Ignore that last part - just use a “temporary” error.
> On Mar 28, 2022, at 5:46 PM, robert engels <reng...@ix.netcom.com> wrote:
>
> You just need to return a temporary error. It should not be exiting anyway -
> unless the “done” channel is valid.
>
> ctx := context.WithValue(baseCtx, ServerContextKey, srv)
> for {
> rw, err := l.Accept()
> if err != nil {
> select {
> case <-srv.getDoneChan():
> return ErrServerClosed
> default:
> }
> if ne, ok := err.(net.Error); ok && ne.Temporary() {
> if tempDelay == 0 {
> tempDelay = 5 * time.Millisecond
> } else {
> tempDelay *= 2
> }
> if max := 1 * time.Second; tempDelay > max {
> tempDelay = max
> }
> srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay)
> time.Sleep(tempDelay)
> continue
> }
> return err
> }
>
>
>
>> On Mar 28, 2022, at 5:35 PM, 'Sean Liao' via golang-nuts
>> <golang-nuts@googlegroups.com <mailto:golang-nuts@googlegroups.com>> wrote:
>>
>> I would just add a for loop around your code and only return when you have a
>> connection you want to allow, otherwise just log / pass the error elsewhere.
>>
>>
>> On Mon, Mar 28, 2022 at 11:26 PM John <johnsiil...@gmail.com
>> <mailto:johnsiil...@gmail.com>> wrote:
>> I'm looking to satisfy this:
>> If you are in an ACL, you can make a TLS connection
>> If you are not in an ACL, you can only a TCP connection, but not a TLS
>> connection*
>> * It would be better if it didn't honor TCP either, unless it is a health
>> probe
>>
>> Basically I want to move my denials into the listener and not in the
>> http.Server handlers.
>>
>> I thought I was clever recently, trying to do this with:
>>
>> func (a *aclListener) Accept() (net.Conn, error) {
>> conn, err := a.ln.Accept()
>> if err != nil {
>> return nil, err
>> }
>>
>> host, _, err := net.SplitHostPort(conn.RemoteAddr().String())
>> if err != nil {
>> return nil, fmt.Errorf("connection's remote address(%s) could
>> not be split: %s", conn.RemoteAddr().String(), err)
>> }
>>
>> // The probe connected, so close the connection and exit.
>> if a.acls.isProbe(host) {
>> log.Printf("TCP probe(%s) connection", host)
>> conn.Close()
>> return nil, ErrIsProbe
>> }
>>
>> // Block anything that isn't in our ACL.
>> if err := a.acls.ipAuth(host); err != nil {
>> return nil, err
>> }
>> log.Println("accepting connection from: ", conn.RemoteAddr().String())
>> return conn, nil
>> }
>>
>> aclListener implements a net.Listener and I was going to allow the TCP probe
>> from this
>> health service, but nothing more (like seeing the TLS header).
>> However, it turns out erroring on an Accept() will cause the http.Server to
>> stop.
>>
>> Of course, if this code did work, the difference between the prober and
>> non-ACL connections is the same, they both can get the TCP socket before
>> being denied.
>>
>> Does anyone know if I can achieve this in my code without getting super
>> hacky? I can see
>> some ways to that, but figured someone here might have done this in a simple
>> way.
>>
>> Cheers and thanks.
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golang-nuts+unsubscr...@googlegroups.com
>> <mailto:golang-nuts+unsubscr...@googlegroups.com>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/golang-nuts/4ab235c1-ab52-42de-a22a-a31bde21eb0cn%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golang-nuts+unsubscr...@googlegroups.com
>> <mailto:golang-nuts+unsubscr...@googlegroups.com>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com
>>
>> <https://groups.google.com/d/msgid/golang-nuts/CAGabyPowCpbccC3Hr1_QYqC0qJnqsbP8W9C7z%3DU%2BPdD_%3DWxEpQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/52002221-32D8-4236-9266-845732E3D5FC%40ix.netcom.com.
