h2

package

v0.0.0-...-f3a896b Latest Latest Go to latest Published: Jan 24, 2026 License: Apache-2.0 Imports: 15 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/costinm/ssh-mesh

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type H2
- func New() *H2
type H2C
- func (h *H2C) Provision(ctx context.Context) error
type Proxy1
- func (p *Proxy1) ServeHTTP(writer http.ResponseWriter, request *http.Request)
type ResourceStore
type Stats
type StreamHttpClient
- func NewStreamH2(ctx context.Context, hc http.RoundTripper, addr string, tcpaddr string, ...) (*StreamHttpClient, error)
type StreamHttpServer
- func NewStreamServerRequest(r *http.Request, w http.ResponseWriter) *StreamHttpServer
type StreamState
type TokenSource

Constants ¶

View Source

const ConnectOverrideHeader = "x-host"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type H2 ¶

type H2 struct {
	//MaxHandlers:                  0,
	//MaxConcurrentStreams:         0,
	//MaxDecoderHeaderTableSize:    0,
	//MaxEncoderHeaderTableSize:    0,
	//MaxReadFrameSize:             0,
	//PermitProhibitedCipherSuites: false,
	//IdleTimeout:                  0,
	//MaxUploadBufferPerConnection: 0,
	//MaxUploadBufferPerStream:     0,
	//NewWriteScheduler:            nil,
	//CountError:                   nil,
	// Addr - included
	http.Server

	NetListener net.Listener `json:"-"`

	// The key is a route as defined by go ServerMux.
	// The value can be:
	// - a URL - in which case it's a reverse proxy
	// - a string that is a resource name - in which case it's a Handler
	// Other values like TCP proxy can be defined later.
	Routes map[string]string

	// The actual mux that is configured. Will be mapped to a H2C/H1 server by
	// default, assuming ambient or secure network.
	Mux *http.ServeMux `json:"-"`

	SSHStreamHandler func(net.Conn) error `json:"-"`

	// DialMeta opens a TCP connection to a client using -R on 80
	// or 443, using the FQDN. This and next 2 functions integrate
	// with the 'mesh' layer, discovering or using connections.
	DialMeta func(context.Context, string, string) (io.ReadWriteCloser, error) `json:"-"`

	FindRoundTripper func(ctx context.Context, urlOrHost string) (http.RoundTripper, error)

	// RegisterReverse handles a mapping of '-R' remote accept connections.
	// HTTP, SSH are treated specially.
	RegisterReverse func(ctx context.Context, host string, rt http.RoundTripper)

	TokenSource TokenSource `json:"-"`

	// ResourceStore is used to resolve resources, is a registry of types and
	// objects. We're looking for handlers.
	ResourceStore ResourceStore `json:"-"`

	Logger *slog.Logger
	// contains filtered or unexported fields
}

H2 is the HTTP/2 transport. It handles incoming http requests as mux and may be used as a http server as well.

As a transport it can accept and dial connections, with proxy support.

Test with: curl localhost:9080/debug/vars --http2-prior-knowledge

func New ¶

func New() *H2

func (*H2) DialContext ¶

func (st *H2) DialContext(ctx context.Context, net, addr string) (net.Conn, error)

func (*H2) HandleTunReq ¶

func (st *H2) HandleTunReq(writer http.ResponseWriter, request *http.Request)

HandleTun handles a request for '-L' style tunneling - the remote is asking to proxy a TCP connection.

In-process services (SSH and HTTP) are handled directly ¶

Local ports and remote destinations can be forwarded only with authz, for 'owner' and allowed users.

func (*H2) InitMux ¶

func (st *H2) InitMux(mux *http.ServeMux)

InitMux add the H2 functions on a mux.

func (*H2) Provision ¶

func (r *H2) Provision(ctx context.Context) error

func (*H2) ProxyHTTP ¶

func (st *H2) ProxyHTTP(writer http.ResponseWriter, request *http.Request)

func (*H2) ServeHTTP ¶

func (st *H2) ServeHTTP(writer http.ResponseWriter, request *http.Request)

func (*H2) Start ¶

func (r *H2) Start() error

func (*H2) WithResourceStore ¶

func (r *H2) WithResourceStore(rs ResourceStore)

type H2C ¶

type H2C struct {
	http.Transport
}

H2C is a per-client http transport.

Can't do h2c using the std client - need custom code.

func (*H2C) Provision ¶

func (h *H2C) Provision(ctx context.Context) error

type Proxy1 ¶

type Proxy1 struct {
	URL string
	// contains filtered or unexported fields
}

func (*Proxy1) ServeHTTP ¶

func (p *Proxy1) ServeHTTP(writer http.ResponseWriter, request *http.Request)

type ResourceStore ¶

type ResourceStore interface {
	Resource(ctx context.Context, name string) (any, error)
}

type Stats ¶

type Stats struct {
	Open time.Time

	// last receive from local (and send to remote)
	LastWrite time.Time

	// last receive from remote (and send to local)
	LastRead time.Time

	// Sent from client to server ( client is initiator of the proxy )
	SentBytes   int
	SentPackets int

	// Received from server to client
	RcvdBytes   int
	RcvdPackets int
}

Stats holds telemetry for a stream or peer.

type StreamHttpClient ¶

type StreamHttpClient struct {
	StreamState

	Request  *http.Request
	Response *http.Response

	RequestInPipe io.WriteCloser
}

func NewStreamH2 ¶

func NewStreamH2(ctx context.Context, hc http.RoundTripper, addr string, tcpaddr string, mds TokenSource) (*StreamHttpClient, error)

NewStreamH2 creates a H2 stream using POST.

Will use the token provider if not nil.

func (*StreamHttpClient) Close ¶

func (s *StreamHttpClient) Close() error

func (*StreamHttpClient) CloseWrite ¶

func (s *StreamHttpClient) CloseWrite() error

func (s *StreamHttpClient) Header() http.Header

func (*StreamHttpClient) LocalAddr ¶

func (s *StreamHttpClient) LocalAddr() net.Addr

func (*StreamHttpClient) Read ¶

func (s *StreamHttpClient) Read(b []byte) (n int, err error)

func (*StreamHttpClient) RemoteAddr ¶

func (s *StreamHttpClient) RemoteAddr() net.Addr

func (*StreamHttpClient) RequestHeader ¶

func (s *StreamHttpClient) RequestHeader() http.Header

func (*StreamHttpClient) SetDeadline ¶

func (s *StreamHttpClient) SetDeadline(t time.Time) error

func (*StreamHttpClient) SetReadDeadline ¶

func (s *StreamHttpClient) SetReadDeadline(t time.Time) error

func (*StreamHttpClient) SetWriteDeadline ¶

func (s *StreamHttpClient) SetWriteDeadline(t time.Time) error

func (*StreamHttpClient) State ¶

func (s *StreamHttpClient) State() *StreamState

func (*StreamHttpClient) Write ¶

func (s *StreamHttpClient) Write(b []byte) (n int, err error)

type StreamHttpServer ¶

type StreamHttpServer struct {
	StreamState
	Request        *http.Request
	TLS            *tls.ConnectionState
	ResponseWriter http.ResponseWriter

	// If set, the function will be called when Close() is called.
	ReadCloser func()
}

StreamHttpServer implements net.Conn on top of a H2 stream.

func NewStreamServerRequest ¶

func NewStreamServerRequest(r *http.Request, w http.ResponseWriter) *StreamHttpServer

Create a new stream from a HTTP request/response.

For accepted requests, http2/server.go newWriterAndRequests populates the request based on the headers. Server validates method, path and scheme=http|https. Req.Body is a pipe - similar with what we use for egress. Request context is based on stream context, which is a 'with cancel' based on the serverConn baseCtx.

func (*StreamHttpServer) Close ¶

func (s *StreamHttpServer) Close() error

func (*StreamHttpServer) CloseWrite ¶

func (s *StreamHttpServer) CloseWrite() error

func (*StreamHttpServer) Context ¶

func (s *StreamHttpServer) Context() context.Context

func (s *StreamHttpServer) Header() http.Header

func (*StreamHttpServer) LocalAddr ¶

func (s *StreamHttpServer) LocalAddr() net.Addr

func (*StreamHttpServer) Read ¶

func (s *StreamHttpServer) Read(b []byte) (n int, err error)

func (*StreamHttpServer) RemoteAddr ¶

func (s *StreamHttpServer) RemoteAddr() net.Addr

func (*StreamHttpServer) RequestHeader ¶

func (s *StreamHttpServer) RequestHeader() http.Header

func (*StreamHttpServer) SetDeadline ¶

func (s *StreamHttpServer) SetDeadline(t time.Time) error

func (*StreamHttpServer) SetReadDeadline ¶

func (s *StreamHttpServer) SetReadDeadline(t time.Time) error

func (*StreamHttpServer) SetWriteDeadline ¶

func (s *StreamHttpServer) SetWriteDeadline(t time.Time) error

func (*StreamHttpServer) State ¶

func (s *StreamHttpServer) State() *StreamState

func (*StreamHttpServer) TLSConnectionState ¶

func (s *StreamHttpServer) TLSConnectionState() *tls.ConnectionState

TLSConnectionState implements the tls.Conn interface. By default uses the request TLS state, but can be replaced with a synthetic one (for example with ztunnel or other split TLS).

func (*StreamHttpServer) Write ¶

func (s *StreamHttpServer) Write(b []byte) (n int, err error)

type StreamState ¶

type StreamState struct {

	// It is the key in the Active table.
	// Streams may also have local ids associated with the transport.
	StreamId string

	// WritErr indicates that Write failed - timeout or a RST closing the stream.
	WriteErr error `json:"-"`
	// ReadErr, if not nil, indicates that Read() failed - connection was closed with RST
	// or timedout instead of FIN
	ReadErr error `json:"-"`

	Stats

	// Original or infered destination.
	Dest string
}

StreamState provides metadata about a stream.

It includes errors, stats, other metadata. The Stream interface wraps a net.Conn with context and state.

type TokenSource ¶

type TokenSource interface {
	// GetToken for a given audience.
	GetToken(context.Context, string) (string, error)
}

TokenSource is a common interface for anything returning Bearer or other kind of tokens.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL