Commit Graph

36 Commits

Author SHA1 Message Date
Shayon Mukherjee df3ef06169 Support ingress rule matching for bastion mode 2024-05-10 16:07:03 -04:00
chungthuang 3299a9bc15 TUN-8238: Fix type mismatch introduced by fast-forward 2024-02-19 12:41:38 +00:00
Devin Carr 971360d5e0 TUN-8238: Refactor proxy logging
Propagates the logger context into further locations to help provide more context for certain errors. For instance, upstream and downstream copying errors will properly have the assigned flow id attached and destination address.
2024-02-16 20:12:24 +00:00
João "Pisco" Fernandes 76badfa01b TUN-8236: Add write timeout to quic and tcp connections
## Summary
To prevent bad eyeballs and severs to be able to exhaust the quic
control flows we are adding the possibility of having a timeout
for a write operation to be acknowledged. This will prevent hanging
connections from exhausting the quic control flows, creating a DDoS.
2024-02-15 17:54:52 +00:00
Igor Postelnik 56aeb6be65 TUN-8224: Fix safety of TCP stream logging, separate connect and ack log messages 2024-02-09 09:56:56 -06:00
chungthuang 638203f9f1 TUN-8224: Count and collect metrics on stream connect successes/errors 2024-02-07 14:38:21 +00:00
João Oliveirinha fc0ecf4185 TUN-7776: Remove warp-routing flag from cloudflared 2023-09-18 10:02:56 +01:00
Sudarsan Reddy 39847a70f2 TUN-7558: Flush on Writes for StreamBasedOriginProxy
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
2023-07-06 14:22:29 +00:00
Devin Carr a3bcf25fae TUN-7477: Add UDP/TCP session metrics
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
2023-06-19 16:28:37 +00:00
Devin Carr 7a014b06ec TUN-7129: Categorize TCP logs for streaming logs 2023-04-18 20:49:29 +00:00
Devin Carr 71997be90e TUN-7368: Report destination address for TCP requests in logs 2023-04-13 16:49:42 -07:00
Devin Carr 3fd571063e TUN-7128: Categorize logs from public hostname locations
Updates the HTTP ingress request log events to have more structured
fields to adapt to streaming logs reporting.
2023-04-10 22:14:12 +00:00
Devin Carr 93acdaface TUN-7125: Add management streaming logs WebSocket protocol 2023-04-05 16:25:16 +00:00
Devin Carr be64362fdb TUN-7124: Add intercept ingress rule for management requests 2023-03-21 11:42:25 -07:00
João Oliveirinha 68ef4ab2a8 TUN-7197: Add connIndex tag to debug messages of incoming requests 2023-02-22 16:08:24 +00:00
Nuno Diegues 93e569fa23 TUN-7146: Avoid data race in closing origin connection too early 2023-01-31 10:34:58 +00:00
João Oliveirinha 513855df5c TUN-7073: Fix propagating of bad stream request from origin to downstream
This changes fixes a bug where cloudflared was not propagating errors
when proxying the body of an HTTP request.

In a situation where we already sent HTTP status code, the eyeball would
see the request as sucessfully when in fact it wasn't.

To solve this, we need to guarantee that we produce HTTP RST_STREAM
frames.
This change was applied to both http2 and quic transports.
2023-01-23 13:00:58 +00:00
Devin Carr 887e486a63 TUN-7057: Remove dependency github.com/gorilla/mux 2022-12-24 21:05:51 -07:00
João Oliveirinha 6be36fa2c5 TUN-6806: Add ingress rule number to log when filtering due to middlware handler 2022-10-03 09:49:24 +00:00
Sudarsan Reddy 7f487c2651 TUN-6775: Add middleware.Handler verification to ProxyHTTP
ProxyHTTP now processes middleware Handler before executing the request.
A chain of handlers is now executed and appropriate response status
codes are sent.
2022-09-22 15:11:59 +01:00
João Oliveirinha f6bd4aa039 TUN-6676: Add suport for trailers in http2 connections 2022-08-24 15:16:30 +00:00
Devin Carr a97673e8b9 TUN-6575: Consume cf-trace-id from incoming http2 TCP requests 2022-08-16 15:30:44 +00:00
Devin Carr b9cba7f2ae TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span
(cherry picked from commit f48a7cd3dd)
2022-08-02 14:56:31 -07:00
João Oliveirinha 7f1c890a82 Revert "TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span"
This reverts commit f48a7cd3dd.
2022-08-02 11:13:24 +01:00
Devin Carr f48a7cd3dd TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span 2022-08-01 20:22:39 +00:00
Devin Carr f4667c6345 TUN-6427: Differentiate between upstream request closed/canceled and failed origin requests 2022-06-20 14:29:53 +00:00
Igor Postelnik f2339a7244 TUN-6380: Enforce connect and keep-alive timeouts for TCP connections in both WARP routing and websocket based TCP proxy.
For WARP routing the defaults for these new settings are 5 seconds for connect timeout and 30 seconds for keep-alive timeout. These values can be configured either remotely or locally. Local config lives under "warp-routing" section in config.yaml.

For websocket-based proxy, the defaults come from originConfig settings (either global or per-service) and use the same defaults as HTTP proxying.
2022-06-14 21:36:40 +00:00
Sudarsan Reddy 69b28e358c TUN-6347: Add TCP stream logs with FlowID 2022-06-09 19:41:20 +00:00
João Oliveirinha 6f78ccde04 TUN-6250: Add upstream response status code to tracing span attributes 2022-05-18 15:40:48 +01:00
João Oliveirinha 26a7b59f6f TUN-6248: Fix panic in cloudflared during tracing when origin doesn't provide header map 2022-05-18 13:13:07 +01:00
Devin Carr a97233bb3e TUN-6030: Add ttfb span for origin http request 2022-04-21 15:49:22 +00:00
Devin Carr f81b0ee9e8 TUN-5990: Add otlp span export to response header 2022-04-18 16:25:56 +00:00
Devin Carr def8f57dbc TUN-5989: Add in-memory otlp exporter 2022-04-11 19:38:01 +00:00
João Oliveirinha 9cde11f8e0 TUN-6038: Reduce buffer size used for proxying data
The buffer size was big to support a compression feature that we don't
use anymore.
As such, we can now reduce this and be more efficient with memory usage.
2022-04-11 18:01:16 +01:00
cthuang d68ff390ca TUN-5698: Make ingress rules and warp routing dynamically configurable 2022-02-16 09:38:28 +00:00
cthuang e22422aafb TUN-5749: Refactor cloudflared to pave way for reconfigurable ingress
- Split origin into supervisor and proxy packages
- Create configManager to handle dynamic config
2022-02-14 15:37:09 +00:00
Renamed from origin/proxy.go (Browse further)