net

Documentation

Index

• Constants
• type SplitListener
  • func NewSplitListener(baseLn net.Listener) (*SplitListener, error)
  • func (l *SplitListener) GetListener(nextProto string) (net.Listener, error)
  • func (l *SplitListener) Start() error

Constants

const (
	UnauthenticatedNextProto          = "__UNAUTH__"
	AuthenticatedNonSpecificNextProto = "__AUTH__"
)

Types

type SplitListener

type SplitListener struct {
	// contains filtered or unexported fields
}

SplitListener can be useful for integration with systems that expect to do their own handling of connections off of a net.Listener. One such example is gRPC which expects to be handed a listener and has deprecated any ability to simply hand it a connection. GetListener can be called with AuthenticatedNonSpecificNextProto which in turn can be given to the gRPC server to pass authenticated connections to gRPC, and a listener with UnauthenticatedNextProto can be passed to another handler.

SplitListener is compatible with the protocol package's Dialer's WithExtraAlpnProtos option. As the base listener is a *protocol.Listener, the client-specified NextProtos will be passed through to here and used to allow further switching based on listeners retrieved from GetListener with custom protos.

Regardless of client-specified NextProto or not, any connection that's returned from a listener retrieved from GetListener will always have been authenticated with NodeEnrollment _unless_ they are coming from an UnauthenticatedNextProto listener.

On receiving an error from the underlying Accept from the base listener that is not a Temporary error, the listener will stop listening.

func NewSplitListener

func NewSplitListener(baseLn net.Listener) (*SplitListener, error)

NewSplitListener creates a new listener from a base listener, which must be a *protocol.InterceptingListener.

func (*SplitListener) GetListener

func (l *SplitListener) GetListener(nextProto string) (net.Listener, error)

GetListener returns a listener that will return connections that satisfy both of the following:

* It has been authenticated with the nodeenrollment library

* The client handshake contained an ALPN NextProto value that has the given value (e.g. protocol.Dialer had the WithExtraAlpnProtos option specified)

There are two special values:

* If the given value is the AuthenticatedNonSpecificNextProto const value, any authenticated connection that does not match a specific value is returned

* If the given value is the UnauthenticatedNextProto const value, any connection that is not authenticated by the nodeenrollment library will be returned on it. This includes connections that did not successfully TLS handshake or that are not TLS connections.

The connections returned over the listener will always be *tls.Conn.

If there was a previous listener for the given value, it is returned, otherwise a new one is created.

Don't call GetListener after the underlying listener has been closed; this will result in an unclosed channel if there is a race.

func (*SplitListener) Start

func (l *SplitListener) Start() error

Start starts the listener running. It will run until the base listener is closed, causing Accept to return a non-temporary error.

Any temporary errors encountered will cause just that connection to be closed.