-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
safesocket.go
113 lines (98 loc) · 3.26 KB
/
safesocket.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// Package safesocket creates either a Unix socket, if possible, or
// otherwise a localhost TCP connection.
package safesocket
import (
"context"
"errors"
"net"
"runtime"
"time"
)
type closeable interface {
CloseRead() error
CloseWrite() error
}
// ConnCloseRead calls c's CloseRead method. c is expected to be
// either a UnixConn or TCPConn as returned from this package.
func ConnCloseRead(c net.Conn) error {
return c.(closeable).CloseRead()
}
// ConnCloseWrite calls c's CloseWrite method. c is expected to be
// either a UnixConn or TCPConn as returned from this package.
func ConnCloseWrite(c net.Conn) error {
return c.(closeable).CloseWrite()
}
var processStartTime = time.Now()
var tailscaledProcExists = func() bool { return false } // set by safesocket_ps.go
// tailscaledStillStarting reports whether tailscaled is probably
// still starting up. That is, it reports whether the caller should
// keep retrying to connect.
func tailscaledStillStarting() bool {
d := time.Since(processStartTime)
if d < 2*time.Second {
// Without even checking the process table, assume
// that for the first two seconds that tailscaled is
// probably still starting. That is, assume they're
// running "tailscaled & tailscale up ...." and make
// the tailscale client block for a bit for tailscaled
// to start accepting on the socket.
return true
}
if d > 5*time.Second {
return false
}
return tailscaledProcExists()
}
// ConnectContext connects to tailscaled using a unix socket or named pipe.
func ConnectContext(ctx context.Context, path string) (net.Conn, error) {
for {
c, err := connect(ctx, path)
if err != nil && tailscaledStillStarting() {
if ctx.Err() != nil {
return nil, ctx.Err()
}
time.Sleep(250 * time.Millisecond)
continue
}
return c, err
}
}
// Connect connects to tailscaled using a unix socket or named pipe.
// Deprecated: use ConnectContext instead.
func Connect(path string) (net.Conn, error) {
return ConnectContext(context.Background(), path)
}
// Listen returns a listener either on Unix socket path (on Unix), or
// the NamedPipe path (on Windows).
func Listen(path string) (net.Listener, error) {
return listen(path)
}
var (
ErrTokenNotFound = errors.New("no token found")
ErrNoTokenOnOS = errors.New("no token on " + runtime.GOOS)
)
var localTCPPortAndToken func() (port int, token string, err error)
// LocalTCPPortAndToken returns the port number and auth token to connect to
// the local Tailscale daemon. It's currently only applicable on macOS
// when tailscaled is being run in the Mac Sandbox from the App Store version
// of Tailscale.
func LocalTCPPortAndToken() (port int, token string, err error) {
if localTCPPortAndToken == nil {
return 0, "", ErrNoTokenOnOS
}
return localTCPPortAndToken()
}
// PlatformUsesPeerCreds reports whether the current platform uses peer credentials
// to authenticate connections.
func PlatformUsesPeerCreds() bool { return GOOSUsesPeerCreds(runtime.GOOS) }
// GOOSUsesPeerCreds is like PlatformUsesPeerCreds but takes a
// runtime.GOOS value instead of using the current one.
func GOOSUsesPeerCreds(goos string) bool {
switch goos {
case "linux", "darwin", "freebsd":
return true
}
return false
}