Documentation
¶
Index ¶
Constants ¶
const ( UnauthenticatedNextProto = "__UNAUTH__" AuthenticatedNonSpecificNextProto = "__AUTH__" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MultiplexingListener ¶ added in v0.1.11
type MultiplexingListener struct {
// contains filtered or unexported fields
}
MultiplexingListener presents a listener interface, with connections sourced from direct function calls or listeners passed in.
Always use NewMultiplexingListener to create an instance. Failure to do so may result in an eventual runtime panic.
func NewMultiplexingListener ¶ added in v0.1.11
func (*MultiplexingListener) Accept ¶ added in v0.1.11
func (l *MultiplexingListener) Accept() (net.Conn, error)
Accept satisfies the net.Listener interface and returns the next connection that has been sent to this listener, or net.ErrClosed if the listener has been closed.
func (*MultiplexingListener) Addr ¶ added in v0.1.11
func (l *MultiplexingListener) Addr() net.Addr
Addr satisfies the net.Listener interface and returns the base listener address
func (*MultiplexingListener) Close ¶ added in v0.1.11
func (l *MultiplexingListener) Close() error
Close satisfies the net.Listener interface and closes this specific listener. We call drainConnections here to ensure that senders don't block even though we're no longer accepting them.
func (*MultiplexingListener) IngressConn ¶ added in v0.1.11
func (l *MultiplexingListener) IngressConn(conn net.Conn, err error)
IngressConn sends a connection and associated error through the listener as-is. It does not perform any nil checking on the given values.
func (*MultiplexingListener) IngressListener ¶ added in v0.1.11
func (l *MultiplexingListener) IngressListener(ln net.Listener) error
IngressListener will read connections off the given listener until the listener is closed and returns net.ErrClosed; any other error during listen will be sent through as-is. Any conns will be put onto the internal channel. This function does not block; it will only ever error if the listener is nil.
type SplitListener ¶
type SplitListener struct {
// contains filtered or unexported fields
}
SplitListener can be useful for integration with systems that expect to do their own handling of connections off of a net.Listener. One such example is gRPC which expects to be handed a listener and has deprecated any ability to simply hand it a connection. GetListener can be called with AuthenticatedNonSpecificNextProto which in turn can be given to the gRPC server to pass authenticated connections to gRPC, and a listener with UnauthenticatedNextProto can be passed to another handler.
SplitListener is compatible with the protocol package's Dialer's WithExtraAlpnProtos option. As the base listener is a *protocol.Listener, the client-specified NextProtos will be passed through to here and used to allow further switching based on listeners retrieved from GetListener with custom protos.
Regardless of client-specified NextProto or not, any connection that's returned from a listener retrieved from GetListener will always have been authenticated with NodeEnrollment _unless_ they are coming from an UnauthenticatedNextProto listener.
On receiving an error from the underlying Accept from the base listener that is not a Temporary error, the listener will stop listening.
func NewSplitListener ¶
func NewSplitListener(baseLn net.Listener) (*SplitListener, error)
NewSplitListener creates a new listener from a base listener, which must be a *protocol.InterceptingListener.
func (*SplitListener) GetListener ¶ added in v0.1.8
func (l *SplitListener) GetListener(nextProto string) (net.Listener, error)
GetListener returns a listener that will return connections that satisfy both of the following:
* It has been authenticated with the nodeenrollment library
* The client handshake contained an ALPN NextProto value that has the given value (e.g. protocol.Dialer had the WithExtraAlpnProtos option specified)
There are two special values:
* If the given value is the AuthenticatedNonSpecificNextProto const value, any authenticated connection that does not match a specific value is returned
* If the given value is the UnauthenticatedNextProto const value, any connection that is not authenticated by the nodeenrollment library will be returned on it. This includes connections that did not successfully TLS handshake or that are not TLS connections.
The connections returned over the listener will always be *tls.Conn.
If there was a previous listener for the given value, it is returned, otherwise a new one is created.
Don't call GetListener after the underlying listener has been closed; this will result in an unclosed channel if there is a race.
func (*SplitListener) Start ¶
func (l *SplitListener) Start() error
Start starts the listener running. It will run until the base listener is closed, causing Accept to return a non-temporary error.
Any temporary errors encountered will cause just that connection to be closed.
Source Files