// Init creates new listeners for the server. // TODO: Clean up the fact that socketGroup and tlsConfig aren't always used. func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) { ls := []net.Listener{} switch proto { case "fd": fds, err := listenFD(addr, tlsConfig) if err != nil { return nil, err } ls = append(ls, fds...) case "tcp": l, err := sockets.NewTCPSocket(addr, tlsConfig) if err != nil { return nil, err } ls = append(ls, l) case "unix": l, err := sockets.NewUnixSocket(addr, socketGroup) if err != nil { return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err) } ls = append(ls, l) default: return nil, fmt.Errorf("invalid protocol format: %q", proto) } return ls, nil }
func (s *Server) initTCPSocket(addr string) (l net.Listener, err error) { if s.cfg.TLSConfig == nil || s.cfg.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert { glog.Warning("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") } if l, err = sockets.NewTCPSocket(addr, s.cfg.TLSConfig); err != nil { return nil, err } return l, nil }
func newTCPListener(address string, pluginName string, tlsConfig *tls.Config) (net.Listener, string, error) { listener, err := sockets.NewTCPSocket(address, tlsConfig) if err != nil { return nil, "", err } spec, err := writeSpec(pluginName, listener.Addr().String()) if err != nil { return nil, "", err } return listener, spec, nil }
func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) { if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert { logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") } if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil { return nil, err } if err := allocateDaemonPort(addr); err != nil { return nil, err } return }
func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) { if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert { // TODO: Move this outside pkg/listeners since it's Docker-specific. // ... and slightly scary. logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") } if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil { return nil, err } if err := allocateDaemonPort(addr); err != nil { return nil, err } return }
func newTCPListener( volumeDriverName string, address string, ) (net.Listener, string, error) { listener, err := sockets.NewTCPSocket(address, nil) if err != nil { return nil, "", err } spec, err := writeSpec(volumeDriverName, listener.Addr().String()) if err != nil { return nil, "", err } return listener, spec, nil }
// Init creates new listeners for the server. func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) { ls := []net.Listener{} switch proto { case "tcp": l, err := sockets.NewTCPSocket(addr, tlsConfig) if err != nil { return nil, err } ls = append(ls, l) case "npipe": // allow Administrators and SYSTEM, plus whatever additional users or groups were specified sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)" if socketGroup != "" { for _, g := range strings.Split(socketGroup, ",") { sid, err := winio.LookupSidByName(g) if err != nil { return nil, err } sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid) } } c := winio.PipeConfig{ SecurityDescriptor: sddl, MessageMode: true, // Use message mode so that CloseWrite() is supported InputBufferSize: 65536, // Use 64KB buffers to improve performance OutputBufferSize: 65536, } l, err := winio.ListenPipe(addr, &c) if err != nil { return nil, err } ls = append(ls, l) default: return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe") } return ls, nil }