TUN-528: Move cloudflared into a separate repo

2025-07-27 22:49:58 +00:00 · 2018-05-01 18:45:06 -05:00
parent e8c621a648
commit d06fc520c7
4726 changed files with 1763680 additions and 0 deletions
--- a/vendor/github.com/facebookgo/grace/gracenet/net.go
+++ b/vendor/github.com/facebookgo/grace/gracenet/net.go
@@ -0,0 +1,252 @@
+// Package gracenet provides a family of Listen functions that either open a
+// fresh connection or provide an inherited connection from when the process
+// was started. The behave like their counterparts in the net package, but
+// transparently provide support for graceful restarts without dropping
+// connections. This is provided in a systemd socket activation compatible form
+// to allow using socket activation.
+//
+// BUG: Doesn't handle closing of listeners.
+package gracenet
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+const (
+	// Used to indicate a graceful restart in the new process.
+	envCountKey       = "LISTEN_FDS"
+	envCountKeyPrefix = envCountKey + "="
+)
+
+// In order to keep the working directory the same as when we started we record
+// it at startup.
+var originalWD, _ = os.Getwd()
+
+// Net provides the family of Listen functions and maintains the associated
+// state. Typically you will have only once instance of Net per application.
+type Net struct {
+	inherited   []net.Listener
+	active      []net.Listener
+	mutex       sync.Mutex
+	inheritOnce sync.Once
+
+	// used in tests to override the default behavior of starting from fd 3.
+	fdStart int
+}
+
+func (n *Net) inherit() error {
+	var retErr error
+	n.inheritOnce.Do(func() {
+		n.mutex.Lock()
+		defer n.mutex.Unlock()
+		countStr := os.Getenv(envCountKey)
+		if countStr == "" {
+			return
+		}
+		count, err := strconv.Atoi(countStr)
+		if err != nil {
+			retErr = fmt.Errorf("found invalid count value: %s=%s", envCountKey, countStr)
+			return
+		}
+
+		// In tests this may be overridden.
+		fdStart := n.fdStart
+		if fdStart == 0 {
+			// In normal operations if we are inheriting, the listeners will begin at
+			// fd 3.
+			fdStart = 3
+		}
+
+		for i := fdStart; i < fdStart+count; i++ {
+			file := os.NewFile(uintptr(i), "listener")
+			l, err := net.FileListener(file)
+			if err != nil {
+				file.Close()
+				retErr = fmt.Errorf("error inheriting socket fd %d: %s", i, err)
+				return
+			}
+			if err := file.Close(); err != nil {
+				retErr = fmt.Errorf("error closing inherited socket fd %d: %s", i, err)
+				return
+			}
+			n.inherited = append(n.inherited, l)
+		}
+	})
+	return retErr
+}
+
+// Listen announces on the local network address laddr. The network net must be
+// a stream-oriented network: "tcp", "tcp4", "tcp6", "unix" or "unixpacket". It
+// returns an inherited net.Listener for the matching network and address, or
+// creates a new one using net.Listen.
+func (n *Net) Listen(nett, laddr string) (net.Listener, error) {
+	switch nett {
+	default:
+		return nil, net.UnknownNetworkError(nett)
+	case "tcp", "tcp4", "tcp6":
+		addr, err := net.ResolveTCPAddr(nett, laddr)
+		if err != nil {
+			return nil, err
+		}
+		return n.ListenTCP(nett, addr)
+	case "unix", "unixpacket", "invalid_unix_net_for_test":
+		addr, err := net.ResolveUnixAddr(nett, laddr)
+		if err != nil {
+			return nil, err
+		}
+		return n.ListenUnix(nett, addr)
+	}
+}
+
+// ListenTCP announces on the local network address laddr. The network net must
+// be: "tcp", "tcp4" or "tcp6". It returns an inherited net.Listener for the
+// matching network and address, or creates a new one using net.ListenTCP.
+func (n *Net) ListenTCP(nett string, laddr *net.TCPAddr) (*net.TCPListener, error) {
+	if err := n.inherit(); err != nil {
+		return nil, err
+	}
+
+	n.mutex.Lock()
+	defer n.mutex.Unlock()
+
+	// look for an inherited listener
+	for i, l := range n.inherited {
+		if l == nil { // we nil used inherited listeners
+			continue
+		}
+		if isSameAddr(l.Addr(), laddr) {
+			n.inherited[i] = nil
+			n.active = append(n.active, l)
+			return l.(*net.TCPListener), nil
+		}
+	}
+
+	// make a fresh listener
+	l, err := net.ListenTCP(nett, laddr)
+	if err != nil {
+		return nil, err
+	}
+	n.active = append(n.active, l)
+	return l, nil
+}
+
+// ListenUnix announces on the local network address laddr. The network net
+// must be a: "unix" or "unixpacket". It returns an inherited net.Listener for
+// the matching network and address, or creates a new one using net.ListenUnix.
+func (n *Net) ListenUnix(nett string, laddr *net.UnixAddr) (*net.UnixListener, error) {
+	if err := n.inherit(); err != nil {
+		return nil, err
+	}
+
+	n.mutex.Lock()
+	defer n.mutex.Unlock()
+
+	// look for an inherited listener
+	for i, l := range n.inherited {
+		if l == nil { // we nil used inherited listeners
+			continue
+		}
+		if isSameAddr(l.Addr(), laddr) {
+			n.inherited[i] = nil
+			n.active = append(n.active, l)
+			return l.(*net.UnixListener), nil
+		}
+	}
+
+	// make a fresh listener
+	l, err := net.ListenUnix(nett, laddr)
+	if err != nil {
+		return nil, err
+	}
+	n.active = append(n.active, l)
+	return l, nil
+}
+
+// activeListeners returns a snapshot copy of the active listeners.
+func (n *Net) activeListeners() ([]net.Listener, error) {
+	n.mutex.Lock()
+	defer n.mutex.Unlock()
+	ls := make([]net.Listener, len(n.active))
+	copy(ls, n.active)
+	return ls, nil
+}
+
+func isSameAddr(a1, a2 net.Addr) bool {
+	if a1.Network() != a2.Network() {
+		return false
+	}
+	a1s := a1.String()
+	a2s := a2.String()
+	if a1s == a2s {
+		return true
+	}
+
+	// This allows for ipv6 vs ipv4 local addresses to compare as equal. This
+	// scenario is common when listening on localhost.
+	const ipv6prefix = "[::]"
+	a1s = strings.TrimPrefix(a1s, ipv6prefix)
+	a2s = strings.TrimPrefix(a2s, ipv6prefix)
+	const ipv4prefix = "0.0.0.0"
+	a1s = strings.TrimPrefix(a1s, ipv4prefix)
+	a2s = strings.TrimPrefix(a2s, ipv4prefix)
+	return a1s == a2s
+}
+
+// StartProcess starts a new process passing it the active listeners. It
+// doesn't fork, but starts a new process using the same environment and
+// arguments as when it was originally started. This allows for a newly
+// deployed binary to be started. It returns the pid of the newly started
+// process when successful.
+func (n *Net) StartProcess() (int, error) {
+	listeners, err := n.activeListeners()
+	if err != nil {
+		return 0, err
+	}
+
+	// Extract the fds from the listeners.
+	files := make([]*os.File, len(listeners))
+	for i, l := range listeners {
+		files[i], err = l.(filer).File()
+		if err != nil {
+			return 0, err
+		}
+		defer files[i].Close()
+	}
+
+	// Use the original binary location. This works with symlinks such that if
+	// the file it points to has been changed we will use the updated symlink.
+	argv0, err := exec.LookPath(os.Args[0])
+	if err != nil {
+		return 0, err
+	}
+
+	// Pass on the environment and replace the old count key with the new one.
+	var env []string
+	for _, v := range os.Environ() {
+		if !strings.HasPrefix(v, envCountKeyPrefix) {
+			env = append(env, v)
+		}
+	}
+	env = append(env, fmt.Sprintf("%s%d", envCountKeyPrefix, len(listeners)))
+
+	allFiles := append([]*os.File{os.Stdin, os.Stdout, os.Stderr}, files...)
+	process, err := os.StartProcess(argv0, os.Args, &os.ProcAttr{
+		Dir:   originalWD,
+		Env:   env,
+		Files: allFiles,
+	})
+	if err != nil {
+		return 0, err
+	}
+	return process.Pid, nil
+}
+
+type filer interface {
+	File() (*os.File, error)
+}
--- a/vendor/github.com/facebookgo/grace/gracenet/net_test.go
+++ b/vendor/github.com/facebookgo/grace/gracenet/net_test.go
@@ -0,0 +1,359 @@
+package gracenet
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"path/filepath"
+	"regexp"
+	"syscall"
+	"testing"
+
+	"github.com/facebookgo/ensure"
+	"github.com/facebookgo/freeport"
+)
+
+func TestEmptyCountEnvVariable(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	ensure.Nil(t, n.inherit())
+}
+
+func TestZeroCountEnvVariable(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "0")
+	ensure.Nil(t, n.inherit())
+}
+
+func TestInvalidCountEnvVariable(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "a")
+	expected := regexp.MustCompile("^found invalid count value: LISTEN_FDS=a$")
+	ensure.Err(t, n.inherit(), expected)
+}
+
+func TestInvalidFileInherit(t *testing.T) {
+	var n Net
+	tmpfile, err := ioutil.TempFile("", "TestInvalidFileInherit-")
+	ensure.Nil(t, err)
+	defer os.Remove(tmpfile.Name())
+	n.fdStart = dup(t, int(tmpfile.Fd()))
+	os.Setenv(envCountKey, "1")
+	ensure.Err(t, n.inherit(), regexp.MustCompile("^error inheriting socket fd"))
+	ensure.DeepEqual(t, len(n.inherited), 0)
+	ensure.Nil(t, tmpfile.Close())
+}
+
+func TestInheritErrorOnListenTCPWithInvalidCount(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "a")
+	_, err := n.Listen("tcp", ":0")
+	ensure.NotNil(t, err)
+}
+
+func TestInheritErrorOnListenUnixWithInvalidCount(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "a")
+	tmpdir, err := ioutil.TempDir("", "TestInheritErrorOnListenUnixWithInvalidCount-")
+	ensure.Nil(t, err)
+	ensure.Nil(t, os.RemoveAll(tmpdir))
+	_, err = n.Listen("unix", filepath.Join(tmpdir, "socket"))
+	ensure.NotNil(t, err)
+}
+
+func TestOneTcpInherit(t *testing.T) {
+	var n Net
+	l, err := net.Listen("tcp", ":0")
+	ensure.Nil(t, err)
+	file, err := l.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	ensure.Nil(t, l.Close())
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l, err = n.Listen("tcp", l.Addr().String())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	active, err := n.activeListeners()
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(active), 1)
+	ensure.Nil(t, l.Close())
+}
+
+func TestSecondTcpListen(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	l, err := n.Listen("tcp", ":0")
+	ensure.Nil(t, err)
+	_, err = n.Listen("tcp", l.Addr().String())
+	ensure.Err(t, err, regexp.MustCompile("bind: address already in use$"))
+	ensure.Nil(t, l.Close())
+}
+
+func TestSecondTcpListenInherited(t *testing.T) {
+	var n Net
+	l, err := net.Listen("tcp", ":0")
+	ensure.Nil(t, err)
+	file, err := l.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	ensure.Nil(t, l.Close())
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l, err = n.Listen("tcp", l.Addr().String())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	_, err = n.Listen("tcp", l.Addr().String())
+	ensure.Err(t, err, regexp.MustCompile("bind: address already in use$"))
+	ensure.Nil(t, l.Close())
+}
+
+func TestInvalidNetwork(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	_, err := n.Listen("foo", "")
+	ensure.Err(t, err, regexp.MustCompile("^unknown network foo$"))
+}
+
+func TestInvalidNetworkUnix(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	_, err := n.Listen("invalid_unix_net_for_test", "")
+	ensure.Err(t, err, regexp.MustCompile("^unknown network invalid_unix_net_for_test$"))
+}
+
+func TestWithTcp0000(t *testing.T) {
+	var n Net
+	port, err := freeport.Get()
+	ensure.Nil(t, err)
+	addr := fmt.Sprintf("0.0.0.0:%d", port)
+	l, err := net.Listen("tcp", addr)
+	ensure.Nil(t, err)
+	file, err := l.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	ensure.Nil(t, l.Close())
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l, err = n.Listen("tcp", addr)
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	ensure.Nil(t, l.Close())
+}
+
+func TestWithTcpIPv6Loal(t *testing.T) {
+	var n Net
+	l, err := net.Listen("tcp", "[::]:0")
+	ensure.Nil(t, err)
+	file, err := l.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	ensure.Nil(t, l.Close())
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l, err = n.Listen("tcp", l.Addr().String())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	ensure.Nil(t, l.Close())
+}
+
+func TestOneUnixInherit(t *testing.T) {
+	var n Net
+	tmpfile, err := ioutil.TempFile("", "TestOneUnixInherit-")
+	ensure.Nil(t, err)
+	ensure.Nil(t, tmpfile.Close())
+	ensure.Nil(t, os.Remove(tmpfile.Name()))
+	defer os.Remove(tmpfile.Name())
+	l, err := net.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	file, err := l.(*net.UnixListener).File()
+	ensure.Nil(t, err)
+	ensure.Nil(t, l.Close())
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l, err = n.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	ensure.Nil(t, l.Close())
+}
+
+func TestInvalidTcpAddr(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	_, err := n.Listen("tcp", "abc")
+	ensure.Err(t, err, regexp.MustCompile("^missing port in address abc$"))
+}
+
+func TestTwoTCP(t *testing.T) {
+	var n Net
+
+	port1, err := freeport.Get()
+	ensure.Nil(t, err)
+	addr1 := fmt.Sprintf(":%d", port1)
+	l1, err := net.Listen("tcp", addr1)
+	ensure.Nil(t, err)
+
+	port2, err := freeport.Get()
+	ensure.Nil(t, err)
+	addr2 := fmt.Sprintf(":%d", port2)
+	l2, err := net.Listen("tcp", addr2)
+	ensure.Nil(t, err)
+
+	file1, err := l1.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	file2, err := l2.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+
+	// assign both to prevent GC from kicking in the finalizer
+	fds := []int{dup(t, int(file1.Fd())), dup(t, int(file2.Fd()))}
+	n.fdStart = fds[0]
+	os.Setenv(envCountKey, "2")
+
+	// Close these after to ensure we get coalaced file descriptors.
+	ensure.Nil(t, l1.Close())
+	ensure.Nil(t, l2.Close())
+
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 2)
+
+	l1, err = n.Listen("tcp", addr1)
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	ensure.Nil(t, l1.Close())
+	ensure.Nil(t, file1.Close())
+
+	l2, err = n.Listen("tcp", addr2)
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 2)
+	ensure.DeepEqual(t, n.inherited[1], nil)
+	ensure.Nil(t, l2.Close())
+	ensure.Nil(t, file2.Close())
+}
+
+func TestOneUnixAndOneTcpInherit(t *testing.T) {
+	var n Net
+
+	tmpfile, err := ioutil.TempFile("", "TestOneUnixAndOneTcpInherit-")
+	ensure.Nil(t, err)
+	ensure.Nil(t, tmpfile.Close())
+	ensure.Nil(t, os.Remove(tmpfile.Name()))
+	defer os.Remove(tmpfile.Name())
+	unixL, err := net.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+
+	port, err := freeport.Get()
+	ensure.Nil(t, err)
+	addr := fmt.Sprintf(":%d", port)
+	tcpL, err := net.Listen("tcp", addr)
+	ensure.Nil(t, err)
+
+	tcpF, err := tcpL.(*net.TCPListener).File()
+	ensure.Nil(t, err)
+	unixF, err := unixL.(*net.UnixListener).File()
+	ensure.Nil(t, err)
+
+	// assign both to prevent GC from kicking in the finalizer
+	fds := []int{dup(t, int(tcpF.Fd())), dup(t, int(unixF.Fd()))}
+	n.fdStart = fds[0]
+	os.Setenv(envCountKey, "2")
+
+	// Close these after to ensure we get coalaced file descriptors.
+	ensure.Nil(t, tcpL.Close())
+	ensure.Nil(t, unixL.Close())
+
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 2)
+
+	unixL, err = n.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[1], nil)
+	ensure.Nil(t, unixL.Close())
+	ensure.Nil(t, unixF.Close())
+
+	tcpL, err = n.Listen("tcp", addr)
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 2)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	ensure.Nil(t, tcpL.Close())
+	ensure.Nil(t, tcpF.Close())
+}
+
+func TestSecondUnixListen(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	tmpfile, err := ioutil.TempFile("", "TestSecondUnixListen-")
+	ensure.Nil(t, err)
+	ensure.Nil(t, tmpfile.Close())
+	ensure.Nil(t, os.Remove(tmpfile.Name()))
+	defer os.Remove(tmpfile.Name())
+	l, err := n.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	_, err = n.Listen("unix", tmpfile.Name())
+	ensure.Err(t, err, regexp.MustCompile("bind: address already in use$"))
+	ensure.Nil(t, l.Close())
+}
+
+func TestSecondUnixListenInherited(t *testing.T) {
+	var n Net
+	tmpfile, err := ioutil.TempFile("", "TestSecondUnixListenInherited-")
+	ensure.Nil(t, err)
+	ensure.Nil(t, tmpfile.Close())
+	ensure.Nil(t, os.Remove(tmpfile.Name()))
+	defer os.Remove(tmpfile.Name())
+	l1, err := net.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	file, err := l1.(*net.UnixListener).File()
+	ensure.Nil(t, err)
+	n.fdStart = dup(t, int(file.Fd()))
+	ensure.Nil(t, file.Close())
+	os.Setenv(envCountKey, "1")
+	ensure.Nil(t, n.inherit())
+	ensure.DeepEqual(t, len(n.inherited), 1)
+	l2, err := n.Listen("unix", tmpfile.Name())
+	ensure.Nil(t, err)
+	ensure.DeepEqual(t, len(n.active), 1)
+	ensure.DeepEqual(t, n.inherited[0], nil)
+	_, err = n.Listen("unix", tmpfile.Name())
+	ensure.Err(t, err, regexp.MustCompile("bind: address already in use$"))
+	ensure.Nil(t, l1.Close())
+	ensure.Nil(t, l2.Close())
+}
+
+func TestPortZeroTwice(t *testing.T) {
+	var n Net
+	os.Setenv(envCountKey, "")
+	l1, err := n.Listen("tcp", ":0")
+	ensure.Nil(t, err)
+	l2, err := n.Listen("tcp", ":0")
+	ensure.Nil(t, err)
+	ensure.Nil(t, l1.Close())
+	ensure.Nil(t, l2.Close())
+}
+
+// We dup file descriptors because the os.Files are closed by a finalizer when
+// they are GCed, which interacts badly with the fact that the OS reuses fds,
+// and that we emulating inheriting the fd by it's integer value in our tests.
+func dup(t *testing.T, fd int) int {
+	nfd, err := syscall.Dup(fd)
+	ensure.Nil(t, err)
+	return nfd
+}