Documentation
¶
Overview ¶
Package restricted provides functions to dial a restricted subset of IP addresses.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Dialer ¶
type Dialer struct {
// Optional resolver to use
Resolver net.Resolver
// Optional dialer to use, it's only called with an already resolved
// address (host:port)
Dialer net.Dialer
// Optional function that decides whether connection to a specific IP
// address should be denied. Dialer always denies access to unspecified and
// loopback addresses, this function can extend this logic. Address is
// blocked if it returns true.
Block func(netip.Addr) bool
}
Dialer encapsulates DNS resolution, IP blocking, and dialing logic; it only supports TCP network.
Example:
d := &restricted.Dialer{Block:func(ip netip.Addr) bool {return ip.IsPrivate()}}
// connection will be refused if somehost.net resolves to private subnet range
conn, err := d.DialContext(ctx, "tcp", "somehost.net:1234")
func (*Dialer) DialContext ¶
DialContext works similar to net.Dialer.DialContext, but it first resolves both address and port, and verifies that address is not blocked. Dialer always denies access to unspecified and loopback addresses. Set Dialer.Block to customize additional block logic.
DialContext only supports TCP network.
Notes ¶
Bugs ¶
Dialer.DialContext does not implement timeout spreading to each dial attempt when trying multiple network addresses if host resolved to more than one address. This package logic is less complex than net.Dialer.DialContext.
Source Files