Just as a follow-up, I think the answer to this question is to fork the net/http library to add a line that handles an error type ErrIgnore without the ramifications of a temporary error. With all the good and bad that it entails (for this use case, it should be fine).
This is just a niche use case, I can't imagine a change to support this getting into the net/http package. On Monday, March 28, 2022 at 8:28:31 PM UTC-7 John wrote: > Hey Sean and Robert, > > Thanks for the suggestions. > > I can see how the temporary error would work, but as Sean is saying, this > is going to add delays that are going to go against what I'm wanting to do. > > Sean, I'm not sure I understand the part about looping my code. Here is a > sample on the playground, is it possible you can show me what I'm missing: > https://go.dev/play/p/_B4jkTzWcS0 > > Cheers. > > On Mon, Mar 28, 2022 at 4:47 PM 'Sean Liao' via golang-nuts < > golan...@googlegroups.com> wrote: > >> abusing temporary delays like that could result in unpredictable >> performance with up to a second between accepts, not something you want if >> you are flooded with things you want to deny (which is what an ACL is for). >> >> On Mon, Mar 28, 2022, 23:46 robert engels <ren...@ix.netcom.com> wrote: >> >>> You just need to return a temporary error. It should not be exiting >>> anyway - unless the “done” channel is valid. >>> >>> ctx := context.WithValue(baseCtx, ServerContextKey, srv) >>> for { >>> rw, err := l.Accept() >>> if err != nil { >>> select { >>> case <-srv.getDoneChan(): >>> return ErrServerClosed >>> default: >>> } >>> if ne, ok := err.(net.Error); ok && ne.Temporary() { >>> if tempDelay == 0 { >>> tempDelay = 5 * time.Millisecond >>> } else { >>> tempDelay *= 2 >>> } >>> if max := 1 * time.Second; tempDelay > max { >>> tempDelay = max >>> } >>> srv.logf("http: Accept error: %v; retrying in >>> %v", err, tempDelay) >>> time.Sleep(tempDelay) >>> continue >>> } >>> return err >>> } >>> >>> >>> >>> On Mar 28, 2022, at 5:35 PM, 'Sean Liao' via golang-nuts < >>> golan...@googlegroups.com> wrote: >>> >>> I would just add a for loop around your code and only return when you >>> have a connection you want to allow, otherwise just log / pass the error >>> elsewhere. >>> >>> >>> On Mon, Mar 28, 2022 at 11:26 PM John <johns...@gmail.com> wrote: >>> >>>> I'm looking to satisfy this: >>>> >>>> - If you are in an ACL, you can make a TLS connection >>>> - If you are not in an ACL, you can only a TCP connection, but not >>>> a TLS connection* >>>> >>>> ** It would be better if it didn't honor TCP either, unless it is a >>>> health probe* >>>> >>>> Basically I want to move my denials into the listener and not in the >>>> http.Server handlers. >>>> >>>> I thought I was clever recently, trying to do this with: >>>> >>>> func (a *aclListener) Accept() (net.Conn, error) { >>>> conn, err := a.ln.Accept() >>>> if err != nil { >>>> return nil, err >>>> } >>>> >>>> host, _, err := net.SplitHostPort(conn.RemoteAddr().String()) >>>> if err != nil { >>>> return nil, fmt.Errorf("connection's remote address(%s) could not be >>>> split: %s", conn.RemoteAddr().String(), err) >>>> } >>>> >>>> // The probe connected, so close the connection and exit. >>>> if a.acls.isProbe(host) { >>>> log.Printf("TCP probe(%s) connection", host) >>>> conn.Close() >>>> return nil, ErrIsProbe >>>> } >>>> >>>> // Block anything that isn't in our ACL. >>>> if err := a.acls.ipAuth(host); err != nil { >>>> return nil, err >>>> } >>>> log.Println("accepting connection from: ", conn.RemoteAddr().String()) >>>> return conn, nil >>>> } >>>> >>>> aclListener implements a net.Listener and I was going to allow the TCP >>>> probe from this >>>> health service, but nothing more (like seeing the TLS header). >>>> However, it turns out erroring on an Accept() will cause the >>>> http.Server to stop. >>>> >>>> Of course, if this code did work, the difference between the prober and >>>> non-ACL connections is the same, they both can get the TCP socket >>>> before being denied. >>>> >>>> Does anyone know if I can achieve this in my code without getting super >>>> hacky? I can see >>>> some ways to that, but figured someone here might have done this in a >>>> simple way. >>>> >>>> Cheers and thanks. >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "golang-nuts" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to golang-nuts...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "golang-nuts" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to golang-nuts...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >> > You received this message because you are subscribed to a topic in the >> Google Groups "golang-nuts" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/golang-nuts/tqT_Cv574rU/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> golang-nuts...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/CAGabyPoLQr5Te5VxXpyvoZn4Cs3Lh64GKPWk%2Bk-LyQNA3KnS1w%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/golang-nuts/CAGabyPoLQr5Te5VxXpyvoZn4Cs3Lh64GKPWk%2Bk-LyQNA3KnS1w%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > John Doak > www.obscuredworld.com > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/6658c50a-32c9-4f6d-a713-e84a97c56868n%40googlegroups.com.
