feature, net/tshttpproxy: pull out support for using proxies as a feature

Saves 139 KB. Also Synology support, which I saw had its own large-ish proxy parsing support on Linux, but support for proxies without Synology proxy support is reasonable, so I pulled that out as its own thing. Updates #12614 Change-Id: I22de285a3def7be77fdcf23e2bec7c83c9655593 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-27 20:08:40 +00:00 · 2025-09-30 09:12:42 -07:00
parent 9b997c8f2f
commit 442a3a779d
45 changed files with 267 additions and 79 deletions
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -32,6 +32,8 @@ import (
 	"tailscale.com/derp"
 	"tailscale.com/derp/derpconst"
 	"tailscale.com/envknob"
+	"tailscale.com/feature"
+	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/health"
 	"tailscale.com/net/dnscache"
 	"tailscale.com/net/netmon"
@@ -39,7 +41,6 @@ import (
 	"tailscale.com/net/netx"
 	"tailscale.com/net/sockstats"
 	"tailscale.com/net/tlsdial"
-	"tailscale.com/net/tshttpproxy"
 	"tailscale.com/syncs"
 	"tailscale.com/tailcfg"
 	"tailscale.com/tstime"
@@ -734,8 +735,12 @@ func (c *Client) dialNode(ctx context.Context, n *tailcfg.DERPNode) (net.Conn, e
 			Path:   "/", // unused
 		},
 	}
-	if proxyURL, err := tshttpproxy.ProxyFromEnvironment(proxyReq); err == nil && proxyURL != nil {
-		return c.dialNodeUsingProxy(ctx, n, proxyURL)
+	if buildfeatures.HasUseProxy {
+		if proxyFromEnv, ok := feature.HookProxyFromEnvironment.GetOk(); ok {
+			if proxyURL, err := proxyFromEnv(proxyReq); err == nil && proxyURL != nil {
+				return c.dialNodeUsingProxy(ctx, n, proxyURL)
+			}
+		}
 	}

 	type res struct {
@@ -865,10 +870,14 @@ func (c *Client) dialNodeUsingProxy(ctx context.Context, n *tailcfg.DERPNode, pr
 	target := net.JoinHostPort(n.HostName, "443")

 	var authHeader string
-	if v, err := tshttpproxy.GetAuthHeader(pu); err != nil {
-		c.logf("derphttp: error getting proxy auth header for %v: %v", proxyURL, err)
-	} else if v != "" {
-		authHeader = fmt.Sprintf("Proxy-Authorization: %s\r\n", v)
+	if buildfeatures.HasUseProxy {
+		if getAuthHeader, ok := feature.HookProxyGetAuthHeader.GetOk(); ok {
+			if v, err := getAuthHeader(pu); err != nil {
+				c.logf("derphttp: error getting proxy auth header for %v: %v", proxyURL, err)
+			} else if v != "" {
+				authHeader = fmt.Sprintf("Proxy-Authorization: %s\r\n", v)
+			}
+		}
 	}

 	if _, err := fmt.Fprintf(proxyConn, "CONNECT %s HTTP/1.1\r\nHost: %s\r\n%s\r\n", target, target, authHeader); err != nil {