TUN-9470: Add OriginDialerService to include TCP

Adds an OriginDialerService that takes over the roles of both DialUDP and DialTCP towards the origin. This provides the possibility to leverage dialer "middleware" to inject virtual origins, such as the DNS resolver service. DNS Resolver service also gains access to the DialTCP operation to service TCP DNS requests. Minor refactoring includes changes to remove the needs previously provided by the warp-routing configuration. This configuration cannot be disabled by cloudflared so many of the references have been adjusted or removed. Closes TUN-9470
2025-07-27 19:29:57 +00:00 · 2025-06-30 13:24:16 -07:00
parent 9ca8b41cf7
commit 70ed7ffc5f
19 changed files with 503 additions and 254 deletions
--- a/supervisor/supervisor.go
+++ b/supervisor/supervisor.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"net"
-	"net/netip"
 	"strings"
 	"time"

@@ -14,8 +13,6 @@ import (

 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
-	"github.com/cloudflare/cloudflared/ingress"
-	"github.com/cloudflare/cloudflared/ingress/origins"
 	"github.com/cloudflare/cloudflared/orchestration"
 	v3 "github.com/cloudflare/cloudflared/quic/v3"
 	"github.com/cloudflare/cloudflared/retry"
@@ -81,16 +78,11 @@ func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrato

 	datagramMetrics := v3.NewMetrics(prometheus.DefaultRegisterer)

-	// Setup the reserved virtual origins
-	reservedServices := map[netip.AddrPort]ingress.UDPOriginProxy{}
-	reservedServices[origins.VirtualDNSServiceAddr] = config.OriginDNSService
-	ingressUDPService := ingress.NewUDPOriginService(reservedServices, config.Log)
-	sessionManager := v3.NewSessionManager(datagramMetrics, config.Log, ingressUDPService, orchestrator.GetFlowLimiter())
+	sessionManager := v3.NewSessionManager(datagramMetrics, config.Log, config.OriginDialerService, orchestrator.GetFlowLimiter())

 	edgeTunnelServer := EdgeTunnelServer{
 		config:            config,
 		orchestrator:      orchestrator,
-		ingressUDPProxy:   ingressUDPService,
 		sessionManager:    sessionManager,
 		datagramMetrics:   datagramMetrics,
 		edgeAddrs:         edgeIPs,
--- a/supervisor/tunnel.go
+++ b/supervisor/tunnel.go
@@ -61,11 +61,12 @@ type TunnelConfig struct {

 	NeedPQ bool

-	NamedTunnel      *connection.TunnelProperties
-	ProtocolSelector connection.ProtocolSelector
-	EdgeTLSConfigs   map[connection.Protocol]*tls.Config
-	ICMPRouterServer ingress.ICMPRouterServer
-	OriginDNSService *origins.DNSResolverService
+	NamedTunnel         *connection.TunnelProperties
+	ProtocolSelector    connection.ProtocolSelector
+	EdgeTLSConfigs      map[connection.Protocol]*tls.Config
+	ICMPRouterServer    ingress.ICMPRouterServer
+	OriginDNSService    *origins.DNSResolverService
+	OriginDialerService *ingress.OriginDialerService

 	RPCTimeout         time.Duration
 	WriteStreamTimeout time.Duration
@@ -168,7 +169,6 @@ func (f *ipAddrFallback) ShouldGetNewAddress(connIndex uint8, err error) (needsN
 type EdgeTunnelServer struct {
 	config            *TunnelConfig
 	orchestrator      *orchestration.Orchestrator
-	ingressUDPProxy   ingress.UDPOriginProxy
 	sessionManager    v3.SessionManager
 	datagramMetrics   v3.Metrics
 	edgeAddrHandler   EdgeAddrHandler
@@ -616,7 +616,7 @@ func (e *EdgeTunnelServer) serveQUIC(
 		datagramSessionManager = connection.NewDatagramV2Connection(
 			ctx,
 			conn,
-			e.ingressUDPProxy,
+			e.config.OriginDialerService,
 			e.config.ICMPRouterServer,
 			connIndex,
 			e.config.RPCTimeout,