traefik/pkg/tcp/proxy.go

package tcp

import (
	"errors"
	"fmt"
	"io"
	"net"
	"syscall"
	"time"

	"github.com/pires/go-proxyproto"
	"github.com/traefik/traefik/v2/pkg/config/dynamic"
	"github.com/traefik/traefik/v2/pkg/log"
)

// Proxy forwards a TCP request to a TCP service.
type Proxy struct {
	address          string
	tcpAddr          *net.TCPAddr
	terminationDelay time.Duration
	proxyProtocol    *dynamic.ProxyProtocol
}

// NewProxy creates a new Proxy.
func NewProxy(address string, terminationDelay time.Duration, proxyProtocol *dynamic.ProxyProtocol) (*Proxy, error) {
	if proxyProtocol != nil && (proxyProtocol.Version < 1 || proxyProtocol.Version > 2) {
		return nil, fmt.Errorf("unknown proxyProtocol version: %d", proxyProtocol.Version)
	}

	// Creates the tcpAddr only for IP based addresses,
	// because there is no need to resolve the name on every new connection,
	// and building it should happen once.
	var tcpAddr *net.TCPAddr
	if host, _, err := net.SplitHostPort(address); err == nil && net.ParseIP(host) != nil {
		tcpAddr, err = net.ResolveTCPAddr("tcp", address)
		if err != nil {
			return nil, err
		}
	}

	return &Proxy{
		address:          address,
		tcpAddr:          tcpAddr,
		terminationDelay: terminationDelay,
		proxyProtocol:    proxyProtocol,
	}, nil
}

// ServeTCP forwards the connection to a service.
func (p *Proxy) ServeTCP(conn WriteCloser) {
	log.WithoutContext().Debugf("Handling connection from %s to %s", conn.RemoteAddr(), p.address)

	// needed because of e.g. server.trackedConnection
	defer conn.Close()

	connBackend, err := p.dialBackend()
	if err != nil {
		log.WithoutContext().Errorf("Error while connecting to backend: %v", err)
		return
	}

	// maybe not needed, but just in case
	defer connBackend.Close()
	errChan := make(chan error)

	if p.proxyProtocol != nil && p.proxyProtocol.Version > 0 && p.proxyProtocol.Version < 3 {
		header := proxyproto.HeaderProxyFromAddrs(byte(p.proxyProtocol.Version), conn.RemoteAddr(), conn.LocalAddr())
		if _, err := header.WriteTo(connBackend); err != nil {
			log.WithoutContext().Errorf("Error while writing proxy protocol headers to backend connection: %v", err)
			return
		}
	}

	go p.connCopy(conn, connBackend, errChan)
	go p.connCopy(connBackend, conn, errChan)

	err = <-errChan
	if err != nil {
		// Treat connection reset error during a read operation with a lower log level.
		// This allows to not report an RST packet sent by the peer as an error,
		// as it is an abrupt but possible end for the TCP session
		if isReadConnResetError(err) {
			log.WithoutContext().Debugf("Error during connection: %v", err)
		} else {
			log.WithoutContext().Errorf("Error during connection: %v", err)
		}
	}

	<-errChan
}

func (p Proxy) dialBackend() (*net.TCPConn, error) {
	// Dial using directly the TCPAddr for IP based addresses.
	if p.tcpAddr != nil {
		return net.DialTCP("tcp", nil, p.tcpAddr)
	}

	log.WithoutContext().Debugf("Dial with lookup to address %s", p.address)

	// Dial with DNS lookup for host based addresses.
	conn, err := net.Dial("tcp", p.address)
	if err != nil {
		return nil, err
	}

	return conn.(*net.TCPConn), nil
}

func (p Proxy) connCopy(dst, src WriteCloser, errCh chan error) {
	_, err := io.Copy(dst, src)
	errCh <- err

	// Ends the connection with the dst connection peer.
	// It corresponds to sending a FIN packet to gracefully end the TCP session.
	errClose := dst.CloseWrite()
	if errClose != nil {
		// Calling CloseWrite() on a connection which have a socket which is "not connected" is expected to fail.
		// It happens notably when the dst connection has ended receiving an RST packet from the peer (within the other connCopy call).
		// In that case, logging the error is superfluous,
		// as in the first place we should not have needed to call CloseWrite.
		if !isSocketNotConnectedError(errClose) {
			log.WithoutContext().Debugf("Error while terminating connection: %v", errClose)
		}

		return
	}

	if p.terminationDelay >= 0 {
		err := dst.SetReadDeadline(time.Now().Add(p.terminationDelay))
		if err != nil {
			log.WithoutContext().Debugf("Error while setting deadline: %v", err)
		}
	}
}

// isSocketNotConnectedError reports whether err is a socket not connected error.
func isSocketNotConnectedError(err error) bool {
	var oerr *net.OpError
	return errors.As(err, &oerr) && errors.Is(err, syscall.ENOTCONN)
}
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`package tcp`

			`import (`
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00			`"errors"`
added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 15:04:04 +03:00			`"fmt"`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`"io"`
			`"net"`
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00			`"syscall"`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`"time"`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00
added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 15:04:04 +03:00			`"github.com/pires/go-proxyproto"`
			`"github.com/traefik/traefik/v2/pkg/config/dynamic"`
chore: move to Traefik organization. Co-authored-by: Romain <rtribotte@users.noreply.github.com> 2020-09-16 16:46:04 +03:00			`"github.com/traefik/traefik/v2/pkg/log"`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`)`

Update linter 2020-05-11 13:06:07 +03:00			`// Proxy forwards a TCP request to a TCP service.`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`type Proxy struct {`
Improve service name lookup on TCP routers 2020-11-13 14:48:04 +03:00			`address string`
Fix initial tcp lookup when address is not available 2022-05-19 17:40:09 +03:00			`tcpAddr *net.TCPAddr`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`terminationDelay time.Duration`
added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 15:04:04 +03:00			`proxyProtocol *dynamic.ProxyProtocol`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`}`

Update linter 2020-05-11 13:06:07 +03:00			`// NewProxy creates a new Proxy.`
added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 15:04:04 +03:00			`func NewProxy(address string, terminationDelay time.Duration, proxyProtocol dynamic.ProxyProtocol) (Proxy, error) {`
			`if proxyProtocol != nil && (proxyProtocol.Version < 1 \|\| proxyProtocol.Version > 2) {`
			`return nil, fmt.Errorf("unknown proxyProtocol version: %d", proxyProtocol.Version)`
			`}`

Fix initial tcp lookup when address is not available 2022-05-19 17:40:09 +03:00			`// Creates the tcpAddr only for IP based addresses,`
			`// because there is no need to resolve the name on every new connection,`
			`// and building it should happen once.`
			`var tcpAddr *net.TCPAddr`
			`if host, _, err := net.SplitHostPort(address); err == nil && net.ParseIP(host) != nil {`
			`tcpAddr, err = net.ResolveTCPAddr("tcp", address)`
			`if err != nil {`
			`return nil, err`
			`}`
Improve service name lookup on TCP routers 2020-11-13 14:48:04 +03:00			`}`

			`return &Proxy{`
			`address: address,`
Fix initial tcp lookup when address is not available 2022-05-19 17:40:09 +03:00			`tcpAddr: tcpAddr,`
Improve service name lookup on TCP routers 2020-11-13 14:48:04 +03:00			`terminationDelay: terminationDelay,`
Merge branch v2.3 into master 2020-11-20 13:30:07 +03:00			`proxyProtocol: proxyProtocol,`
Improve service name lookup on TCP routers 2020-11-13 14:48:04 +03:00			`}, nil`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`}`

Update linter 2020-05-11 13:06:07 +03:00			`// ServeTCP forwards the connection to a service.`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`func (p *Proxy) ServeTCP(conn WriteCloser) {`
Add destination address to debug log 2022-05-30 12:14:09 +03:00			`log.WithoutContext().Debugf("Handling connection from %s to %s", conn.RemoteAddr(), p.address)`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00
			`// needed because of e.g. server.trackedConnection`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`defer conn.Close()`
Don't add TCP proxy when error occurs during creation. 2019-05-09 15:30:06 +03:00
Improve host name resolution for TCP proxy 2021-03-23 13:24:03 +03:00			`connBackend, err := p.dialBackend()`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`if err != nil {`
Improve host name resolution for TCP proxy 2021-03-23 13:24:03 +03:00			`log.WithoutContext().Errorf("Error while connecting to backend: %v", err)`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`return`
			`}`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00
			`// maybe not needed, but just in case`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`defer connBackend.Close()`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`errChan := make(chan error)`
added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 15:04:04 +03:00
			`if p.proxyProtocol != nil && p.proxyProtocol.Version > 0 && p.proxyProtocol.Version < 3 {`
			`header := proxyproto.HeaderProxyFromAddrs(byte(p.proxyProtocol.Version), conn.RemoteAddr(), conn.LocalAddr())`
			`if _, err := header.WriteTo(connBackend); err != nil {`
			`log.WithoutContext().Errorf("Error while writing proxy protocol headers to backend connection: %v", err)`
			`return`
			`}`
			`}`

On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`go p.connCopy(conn, connBackend, errChan)`
			`go p.connCopy(connBackend, conn, errChan)`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00
			`err = <-errChan`
			`if err != nil {`
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00			`// Treat connection reset error during a read operation with a lower log level.`
			`// This allows to not report an RST packet sent by the peer as an error,`
			`// as it is an abrupt but possible end for the TCP session`
			`if isReadConnResetError(err) {`
			`log.WithoutContext().Debugf("Error during connection: %v", err)`
			`} else {`
			`log.WithoutContext().Errorf("Error during connection: %v", err)`
			`}`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`}`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00
			`<-errChan`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`}`

Improve host name resolution for TCP proxy 2021-03-23 13:24:03 +03:00			`func (p Proxy) dialBackend() (*net.TCPConn, error) {`
Fix initial tcp lookup when address is not available 2022-05-19 17:40:09 +03:00			`// Dial using directly the TCPAddr for IP based addresses.`
			`if p.tcpAddr != nil {`
			`return net.DialTCP("tcp", nil, p.tcpAddr)`
Improve host name resolution for TCP proxy 2021-03-23 13:24:03 +03:00			`}`

Fix initial tcp lookup when address is not available 2022-05-19 17:40:09 +03:00			`log.WithoutContext().Debugf("Dial with lookup to address %s", p.address)`

			`// Dial with DNS lookup for host based addresses.`
Improve host name resolution for TCP proxy 2021-03-23 13:24:03 +03:00			`conn, err := net.Dial("tcp", p.address)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return conn.(*net.TCPConn), nil`
			`}`

On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`func (p Proxy) connCopy(dst, src WriteCloser, errCh chan error) {`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`_, err := io.Copy(dst, src)`
			`errCh <- err`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00			`// Ends the connection with the dst connection peer.`
			`// It corresponds to sending a FIN packet to gracefully end the TCP session.`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`errClose := dst.CloseWrite()`
			`if errClose != nil {`
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00			`// Calling CloseWrite() on a connection which have a socket which is "not connected" is expected to fail.`
			`// It happens notably when the dst connection has ended receiving an RST packet from the peer (within the other connCopy call).`
			`// In that case, logging the error is superfluous,`
			`// as in the first place we should not have needed to call CloseWrite.`
			`if !isSocketNotConnectedError(errClose) {`
			`log.WithoutContext().Debugf("Error while terminating connection: %v", errClose)`
			`}`

Add weighted round robin load balancer on TCP Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 21:00:06 +03:00			`return`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`}`

			`if p.terminationDelay >= 0 {`
			`err := dst.SetReadDeadline(time.Now().Add(p.terminationDelay))`
			`if err != nil {`
Add weighted round robin load balancer on TCP Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 21:00:06 +03:00			`log.WithoutContext().Debugf("Error while setting deadline: %v", err)`
On client CloseWrite, do CloseWrite instead of Close for backend Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-09-13 18:46:04 +03:00			`}`
			`}`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 11:30:04 +03:00			`}`
Quiet down TCP RST packet error on read operation 2022-09-14 12:50:08 +03:00
			`// isSocketNotConnectedError reports whether err is a socket not connected error.`
			`func isSocketNotConnectedError(err error) bool {`
			`var oerr *net.OpError`
			`return errors.As(err, &oerr) && errors.Is(err, syscall.ENOTCONN)`
			`}`