Skip to content

Reproduction of issue with connect() and globalOutbound #4145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Reproduction of issue with connect() and globalOutbound #4145

wants to merge 1 commit into from
+41 −0

Conversation

penalosa
Copy link
Contributor

Relating to cloudflare/workers-sdk#9238, it seems that using connect() in a Worker with a globalOutbound configured is not supported, because the connect() tries to go via the global outbound, failing because Workers don't support TCP ingress. I'd expect the connect() API to bypass globalOutbound and go straight to the internet service, so that it's possible to use connect() in a Worker with globalOutbound configured.

To reproduce, run pnpx workerd samples/connect-with-global-outbound/config.capnp and curl http://localhost:8080/connect. workerd will throw an error like the following:

workerd/server/server.c++:3872: error: Uncaught exception: workerd/jsg/_virtual_includes/iterator/workerd/jsg/value.h:1479: failed: remote.jsg.TypeError: Incoming CONNECT on a worker not supported

Removing the globalOutbound setting allows the connection to be established as expected.

@danlapid
Copy link
Collaborator

@kentonv this seems to be because when the outbound is a worker the connect api is using the WorkerEntrypoint::connect method.
IIRC in prod for the WfP usecase when we set an outbound worker then connect would bypass that and just use the regular outbounds right?
Seems somewhat similar and should likely behave similarly.
Maybe bypassing the outbound worker and going to internet if the set outbound is a ServiceDesignator of type worker ?

@kentonv
Copy link
Member

kentonv commented May 15, 2025

This is by design.

The main purpose of setting globalOutbound is to have another worker intercept all outbound requests to the internet from a worker, possibly to implement controls on what the worker is allowed to access.

Bypassing globalOutbound for connect() would entirely defeat this purpose and make it impossible to sandbox Workers using this mechanism.

IIRC in prod for the WfP usecase when we set an outbound worker then connect would bypass that and just use the regular outbounds right?

I certainly hope not! This would be a serious security flaw.

The ideal solution here is to define an API for Workers to receive and proxy raw sockets. Then a worker which has been set as globalOutbound can proxy connect() as desired. This is a big project, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@penalosa @danlapid @kentonv