package transport

import "go.etcd.io/etcd/client/pkg/v3/transport"

Package transport implements various HTTP transport utilities based on Go net package.

Package transport provides network utility functions, complementing the more common ones in the net package.

Index

Variables 

var (
	ErrNotTCP = errors.New("only tcp connections have keepalive")
)

Functions

func IsClosedConnError 

func IsClosedConnError(err error) bool

IsClosedConnError returns true if the error is from closing listener, cmux. copied from golang.org/x/net/http2/http2.go

func LimitListener 

func LimitListener(l net.Listener, n int) net.Listener

LimitListener returns a Listener that accepts at most n simultaneous connections from the provided Listener.

func NewKeepAliveListener 

func NewKeepAliveListener(l net.Listener, scheme string, tlscfg *tls.Config) (net.Listener, error)

NewKeepAliveListener returns a listener that listens on the given address. Be careful when wrap around KeepAliveListener with another Listener if TLSInfo is not nil. Some pkgs (like go/http) might expect Listener to return TLSConn type to start TLS handshake. http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html

Note(ahrtr): only `net.TCPConn` supports `SetKeepAlive` and `SetKeepAlivePeriod` by default, so if you want to wrap multiple layers of net.Listener, the `keepaliveListener` should be the one which is closest to the original `net.Listener` implementation, namely `TCPListener`.

func NewListener 

func NewListener(addr, scheme string, tlsinfo *TLSInfo) (l net.Listener, err error)

NewListener creates a new listner.

func NewListenerWithOpts 

func NewListenerWithOpts(addr, scheme string, opts ...ListenerOption) (net.Listener, error)

NewListenerWithOpts creates a new listener which accpets listener options.

func NewTLSListener 

func NewTLSListener(l net.Listener, tlsinfo *TLSInfo) (net.Listener, error)

NewTLSListener handshakes TLS connections and performs optional CRL checking.

func NewTimeoutListener 

func NewTimeoutListener(addr string, scheme string, tlsinfo *TLSInfo, readTimeout, writeTimeout time.Duration) (net.Listener, error)

NewTimeoutListener returns a listener that listens on the given address. If read/write on the accepted connection blocks longer than its time limit, it will return timeout error.

func NewTimeoutTransport 

func NewTimeoutTransport(info TLSInfo, dialtimeoutd, rdtimeoutd, wtimeoutd time.Duration) (*http.Transport, error)

NewTimeoutTransport returns a transport created using the given TLS info. If read/write on the created connection blocks longer than its time limit, it will return timeout error. If read/write timeout is set, transport will not be able to reuse connection.

func NewTransport 

func NewTransport(info TLSInfo, dialtimeoutd time.Duration) (*http.Transport, error)

func NewUnixListener 

func NewUnixListener(addr string) (net.Listener, error)

func ValidateSecureEndpoints 

func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error)

ValidateSecureEndpoints scans the given endpoints against tls info, returning only those endpoints that could be validated as secure.

Types

type Controls 

type Controls []func(network, addr string, conn syscall.RawConn) error

func (Controls) Control 

func (ctls Controls) Control(network, addr string, conn syscall.RawConn) error

type ListenerOption 

type ListenerOption func(*ListenerOptions)

ListenerOption are options which can be applied to the listener.

func WithSkipTLSInfoCheck 

func WithSkipTLSInfoCheck(skip bool) ListenerOption

WithSkipTLSInfoCheck when true a transport can be created with an https scheme without passing TLSInfo, circumventing not presented error. Skipping this check also requires that TLSInfo is not passed.

func WithSocketOpts 

func WithSocketOpts(s *SocketOpts) ListenerOption

WithSocketOpts defines socket options that will be applied to the listener.

func WithTLSInfo 

func WithTLSInfo(t *TLSInfo) ListenerOption

WithTLSInfo adds TLS credentials to the listener.

func WithTimeout 

func WithTimeout(read, write time.Duration) ListenerOption

WithTimeout allows for a read or write timeout to be applied to the listener.

type ListenerOptions 

type ListenerOptions struct {
	Listener     net.Listener
	ListenConfig net.ListenConfig
	// contains filtered or unexported fields
}

func (*ListenerOptions) IsSocketOpts 

func (lo *ListenerOptions) IsSocketOpts() bool

IsSocketOpts returns true if the listener options includes socket options.

func (*ListenerOptions) IsTLS 

func (lo *ListenerOptions) IsTLS() bool

IsTLS returns true if listner options includes TLSInfo.

func (*ListenerOptions) IsTimeout 

func (lo *ListenerOptions) IsTimeout() bool

IsTimeout returns true if the listener has a read/write timeout defined.

type SocketOpts 

type SocketOpts struct {
	// ReusePort enables socket option SO_REUSEPORT [1] which allows rebind of
	// a port already in use. User should keep in mind that flock can fail
	// in which case lock on data file could result in unexpected
	// condition. User should take caution to protect against lock race.
	// [1] https://man7.org/linux/man-pages/man7/socket.7.html
	ReusePort bool `json:"reuse-port"`
	// ReuseAddress enables a socket option SO_REUSEADDR which allows
	// binding to an address in `TIME_WAIT` state. Useful to improve MTTR
	// in cases where etcd slow to restart due to excessive `TIME_WAIT`.
	// [1] https://man7.org/linux/man-pages/man7/socket.7.html
	ReuseAddress bool `json:"reuse-address"`
}

func (*SocketOpts) Empty 

func (sopts *SocketOpts) Empty() bool

type TLSInfo 

type TLSInfo struct {
	// CertFile is the _server_ cert, it will also be used as a _client_ certificate if ClientCertFile is empty
	CertFile string
	// KeyFile is the key for the CertFile
	KeyFile string
	// ClientCertFile is a _client_ cert for initiating connections when ClientCertAuth is defined. If ClientCertAuth
	// is true but this value is empty, the CertFile will be used instead.
	ClientCertFile string
	// ClientKeyFile is the key for the ClientCertFile
	ClientKeyFile string

	TrustedCAFile       string
	ClientCertAuth      bool
	CRLFile             string
	InsecureSkipVerify  bool
	SkipClientSANVerify bool

	// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
	ServerName string

	// HandshakeFailure is optionally called when a connection fails to handshake. The
	// connection will be closed immediately afterwards.
	HandshakeFailure func(*tls.Conn, error)

	// CipherSuites is a list of supported cipher suites.
	// If empty, Go auto-populates it by default.
	// Note that cipher suites are prioritized in the given order.
	CipherSuites []uint16

	// MinVersion is the minimum TLS version that is acceptable.
	// If not set, the minimum version is TLS 1.2.
	MinVersion uint16

	// MaxVersion is the maximum TLS version that is acceptable.
	// If not set, the default used by Go is selected (see tls.Config.MaxVersion).
	MaxVersion uint16

	// AllowedCN is a CN which must be provided by a client.
	//
	// Deprecated: use AllowedCNs instead.
	AllowedCN string

	// AllowedHostname is an IP address or hostname that must match the TLS
	// certificate provided by a client.
	//
	// Deprecated: use AllowedHostnames instead.
	AllowedHostname string

	// AllowedCNs is a list of acceptable CNs which must be provided by a client.
	AllowedCNs []string

	// AllowedHostnames is a list of acceptable IP addresses or hostnames that must match the
	// TLS certificate provided by a client.
	AllowedHostnames []string

	// Logger logs TLS errors.
	// If nil, all logs are discarded.
	Logger *zap.Logger

	// EmptyCN indicates that the cert must have empty CN.
	// If true, ClientConfig() will return an error for a cert with non empty CN.
	EmptyCN bool
	// contains filtered or unexported fields
}

func SelfCert 

func SelfCert(lg *zap.Logger, dirpath string, hosts []string, selfSignedCertValidity uint, additionalUsages ...x509.ExtKeyUsage) (info TLSInfo, err error)

func (TLSInfo) ClientConfig 

func (info TLSInfo) ClientConfig() (*tls.Config, error)

ClientConfig generates a tls.Config object for use by an HTTP client.

func (TLSInfo) Empty 

func (info TLSInfo) Empty() bool

func (TLSInfo) ServerConfig 

func (info TLSInfo) ServerConfig() (*tls.Config, error)

ServerConfig generates a tls.Config object for use by an HTTP server.

func (TLSInfo) String 

func (info TLSInfo) String() string

Source Files

doc.go keepalive_listener.go keepalive_listener_unix.go limit_listen.go listener.go listener_opts.go listener_tls.go sockopt.go sockopt_unix.go timeout_conn.go timeout_dialer.go timeout_listener.go timeout_transport.go tls.go transport.go unix_listener.go

Version
v3.5.18 (latest)
Published
Jan 24, 2025
Platform
linux/amd64
Imports
24 packages
Last checked
4 days ago

Tools for package owners.