(logger *zap.Logger, info agent.DestInfo, opts *config.Config)
| 648 | } |
| 649 | |
| 650 | func New(logger *zap.Logger, info agent.DestInfo, opts *config.Config) *Proxy { |
| 651 | proxy := &Proxy{ |
| 652 | logger: logger, |
| 653 | Port: opts.ProxyPort, |
| 654 | IncomingProxyPort: opts.IncomingProxyPort, |
| 655 | DNSPort: opts.DNSPort, // default: 26789 |
| 656 | synchronous: opts.Agent.Synchronous, |
| 657 | IP4: "127.0.0.1", // default: "127.0.0.1" <-> (2130706433) |
| 658 | IP6: "::1", //default: "::1" <-> ([4]uint32{0000, 0000, 0000, 0001}) |
| 659 | ipMutex: &sync.Mutex{}, |
| 660 | connMutex: &sync.Mutex{}, |
| 661 | DestInfo: info, |
| 662 | clientClose: make(chan bool, 1), |
| 663 | Integrations: make(map[integrations.IntegrationType]integrations.Integrations), |
| 664 | GlobalPassthrough: opts.Agent.GlobalPassthrough, |
| 665 | OpportunisticTLSIntercept: opts.Agent.OpportunisticTLSIntercept, |
| 666 | errChannel: make(chan error, 100), // buffered channel to prevent blocking |
| 667 | IsDocker: opts.Agent.IsDocker, |
| 668 | EnableIPv6Redirect: opts.Agent.EnableIPv6Redirect, |
| 669 | appPID: opts.Agent.ClientNSPID, |
| 670 | caJavaHome: opts.Agent.CAJavaHome, |
| 671 | dnsCache: newDNSCache(), |
| 672 | recordedDNSMocks: newRecordedDNSMocksCache(), |
| 673 | // dnsForwardTimeout is the per-forward deadline for upstream DNS |
| 674 | // exchanges. 2 s is long enough to absorb a single UDP retransmit |
| 675 | // against CoreDNS (~500 ms default) while keeping app-side lookup |
| 676 | // latency bounded if the upstream is hard-down. Tuned to match the |
| 677 | // task spec ("~2s"). Tests override by assigning to this field |
| 678 | // directly on the Proxy struct; see |
| 679 | // pkg/agent/proxy/dns_forward_test.go (newProxyWithUpstream). The |
| 680 | // field is package-private, so sibling _test.go files have |
| 681 | // legitimate direct access and we intentionally do not expose a |
| 682 | // setter helper for a one-line test-only override. |
| 683 | dnsForwardTimeout: 2 * time.Second, |
| 684 | // Record-buffer tuning is set by clampRecordBuffer below — it |
| 685 | // validates the operator-supplied uint64/int values against |
| 686 | // safe ranges (1 MiB-2 GiB / 64-65536 slots), warns + clamps |
| 687 | // rather than crashing, and detects uint64 → int64 wrap from |
| 688 | // values > math.MaxInt64 explicitly. Setting these here would |
| 689 | // be redundant and would risk a transient negative cap from a |
| 690 | // bare uint64 → int64 reinterpretation cast. |
| 691 | } |
| 692 | proxy.recordBufferCap, proxy.recordBufferQueueSize = clampRecordBuffer( |
| 693 | logger, |
| 694 | opts.Record.RecordBuffer.MaxMemoryPerConnection, |
| 695 | opts.Record.RecordBuffer.QueueSize, |
| 696 | ) |
| 697 | |
| 698 | // Plumb the proxy logger into the package-singleton SyncMockManager |
| 699 | // so its drop-path Error emissions actually reach the host logger. |
| 700 | // zap.L() would silently fall back to Nop here — syncMock loads at |
| 701 | // package init, long before any zap.ReplaceGlobals call — which is |
| 702 | // how the overflow warning became invisible on customer runs. |
| 703 | if mgr := syncMock.Get(); mgr != nil { |
| 704 | mgr.SetLogger(logger) |
| 705 | } |
| 706 | |
| 707 | // Channel-binding shim: opt-in BPF-backed feature. Gate by the |
no test coverage detected