I would just add a for loop around your code and only return when you have a connection you want to allow, otherwise just log / pass the error elsewhere.
On Mon, Mar 28, 2022 at 11:26 PM John <johnsiil...@gmail.com> wrote: > I'm looking to satisfy this: > > - If you are in an ACL, you can make a TLS connection > - If you are not in an ACL, you can only a TCP connection, but not a > TLS connection* > > ** It would be better if it didn't honor TCP either, unless it is a health > probe* > > Basically I want to move my denials into the listener and not in the > http.Server handlers. > > I thought I was clever recently, trying to do this with: > > func (a *aclListener) Accept() (net.Conn, error) { > conn, err := a.ln.Accept() > if err != nil { > return nil, err > } > > host, _, err := net.SplitHostPort(conn.RemoteAddr().String()) > if err != nil { > return nil, fmt.Errorf("connection's remote address(%s) could not be > split: %s", conn.RemoteAddr().String(), err) > } > > // The probe connected, so close the connection and exit. > if a.acls.isProbe(host) { > log.Printf("TCP probe(%s) connection", host) > conn.Close() > return nil, ErrIsProbe > } > > // Block anything that isn't in our ACL. > if err := a.acls.ipAuth(host); err != nil { > return nil, err > } > log.Println("accepting connection from: ", conn.RemoteAddr().String()) > return conn, nil > } > > aclListener implements a net.Listener and I was going to allow the TCP > probe from this > health service, but nothing more (like seeing the TLS header). > However, it turns out erroring on an Accept() will cause the http.Server > to stop. > > Of course, if this code did work, the difference between the prober and > non-ACL connections is the same, they both can get the TCP socket before > being denied. > > Does anyone know if I can achieve this in my code without getting super > hacky? I can see > some ways to that, but figured someone here might have done this in a > simple way. > > Cheers and thanks. > > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com.