Another major refactoring.

Added back the quic from the old repo. Removed the raw 'h2r' and fixed it to use plain H2, more common.
costinm · Apr 19, 2021 · 08ea89a · 08ea89a
1 parent 0e572db
commit 08ea89a
Show file tree

Hide file tree

Showing 85 changed files with 3,990 additions and 2,012 deletions.
diff --git a/.run/go-ugate.run.xml b/.run/go-ugate.run.xml
@@ -3,12 +3,12 @@
     <module name="dmesh" />
     <working_directory value="$PROJECT_DIR$/../ugate/cmd/ugate/testdata" />
     <envs>
-      <env name="GODEBUG" value="http2debug=2" />
+      <env name="XGODEBUG" value="http2debug=2" />
     </envs>
-    <kind value="FILE" />
-    <filePath value="$PROJECT_DIR$/../ugate/cmd/ugate/ugate.go" />
+    <kind value="DIRECTORY" />
     <package value="github.com/costinm/ugate/cmd/ugate" />
-    <directory value="$PROJECT_DIR$" />
+    <directory value="$PROJECT_DIR$/../ugate/cmd/ugate/" />
+    <filePath value="$PROJECT_DIR$/../ugate/cmd/ugate/ugate.go" />
     <method v="2">
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="update" run_configuration_type="MAKEFILE_TARGET_RUN_CONFIGURATION" />
     </method>

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-OUT=build
+OUT=${PWD}/build
 
 #include ${HOME}/.hosts.mk
 ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
@@ -11,7 +11,7 @@ run/c1:
 
 # Must have a $HOME/ugate dir
 run:
-	CGO_ENABLED=0 go build -o ${OUT}/ugate ./cmd/ugate
+	(cd ./cmd/ugate; CGO_ENABLED=0 go build -o ${OUT}/ugate .)
 	ssh ${HOST} pkill ugate || true
 	scp ${OUT}/ugate ${HOST}:/x/ugate
 	ssh  ${HOST} "cd /x/ugate; HOME=/x/ugate /x/ugate/ugate"

diff --git a/README.md b/README.md
@@ -56,6 +56,9 @@ auto-detecting TLS.
 
 # TODO
 
+- P1: register dialers ( webrtc, quic, etc) for muxed connections and streams
+- P1: webrtc listener to create new peerconnection after one is used, dial to use a synth. SDP string.
+
 - UDP
 - P2: (separate repo) WebRTC/TURN/STUN compat - check perf against H2 and SNI routing
 - P2: K8s compat  (konectivity ?), KNative
@@ -70,3 +73,4 @@ auto-detecting TLS.
 - P0: mangled hostname: KEYID.namespace.TRUST_DOMAIN in certs and SNI routes. Use pod ID as SAN, Istio Spiffe based on
   SA from JWT + namespace
 - P2: OIDC auth (to support certs), VAPID extensions for OIDC compat (send cert)
+
diff --git a/cmd/ug/ug.go b/cmd/ug/ug.go
diff --git a/cmd/ugate/go.mod b/cmd/ugate/go.mod
@@ -8,10 +8,15 @@ replace github.com/costinm/ugate/webrtc => ../../webrtc
 
 replace github.com/costinm/ugate/dns => ../../dns
 
-replace github.com/costinm/ugate/webpush => ../../webpush
+replace github.com/costinm/ugate/xds => ../../xds
+
+replace github.com/costinm/ugate/quic => ../../quic
 
 require (
 	github.com/costinm/ugate v0.0.0-20210328173325-afc113d007e8
 	github.com/costinm/ugate/dns v0.0.0-00010101000000-000000000000
-	github.com/costinm/ugate/webpush v0.0.0-20210329161419-fd5474ea74fe
+	github.com/costinm/ugate/quic v0.0.0-00010101000000-000000000000
+	github.com/costinm/ugate/webrtc v0.0.0-00010101000000-000000000000
+	github.com/costinm/ugate/xds v0.0.0-00010101000000-000000000000
+	google.golang.org/grpc v1.36.1
 )
diff --git a/cmd/ugate/go.sum b/cmd/ugate/go.sum
diff --git a/cmd/ugate/testdata/alice/kube.json b/cmd/ugate/testdata/alice/kube.json
@@ -0,0 +1,24 @@
+{
+  "apiVersion": "v1",
+  "kind": "Config",
+  "clusters": [],
+  "users": [
+    {
+      "name": "default",
+      "user": {
+        "client-certificate-data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwekNDQVhtZ0F3SUJBZ0lSQUxRSWhRdytlL1h2RGhabjFjZkxwZkF3Q2dZSUtvWkl6ajBFQXdJd09URVcKTUJRR0ExVUVDaE1OYUM1M1pXSnBibVl1YVc1bWJ6RWZNQjBHQTFVRUF4TVdZMjl6ZEdsdU1UWXVhQzUzWldKcApibVl1YVc1bWJ6QWVGdzB5TVRBME1UVXhNekUwTXpsYUZ3MHlNakEwTVRVeE16RTBNemxhTURreEZqQVVCZ05WCkJBb1REV2d1ZDJWaWFXNW1MbWx1Wm04eEh6QWRCZ05WQkFNVEZtTnZjM1JwYmpFMkxtZ3VkMlZpYVc1bUxtbHUKWm04d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFUU0ROL1UwZEk3UGpIdWx1V3BSdzR5akxmagpJblZiNE9uSEVRTGlVTkVUZW94SlZXQUVzRitCamo5Yzk2RU1YRElibitVZ3cvYVRldkJVOGF1SjdjRkdvMkl3CllEQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUF3R0ExVWRFd0VCL3dRQ01BQXdJUVlEVlIwUkJCb3dHSUlXWTI5emRHbHVNVFl1YUM1M1pXSnBibVl1YVc1bQpiekFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUJWcGNQUG94cjV4ZS8vSUdCcUVLVUsvZEhXNXlvc203RFdPNFN0CndVRkFaQUloQUp3NjExSXNBMmN1NFpQczdSQ2NmQ29EUlh2UWpQeUZQV1VZSzFFT1dOdTIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
+        "client-key-data": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ2FmWGdCYzkwVVBGNWJ4QjMKeC9JMWFTUXdGVkR0OXFlSmVIUjRLQ0NPUmlTaFJBTkNBQVRTRE4vVTBkSTdQakh1bHVXcFJ3NHlqTGZqSW5WYgo0T25IRVFMaVVORVRlb3hKVldBRXNGK0JqajljOTZFTVhESWJuK1Vndy9hVGV2QlU4YXVKN2NGRwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="
+      }
+    }
+  ],
+  "contexts": [
+    {
+      "name": "default",
+      "context": {
+        "cluster": "default",
+        "user": "default"
+      }
+    }
+  ],
+  "current-context": "default"
+}
diff --git a/cmd/ugate/testdata/alice/ugate.json b/cmd/ugate/testdata/alice/ugate.json
@@ -0,0 +1,14 @@
+{
+  "domain": "svc.cluster.local",
+  "basePort": 6000,
+  "listeners": {
+  },
+  "hosts": {
+    "bob": {
+      "addr": "127.0.0.1:6107"
+    }
+  },
+  "remoteAccept": {
+    "bob": ""
+  }
+}
diff --git a/cmd/ugate/testdata/bob/kube.json b/cmd/ugate/testdata/bob/kube.json
@@ -0,0 +1,24 @@
+{
+  "apiVersion": "v1",
+  "kind": "Config",
+  "clusters": [],
+  "users": [
+    {
+      "name": "default",
+      "user": {
+        "client-certificate-data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwakNDQVhpZ0F3SUJBZ0lRR0RUNDYydDVDUUI1c3d1V1haN2RGVEFLQmdncWhrak9QUVFEQWpBNU1SWXcKRkFZRFZRUUtFdzFvTG5kbFltbHVaaTVwYm1adk1SOHdIUVlEVlFRREV4WmpiM04wYVc0eE5pNW9MbmRsWW1sdQpaaTVwYm1adk1CNFhEVEl4TURFeE9ERTRNVGd6TmxvWERUSXlNREV4T0RFNE1UZ3pObG93T1RFV01CUUdBMVVFCkNoTU5hQzUzWldKcGJtWXVhVzVtYnpFZk1CMEdBMVVFQXhNV1kyOXpkR2x1TVRZdWFDNTNaV0pwYm1ZdWFXNW0KYnpCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1qVUJnWFVUc3dRcDdBalNGRFF1OXBIWWtZSwpuWU5YbjlJRWVUOGxrN3ZLS081Tm9wWjkvSll1Ri9EUnpURlpSY2lOajEyVVlTMk9nbCtDcFNMNW5zQ2pZakJnCk1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKREFZRFZSMFRBUUgvQkFJd0FEQWhCZ05WSFJFRUdqQVlnaFpqYjNOMGFXNHhOaTVvTG5kbFltbHVaaTVwYm1adgpNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJQi9iT3EzMFNtTVZpYnY4amZiZ2JDZzBnRGUwWTJQVmNueFJuN3dSCk9SeE5BaUVBcFBEUGdDdExZeWg5bjZHbEdaREwyeXBDNmFkWm5BZEZ1Tjd3R0E2eE1vRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
+        "client-key-data": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1hlQjl1ZnN5SVZlN0V0SUMKWTVYOWNCQzBCZVArUmdoc0MxQzhkQlRuRHZpaFJBTkNBQVRJMUFZRjFFN01FS2V3STBoUTBMdmFSMkpHQ3AyRApWNS9TQkhrL0paTzd5aWp1VGFLV2ZmeVdMaGZ3MGMweFdVWElqWTlkbEdFdGpvSmZncVVpK1o3QQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="
+      }
+    }
+  ],
+  "contexts": [
+    {
+      "name": "default",
+      "context": {
+        "cluster": "default",
+        "user": "default"
+      }
+    }
+  ],
+  "current-context": "default"
+}
diff --git a/cmd/ugate/testdata/bob/ugate.json b/cmd/ugate/testdata/bob/ugate.json
@@ -0,0 +1,9 @@
+{
+  "domain": "svc.cluster.local",
+  "basePort": 6100,
+  "listeners": {
+    ":6109": {
+      "forwardTo": "localhost:5201"
+    }
+  }
+}
diff --git a/cmd/ugate/testdata/carol/kube.json b/cmd/ugate/testdata/carol/kube.json
@@ -0,0 +1,24 @@
+{
+  "apiVersion": "v1",
+  "kind": "Config",
+  "clusters": [],
+  "users": [
+    {
+      "name": "default",
+      "user": {
+        "client-certificate-data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIxRENDQVhtZ0F3SUJBZ0lSQU5zVzZ2ZHMzc051WEZkc3FYODRzNFV3Q2dZSUtvWkl6ajBFQXdJd09URVcKTUJRR0ExVUVDaE1OYUM1M1pXSnBibVl1YVc1bWJ6RWZNQjBHQTFVRUF4TVdZMjl6ZEdsdU1UWXVhQzUzWldKcApibVl1YVc1bWJ6QWVGdzB5TVRBME1UVXhNekV4TWpCYUZ3MHlNakEwTVRVeE16RXhNakJhTURreEZqQVVCZ05WCkJBb1REV2d1ZDJWaWFXNW1MbWx1Wm04eEh6QWRCZ05WQkFNVEZtTnZjM1JwYmpFMkxtZ3VkMlZpYVc1bUxtbHUKWm04d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFUalVId0ZzZmh5VjlsUGJOU3RqYThod3RCQQpTQS9QQVlyM3lBSTZLTlppS0tqVTQyVjZyOWJOaDN4R2xMYmJOcDdVbis4NmJEZ2p3ZVVrY2NEV2p2RE9vMkl3CllEQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUF3R0ExVWRFd0VCL3dRQ01BQXdJUVlEVlIwUkJCb3dHSUlXWTI5emRHbHVNVFl1YUM1M1pXSnBibVl1YVc1bQpiekFLQmdncWhrak9QUVFEQWdOSkFEQkdBaUVBNWkwZXZ1TTU0M1hVVldkOFhpRjRrVDdFWnA0TEQ0ODFxeXNsCk5VUzAycElDSVFDMml5NmRLUzlTZmNYdStNYVcxVSt1QWV5WGRTZWhnWTU4QXJYTHI5aDUzUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
+        "client-key-data": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ2dsTm9MbVhxN3c0OTduTEEKVFg3TDQyQ283cDVHSVNyOFgvek1yVldTYUo2aFJBTkNBQVRqVUh3RnNmaHlWOWxQYk5TdGphOGh3dEJBU0EvUApBWXIzeUFJNktOWmlLS2pVNDJWNnI5Yk5oM3hHbExiYk5wN1VuKzg2YkRnandlVWtjY0RXanZETwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="
+      }
+    }
+  ],
+  "contexts": [
+    {
+      "name": "default",
+      "context": {
+        "cluster": "default",
+        "user": "default"
+      }
+    }
+  ],
+  "current-context": "default"
+}
diff --git a/cmd/ugate/testdata/carol/ugate.json b/cmd/ugate/testdata/carol/ugate.json
@@ -0,0 +1,13 @@
+{
+  "basePort": 14200,
+  "listeners": {
+    ":15101": {
+      "forwardTo": "localhost:5201"
+    },
+    ":15108": {},
+    ":15102": {}
+  },
+  "accept": {
+    "h.webinf.info:15007": ""
+  }
+}
diff --git a/cmd/ugate/testdata/ugate.json b/cmd/ugate/testdata/ugate.json
@@ -33,6 +33,9 @@
   "hosts": {
     "localiperf": {
       "addr": "localhost:15102"
+    },
+    "h.webinf.info": {
+      "addr": "h.webinf.info:443"
     }
   },
   "remoteAccept": {

diff --git a/cmd/ugate/testdata/ugate.yaml b/cmd/ugate/testdata/ugate.yaml
@@ -1,6 +1,6 @@
 basePort: 15000
 
-##
+## Port-based listeners.
 # - 'whitebox' egress - listen on 127.0.0.1, forwardTo
 # - forward: listen on :port, forwardTo dest
 # - 'input': listen on :port, forwardTo localhost or empty
@@ -38,14 +38,16 @@ listeners:
   "-:8112":
     proto: https
 
-# This includes simplified 'clusters'.
+# Hosts represents pre-configured nodes.
+# Key is the DNS name or VIP.
+# If a host is not found here, discovery will be used ( DNS, control plane)
 hosts:
   localiperf:
     addr: localhost:15102
 
   # Live test server
-#  h.webinf.info:
-#    addr: h.webinf.info:15007
+  h.webinf.info:
+    addr: h.webinf.info:443
 #    id: B5B6KYYUBVKCX4PWPWSWAIHW2X2D3Q4HZPJYWZ6UECL2PAODHTFA
 #
 #  c1.webinf.info:

diff --git a/cmd/ugate/ugate.go b/cmd/ugate/ugate.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/costinm/ugate"
 	"github.com/costinm/ugate/dns"
+	"github.com/costinm/ugate/pkg/http_proxy"
 	"github.com/costinm/ugate/pkg/udp"
 	"github.com/costinm/ugate/pkg/ugatesvc"
 )
@@ -39,9 +40,13 @@ func main() {
 	// Load configs from the current dir and var/lib/dmesh, or env variables
 	// Writes to current dir.
 	config := ugatesvc.NewConf("./", "./var/lib/dmesh")
+	Run(config, nil)
+	select {}
+}
 
+func Run(config ugate.ConfStore, g *ugate.GateCfg) (*ugatesvc.UGate, error){
 	// Start a Gate. Basic H2 and H2R services enabled.
-	ug := ugatesvc.NewGate(&net.Dialer{}, nil, nil, config)
+	ug := ugatesvc.NewGate(&net.Dialer{}, nil, g, config)
 
 	sf := []startFunc{}
 	if initHooks != nil {
@@ -63,10 +68,9 @@ func main() {
 	udpNat  := udp.NewUDPGate(dnss, dnss)
 	udpNat.InitMux(ug.Mux)
 
-	hproxy := ugatesvc.NewHTTPProxy(ug)
+	hproxy := http_proxy.NewHTTPProxy(ug)
 	hproxy.HttpProxyCapture(fmt.Sprintf("127.0.0.1:%d", ug.Config.BasePort+ugate.PORT_HTTP_PROXY))
 
-	// Init WebRTC port
 
 	go dnss.Serve()
 
@@ -75,5 +79,5 @@ func main() {
 	}
 
 	log.Println("Started: ", ug.Auth.ID)
-	select {}
+	return ug, nil
 }
diff --git a/cmd/ugate/ugate_iptables.go b/cmd/ugate/ugate_iptables.go
@@ -8,11 +8,13 @@ import (
 	"github.com/costinm/ugate/pkg/ugatesvc"
 )
 
+// Istio style iptables on 15001 (out) and 15006 (in)
 func init() {
 	initHooks = append(initHooks, func(ug *ugatesvc.UGate) startFunc {
 		// Init Iptables capture (off by default - android doesn't like it)
-		iptables.IptablesCapture(ug, fmt.Sprintf("0.0.0.0:%d", ug.Config.BasePort+ugate.PORT_IPTABLES), false)
-		iptables.IptablesCapture(ug, fmt.Sprintf("0.0.0.0:%d", ug.Config.BasePort+ugate.PORT_IPTABLES_IN), true)
+		// Not on localhost - redirect changes the port, keeps IP
+		go iptables.IptablesCapture(ug, fmt.Sprintf("0.0.0.0:%d", ug.Config.BasePort+ugate.PORT_IPTABLES), false)
+		go iptables.IptablesCapture(ug, fmt.Sprintf("0.0.0.0:%d", ug.Config.BasePort+ugate.PORT_IPTABLES_IN), true)
 		return nil
 	})
 }
diff --git a/cmd/ugate/ugate_local.go b/cmd/ugate/ugate_local.go
@@ -1,12 +1,17 @@
 package main
 
 import (
+	"os"
+
 	"github.com/costinm/ugate/pkg/local"
 	"github.com/costinm/ugate/pkg/ugatesvc"
 )
 
 func init() {
 	initHooks = append(initHooks, func(ug *ugatesvc.UGate) startFunc {
+		if os.Getenv("UGATE_LOCAL") == "" {
+			return nil
+		}
 		// Discover local nodes using multicast UDP
 		localgw := local.NewLocal(ug, ug.Auth)
 		local.ListenUDP(localgw)

diff --git a/cmd/ugate/ugate_quic.go b/cmd/ugate/ugate_quic.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"os"
+
+	"github.com/costinm/ugate"
+	"github.com/costinm/ugate/pkg/ugatesvc"
+	"github.com/costinm/ugate/quic"
+)
+
+func init() {
+	initHooks = append(initHooks, func(ug *ugatesvc.UGate) startFunc {
+		// We will only register a single QUIC server by default, and a factory for cons
+		port := ug.Config.BasePort + ugate.PORT_HTTPS
+		if os.Getuid() == 0 {
+			port = 443
+		}
+		quic.InitQuicServer(ug.Auth, port, ug.H2Handler)
+
+		quic.InitMASQUE(ug.Auth, ug.Config.BasePort + ugate.PORT_BTS, ug, ug)
+
+		return nil
+	})
+}