Add a mechanism to forward outgoing TCP via a Unix domain socket#590
Merged
djs55 merged 9 commits intomoby:masterfrom Aug 22, 2022
Merged
Add a mechanism to forward outgoing TCP via a Unix domain socket#590djs55 merged 9 commits intomoby:masterfrom
djs55 merged 9 commits intomoby:masterfrom
Conversation
avsm
reviewed
Aug 22, 2022
| | `Eof -> Fmt.string ppf "EOF while reading handshake" | ||
|
|
||
| let read flow = | ||
| FLOW.read_some flow 2 >>= function |
Collaborator
There was a problem hiding this comment.
minor, but I think you could replace this >>= with >!= and lose all the Lwt.returns below.
avsm
reviewed
Aug 22, 2022
src/hostnet/forwards.ml
Outdated
| let src_ip = | ||
| match Ipaddr.of_string @@ get_string @@ find j [ "src_ip" ] with | ||
| | Error (`Msg m) -> | ||
| raise (Parse_error (j, "src_ip should be an IPv4 address: " ^ m)) |
Collaborator
There was a problem hiding this comment.
Doesn't Ipaddr.of_string also parse V6 addresses? Dont you need Ipaddr.V4.of_string here?
Collaborator
Author
There was a problem hiding this comment.
Ah, I think in this case the accompanying error message is wrong -- I've been trying to use Ipaddr.t more throughout in preparation for supporting IPv6
avsm
reviewed
Aug 22, 2022
src/fs9p/dune
Outdated
| (name fs9p) | ||
| (wrapped false) | ||
| (libraries protocol-9p mirage-flow)) | ||
| (libraries protocol-9p mirage-flow result)) |
Collaborator
There was a problem hiding this comment.
I don't think you need this result package if you use a modern OCaml. 4.08+ (as the lower bound currently is) should be sufficient as Result has been present since then.
Previously we had - Endpoint.input_tcp: which handled RST and then called intercept_tcp_syn with a default forwarding option (connect to (ip, port)) - Endpoint.intercept_tcp_syn: also used by services like the HTTP proxy The RST handling wasn't clear for the HTTP proxy etc, so rename intercept_tcp_syn to intercept_tcp and ensure it handles RST packets too. Signed-off-by: David Scott <dave@recoil.org>
This is modelled on the existing "Gateway_forwards" Signed-off-by: David Scott <dave@recoil.org>
This reads and watches the <json path> for configuration updates, modelled on the existing `--gateway-forwards` Signed-off-by: David Scott <dave@recoil.org>
We will have a future function which forwards to a Unix socket. Signed-off-by: David Scott <dave@recoil.org>
Define a simple handshake with a .json-formatted request and response. Forwards.Stream.connect will take care of making a direct connection or indirecting via a Unix proxy internally. Signed-off-by: David Scott <dave@recoil.org>
Signed-off-by: David Scott <dave@recoil.org>
It only needs `connect` + usual suspects `read`, `write`, `close` etc Signed-off-by: David Scott <dave@recoil.org>
Signed-off-by: David Scott <dave@recoil.org>
Signed-off-by: David Scott <dave@recoil.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is based on the existing "gateway forwards" mechanism which allowed traffic sent to the gateway to be forwarded.
A
forwards.jsoncan be dynamically updated with IP network matches and Unix domain socket / Windows named pipe paths. When a SYN arrives, a request is sent on the Unix domain socket, allowing the server to reject or accept the request. Assuming the connection is accepted, the handshake is completed and traffic flows.