Hi John,
On Mon, Mar 28, 2022 at 11:26 PM John wrote:
> I'm looking to satisfy this:
>
>- If you are in an ACL, you can make a TLS connection
>
>
>- If you are not in an ACL, you can only a TCP connection, but not a
>TLS connection*
>
> * It would be better if it didn't honor TCP
Just as a follow-up, I think the answer to this question is to fork the
net/http library to add a line that handles an error type ErrIgnore without
the ramifications of a temporary error. With all the good and bad that it
entails (for this use case, it should be fine).
This is just a niche
Hey Sean and Robert,
Thanks for the suggestions.
I can see how the temporary error would work, but as Sean is saying, this
is going to add delays that are going to go against what I'm wanting to do.
Sean, I'm not sure I understand the part about looping my code. Here is a
sample on the
abusing temporary delays like that could result in unpredictable
performance with up to a second between accepts, not something you want if
you are flooded with things you want to deny (which is what an ACL is for).
On Mon, Mar 28, 2022, 23:46 robert engels wrote:
> You just need to return a
Ignore that last part - just use a “temporary” error.
> On Mar 28, 2022, at 5:46 PM, robert engels wrote:
>
> You just need to return a temporary error. It should not be exiting anyway -
> unless the “done” channel is valid.
>
> ctx := context.WithValue(baseCtx, ServerContextKey, srv)
> for {
You just need to return a temporary error. It should not be exiting anyway -
unless the “done” channel is valid.
ctx := context.WithValue(baseCtx, ServerContextKey, srv)
for {
rw, err := l.Accept()
if err != nil {
select {
case <-srv.getDoneChan():
return
I would just add a for loop around your code and only return when you have
a connection you want to allow, otherwise just log / pass the error
elsewhere.
On Mon, Mar 28, 2022 at 11:26 PM John wrote:
> I'm looking to satisfy this:
>
>- If you are in an ACL, you can make a TLS connection
>
I'm looking to satisfy this:
- If you are in an ACL, you can make a TLS connection
- If you are not in an ACL, you can only a TCP connection, but not a TLS
connection*
** It would be better if it didn't honor TCP either, unless it is a health
probe*
Basically I want to move my