hub

package

v0.3.10 Latest Latest Go to latest Published: Apr 13, 2026 License: AGPL-3.0 Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AtDexters-Lab/nexus-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

func New(cfg *config.Config, tlsConfig *tls.Config, validator auth.Validator, ...) *hubImpl
type AttestationMetadata
type Backend
- func NewBackend(conn *websocket.Conn, meta *AttestationMetadata, cfg *config.Config, ...) *Backend
type LoadBalancerPool
- func NewLoadBalancerPool() *LoadBalancerPool
type UDPRoutePolicy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(cfg *config.Config, tlsConfig *tls.Config, validator auth.Validator, outboundClient *http.Client) *hubImpl

New creates and returns a new Hub instance.

Types ¶

type AttestationMetadata ¶

type AttestationMetadata struct {
	Hostnames            []string
	TCPPorts             []int
	UDPRoutes            []UDPRoutePolicy
	Weight               int
	ReauthInterval       time.Duration
	ReauthGrace          time.Duration
	MaintenanceCap       time.Duration
	HasMaintenanceCap    bool
	AuthorizerStatusURI  string
	PolicyVersion        string
	OutboundAllowed      bool
	AllowedOutboundPorts []int
}

AttestationMetadata captures the policy directives extracted from the attested token that Nexus must enforce for a backend connection.

type Backend ¶

type Backend struct {
	// contains filtered or unexported fields
}

Backend represents a single, authenticated WebSocket connection from a backend service.

func NewBackend ¶

func NewBackend(conn *websocket.Conn, meta *AttestationMetadata, cfg *config.Config, validator auth.Validator, httpClient *http.Client) *Backend

NewBackend creates a new Backend instance.

func (*Backend) AddClient ¶

func (b *Backend) AddClient(clientConn net.Conn, clientID uuid.UUID, hostname string, isTLS bool) error

func (*Backend) AddOutboundClient ¶ added in v0.3.1

func (b *Backend) AddOutboundClient(conn net.Conn, clientID uuid.UUID) error

AddOutboundClient stores a proxy-dialed outbound connection in the clients map. Unlike AddClient, it does not send EventConnect (the backend initiated the request and already knows about the connection).

func (*Backend) AttachBandwidthScheduler ¶ added in v0.3.10

func (b *Backend) AttachBandwidthScheduler(s *bandwidth.Scheduler)

AttachBandwidthScheduler wires a bandwidth scheduler to this backend. Must be called at most once, strictly before StartPumps or AddClient, from the construction goroutine. The Register() side effect and the field write happen together so the pair cannot be split by refactors.

Safeguards (panic on misuse):

nil scheduler → no-op.
Called twice → panics. A second Register() would silently reset deficit / lastActive on a live backend.
Called after any client is registered → panics. Mixing gated and ungated clients on the same backend is a debugging hazard.

func (*Backend) BandwidthGateStats ¶ added in v0.3.10

func (b *Backend) BandwidthGateStats() (events, millisTotal int64)

BandwidthGateStats returns the lifetime bandwidth gate counters for observability. events counts frames whose delivery was blocked by the per-backend bandwidth gate at least once (Request returned false ≥ 1 time). millisTotal accumulates the wall-clock wait across those blocked frames.

Operator guidance:

Derived metric millisTotal/events approximates average block time per blocked frame. Alert threshold: sustained > 500ms average indicates cap exhaustion at current load.
events rate should be near-zero when totalBandwidthMbps is unset (scheduler nil → gate nil → no drain-side gate activity). A non-zero rate under a nil scheduler indicates a bug.
Use backend-ID correlation from logs to identify noisy-neighbor clients; per-client histograms are future work.

func (*Backend) Close ¶

func (b *Backend) Close()

func (*Backend) HasRecentActivity ¶ added in v0.3.8

func (b *Backend) HasRecentActivity(clientID uuid.UUID, since time.Time) bool

func (*Backend) ID ¶

func (b *Backend) ID() string

func (*Backend) RemoveClient ¶

func (b *Backend) RemoveClient(clientID uuid.UUID)

func (*Backend) ReplenishStats ¶ added in v0.3.9

func (b *Backend) ReplenishStats() (success, retryAttempts int64)

ReplenishStats returns the lifetime credit replenishment counters for observability. success counts EventResumeStream messages successfully enqueued on the control lane; retryAttempts counts failed enqueue attempts (the same stuck batch can contribute multiple retries).

func (*Backend) SendControlMessage ¶

func (b *Backend) SendControlMessage(msg protocol.ControlMessage) error

func (*Backend) SendData ¶

func (b *Backend) SendData(clientID uuid.UUID, data []byte) error

func (*Backend) StartPumps ¶

func (b *Backend) StartPumps()

type LoadBalancerPool ¶

type LoadBalancerPool struct {
	// contains filtered or unexported fields
}

LoadBalancerPool manages a collection of backend instances for a single hostname.

func NewLoadBalancerPool ¶

func NewLoadBalancerPool() *LoadBalancerPool

NewLoadBalancerPool creates a new, empty load balancer pool.

func (*LoadBalancerPool) AddBackend ¶

func (p *LoadBalancerPool) AddBackend(b *Backend)

func (*LoadBalancerPool) HasBackends ¶

func (p *LoadBalancerPool) HasBackends() bool

HasBackends returns true if there are one or more backends in the pool.

func (*LoadBalancerPool) RemoveBackend ¶

func (p *LoadBalancerPool) RemoveBackend(b *Backend)

func (*LoadBalancerPool) Select ¶

func (p *LoadBalancerPool) Select() (iface.Backend, error)

Select chooses a backend from the pool using the Weighted Round Robin algorithm. It returns an error if no backends are available.

type UDPRoutePolicy ¶

type UDPRoutePolicy struct {
	Port            int
	FlowIdleTimeout time.Duration
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL