As it stands, cloudflared prechecks are not taking the `protocol` flag into consideration and is instead falling back to the default protocol, which is QUIC. Prechecks should report the protocol cloudflared will use, not the default protocol.
Bumps quic-go to v0.59.1 (chungthuang fork rebased from upstream v0.45 onto
v0.59.1). Upstream removed the `logging` package and replaced its
callback-based ConnectionTracer with the structured `qlog`/`qlogwriter` event
API, which required migrating cloudflared's QUIC metrics collection.
Migrations:
- quic/tracing.go: connTracer no longer fills a logging.ConnectionTracer
callback struct. It implements qlogwriter.Trace + qlogwriter.Recorder and
dispatches qlog events (PacketSent, PacketReceived, MetricsUpdated, ...) to
the collector through RecordEvent. NewClientTracer now returns a function
compatible with quic.Config.Tracer.
- quic/metrics.go: collector methods take qlog types (qlog.Frame,
qlog.PacketType, qlog.MetricsUpdated, ...) and plain int64 in place of the
removed logging.ByteCount/Frame/RTTStats/TransportParameters.
- quic/conversion.go: PacketType, PacketDropReason and PacketLossReason are
strings upstream rather than numeric iotas, so the converters become
pass-through allowlists. CongestionState is also a string;
congestionStateToFloat maps it back to the numeric gauge values cloudflared
exports.
- quic.Connection/quic.Stream became *quic.Conn/*quic.Stream; updated
ConnWithCloser, SafeStreamCloser and the connection package accordingly.
Tests and generated mocks (mocks/mock_quic_connection.go) were adapted to
the new pointer-based API.
Closes TUN-10557
Fixing some bugs with DNS targets. Most importantly, these changes also fix some wrong assumptionsmade when trying to add support for the `--edge` flag:
1. Removes `StaticEdgeDNSResolver` in favor `resolveStaticEdge`. Since --edge does not imply resolving DNS, this fixes that assumption.
2. Adds EdgeAddrs, which allows us to skip DNS probes when set. This fixes the targets in the DNS rows.
3. Added a new `ResolvedTarget` struct, which joins addresses with the respective DNS results. This avoids the brittle logic we had before, where we assumed there were always two groups (one for each region) when running probes. So this not only makes the code more extensible in case we want to add more regions in the future but also adds support for multiple targets supplied via `--edge`.
4. Changes the existing nomenclature, going from calling things `region` to `target`. The term `region` works when resolving production regions (region1 and region2), but becomes misleading when we add the logic for `--edge`.
The end result of these changes is that we now see the correct addresses when you supply targets via `--edge`, while also making the code a bit clearer.
Check / check (1.22.x, macos-latest) (push) Has been cancelled
Check / check (1.22.x, ubuntu-latest) (push) Has been cancelled
Check / check (1.22.x, windows-latest) (push) Has been cancelled
Semgrep config / semgrep/ci (push) Has been cancelled
Fixing missing TLS settings. While developing the pre-check probes, I forgot to add the certificate settings, which are essential for establishing a connection to origintunneld. I discovered this while testing cloudflared locally.
Check / check (1.22.x, macos-latest) (push) Has been cancelled
Check / check (1.22.x, ubuntu-latest) (push) Has been cancelled
Check / check (1.22.x, windows-latest) (push) Has been cancelled
Semgrep config / semgrep/ci (push) Has been cancelled
This introduces the main precheck logic. This will follow concurrency model, timeout handling, and retry logic established in the SPEC. We will follow the decision flow in the [connectivity pre-checks SPEC](https://wiki.cfdata.org/spaces/TUN/pages/1374967685/Connectivity+Pre-checks+for+cloudflared). You can find an attached image of what the decision flow should look like.
{width=900 height=235}
Miguel da Costa Martins Marcelino
lneto