You just need to return a temporary error. It should not be exiting anyway -
unless the “done” channel is valid.
ctx := context.WithValue(baseCtx, ServerContextKey, srv)
for {
rw, err := l.Accept()
if err != nil {
select {
case <-srv.getDoneChan():
return ErrServerClosed
default:
}
if ne, ok := err.(net.Error); ok && ne.Temporary() {
if tempDelay == 0 {
tempDelay = 5 * time.Millisecond
} else {
tempDelay *= 2
}
if max := 1 * time.Second; tempDelay > max {
tempDelay = max
}
srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay)
time.Sleep(tempDelay)
continue
}
return err
}
> On Mar 28, 2022, at 5:35 PM, 'Sean Liao' via golang-nuts
> <golang-nuts@googlegroups.com> wrote:
>
> I would just add a for loop around your code and only return when you have a
> connection you want to allow, otherwise just log / pass the error elsewhere.
>
>
> On Mon, Mar 28, 2022 at 11:26 PM John <johnsiil...@gmail.com
> <mailto:johnsiil...@gmail.com>> wrote:
> I'm looking to satisfy this:
> If you are in an ACL, you can make a TLS connection
> If you are not in an ACL, you can only a TCP connection, but not a TLS
> connection*
> * It would be better if it didn't honor TCP either, unless it is a health
> probe
>
> Basically I want to move my denials into the listener and not in the
> http.Server handlers.
>
> I thought I was clever recently, trying to do this with:
>
> func (a *aclListener) Accept() (net.Conn, error) {
> conn, err := a.ln.Accept()
> if err != nil {
> return nil, err
> }
>
> host, _, err := net.SplitHostPort(conn.RemoteAddr().String())
> if err != nil {
> return nil, fmt.Errorf("connection's remote address(%s) could
> not be split: %s", conn.RemoteAddr().String(), err)
> }
>
> // The probe connected, so close the connection and exit.
> if a.acls.isProbe(host) {
> log.Printf("TCP probe(%s) connection", host)
> conn.Close()
> return nil, ErrIsProbe
> }
>
> // Block anything that isn't in our ACL.
> if err := a.acls.ipAuth(host); err != nil {
> return nil, err
> }
> log.Println("accepting connection from: ", conn.RemoteAddr().String())
> return conn, nil
> }
>
> aclListener implements a net.Listener and I was going to allow the TCP probe
> from this
> health service, but nothing more (like seeing the TLS header).
> However, it turns out erroring on an Accept() will cause the http.Server to
> stop.
>
> Of course, if this code did work, the difference between the prober and
> non-ACL connections is the same, they both can get the TCP socket before
> being denied.
>
> Does anyone know if I can achieve this in my code without getting super
> hacky? I can see
> some ways to that, but figured someone here might have done this in a simple
> way.
>
> Cheers and thanks.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com
> <mailto:golang-nuts+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com
>
> <https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com
> <mailto:golang-nuts+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com
>
> <https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/67C7E45C-C80C-418B-BA6A-115C969AFD70%40ix.netcom.com.
