string) error
- func (config *Config) SetupStatsd(addr string) error
- func (config *Config) SetupStatsdWithNamespace(addr, namespace string) error
- func (config *Config) SetupTls(certFile, keyFile string, clientCAFiles []string) error
- func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error
- type ExitStatus
- type HealthcheckMiddleware
- type Log2LogrusWriter
- type RuleRange
- type StatsServer
- type TimeoutConn
Constants ¶
View Source
const ( LogFieldID = "id" LogFieldOutLocalAddr = "outbound_local_addr" LogFieldOutRemoteAddr = "outbound_remote_addr" LogFieldInRemoteAddr = "inbound_remote_addr" LogFieldProxyType = "proxy_type" LogFieldRequestedHost = "requested_host" LogFieldStartTime = "start_time" LogFieldTraceID = "trace_id" LogFieldInRemoteX509CN = "inbound_remote_x509_cn" LogFieldInRemoteX509OU = "inbound_remote_x509_ou" LogFieldRole = "role" LogFieldProject = "project" LogFieldContentLength = "content_length" LogFieldDecisionReason = "decision_reason" LogFieldEnforceWouldDeny = "enforce_would_deny" LogFieldAllow = "allow" LogFieldError = "error" CanonicalProxyDecision = "CANONICAL-PROXY-DECISION" LogFieldConnEstablishMS = "conn_establish_time_ms" LogFieldDNSLookupTime = "dns_lookup_time_ms" )
View Source
const DefaultStatsdNamespace = "smokescreen."
Variables ¶
This section is empty.
Functions ¶
func BuildProxy ¶
func BuildProxy(config *Config) *goproxy.ProxyHttpServer
func HTTPErrorHandler ¶
func HTTPErrorHandler(w io.WriteCloser, pctx *goproxy.ProxyCtx, err error)
HTTPErrorHandler allows returning a custom error response when smokescreen fails to connect to the proxy target.
func IsMissingRoleError ¶
func MissingRoleError ¶
func StartWithConfig ¶
func StartWithConfig(config *Config, quit <-chan interface{})
Types ¶
type Config ¶
type Config struct { Ip string Port uint16 Listener net.Listener DenyRanges []RuleRange AllowRanges []RuleRange Resolver *net.Resolver ConnectTimeout time.Duration ExitTimeout time.Duration MetricsClient metrics.MetricsClientInterface EgressACL acl.Decider SupportProxyProtocol bool TlsConfig *tls.Config CrlByAuthorityKeyId map[string]*pkix.CertificateList RoleFromRequest func(subject *http.Request) (string, error) AdditionalErrorMessageOnDeny string Log *log.Logger DisabledAclPolicyActions []string AllowMissingRole bool StatsSocketDir string StatsSocketFileMode os.FileMode StatsServer *StatsServer // StatsServer ConnTracker conntrack.TrackerInterface Healthcheck http.Handler // User defined http.Handler for optional requests to a /healthcheck endpoint ShuttingDown atomic.Value // Stores a boolean value indicating whether the proxy is actively shutting down // Network type to use when performing DNS lookups. Must be one of "ip", "ip4" or "ip6". Network string // A connection is idle if it has been inactive (no bytes in/out) for this many seconds. IdleTimeout time.Duration // These are *only* used for traditional HTTP proxy requests TransportMaxIdleConns int TransportMaxIdleConnsPerHost int // Used for logging connection time TimeConnect bool // Custom Dial Timeout function to be called ProxyDialTimeout func(ctx context.Context, network, address string, timeout time.Duration) (net.Conn, error) // Customer handler to allow clients to modify reject responses RejectResponseHandler func(*http.Response) // UnsafeAllowPrivateRanges inverts the default behavior, telling smokescreen to allow private IP // ranges by default (exempting loopback and unicast ranges) // This setting can be used to configure Smokescreen with a blocklist, rather than an allowlist UnsafeAllowPrivateRanges bool // contains filtered or unexported fields }
func LoadConfig ¶
func (*Config) SetAllowAddresses ¶
func (*Config) SetAllowRanges ¶
func (*Config) SetDenyAddresses ¶
func (*Config) SetDenyRanges ¶
func (*Config) SetResolverAddresses ¶
func (*Config) SetupEgressAcl ¶
func (*Config) SetupPrometheus ¶
func (*Config) SetupStatsd ¶
func (*Config) SetupStatsdWithNamespace ¶
func (*Config) SetupTls ¶
certFile and keyFile may be the same file containing concatenated PEM blocks
func (*Config) UnmarshalYAML ¶
type ExitStatus ¶
type ExitStatus int
ExitStatus is used to log Smokescreen's connection status at shutdown time
const ( Closed ExitStatus = iota Idle Timeout )
func (ExitStatus) String ¶
func (e ExitStatus) String() string
type HealthcheckMiddleware ¶
HealthcheckMiddleware allows a user defined http.Handler to be invoked by requests to the /healthcheck endpoint. This function is set in the smokescreen config.
func (HealthcheckMiddleware) ServeHTTP ¶
func (h HealthcheckMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Log2LogrusWriter ¶
type StatsServer ¶
type StatsServer struct {
// contains filtered or unexported fields
}
func StartStatsServer ¶
func StartStatsServer(config *Config) *StatsServer
func (*StatsServer) Serve ¶
func (s *StatsServer) Serve()
func (*StatsServer) ServeHTTP ¶
func (s *StatsServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
func (*StatsServer) Shutdown ¶
func (s *StatsServer) Shutdown()
Source Files ¶
Click to show internal directories.
Click to hide internal directories.