-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlistener.go
309 lines (253 loc) · 8.46 KB
/
listener.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
package tlsprotocol
import (
"crypto/tls"
"fmt"
"net"
"os"
"strconv"
"syscall"
)
// Listener is a TLS connection listener
// that supports the use of multiple sockets
// for receiving connections and also supports
// breaking ALPN protocols into specific listeners
type Listener struct {
// BindAddr specifies the hostname or IP address
// and port to bind listening sockets too
BindAddr string
// TLSConfig is the TLS configuration used to
// build the TLS listener sockets, ensure that
// all required protocols are configured otherwise
// the listener will refuse to listen specifically for
// the Protocol and will direct it to the default queue
TLSConfig *tls.Config
// Listeners specifies the number of underlying
// sockets to bind for receiving connections, if
// not set it will default to 1
Listeners int
// BufferSize specifies the size of the connection
// buffer, the bigger the buffer the more connections
// that can be queued to be accepted.
//
// This will default to 1 if unset at Start().
BufferSize int
// workers stores the references to the underlying
// listen workers that listen for connections from
// their socket
workers []*worker
// addr is the parsed BindAddr as a
// net.Addr struct
addr net.Addr
// sockAddr is the parsed BindAddr as
// a socket address
sockAddr syscall.Sockaddr
// channels is a map of ALPN Protocol
// names to their Protocol channels
channels map[string]*Protocol
// defaultChannel is the channel that receives
// connections that don't match any of the explicitly
// declared protocols
defaultChannel chan net.Conn
// errors receives errors from listen workers
// and is piped out via the default Accept() handle
errors chan error
}
// Start initialises the TLS listener by spawning
// workers to receive connections and constructs the
// channels to receive default connections and errors
func (listener *Listener) Start() error {
if listener.Listeners == 0 {
listener.Listeners = 1
}
if listener.BufferSize < 1 {
listener.BufferSize = 1
}
listener.workers = make([]*worker, listener.Listeners)
listener.defaultChannel = make(chan net.Conn, listener.BufferSize)
listener.errors = make(chan error, 1)
for i := range listener.workers {
socket, err := listener.buildSocket()
if err != nil {
listener.Stop()
return fmt.Errorf("builder worker socket: %s", err)
}
listener.workers[i] = &worker{
parent: listener,
socket: socket,
}
listener.workers[i].start()
}
return nil
}
// Accept will receive connections from the
// default channel (i.e. connections that didn't
// match an accepted Protocol), it also receives
// all worker errors
func (listener *Listener) Accept() (net.Conn, error) {
select {
case conn, ok := <-listener.defaultChannel:
if !ok {
return nil, fmt.Errorf("accept %s %s: use of closed network connection", listener.addr.Network(), listener.addr.String())
}
return conn, nil
case err := <-listener.errors:
return nil, err
}
}
// Protocol setups a net.Listener to receive all
// TLS connections that match the ALPN Protocol
func (listener *Listener) Protocol(proto string) (net.Listener, error) {
if len(listener.workers) > 0 {
return nil, fmt.Errorf("protocol listener must be created before starting listener")
}
if _, exists := listener.channels[proto]; exists {
return nil, fmt.Errorf("protocol listener already declared for proto: %s", proto)
}
if !listener.protocolConfigured(proto) {
return nil, fmt.Errorf("protocol not specified in the TLS configuration: %s", proto)
}
if listener.channels == nil {
listener.channels = make(map[string]*Protocol, 0)
}
if listener.BufferSize < 1 {
listener.BufferSize = 1
}
listener.channels[proto] = &Protocol{
parent: listener,
proto: proto,
channel: make(chan net.Conn, listener.BufferSize),
}
return listener.channels[proto], nil
}
// Addr returns the address that the
// listener will receive connections on
func (listener *Listener) Addr() net.Addr {
return listener.addr
}
// Close calls the Stop() functions on
// the listener
func (listener *Listener) Close() error {
listener.Stop()
return nil
}
// Stop will stop all the workers before
// closing Protocol listener channels and
// finally closes the default channel
func (listener *Listener) Stop() {
for i := range listener.workers {
if listener.workers[i] != nil {
listener.workers[i].stop()
}
}
for proto := range listener.channels {
listener.channels[proto].Close()
}
if len(listener.defaultChannel) == 1 {
conn := <-listener.defaultChannel
conn.Close()
}
close(listener.defaultChannel)
listener.workers = nil
listener.channels = nil
listener.sockAddr = nil
}
// protocolConfigured checks if the provided ALPN Protocol
// has been specified in the `NextProtos` sections of the
// TLS configuration
func (listener *Listener) protocolConfigured(proto string) bool {
for i := range listener.TLSConfig.NextProtos {
if listener.TLSConfig.NextProtos[i] == proto {
return true
}
}
return false
}
// connectionReceived is called by works to send
// connections up to the parent listener for the
// connection to be sorted into a channel based on
// the negotiated ALPN Protocol
func (listener *Listener) connectionReceived(conn net.Conn) {
tlsConn := conn.(*tls.Conn)
if err := tlsConn.Handshake(); err != nil {
tlsConn.Close()
return
}
if proto, ok := listener.channels[tlsConn.ConnectionState().NegotiatedProtocol]; ok && tlsConn.ConnectionState().NegotiatedProtocolIsMutual {
proto.channel <- tlsConn
} else {
listener.defaultChannel <- tlsConn
}
}
// getSocketAddress will parse the `BindAddr` into
// a socket address that a socket can be bound to,
// `BindAddr` is only parsed once and then stored in
// the listener struct to prevent excess operations
func (listener *Listener) getSocketAddress() (syscall.Sockaddr, error) {
if listener.sockAddr != nil {
return listener.sockAddr, nil
}
host, port, err := net.SplitHostPort(listener.BindAddr)
if err != nil {
return nil, fmt.Errorf("split listener address to host and port: %s", err)
}
portInt, err := strconv.ParseInt(port, 10, 16)
if err != nil {
return nil, fmt.Errorf("parse listener address port to int: %s", err)
}
addr, err := net.ResolveIPAddr("ip", host)
if err != nil {
return nil, fmt.Errorf("resolove listener address: %s", err)
}
switch len(addr.IP) {
case net.IPv4len:
ip := [4]byte{}
copy(ip[:], addr.IP)
listener.sockAddr = &syscall.SockaddrInet4{Addr: ip, Port: int(portInt)}
case net.IPv6len:
ip := [16]byte{}
copy(ip[:], addr.IP)
listener.sockAddr = &syscall.SockaddrInet6{Addr: ip, Port: int(portInt)}
default:
return nil, fmt.Errorf("invalid IP address length: %d", len(addr.IP))
}
listener.addr = &net.TCPAddr{IP: addr.IP, Zone: addr.Zone, Port: int(portInt)}
return listener.sockAddr, nil
}
// buildSocket opens a socket in the kernel,
// sets the socket options to allow multiple binds,
// binds the socket and finally starts it listening
func (listener *Listener) buildSocket() (net.Listener, error) {
socketAddress, err := listener.getSocketAddress()
if err != nil {
return nil, fmt.Errorf("get socket address for bind: %s", err)
}
inetFamily := syscall.AF_INET
if _, ok := socketAddress.(*syscall.SockaddrInet6); ok {
inetFamily = syscall.AF_INET6
}
fileDescriptor, err := syscall.Socket(inetFamily, syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
if err != nil {
return nil, fmt.Errorf("unable to create socket in kernel: %s", err)
}
defer syscall.Close(fileDescriptor)
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1); err != nil {
return nil, fmt.Errorf("failed to set SO_REUSEADDR on socket: %s", err)
}
if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, so_reuseport, 1); err != nil {
return nil, fmt.Errorf("failed to set SO_REUSEPORT on socket: %s", err)
}
if err = syscall.SetNonblock(fileDescriptor, true); err != nil {
return nil, fmt.Errorf("failed to set non-blocking on socket: %s", err)
}
if err = syscall.Bind(fileDescriptor, socketAddress); err != nil {
return nil, fmt.Errorf("failed to bind socket to address: %s", err)
}
if err = syscall.Listen(fileDescriptor, syscall.SOMAXCONN); err != nil {
return nil, fmt.Errorf("failed to start listening for socket: %s", err)
}
socket, err := net.FileListener(os.NewFile(uintptr(fileDescriptor), "tls-Protocol-listener"))
if err != nil {
return nil, fmt.Errorf("failed to convert file descriptor to listener: %s", err)
}
return tls.NewListener(socket, listener.TLSConfig), nil
}