Version: v3.5.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2021 License: Apache-2.0 Imports: 24 Imported by: 46



Package transport implements various HTTP transport utilities based on Go net package.

Package transport provides network utility functions, complementing the more common ones in the net package.



This section is empty.


View Source
var (
	ErrNotTCP = errors.New("only tcp connections have keepalive")


func IsClosedConnError

func IsClosedConnError(err error) bool

IsClosedConnError returns true if the error is from closing listener, cmux. copied from

func LimitListener

func LimitListener(l net.Listener, n int) net.Listener

LimitListener returns a Listener that accepts at most n simultaneous connections from the provided Listener.

func NewKeepAliveListener

func NewKeepAliveListener(l net.Listener, scheme string, tlscfg *tls.Config) (net.Listener, error)

NewKeepAliveListener returns a listener that listens on the given address. Be careful when wrap around KeepAliveListener with another Listener if TLSInfo is not nil. Some pkgs (like go/http) might expect Listener to return TLSConn type to start TLS handshake.

func NewListener

func NewListener(addr, scheme string, tlsinfo *TLSInfo) (l net.Listener, err error)

NewListener creates a new listner.

func NewListenerWithOpts

func NewListenerWithOpts(addr, scheme string, opts ...ListenerOption) (net.Listener, error)

NewListenerWithOpts creates a new listener which accpets listener options.

func NewTLSListener

func NewTLSListener(l net.Listener, tlsinfo *TLSInfo) (net.Listener, error)

NewTLSListener handshakes TLS connections and performs optional CRL checking.

func NewTimeoutListener

func NewTimeoutListener(addr string, scheme string, tlsinfo *TLSInfo, readTimeout, writeTimeout time.Duration) (net.Listener, error)

NewTimeoutListener returns a listener that listens on the given address. If read/write on the accepted connection blocks longer than its time limit, it will return timeout error.

func NewTimeoutTransport

func NewTimeoutTransport(info TLSInfo, dialtimeoutd, rdtimeoutd, wtimeoutd time.Duration) (*http.Transport, error)

NewTimeoutTransport returns a transport created using the given TLS info. If read/write on the created connection blocks longer than its time limit, it will return timeout error. If read/write timeout is set, transport will not be able to reuse connection.

func NewTransport

func NewTransport(info TLSInfo, dialtimeoutd time.Duration) (*http.Transport, error)

func NewUnixListener

func NewUnixListener(addr string) (net.Listener, error)

func ValidateSecureEndpoints

func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error)

ValidateSecureEndpoints scans the given endpoints against tls info, returning only those endpoints that could be validated as secure.


type Controls

type Controls []func(network, addr string, conn syscall.RawConn) error

func (Controls) Control

func (ctls Controls) Control(network, addr string, conn syscall.RawConn) error

type ListenerOption

type ListenerOption func(*ListenerOptions)

ListenerOption are options which can be applied to the listener.

func WithSkipTLSInfoCheck

func WithSkipTLSInfoCheck(skip bool) ListenerOption

WithSkipTLSInfoCheck when true a transport can be created with an https scheme without passing TLSInfo, circumventing not presented error. Skipping this check also requires that TLSInfo is not passed.

func WithSocketOpts

func WithSocketOpts(s *SocketOpts) ListenerOption

WithSocketOpts defines socket options that will be applied to the listener.

func WithTLSInfo

func WithTLSInfo(t *TLSInfo) ListenerOption

WithTLSInfo adds TLS credentials to the listener.

func WithTimeout

func WithTimeout(read, write time.Duration) ListenerOption

WithTimeout allows for a read or write timeout to be applied to the listener.

type ListenerOptions

type ListenerOptions struct {
	Listener     net.Listener
	ListenConfig net.ListenConfig
	// contains filtered or unexported fields

func (*ListenerOptions) IsSocketOpts

func (lo *ListenerOptions) IsSocketOpts() bool

IsSocketOpts returns true if the listener options includes socket options.

func (*ListenerOptions) IsTLS

func (lo *ListenerOptions) IsTLS() bool

IsTLS returns true if listner options includes TLSInfo.

func (*ListenerOptions) IsTimeout

func (lo *ListenerOptions) IsTimeout() bool

IsTimeout returns true if the listener has a read/write timeout defined.

type SocketOpts

type SocketOpts struct {
	// ReusePort enables socket option SO_REUSEPORT [1] which allows rebind of
	// a port already in use. User should keep in mind that flock can fail
	// in which case lock on data file could result in unexpected
	// condition. User should take caution to protect against lock race.
	// [1]
	ReusePort bool
	// ReuseAddress enables a socket option SO_REUSEADDR which allows
	// binding to an address in `TIME_WAIT` state. Useful to improve MTTR
	// in cases where etcd slow to restart due to excessive `TIME_WAIT`.
	// [1]
	ReuseAddress bool

func (*SocketOpts) Empty

func (sopts *SocketOpts) Empty() bool

type TLSInfo

type TLSInfo struct {
	// CertFile is the _server_ cert, it will also be used as a _client_ certificate if ClientCertFile is empty
	CertFile string
	// KeyFile is the key for the CertFile
	KeyFile string
	// ClientCertFile is a _client_ cert for initiating connections when ClientCertAuth is defined. If ClientCertAuth
	// is true but this value is empty, the CertFile will be used instead.
	ClientCertFile string
	// ClientKeyFile is the key for the ClientCertFile
	ClientKeyFile string

	TrustedCAFile       string
	ClientCertAuth      bool
	CRLFile             string
	InsecureSkipVerify  bool
	SkipClientSANVerify bool

	// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
	ServerName string

	// HandshakeFailure is optionally called when a connection fails to handshake. The
	// connection will be closed immediately afterwards.
	HandshakeFailure func(*tls.Conn, error)

	// CipherSuites is a list of supported cipher suites.
	// If empty, Go auto-populates it by default.
	// Note that cipher suites are prioritized in the given order.
	CipherSuites []uint16

	// AllowedCN is a CN which must be provided by a client.
	AllowedCN string

	// AllowedHostname is an IP address or hostname that must match the TLS
	// certificate provided by a client.
	AllowedHostname string

	// Logger logs TLS errors.
	// If nil, all logs are discarded.
	Logger *zap.Logger

	// EmptyCN indicates that the cert must have empty CN.
	// If true, ClientConfig() will return an error for a cert with non empty CN.
	EmptyCN bool
	// contains filtered or unexported fields

func SelfCert

func SelfCert(lg *zap.Logger, dirpath string, hosts []string, selfSignedCertValidity uint, additionalUsages ...x509.ExtKeyUsage) (info TLSInfo, err error)

func (TLSInfo) ClientConfig

func (info TLSInfo) ClientConfig() (*tls.Config, error)

ClientConfig generates a tls.Config object for use by an HTTP client.

func (TLSInfo) Empty

func (info TLSInfo) Empty() bool

func (TLSInfo) ServerConfig

func (info TLSInfo) ServerConfig() (*tls.Config, error)

ServerConfig generates a tls.Config object for use by an HTTP server.

func (TLSInfo) String

func (info TLSInfo) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL