Move TCPProxy to pkg

2022-07-20 18:43:39 -03:00 · 2022-07-20 18:43:39 -03:00 · 32d06d4b3b
commit 32d06d4b3b
parent 7304086202
2 changed files with 8 additions and 7 deletions
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@ -44,6 +44,7 @@ import (
 	v1core "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/flowcontrol"
+	"k8s.io/ingress-nginx/pkg/tcpproxy"

 	adm_controller "k8s.io/ingress-nginx/internal/admission/controller"
 	"k8s.io/ingress-nginx/internal/ingress"
@ -101,7 +102,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro

 		runningConfig: new(ingress.Configuration),

-		Proxy: &TCPProxy{},
+		Proxy: &tcpproxy.TCPProxy{},

 		metricCollector: mc,

@ -241,7 +242,7 @@ type NGINXController struct {

 	isShuttingDown bool

-	Proxy *TCPProxy
+	Proxy *tcpproxy.TCPProxy

 	store store.Storer

@ -439,7 +440,7 @@ func (n NGINXController) DefaultEndpoint() ingress.Endpoint {
 func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {

 	if n.cfg.EnableSSLPassthrough {
-		servers := []*TCPServer{}
+		servers := []*tcpproxy.TCPServer{}
 		for _, pb := range ingressCfg.PassthroughBackends {
 			svc := pb.Service
 			if svc == nil {
@ -464,7 +465,7 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC
 			}

 			// TODO: Allow PassthroughBackends to specify they support proxy-protocol
-			servers = append(servers, &TCPServer{
+			servers = append(servers, &tcpproxy.TCPServer{
 				Hostname:      pb.Hostname,
 				IP:            svc.Spec.ClusterIP,
 				Port:          port,
@ -751,8 +752,8 @@ func (n *NGINXController) setupSSLProxy() {
 	proxyPort := n.cfg.ListenPorts.SSLProxy

 	klog.InfoS("Starting TLS proxy for SSL Passthrough")
-	n.Proxy = &TCPProxy{
-		Default: &TCPServer{
+	n.Proxy = &tcpproxy.TCPProxy{
+		Default: &tcpproxy.TCPServer{
 			Hostname:      "localhost",
 			IP:            "127.0.0.1",
 			Port:          proxyPort,
--- a/internal/ingress/controller/tcp.go
+++ b/internal/ingress/controller/tcp.go
@ -1,133 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package controller
-
-import (
-	"fmt"
-	"io"
-	"net"
-
-	"k8s.io/klog/v2"
-
-	"pault.ag/go/sniff/parser"
-)
-
-// TCPServer describes a server that works in passthrough mode.
-type TCPServer struct {
-	Hostname      string
-	IP            string
-	Port          int
-	ProxyProtocol bool
-}
-
-// TCPProxy describes the passthrough servers and a default as catch all.
-type TCPProxy struct {
-	ServerList []*TCPServer
-	Default    *TCPServer
-}
-
-// Get returns the TCPServer to use for a given host.
-func (p *TCPProxy) Get(host string) *TCPServer {
-	if p.ServerList == nil {
-		return p.Default
-	}
-
-	for _, s := range p.ServerList {
-		if s.Hostname == host {
-			return s
-		}
-	}
-
-	return p.Default
-}
-
-// Handle reads enough information from the connection to extract the hostname
-// and open a connection to the passthrough server.
-func (p *TCPProxy) Handle(conn net.Conn) {
-	defer conn.Close()
-	data := make([]byte, 4096)
-
-	length, err := conn.Read(data)
-	if err != nil {
-		klog.V(4).ErrorS(err, "Error reading the first 4k of the connection")
-		return
-	}
-
-	proxy := p.Default
-	hostname, err := parser.GetHostname(data[:])
-	if err == nil {
-		klog.V(4).InfoS("TLS Client Hello", "host", hostname)
-		proxy = p.Get(hostname)
-	}
-
-	if proxy == nil {
-		klog.V(4).InfoS("There is no configured proxy for SSL connections.")
-		return
-	}
-
-	hostPort := net.JoinHostPort(proxy.IP, fmt.Sprintf("%v", proxy.Port))
-	clientConn, err := net.Dial("tcp", hostPort)
-	if err != nil {
-		klog.V(4).ErrorS(err, "error dialing proxy", "ip", proxy.IP, "port", proxy.Port, "hostname", proxy.Hostname)
-		return
-	}
-	defer clientConn.Close()
-
-	if proxy.ProxyProtocol {
-		// write out the Proxy Protocol header
-		localAddr := conn.LocalAddr().(*net.TCPAddr)
-		remoteAddr := conn.RemoteAddr().(*net.TCPAddr)
-		protocol := "UNKNOWN"
-		if remoteAddr.IP.To4() != nil {
-			protocol = "TCP4"
-		} else if remoteAddr.IP.To16() != nil {
-			protocol = "TCP6"
-		}
-		proxyProtocolHeader := fmt.Sprintf("PROXY %s %s %s %d %d\r\n", protocol, remoteAddr.IP.String(), localAddr.IP.String(), remoteAddr.Port, localAddr.Port)
-		klog.V(4).InfoS("Writing Proxy Protocol", "header", proxyProtocolHeader)
-		_, err = fmt.Fprintf(clientConn, proxyProtocolHeader)
-	}
-	if err != nil {
-		klog.ErrorS(err, "Error writing Proxy Protocol header")
-		clientConn.Close()
-	} else {
-		_, err = clientConn.Write(data[:length])
-		if err != nil {
-			klog.Errorf("Error writing the first 4k of proxy data: %v", err)
-			clientConn.Close()
-		}
-	}
-
-	pipe(clientConn, conn)
-}
-
-func pipe(client, server net.Conn) {
-	doCopy := func(s, c net.Conn, cancel chan<- bool) {
-		io.Copy(s, c)
-		cancel <- true
-	}
-
-	cancel := make(chan bool, 2)
-
-	go doCopy(server, client, cancel)
-	go doCopy(client, server, cancel)
-
-	select {
-	case <-cancel:
-		return
-	}
-}