ipn/ipnlocal: send RST when serving an actionless TCPPortHandler

Updates tailscale/corp#7515

Change-Id: I790f1b5d1e8a887e39bb573b4610b8f37a3f5963
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/6265/head
Brad Fitzpatrick 2 years ago committed by Brad Fitzpatrick
parent 2111357568
commit 4797bacb7c

@ -37,6 +37,24 @@ func (b *LocalBackend) HandleInterceptedTCPConn(dport uint16, srcAddr netip.Addr
return return
} }
if tcph.HTTPS() {
conn, ok := getConn()
if !ok {
b.logf("localbackend: getConn didn't complete from %v to port %v", srcAddr, dport)
return
}
// TODO(bradfitz): look up how; sniff SNI if ambiguous
hs := &http.Server{
TLSConfig: &tls.Config{
GetCertificate: b.getTLSServeCert,
},
Handler: http.HandlerFunc(b.serveWebHandler),
}
hs.ServeTLS(netutil.NewOneConnListener(conn, nil), "", "")
return
}
if backDst := tcph.TCPForward(); backDst != "" { if backDst := tcph.TCPForward(); backDst != "" {
if tcph.TerminateTLS() { if tcph.TerminateTLS() {
b.logf("TODO(bradfitz): finish") b.logf("TODO(bradfitz): finish")
@ -76,19 +94,8 @@ func (b *LocalBackend) HandleInterceptedTCPConn(dport uint16, srcAddr netip.Addr
return return
} }
conn, ok := getConn() b.logf("closing TCP conn to port %v (from %v) with actionless TCPPortHandler", dport, srcAddr)
if !ok { sendRST()
return
}
// TODO(bradfitz): look up how; sniff SNI if ambiguous
hs := &http.Server{
TLSConfig: &tls.Config{
GetCertificate: b.getTLSServeCert,
},
Handler: http.HandlerFunc(b.serveWebHandler),
}
hs.ServeTLS(netutil.NewOneConnListener(conn, nil), "", "")
} }
func (b *LocalBackend) getServeHandler(r *http.Request) (_ ipn.HTTPHandlerView, ok bool) { func (b *LocalBackend) getServeHandler(r *http.Request) (_ ipn.HTTPHandlerView, ok bool) {

Loading…
Cancel
Save