[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)

2026-04-19 00:36:38 +00:00 · 2026-03-14 01:36:44 +08:00
parent fe9b844511
commit 3e6baea405
90 changed files with 9611 additions and 1397 deletions
--- a/proxy/internal/types/types.go
+++ b/proxy/internal/types/types.go
@@ -1,5 +1,56 @@
 // Package types defines common types used across the proxy package.
 package types

+import (
+	"context"
+	"net"
+	"time"
+)
+
 // AccountID represents a unique identifier for a NetBird account.
 type AccountID string
+
+// ServiceID represents a unique identifier for a proxy service.
+type ServiceID string
+
+// ServiceMode describes how a reverse proxy service is exposed.
+type ServiceMode string
+
+const (
+	ServiceModeHTTP ServiceMode = "http"
+	ServiceModeTCP  ServiceMode = "tcp"
+	ServiceModeUDP  ServiceMode = "udp"
+	ServiceModeTLS  ServiceMode = "tls"
+)
+
+// IsL4 returns true for TCP, UDP, and TLS modes.
+func (m ServiceMode) IsL4() bool {
+	return m == ServiceModeTCP || m == ServiceModeUDP || m == ServiceModeTLS
+}
+
+// RelayDirection indicates the direction of a relayed packet.
+type RelayDirection string
+
+const (
+	RelayDirectionClientToBackend RelayDirection = "client_to_backend"
+	RelayDirectionBackendToClient RelayDirection = "backend_to_client"
+)
+
+// DialContextFunc dials a backend through the WireGuard tunnel.
+type DialContextFunc func(ctx context.Context, network, address string) (net.Conn, error)
+
+// dialTimeoutKey is the context key for a per-request dial timeout.
+type dialTimeoutKey struct{}
+
+// WithDialTimeout returns a context carrying a dial timeout that
+// DialContext wrappers can use to scope the timeout to just the
+// connection establishment phase.
+func WithDialTimeout(ctx context.Context, d time.Duration) context.Context {
+	return context.WithValue(ctx, dialTimeoutKey{}, d)
+}
+
+// DialTimeoutFromContext returns the dial timeout from the context, if set.
+func DialTimeoutFromContext(ctx context.Context) (time.Duration, bool) {
+	d, ok := ctx.Value(dialTimeoutKey{}).(time.Duration)
+	return d, ok && d > 0
+}
--- a/proxy/internal/types/types_test.go
+++ b/proxy/internal/types/types_test.go
@@ -0,0 +1,54 @@
+package types
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestServiceMode_IsL4(t *testing.T) {
+	tests := []struct {
+		mode ServiceMode
+		want bool
+	}{
+		{ServiceModeHTTP, false},
+		{ServiceModeTCP, true},
+		{ServiceModeUDP, true},
+		{ServiceModeTLS, true},
+		{ServiceMode("unknown"), false},
+	}
+
+	for _, tt := range tests {
+		t.Run(string(tt.mode), func(t *testing.T) {
+			assert.Equal(t, tt.want, tt.mode.IsL4())
+		})
+	}
+}
+
+func TestDialTimeoutContext(t *testing.T) {
+	t.Run("round trip", func(t *testing.T) {
+		ctx := WithDialTimeout(context.Background(), 5*time.Second)
+		d, ok := DialTimeoutFromContext(ctx)
+		assert.True(t, ok)
+		assert.Equal(t, 5*time.Second, d)
+	})
+
+	t.Run("missing", func(t *testing.T) {
+		_, ok := DialTimeoutFromContext(context.Background())
+		assert.False(t, ok)
+	})
+
+	t.Run("zero returns false", func(t *testing.T) {
+		ctx := WithDialTimeout(context.Background(), 0)
+		_, ok := DialTimeoutFromContext(ctx)
+		assert.False(t, ok, "zero duration should return ok=false")
+	})
+
+	t.Run("negative returns false", func(t *testing.T) {
+		ctx := WithDialTimeout(context.Background(), -1*time.Second)
+		_, ok := DialTimeoutFromContext(ctx)
+		assert.False(t, ok, "negative duration should return ok=false")
+	})
+}