abusing temporary delays like that could result in unpredictable
performance with up to a second between accepts, not something you want if
you are flooded with things you want to deny (which is what an ACL is for).
On Mon, Mar 28, 2022, 23:46 robert engels <reng...@ix.netcom.com> wrote:
> You just need to return a temporary error. It should not be exiting anyway
> - unless the “done” channel is valid.
>
> ctx := context.WithValue(baseCtx, ServerContextKey, srv)
> for {
> rw, err := l.Accept()
> if err != nil {
> select {
> case <-srv.getDoneChan():
> return ErrServerClosed
> default:
> }
> if ne, ok := err.(net.Error); ok && ne.Temporary() {
> if tempDelay == 0 {
> tempDelay = 5 * time.Millisecond
> } else {
> tempDelay *= 2
> }
> if max := 1 * time.Second; tempDelay > max {
> tempDelay = max
> }
> srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay)
> time.Sleep(tempDelay)
> continue
> }
> return err
> }
>
>
>
> On Mar 28, 2022, at 5:35 PM, 'Sean Liao' via golang-nuts <
> golang-nuts@googlegroups.com> wrote:
>
> I would just add a for loop around your code and only return when you have
> a connection you want to allow, otherwise just log / pass the error
> elsewhere.
>
>
> On Mon, Mar 28, 2022 at 11:26 PM John <johnsiil...@gmail.com> wrote:
>
>> I'm looking to satisfy this:
>>
>> - If you are in an ACL, you can make a TLS connection
>> - If you are not in an ACL, you can only a TCP connection, but not a
>> TLS connection*
>>
>> ** It would be better if it didn't honor TCP either, unless it is a
>> health probe*
>>
>> Basically I want to move my denials into the listener and not in the
>> http.Server handlers.
>>
>> I thought I was clever recently, trying to do this with:
>>
>> func (a *aclListener) Accept() (net.Conn, error) {
>> conn, err := a.ln.Accept()
>> if err != nil {
>> return nil, err
>> }
>>
>> host, _, err := net.SplitHostPort(conn.RemoteAddr().String())
>> if err != nil {
>> return nil, fmt.Errorf("connection's remote address(%s) could not be
>> split: %s", conn.RemoteAddr().String(), err)
>> }
>>
>> // The probe connected, so close the connection and exit.
>> if a.acls.isProbe(host) {
>> log.Printf("TCP probe(%s) connection", host)
>> conn.Close()
>> return nil, ErrIsProbe
>> }
>>
>> // Block anything that isn't in our ACL.
>> if err := a.acls.ipAuth(host); err != nil {
>> return nil, err
>> }
>> log.Println("accepting connection from: ", conn.RemoteAddr().String())
>> return conn, nil
>> }
>>
>> aclListener implements a net.Listener and I was going to allow the TCP
>> probe from this
>> health service, but nothing more (like seeing the TLS header).
>> However, it turns out erroring on an Accept() will cause the http.Server
>> to stop.
>>
>> Of course, if this code did work, the difference between the prober and
>> non-ACL connections is the same, they both can get the TCP socket before
>> being denied.
>>
>> Does anyone know if I can achieve this in my code without getting super
>> hacky? I can see
>> some ways to that, but figured someone here might have done this in a
>> simple way.
>>
>> Cheers and thanks.
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golang-nuts+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com
>> <https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CAGabyPoLQr5Te5VxXpyvoZn4Cs3Lh64GKPWk%2Bk-LyQNA3KnS1w%40mail.gmail.com.
