package transport
import "go.etcd.io/etcd/client/pkg/v3/transport"
Package transport implements various HTTP transport utilities based on Go net package.
Package transport provides network utility functions, complementing the more common ones in the net package.
Index ¶
- Variables
- func IsClosedConnError(err error) bool
- func LimitListener(l net.Listener, n int) net.Listener
- func NewKeepAliveListener(l net.Listener, scheme string, tlscfg *tls.Config) (net.Listener, error)
- func NewListener(addr, scheme string, tlsinfo *TLSInfo) (l net.Listener, err error)
- func NewListenerWithOpts(addr, scheme string, opts ...ListenerOption) (net.Listener, error)
- func NewTLSListener(l net.Listener, tlsinfo *TLSInfo) (net.Listener, error)
- func NewTimeoutListener(addr string, scheme string, tlsinfo *TLSInfo, readTimeout, writeTimeout time.Duration) (net.Listener, error)
- func NewTimeoutTransport(info TLSInfo, dialtimeoutd, rdtimeoutd, wtimeoutd time.Duration) (*http.Transport, error)
- func NewTransport(info TLSInfo, dialtimeoutd time.Duration) (*http.Transport, error)
- func NewUnixListener(addr string) (net.Listener, error)
- func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error)
- type Controls
- type ListenerOption
- func WithSkipTLSInfoCheck(skip bool) ListenerOption
- func WithSocketOpts(s *SocketOpts) ListenerOption
- func WithTLSInfo(t *TLSInfo) ListenerOption
- func WithTimeout(read, write time.Duration) ListenerOption
- type ListenerOptions
- func (lo *ListenerOptions) IsSocketOpts() bool
- func (lo *ListenerOptions) IsTLS() bool
- func (lo *ListenerOptions) IsTimeout() bool
- type SocketOpts
- type TLSInfo
- func SelfCert(lg *zap.Logger, dirpath string, hosts []string, selfSignedCertValidity uint, additionalUsages ...x509.ExtKeyUsage) (TLSInfo, error)
- func (info TLSInfo) ClientConfig() (*tls.Config, error)
- func (info TLSInfo) Empty() bool
- func (info TLSInfo) ServerConfig() (*tls.Config, error)
- func (info TLSInfo) String() string
Variables ¶
Functions ¶
func IsClosedConnError ¶
IsClosedConnError returns true if the error is from closing listener, cmux. copied from golang.org/x/net/http2/http2.go
func LimitListener ¶
LimitListener returns a Listener that accepts at most n simultaneous connections from the provided Listener.
func NewKeepAliveListener ¶
NewKeepAliveListener returns a listener that listens on the given address. Be careful when wrap around KeepAliveListener with another Listener if TLSInfo is not nil. Some pkgs (like go/http) might expect Listener to return TLSConn type to start TLS handshake. http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html
Note(ahrtr): only `net.TCPConn` supports `SetKeepAlive` and `SetKeepAlivePeriod` by default, so if you want to wrap multiple layers of net.Listener, the `keepaliveListener` should be the one which is closest to the original `net.Listener` implementation, namely `TCPListener`.
func NewListener ¶
NewListener creates a new listner.
func NewListenerWithOpts ¶
func NewListenerWithOpts(addr, scheme string, opts ...ListenerOption) (net.Listener, error)
NewListenerWithOpts creates a new listener which accepts listener options.
func NewTLSListener ¶
NewTLSListener handshakes TLS connections and performs optional CRL checking.
func NewTimeoutListener ¶
func NewTimeoutListener(addr string, scheme string, tlsinfo *TLSInfo, readTimeout, writeTimeout time.Duration) (net.Listener, error)
NewTimeoutListener returns a listener that listens on the given address. If read/write on the accepted connection blocks longer than its time limit, it will return timeout error.
func NewTimeoutTransport ¶
func NewTimeoutTransport(info TLSInfo, dialtimeoutd, rdtimeoutd, wtimeoutd time.Duration) (*http.Transport, error)
NewTimeoutTransport returns a transport created using the given TLS info. If read/write on the created connection blocks longer than its time limit, it will return timeout error. If read/write timeout is set, transport will not be able to reuse connection.
func NewTransport ¶
func NewUnixListener ¶
func ValidateSecureEndpoints ¶
ValidateSecureEndpoints scans the given endpoints against tls info, returning only those endpoints that could be validated as secure.
Types ¶
type Controls ¶
func (Controls) Control ¶
type ListenerOption ¶
type ListenerOption func(*ListenerOptions)
ListenerOption are options which can be applied to the listener.
func WithSkipTLSInfoCheck ¶
func WithSkipTLSInfoCheck(skip bool) ListenerOption
WithSkipTLSInfoCheck when true a transport can be created with an https scheme without passing TLSInfo, circumventing not presented error. Skipping this check also requires that TLSInfo is not passed.
func WithSocketOpts ¶
func WithSocketOpts(s *SocketOpts) ListenerOption
WithSocketOpts defines socket options that will be applied to the listener.
func WithTLSInfo ¶
func WithTLSInfo(t *TLSInfo) ListenerOption
WithTLSInfo adds TLS credentials to the listener.
func WithTimeout ¶
func WithTimeout(read, write time.Duration) ListenerOption
WithTimeout allows for a read or write timeout to be applied to the listener.
type ListenerOptions ¶
type ListenerOptions struct {
Listener net.Listener
ListenConfig net.ListenConfig
// contains filtered or unexported fields
}
func (*ListenerOptions) IsSocketOpts ¶
func (lo *ListenerOptions) IsSocketOpts() bool
IsSocketOpts returns true if the listener options includes socket options.
func (*ListenerOptions) IsTLS ¶
func (lo *ListenerOptions) IsTLS() bool
IsTLS returns true if listner options includes TLSInfo.
func (*ListenerOptions) IsTimeout ¶
func (lo *ListenerOptions) IsTimeout() bool
IsTimeout returns true if the listener has a read/write timeout defined.
type SocketOpts ¶
type SocketOpts struct {
// ReusePort enables socket option SO_REUSEPORT [1] which allows rebind of
// a port already in use. User should keep in mind that flock can fail
// in which case lock on data file could result in unexpected
// condition. User should take caution to protect against lock race.
// [1] https://man7.org/linux/man-pages/man7/socket.7.html
ReusePort bool `json:"reuse-port"`
// ReuseAddress enables a socket option SO_REUSEADDR which allows
// binding to an address in `TIME_WAIT` state. Useful to improve MTTR
// in cases where etcd slow to restart due to excessive `TIME_WAIT`.
// [1] https://man7.org/linux/man-pages/man7/socket.7.html
ReuseAddress bool `json:"reuse-address"`
}
func (*SocketOpts) Empty ¶
func (sopts *SocketOpts) Empty() bool
type TLSInfo ¶
type TLSInfo struct {
// CertFile is the _server_ cert, it will also be used as a _client_ certificate if ClientCertFile is empty
CertFile string
// KeyFile is the key for the CertFile
KeyFile string
// ClientCertFile is a _client_ cert for initiating connections when ClientCertAuth is defined. If ClientCertAuth
// is true but this value is empty, the CertFile will be used instead.
ClientCertFile string
// ClientKeyFile is the key for the ClientCertFile
ClientKeyFile string
TrustedCAFile string
ClientCertAuth bool
CRLFile string
InsecureSkipVerify bool
SkipClientSANVerify bool
// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
ServerName string
// HandshakeFailure is optionally called when a connection fails to handshake. The
// connection will be closed immediately afterwards.
HandshakeFailure func(*tls.Conn, error)
// CipherSuites is a list of supported cipher suites.
// If empty, Go auto-populates it by default.
// Note that cipher suites are prioritized in the given order.
CipherSuites []uint16
// MinVersion is the minimum TLS version that is acceptable.
// If not set, the minimum version is TLS 1.2.
MinVersion uint16
// MaxVersion is the maximum TLS version that is acceptable.
// If not set, the default used by Go is selected (see tls.Config.MaxVersion).
MaxVersion uint16
// AllowedCN is a CN which must be provided by a client.
//
// Deprecated: use AllowedCNs instead.
AllowedCN string
// AllowedHostname is an IP address or hostname that must match the TLS
// certificate provided by a client.
//
// Deprecated: use AllowedHostnames instead.
AllowedHostname string
// AllowedCNs is a list of acceptable CNs which must be provided by a client.
AllowedCNs []string
// AllowedHostnames is a list of acceptable IP addresses or hostnames that must match the
// TLS certificate provided by a client.
AllowedHostnames []string
// Logger logs TLS errors.
// If nil, all logs are discarded.
Logger *zap.Logger
// EmptyCN indicates that the cert must have empty CN.
// If true, ClientConfig() will return an error for a cert with non empty CN.
EmptyCN bool
// LocalAddr is the local IP address to use when communicating with a peer.
LocalAddr string
// contains filtered or unexported fields
}
func SelfCert ¶
func SelfCert(lg *zap.Logger, dirpath string, hosts []string, selfSignedCertValidity uint, additionalUsages ...x509.ExtKeyUsage) (TLSInfo, error)
func (TLSInfo) ClientConfig ¶
ClientConfig generates a tls.Config object for use by an HTTP client.
func (TLSInfo) Empty ¶
func (TLSInfo) ServerConfig ¶
ServerConfig generates a tls.Config object for use by an HTTP server.
func (TLSInfo) String ¶
Source Files ¶
doc.go keepalive_listener.go keepalive_listener_unix.go limit_listen.go listener.go listener_opts.go listener_tls.go sockopt.go sockopt_unix.go timeout_conn.go timeout_dialer.go timeout_listener.go timeout_transport.go tls.go transport.go unix_listener.go
- Version
- v3.6.4 (latest)
- Published
- Jul 25, 2025
- Platform
- linux/amd64
- Imports
- 24 packages
- Last checked
- 7 months ago –
Tools for package owners.