push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(rustproxy): upgrade fallback UDP listeners to QUIC when TLS certificates become available

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-19 22:00:07 +00:00
parent bb5b9b3d12
commit 2621dea9fa
5 changed files with 185 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
rust/crates/rustproxy/src/lib.rs
View File

@@ -783,12 +783,10 @@ impl RustProxy {
}
}
// Build TLS config for QUIC before taking mutable borrow on udp_mgr
let quic_tls = if new_udp_ports.iter().any(|p| !old_udp_ports.contains(p)) {
// Build TLS config for QUIC (needed for new ports and upgrading existing raw UDP)
let quic_tls = {
let tls_configs = self.current_tls_configs().await;
Self::build_quic_tls_config(&tls_configs)
} else {
None
};
if let Some(ref mut udp_mgr) = self.udp_listener_manager {
@@ -806,6 +804,12 @@ impl RustProxy {
udp_mgr.remove_port(*port);
}
}
// Upgrade existing raw UDP fallback listeners to QUIC if TLS is now available
if let Some(ref quic_config) = quic_tls {
udp_mgr.update_quic_tls(Arc::clone(quic_config));
udp_mgr.upgrade_raw_to_quic(Arc::clone(quic_config)).await;
}
}
} else if self.udp_listener_manager.is_some() {
// All UDP routes removed — shut down UDP manager
@@ -862,12 +866,12 @@ impl RustProxy {
.map_err(|e| anyhow::anyhow!("ACME provisioning failed: {}", e))?;
// Hot-swap into TLS configs
if let Some(ref mut listener) = self.listener_manager {
let mut tls_configs = Self::extract_tls_configs(&self.options.routes);
tls_configs.insert(domain.clone(), TlsCertConfig {
cert_pem: bundle.cert_pem.clone(),
key_pem: bundle.key_pem.clone(),
});
let mut tls_configs = Self::extract_tls_configs(&self.options.routes);
tls_configs.insert(domain.clone(), TlsCertConfig {
cert_pem: bundle.cert_pem.clone(),
key_pem: bundle.key_pem.clone(),
});
{
let cm = cm_arc.lock().await;
for (d, b) in cm.store().iter() {
if !tls_configs.contains_key(d) {
@@ -877,9 +881,22 @@ impl RustProxy {
});
}
}
}
let quic_tls = Self::build_quic_tls_config(&tls_configs);
if let Some(ref listener) = self.listener_manager {
listener.set_tls_configs(tls_configs);
}
// Update existing QUIC endpoints and upgrade raw UDP fallback listeners
if let Some(ref mut udp_mgr) = self.udp_listener_manager {
if let Some(ref quic_config) = quic_tls {
udp_mgr.update_quic_tls(Arc::clone(quic_config));
udp_mgr.upgrade_raw_to_quic(Arc::clone(quic_config)).await;
}
}
info!("Certificate provisioned and loaded for route '{}'", route_name);
Ok(())
}
@@ -1104,17 +1121,18 @@ impl RustProxy {
// Hot-swap TLS config on TCP and QUIC listeners
let tls_configs = self.current_tls_configs().await;
// Build QUIC TLS config before TCP consumes the map
let quic_tls = Self::build_quic_tls_config(&tls_configs);
if let Some(ref listener) = self.listener_manager {
// Build QUIC TLS config before TCP consumes the map
let quic_tls = Self::build_quic_tls_config(&tls_configs);
listener.set_tls_configs(tls_configs);
}
// Also update QUIC endpoints with the new certs
if let Some(ref udp_mgr) = self.udp_listener_manager {
if let Some(quic_config) = quic_tls {
udp_mgr.update_quic_tls(quic_config);
}
// Update existing QUIC endpoints and upgrade raw UDP fallback listeners
if let Some(ref mut udp_mgr) = self.udp_listener_manager {
if let Some(ref quic_config) = quic_tls {
udp_mgr.update_quic_tls(Arc::clone(quic_config));
udp_mgr.upgrade_raw_to_quic(Arc::clone(quic_config)).await;
}
}