// Init creates new listeners for the server.
// TODO: Clean up the fact that socketGroup and tlsConfig aren't always used.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
ls := []net.Listener{}
switch proto {
case "fd":
fds, err := listenFD(addr, tlsConfig)
if err != nil {
return nil, err
}
ls = append(ls, fds...)
case "tcp":
l, err := sockets.NewTCPSocket(addr, tlsConfig)
if err != nil {
return nil, err
}
ls = append(ls, l)
case "unix":
l, err := sockets.NewUnixSocket(addr, socketGroup)
if err != nil {
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
}
ls = append(ls, l)
default:
return nil, fmt.Errorf("invalid protocol format: %q", proto)
}
return ls, nil
}
func (s *Server) initTCPSocket(addr string) (l net.Listener, err error) {
if s.cfg.TLSConfig == nil || s.cfg.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert {
glog.Warning("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
}
if l, err = sockets.NewTCPSocket(addr, s.cfg.TLSConfig); err != nil {
return nil, err
}
return l, nil
}
func newTCPListener(address string, pluginName string, tlsConfig *tls.Config) (net.Listener, string, error) {
listener, err := sockets.NewTCPSocket(address, tlsConfig)
if err != nil {
return nil, "", err
}
spec, err := writeSpec(pluginName, listener.Addr().String())
if err != nil {
return nil, "", err
}
return listener, spec, nil
}
func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) {
if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert {
logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
}
if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil {
return nil, err
}
if err := allocateDaemonPort(addr); err != nil {
return nil, err
}
return
}
func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) {
if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert {
// TODO: Move this outside pkg/listeners since it's Docker-specific.
// ... and slightly scary.
logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
}
if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil {
return nil, err
}
if err := allocateDaemonPort(addr); err != nil {
return nil, err
}
return
}
func newTCPListener(
volumeDriverName string,
address string,
) (net.Listener, string, error) {
listener, err := sockets.NewTCPSocket(address, nil)
if err != nil {
return nil, "", err
}
spec, err := writeSpec(volumeDriverName, listener.Addr().String())
if err != nil {
return nil, "", err
}
return listener, spec, nil
}
// Init creates new listeners for the server.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
ls := []net.Listener{}
switch proto {
case "tcp":
l, err := sockets.NewTCPSocket(addr, tlsConfig)
if err != nil {
return nil, err
}
ls = append(ls, l)
case "npipe":
// allow Administrators and SYSTEM, plus whatever additional users or groups were specified
sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)"
if socketGroup != "" {
for _, g := range strings.Split(socketGroup, ",") {
sid, err := winio.LookupSidByName(g)
if err != nil {
return nil, err
}
sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid)
}
}
c := winio.PipeConfig{
SecurityDescriptor: sddl,
MessageMode: true, // Use message mode so that CloseWrite() is supported
InputBufferSize: 65536, // Use 64KB buffers to improve performance
OutputBufferSize: 65536,
}
l, err := winio.ListenPipe(addr, &c)
if err != nil {
return nil, err
}
ls = append(ls, l)
default:
return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")
}
return ls, nil
}