2019-03-14 09:30:04 +01:00
|
|
|
package tcp
|
|
|
|
|
|
|
|
import (
|
2022-09-14 11:50:08 +02:00
|
|
|
"errors"
|
2020-11-17 13:04:04 +01:00
|
|
|
"fmt"
|
2019-03-14 09:30:04 +01:00
|
|
|
"io"
|
|
|
|
"net"
|
2022-09-14 11:50:08 +02:00
|
|
|
"syscall"
|
2019-09-13 17:46:04 +02:00
|
|
|
"time"
|
2019-03-14 09:30:04 +01:00
|
|
|
|
2020-11-17 13:04:04 +01:00
|
|
|
"github.com/pires/go-proxyproto"
|
2022-11-21 18:36:05 +01:00
|
|
|
"github.com/rs/zerolog/log"
|
2023-02-03 15:24:05 +01:00
|
|
|
"github.com/traefik/traefik/v3/pkg/config/dynamic"
|
2019-03-14 09:30:04 +01:00
|
|
|
)
|
|
|
|
|
2020-05-11 12:06:07 +02:00
|
|
|
// Proxy forwards a TCP request to a TCP service.
|
2019-03-14 09:30:04 +01:00
|
|
|
type Proxy struct {
|
2022-12-09 09:58:05 +01:00
|
|
|
address string
|
|
|
|
proxyProtocol *dynamic.ProxyProtocol
|
|
|
|
dialer Dialer
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
|
|
|
|
2020-05-11 12:06:07 +02:00
|
|
|
// NewProxy creates a new Proxy.
|
2022-12-09 09:58:05 +01:00
|
|
|
func NewProxy(address string, proxyProtocol *dynamic.ProxyProtocol, dialer Dialer) (*Proxy, error) {
|
2020-11-17 13:04:04 +01:00
|
|
|
if proxyProtocol != nil && (proxyProtocol.Version < 1 || proxyProtocol.Version > 2) {
|
|
|
|
return nil, fmt.Errorf("unknown proxyProtocol version: %d", proxyProtocol.Version)
|
|
|
|
}
|
|
|
|
|
2020-11-13 08:48:04 -03:00
|
|
|
return &Proxy{
|
2022-12-09 09:58:05 +01:00
|
|
|
address: address,
|
|
|
|
proxyProtocol: proxyProtocol,
|
|
|
|
dialer: dialer,
|
2020-11-13 08:48:04 -03:00
|
|
|
}, nil
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
|
|
|
|
2020-05-11 12:06:07 +02:00
|
|
|
// ServeTCP forwards the connection to a service.
|
2019-09-13 17:46:04 +02:00
|
|
|
func (p *Proxy) ServeTCP(conn WriteCloser) {
|
2022-12-09 09:58:05 +01:00
|
|
|
log.Debug().
|
|
|
|
Str("address", p.address).
|
|
|
|
Str("remoteAddr", conn.RemoteAddr().String()).
|
2023-02-15 11:29:28 +01:00
|
|
|
Msg("Handling TCP connection")
|
2019-09-13 17:46:04 +02:00
|
|
|
|
|
|
|
// needed because of e.g. server.trackedConnection
|
2019-03-14 09:30:04 +01:00
|
|
|
defer conn.Close()
|
2019-05-09 14:30:06 +02:00
|
|
|
|
2021-03-23 10:24:03 +00:00
|
|
|
connBackend, err := p.dialBackend()
|
2019-03-14 09:30:04 +01:00
|
|
|
if err != nil {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Error().Err(err).Msg("Error while dialing backend")
|
2019-03-14 09:30:04 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-13 17:46:04 +02:00
|
|
|
|
|
|
|
// maybe not needed, but just in case
|
2019-03-14 09:30:04 +01:00
|
|
|
defer connBackend.Close()
|
2019-09-13 17:46:04 +02:00
|
|
|
errChan := make(chan error)
|
2020-11-17 13:04:04 +01:00
|
|
|
|
|
|
|
if p.proxyProtocol != nil && p.proxyProtocol.Version > 0 && p.proxyProtocol.Version < 3 {
|
|
|
|
header := proxyproto.HeaderProxyFromAddrs(byte(p.proxyProtocol.Version), conn.RemoteAddr(), conn.LocalAddr())
|
|
|
|
if _, err := header.WriteTo(connBackend); err != nil {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Error().Err(err).Msg("Error while writing TCP proxy protocol headers to backend connection")
|
2020-11-17 13:04:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-13 17:46:04 +02:00
|
|
|
go p.connCopy(conn, connBackend, errChan)
|
|
|
|
go p.connCopy(connBackend, conn, errChan)
|
2019-03-14 09:30:04 +01:00
|
|
|
|
|
|
|
err = <-errChan
|
|
|
|
if err != nil {
|
2022-09-14 11:50:08 +02:00
|
|
|
// Treat connection reset error during a read operation with a lower log level.
|
|
|
|
// This allows to not report an RST packet sent by the peer as an error,
|
|
|
|
// as it is an abrupt but possible end for the TCP session
|
|
|
|
if isReadConnResetError(err) {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Debug().Err(err).Msg("Error while handling TCP connection")
|
2022-09-14 11:50:08 +02:00
|
|
|
} else {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Error().Err(err).Msg("Error while handling TCP connection")
|
2022-09-14 11:50:08 +02:00
|
|
|
}
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
2019-09-13 17:46:04 +02:00
|
|
|
|
|
|
|
<-errChan
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
|
|
|
|
2022-12-09 09:58:05 +01:00
|
|
|
func (p Proxy) dialBackend() (WriteCloser, error) {
|
|
|
|
conn, err := p.dialer.Dial("tcp", p.address)
|
2021-03-23 10:24:03 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-12-09 09:58:05 +01:00
|
|
|
return conn.(WriteCloser), nil
|
2021-03-23 10:24:03 +00:00
|
|
|
}
|
|
|
|
|
2019-09-13 17:46:04 +02:00
|
|
|
func (p Proxy) connCopy(dst, src WriteCloser, errCh chan error) {
|
2019-03-14 09:30:04 +01:00
|
|
|
_, err := io.Copy(dst, src)
|
|
|
|
errCh <- err
|
2019-09-13 17:46:04 +02:00
|
|
|
|
2022-09-14 11:50:08 +02:00
|
|
|
// Ends the connection with the dst connection peer.
|
|
|
|
// It corresponds to sending a FIN packet to gracefully end the TCP session.
|
2019-09-13 17:46:04 +02:00
|
|
|
errClose := dst.CloseWrite()
|
|
|
|
if errClose != nil {
|
2022-09-14 11:50:08 +02:00
|
|
|
// Calling CloseWrite() on a connection which have a socket which is "not connected" is expected to fail.
|
|
|
|
// It happens notably when the dst connection has ended receiving an RST packet from the peer (within the other connCopy call).
|
|
|
|
// In that case, logging the error is superfluous,
|
|
|
|
// as in the first place we should not have needed to call CloseWrite.
|
|
|
|
if !isSocketNotConnectedError(errClose) {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Debug().Err(errClose).Msg("Error while terminating TCP connection")
|
2022-09-14 11:50:08 +02:00
|
|
|
}
|
|
|
|
|
2019-09-13 20:00:06 +02:00
|
|
|
return
|
2019-09-13 17:46:04 +02:00
|
|
|
}
|
|
|
|
|
2022-12-09 09:58:05 +01:00
|
|
|
if p.dialer.TerminationDelay() >= 0 {
|
|
|
|
err := dst.SetReadDeadline(time.Now().Add(p.dialer.TerminationDelay()))
|
2019-09-13 17:46:04 +02:00
|
|
|
if err != nil {
|
2023-02-15 11:29:28 +01:00
|
|
|
log.Debug().Err(err).Msg("Error while setting TCP connection deadline")
|
2019-09-13 17:46:04 +02:00
|
|
|
}
|
|
|
|
}
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
2022-09-14 11:50:08 +02:00
|
|
|
|
|
|
|
// isSocketNotConnectedError reports whether err is a socket not connected error.
|
|
|
|
func isSocketNotConnectedError(err error) bool {
|
|
|
|
var oerr *net.OpError
|
|
|
|
return errors.As(err, &oerr) && errors.Is(err, syscall.ENOTCONN)
|
|
|
|
}
|