Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: allow access to file descriptor for tls.Conn #29257

Open
ja-nixi opened this issue Dec 14, 2018 · 8 comments
Open

proposal: crypto/tls: allow access to file descriptor for tls.Conn #29257

ja-nixi opened this issue Dec 14, 2018 · 8 comments

Comments

@ja-nixi
Copy link

@ja-nixi ja-nixi commented Dec 14, 2018

Currently it is not possible to access FD in tls.Conn
in tls.Conn the underlying net.Conn is not accessible except in ClientHelloInfo

Senario:
in net/http we can't access the FD for https connections but we can access it for http connections
in a WebSocket connection after Hijack, when the connection is http we can use netpoll but when its https we can't

the only workaround right now is using a https to http proxy but it's not efficient as exposing the net.Conn on tls.Conn

/cc @FiloSottile

@ja-nixi

This comment has been minimized.

Copy link
Author

@ja-nixi ja-nixi commented Dec 17, 2018

/cc @bradfitz

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Dec 17, 2018

@odeke-em odeke-em changed the title crypto/tls: allow access to file descriptor for tls.Conn proposal: crypto/tls: allow access to file descriptor for tls.Conn Mar 7, 2019
@gopherbot gopherbot added the Proposal label Mar 7, 2019
@odeke-em

This comment has been minimized.

Copy link
Member

@odeke-em odeke-em commented Mar 7, 2019

I have marked this as a proposal for it to get the proposal treatment.

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Mar 20, 2019

What do you actually want to do with the file descriptor?

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Apr 20, 2019

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@gopherbot gopherbot closed this Apr 20, 2019
@blakerouse

This comment has been minimized.

Copy link

@blakerouse blakerouse commented Jun 1, 2019

It is useful to get the underlying connections file descriptor so that it can be passed into a syscall for epoll. This removes the needed to start a go routine for every websocket connection.

In my concurrent-websocket module I need to do just that so multiple websocket connections can be multiplexed through a pool of goroutines. I am currently working around this issue by using reflect and unsafe, which is really bad!

L26 below shows how I am getting the connection, and you can see on L45 how I pass that connection to netpoll.HandleReadOnce. It still uses the tls.Conn for reading and writing, but needs to pass the underlying connection for epoll to work.

https://github.com/blakerouse/concurrent-websocket/blob/master/channel.go#L26

@wedgeV

This comment has been minimized.

Copy link

@wedgeV wedgeV commented Feb 4, 2020

This is also an issue when using TLS with the new http.Server ConnContext callback, in my case I want to get syscall.TCPInfo for each connection.

http.Server{
	ConnContext: func(ctx context.Context, c net.Conn) context.Context {
		// c is a tls.Conn, with apparently no way to access the actual connection
		return
	},
}
@odeke-em odeke-em reopened this Feb 5, 2020
@gopherbot gopherbot closed this Feb 5, 2020
@odeke-em

This comment has been minimized.

Copy link
Member

@odeke-em odeke-em commented Feb 5, 2020

Gopherbot, this is is still an issue.

@odeke-em odeke-em reopened this Feb 5, 2020
@odeke-em odeke-em modified the milestones: Go1.13, Backlog Feb 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.