TUN-9470: Add OriginDialerService to include TCP

Adds an OriginDialerService that takes over the roles of both DialUDP and DialTCP 
towards the origin. This provides the possibility to leverage dialer "middleware"
to inject virtual origins, such as the DNS resolver service.

DNS Resolver service also gains access to the DialTCP operation to service TCP
DNS requests.

Minor refactoring includes changes to remove the needs previously provided by
the warp-routing configuration. This configuration cannot be disabled by cloudflared
so many of the references have been adjusted or removed.

Closes TUN-9470

ingress/origins/dns.go

@@ -45,20 +45,28 @@ type DNSResolverService struct {
 	address  netip.AddrPort
 	addressM sync.RWMutex
 
-	dialer   ingress.UDPOriginProxy
+	dialer   ingress.OriginDialer
 	resolver peekResolver
 	logger   *zerolog.Logger
 }
 
-func NewDNSResolver(logger *zerolog.Logger) *DNSResolverService {
+func NewDNSResolverService(dialer ingress.OriginDialer, logger *zerolog.Logger) *DNSResolverService {
 	return &DNSResolverService{
 		address:  defaultResolverAddr,
-		dialer:   ingress.DefaultUDPDialer,
+		dialer:   dialer,
 		resolver: &resolver{dialFunc: net.Dial},
 		logger:   logger,
 	}
 }
 
+func (s *DNSResolverService) DialTCP(ctx context.Context, _ netip.AddrPort) (net.Conn, error) {
+	s.addressM.RLock()
+	dest := s.address
+	s.addressM.RUnlock()
+	// The dialer ignores the provided address because the request will instead go to the local DNS resolver.
+	return s.dialer.DialTCP(ctx, dest)
+}
+
 func (s *DNSResolverService) DialUDP(_ netip.AddrPort) (net.Conn, error) {
 	s.addressM.RLock()
 	dest := s.address
@@ -155,3 +163,18 @@ func (r *resolver) peekDial(ctx context.Context, network, address string) (net.C
 	r.address = address
 	return r.dialFunc(network, address)
 }
+
+// NewDNSDialer creates a custom dialer for the DNS resolver service to utilize.
+func NewDNSDialer() *ingress.Dialer {
+	return &ingress.Dialer{
+		Dialer: net.Dialer{
+			// We want short timeouts for the DNS requests
+			Timeout: 5 * time.Second,
+			// We do not want keep alive since the edge will not reuse TCP connections per request
+			KeepAlive: -1,
+			KeepAliveConfig: net.KeepAliveConfig{
+				Enable: false,
+			},
+		},
+	}
+}

ingress/origins/dns_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestDNSResolver_DefaultResolver(t *testing.T) {
 	log := zerolog.Nop()
-	service := NewDNSResolver(&log)
+	service := NewDNSResolverService(NewDNSDialer(), &log)
 	mockResolver := &mockPeekResolver{
 		address: "127.0.0.2:53",
 	}
@@ -24,7 +24,7 @@ func TestDNSResolver_DefaultResolver(t *testing.T) {
 
 func TestDNSResolver_UpdateResolverAddress(t *testing.T) {
 	log := zerolog.Nop()
-	service := NewDNSResolver(&log)
+	service := NewDNSResolverService(NewDNSDialer(), &log)
 
 	mockResolver := &mockPeekResolver{}
 	service.resolver = mockResolver
@@ -51,7 +51,7 @@ func TestDNSResolver_UpdateResolverAddress(t *testing.T) {
 
 func TestDNSResolver_UpdateResolverAddressInvalid(t *testing.T) {
 	log := zerolog.Nop()
-	service := NewDNSResolver(&log)
+	service := NewDNSResolverService(NewDNSDialer(), &log)
 	mockResolver := &mockPeekResolver{}
 	service.resolver = mockResolver
 
@@ -77,7 +77,7 @@ func TestDNSResolver_UpdateResolverAddressInvalid(t *testing.T) {
 
 func TestDNSResolver_UpdateResolverErrorIgnored(t *testing.T) {
 	log := zerolog.Nop()
-	service := NewDNSResolver(&log)
+	service := NewDNSResolverService(NewDNSDialer(), &log)
 	resolverErr := errors.New("test resolver error")
 	mockResolver := &mockPeekResolver{err: resolverErr}
 	service.resolver = mockResolver
@@ -93,13 +93,12 @@ func TestDNSResolver_UpdateResolverErrorIgnored(t *testing.T) {
 	}
 }
 
-func TestDNSResolver_DialUsesResolvedAddress(t *testing.T) {
+func TestDNSResolver_DialUDPUsesResolvedAddress(t *testing.T) {
 	log := zerolog.Nop()
-	service := NewDNSResolver(&log)
+	mockDialer := &mockDialer{expected: defaultResolverAddr}
+	service := NewDNSResolverService(mockDialer, &log)
 	mockResolver := &mockPeekResolver{}
 	service.resolver = mockResolver
-	mockDialer := &mockDialer{expected: defaultResolverAddr}
-	service.dialer = mockDialer
 
 	// Attempt a dial to 127.0.0.2:53 which should be ignored and instead resolve to 127.0.0.1:53
 	_, err := service.DialUDP(netip.MustParseAddrPort("127.0.0.2:53"))
@@ -108,6 +107,20 @@ func TestDNSResolver_DialUsesResolvedAddress(t *testing.T) {
 	}
 }
 
+func TestDNSResolver_DialTCPUsesResolvedAddress(t *testing.T) {
+	log := zerolog.Nop()
+	mockDialer := &mockDialer{expected: defaultResolverAddr}
+	service := NewDNSResolverService(mockDialer, &log)
+	mockResolver := &mockPeekResolver{}
+	service.resolver = mockResolver
+
+	// Attempt a dial to 127.0.0.2:53 which should be ignored and instead resolve to 127.0.0.1:53
+	_, err := service.DialTCP(t.Context(), netip.MustParseAddrPort("127.0.0.2:53"))
+	if err != nil {
+		t.Error(err)
+	}
+}
+
 type mockPeekResolver struct {
 	err     error
 	address string
@@ -126,6 +139,13 @@ type mockDialer struct {
 	expected netip.AddrPort
 }
 
+func (d *mockDialer) DialTCP(ctx context.Context, addr netip.AddrPort) (net.Conn, error) {
+	if d.expected != addr {
+		return nil, errors.New("unexpected address dialed")
+	}
+	return nil, nil
+}
+
 func (d *mockDialer) DialUDP(addr netip.AddrPort) (net.Conn, error) {
 	if d.expected != addr {
 		return nil, errors.New("unexpected address dialed")