control/controlhttp: remove ClientConn.UntrustedUpgradeHeaders

It was just added and unreleased but we've decided to go a different route.

Details are in 5e9e57ecf5.

Updates #5972

Change-Id: I49016af469225f58535f63a9b0fbe5ab6a5bf304
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2022-10-28 12:14:58 -07:00 committed by Brad Fitzpatrick
parent b2035a1dca
commit dfe67afb4a
3 changed files with 11 additions and 23 deletions

View File

@ -336,7 +336,7 @@ func (a *Dialer) dialURL(ctx context.Context, u *url.URL, addr netip.Addr) (*Cli
if err != nil {
return nil, err
}
netConn, untrustedUpgradeHeaders, err := a.tryURLUpgrade(ctx, u, addr, init)
netConn, err := a.tryURLUpgrade(ctx, u, addr, init)
if err != nil {
return nil, err
}
@ -347,7 +347,6 @@ func (a *Dialer) dialURL(ctx context.Context, u *url.URL, addr netip.Addr) (*Cli
}
return &ClientConn{
Conn: cbConn,
UntrustedUpgradeHeaders: untrustedUpgradeHeaders,
}, nil
}
@ -356,7 +355,7 @@ func (a *Dialer) dialURL(ctx context.Context, u *url.URL, addr netip.Addr) (*Cli
// provided address.
//
// Only the provided ctx is used, not a.ctx.
func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, addr netip.Addr, init []byte) (_ net.Conn, untrustedUpgradeHeaders http.Header, _ error) {
func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, addr netip.Addr, init []byte) (net.Conn, error) {
var dns *dnscache.Resolver
// If we were provided an address to dial, then create a resolver that just
@ -438,11 +437,11 @@ func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, addr netip.Addr,
resp, err := tr.RoundTrip(req)
if err != nil {
return nil, nil, err
return nil, err
}
if resp.StatusCode != http.StatusSwitchingProtocols {
return nil, nil, fmt.Errorf("unexpected HTTP response: %s", resp.Status)
return nil, fmt.Errorf("unexpected HTTP response: %s", resp.Status)
}
// From here on, the underlying net.Conn is ours to use, but there
@ -456,19 +455,19 @@ func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, addr netip.Addr,
}
if switchedConn == nil {
resp.Body.Close()
return nil, nil, fmt.Errorf("httptrace didn't provide a connection")
return nil, fmt.Errorf("httptrace didn't provide a connection")
}
if next := resp.Header.Get("Upgrade"); next != upgradeHeaderValue {
resp.Body.Close()
return nil, nil, fmt.Errorf("server switched to unexpected protocol %q", next)
return nil, fmt.Errorf("server switched to unexpected protocol %q", next)
}
rwc, ok := resp.Body.(io.ReadWriteCloser)
if !ok {
resp.Body.Close()
return nil, nil, errors.New("http Transport did not provide a writable body")
return nil, errors.New("http Transport did not provide a writable body")
}
return netutil.NewAltReadWriteCloserConn(rwc, switchedConn), resp.Header, nil
return netutil.NewAltReadWriteCloserConn(rwc, switchedConn), nil
}

View File

@ -5,8 +5,6 @@
package controlhttp
import (
"net/http"
"tailscale.com/control/controlbase"
)
@ -17,10 +15,4 @@
type ClientConn struct {
// Conn is the noise connection.
*controlbase.Conn
// UntrustedUpgradeHeaders are the HTTP headers seen in the
// 101 Switching Protocols upgrade response. They may be nil
// or even might've been tampered with by a middlebox.
// They should not be trusted.
UntrustedUpgradeHeaders http.Header
}

View File

@ -46,7 +46,7 @@ func (d *Dialer) Dial(ctx context.Context) (*ClientConn, error) {
handshakeHeaderName: []string{base64.StdEncoding.EncodeToString(init)},
}.Encode(),
}
wsConn, httpRes, err := websocket.Dial(ctx, wsURL.String(), &websocket.DialOptions{
wsConn, _, err := websocket.Dial(ctx, wsURL.String(), &websocket.DialOptions{
Subprotocols: []string{upgradeHeaderValue},
})
if err != nil {
@ -58,8 +58,5 @@ func (d *Dialer) Dial(ctx context.Context) (*ClientConn, error) {
netConn.Close()
return nil, err
}
return &ClientConn{
Conn: cbConn,
UntrustedUpgradeHeaders: httpRes.Header,
}, nil
return &ClientConn{Conn: cbConn}, nil
}