Commit 01f954d3 authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Create a tor-hsrproxy crate to handle "proxy to local port". 

I'm calling this a "reverse proxy" since I think a lot of folks like
that terminology, though I'm not personally a huge fan.  Calling it
"`tor-hsproxy`" would IMO confuse people more about what kind of proxy
it was.

This is a separate crate from `tor-hsservice` because it's logically
at a different level: if you're writing a little embedded onion
service, you don't need this code.

Right now there is only configuration logic here.
parent e1bf3d62

Cargo.lock

+4 −0
Original line number Diff line number Diff line
@@ -4624,6 +4624,10 @@ dependencies = [ 
 "tor-hscrypto",

]



[[package]]

name = "tor-hsrproxy"

version = "0.1.0"



[[package]]

name = "tor-hsservice"

version = "0.2.3"

Cargo.toml

+1 −0
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ members = [ 
    "crates/tor-keymgr",

    "crates/tor-hsclient",

    "crates/tor-hsservice",

    "crates/tor-hsrproxy",

    "crates/arti-client",

    "crates/arti-rpcserver",

    "crates/arti-config",

crates/tor-hsrproxy/Cargo.toml

0 → 100644
+22 −0
Original line number Diff line number Diff line 
[package]

name = "tor-hsrproxy"

version = "0.1.0"

authors = ["The Tor Project, Inc.", "Nick Mathewson <nickm@torproject.org>"]

edition = "2021"

rust-version = "1.65"

license = "MIT OR Apache-2.0"

homepage = "https://gitlab.torproject.org/tpo/core/arti/-/wikis/home"

description = "Reverse proxy to build an onion service that connects to local servers."

keywords = ["tor", "arti", "cryptography"]

categories = ["cryptography"]

repository = "https://gitlab.torproject.org/tpo/core/arti.git/"



publish = false



[features]

default = []

full = []



[dependencies]



[dev-dependencies]

crates/tor-hsrproxy/README.md

0 → 100644
+17 −0
Original line number Diff line number Diff line 
# tor-hsrproxy



A "reverse proxy" implementation for onion services.



This crate is used in connection with `tor-hsservice` to crate an

onion service that works by opening connections to local services.



It is a separate crate from `tor-hsservice` because it is only one of

the possible ways to handle incoming onion service streams.



## EXPERIMENTAL DRAFT



This crate is a work in progress; it is not the least bit complete.



Right now, it does not even work: it's only here so that we can prototype

our APIs.

crates/tor-hsrproxy/src/config.rs

0 → 100644
+50 −0
Original line number Diff line number Diff line 
//! Configuration logic for onion service reverse proxy.



use std::{net::SocketAddr, path::PathBuf};



/// Configuration for a reverse proxy running for a single onion service.

#[derive(Clone, Debug)]

pub struct ProxyConfig {

    /// A list of rules to apply to incoming requests.  If no rule

    /// matches, we take the DestroyCircuit action.

    proxy_ports: Vec<ProxyRule>,

}



/// A single rule in a `ProxyConfig`.

///

/// Rules take the form of, "When this pattern matches, take this action."

#[derive(Clone, Debug)]

pub struct ProxyRule {

    /// Any connections to a port matching this pattern match this rule.

    source: ProxyPattern,

    /// When this rule matches, we take this action.

    target: ProxyTarget,

}



/// A set of ports to use when checking how to handle a port.

#[derive(Clone, Debug)]

#[non_exhaustive]

pub enum ProxyPattern {

    /// Match a single port.

    Port(u16),

    /// Match an inclusive range of ports.

    PortRange(u16, u16),

    /// Match all ports.

    AllPorts,

}



/// An action to take upon receiving an incoming request.

#[derive(Clone, Debug)]

#[non_exhaustive]

pub enum ProxyTarget {

    /// Close the circuit immediately with an error.

    DestroyCircuit,

    /// Open a TCP connection to a given address and port.

    Tcp(SocketAddr),

    /// Open an AF_UNIX connection to a given address.

    Unix(PathBuf),

    /// Close the stream immediately with an error.

    RejectStream,

    /// Ignore the stream request.

    DropStream,

}