Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: allow access to file descriptor for tls.Conn #29257

Open
ja-nixi opened this issue Dec 14, 2018 · 18 comments
Open

proposal: crypto/tls: allow access to file descriptor for tls.Conn #29257

ja-nixi opened this issue Dec 14, 2018 · 18 comments

Comments

@ja-nixi
Copy link

@ja-nixi ja-nixi commented Dec 14, 2018

Currently it is not possible to access FD in tls.Conn
in tls.Conn the underlying net.Conn is not accessible except in ClientHelloInfo

Senario:
in net/http we can't access the FD for https connections but we can access it for http connections
in a WebSocket connection after Hijack, when the connection is http we can use netpoll but when its https we can't

the only workaround right now is using a https to http proxy but it's not efficient as exposing the net.Conn on tls.Conn

/cc @FiloSottile

@ja-nixi
Copy link
Author

@ja-nixi ja-nixi commented Dec 17, 2018

/cc @bradfitz

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Dec 17, 2018

@odeke-em odeke-em changed the title crypto/tls: allow access to file descriptor for tls.Conn proposal: crypto/tls: allow access to file descriptor for tls.Conn Mar 7, 2019
@gopherbot gopherbot added the Proposal label Mar 7, 2019
@odeke-em
Copy link
Member

@odeke-em odeke-em commented Mar 7, 2019

I have marked this as a proposal for it to get the proposal treatment.

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Mar 20, 2019

What do you actually want to do with the file descriptor?

@gopherbot
Copy link

@gopherbot gopherbot commented Apr 20, 2019

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@gopherbot gopherbot closed this Apr 20, 2019
@blakerouse
Copy link

@blakerouse blakerouse commented Jun 1, 2019

It is useful to get the underlying connections file descriptor so that it can be passed into a syscall for epoll. This removes the needed to start a go routine for every websocket connection.

In my concurrent-websocket module I need to do just that so multiple websocket connections can be multiplexed through a pool of goroutines. I am currently working around this issue by using reflect and unsafe, which is really bad!

L26 below shows how I am getting the connection, and you can see on L45 how I pass that connection to netpoll.HandleReadOnce. It still uses the tls.Conn for reading and writing, but needs to pass the underlying connection for epoll to work.

https://github.com/blakerouse/concurrent-websocket/blob/master/channel.go#L26

@wedgeV
Copy link

@wedgeV wedgeV commented Feb 4, 2020

This is also an issue when using TLS with the new http.Server ConnContext callback, in my case I want to get syscall.TCPInfo for each connection.

http.Server{
	ConnContext: func(ctx context.Context, c net.Conn) context.Context {
		// c is a tls.Conn, with apparently no way to access the actual connection
		return
	},
}
@odeke-em odeke-em reopened this Feb 5, 2020
@gopherbot gopherbot closed this Feb 5, 2020
@odeke-em
Copy link
Member

@odeke-em odeke-em commented Feb 5, 2020

Gopherbot, this is is still an issue.

@odeke-em odeke-em reopened this Feb 5, 2020
@odeke-em odeke-em modified the milestones: Go1.13, Backlog Feb 5, 2020
@francisxia719
Copy link

@francisxia719 francisxia719 commented May 21, 2020

I also need to access FD

@tomerBZ
Copy link

@tomerBZ tomerBZ commented May 25, 2020

Same issue here +1
The file descriptor is needed when working with epoll WebSocket

@jtorvald
Copy link

@jtorvald jtorvald commented May 26, 2020

+1 same same

@davecheney
Copy link
Contributor

@davecheney davecheney commented May 27, 2020

Friends, rather than saying “I need this”, I’m sure the maintainers would find it vastly more useful to say why you need this. Be as specific and concrete as possible. Try to answer the question if this feature were added these are the specific ways it would enable me to do X which I currently cannot do. Be specific about the X, not just X the feature, but how you would change your code to use X.

Thank you

@lordspace
Copy link

@lordspace lordspace commented Aug 3, 2020

hey, I need this because I am building a static file server and wanted to restart it gracefully without interruption

@davecheney
Copy link
Contributor

@davecheney davecheney commented Aug 3, 2020

@lordspace
Copy link

@lordspace lordspace commented Aug 3, 2020

@davecheney thanks for the link. I think I've seen it but it's still not clear to me how to get the descriptor so I can pass it to the program again when it restarts.

@davecheney
Copy link
Contributor

@davecheney davecheney commented Aug 3, 2020

To use tls.Server you would already hold the net.Conn for the listening socket.

@jtorvald
Copy link

@jtorvald jtorvald commented Aug 3, 2020

@davecheney I believe this is about handling websockets with epoll and working with file descriptors and it tracks back to a comment in this method: https://github.com/blakerouse/concurrent-websocket/blob/master/channel.go#L29
@lordspace probably wants to do something similar to this: https://gravitational.com/blog/golang-ssh-bastion-graceful-restarts/

@lordspace
Copy link

@lordspace lordspace commented Aug 3, 2020

yes, @jtorvald I know the ticket is for something else but I will use the descriptor for something else. The article doesn't cover HTTPS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.