mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
173 lines
5.1 KiB
Go
173 lines
5.1 KiB
Go
package client
|
|
|
|
import (
|
|
"bufio"
|
|
"context"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"time"
|
|
|
|
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
|
|
)
|
|
|
|
// postHijacked sends a POST request and hijacks the connection.
|
|
func (cli *Client) postHijacked(ctx context.Context, path string, query url.Values, body any, headers map[string][]string) (HijackedResponse, error) {
|
|
jsonBody, err := jsonEncode(body)
|
|
if err != nil {
|
|
return HijackedResponse{}, err
|
|
}
|
|
req, err := cli.buildRequest(ctx, http.MethodPost, cli.getAPIPath(ctx, path, query), jsonBody, headers)
|
|
if err != nil {
|
|
return HijackedResponse{}, err
|
|
}
|
|
conn, mediaType, err := setupHijackConn(cli.dialer(), req, "tcp")
|
|
if err != nil {
|
|
return HijackedResponse{}, err
|
|
}
|
|
|
|
return NewHijackedResponse(conn, mediaType), nil
|
|
}
|
|
|
|
// DialHijack returns a hijacked connection with negotiated protocol proto.
|
|
func (cli *Client) DialHijack(ctx context.Context, url, proto string, meta map[string][]string) (net.Conn, error) {
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, http.NoBody)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req = cli.addHeaders(req, meta)
|
|
|
|
conn, _, err := setupHijackConn(cli.Dialer(), req, proto)
|
|
return conn, err
|
|
}
|
|
|
|
func setupHijackConn(dialer func(context.Context) (net.Conn, error), req *http.Request, proto string) (_ net.Conn, _ string, retErr error) {
|
|
ctx := req.Context()
|
|
req.Header.Set("Connection", "Upgrade")
|
|
req.Header.Set("Upgrade", proto)
|
|
|
|
conn, err := dialer(ctx)
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: %w", err)
|
|
}
|
|
defer func() {
|
|
if retErr != nil {
|
|
_ = conn.Close()
|
|
}
|
|
}()
|
|
|
|
// When we set up a TCP connection for hijack, there could be long periods
|
|
// of inactivity (a long running command with no output) that in certain
|
|
// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
|
|
// state. Setting TCP KeepAlive on the socket connection prohibits
|
|
// ECONNTIMEOUT unless the socket connection truly is broken
|
|
if tcpConn, ok := conn.(*net.TCPConn); ok {
|
|
_ = tcpConn.SetKeepAlive(true)
|
|
_ = tcpConn.SetKeepAlivePeriod(30 * time.Second)
|
|
}
|
|
|
|
hc := &hijackedConn{conn, bufio.NewReader(conn)}
|
|
|
|
// Server hijacks the connection, error 'connection closed' expected
|
|
resp, err := otelhttp.NewTransport(hc).RoundTrip(req)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
if resp.StatusCode != http.StatusSwitchingProtocols {
|
|
_ = resp.Body.Close()
|
|
return nil, "", fmt.Errorf("unable to upgrade to %s, received %d", proto, resp.StatusCode)
|
|
}
|
|
|
|
if hc.r.Buffered() > 0 {
|
|
// If there is buffered content, wrap the connection. We return an
|
|
// object that implements CloseWrite if the underlying connection
|
|
// implements it.
|
|
if _, ok := hc.Conn.(CloseWriter); ok {
|
|
conn = &hijackedConnCloseWriter{hc}
|
|
} else {
|
|
conn = hc
|
|
}
|
|
} else {
|
|
hc.r.Reset(nil)
|
|
}
|
|
|
|
return conn, resp.Header.Get("Content-Type"), nil
|
|
}
|
|
|
|
// hijackedConn wraps a net.Conn and is returned by setupHijackConn in the case
|
|
// that a) there was already buffered data in the http layer when Hijack() was
|
|
// called, and b) the underlying net.Conn does *not* implement CloseWrite().
|
|
// hijackedConn does not implement CloseWrite() either.
|
|
type hijackedConn struct {
|
|
net.Conn
|
|
r *bufio.Reader
|
|
}
|
|
|
|
func (c *hijackedConn) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
if err := req.Write(c.Conn); err != nil {
|
|
return nil, err
|
|
}
|
|
return http.ReadResponse(c.r, req)
|
|
}
|
|
|
|
func (c *hijackedConn) Read(b []byte) (int, error) {
|
|
return c.r.Read(b)
|
|
}
|
|
|
|
// hijackedConnCloseWriter is a hijackedConn which additionally implements
|
|
// CloseWrite(). It is returned by setupHijackConn in the case that a) there
|
|
// was already buffered data in the http layer when Hijack() was called, and b)
|
|
// the underlying net.Conn *does* implement CloseWrite().
|
|
type hijackedConnCloseWriter struct {
|
|
*hijackedConn
|
|
}
|
|
|
|
var _ CloseWriter = &hijackedConnCloseWriter{}
|
|
|
|
func (c *hijackedConnCloseWriter) CloseWrite() error {
|
|
conn := c.Conn.(CloseWriter)
|
|
return conn.CloseWrite()
|
|
}
|
|
|
|
// NewHijackedResponse initializes a [HijackedResponse] type.
|
|
func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse {
|
|
return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType}
|
|
}
|
|
|
|
// HijackedResponse holds connection information for a hijacked request.
|
|
type HijackedResponse struct {
|
|
mediaType string
|
|
Conn net.Conn
|
|
Reader *bufio.Reader
|
|
}
|
|
|
|
// Close closes the hijacked connection and reader.
|
|
func (h *HijackedResponse) Close() {
|
|
h.Conn.Close()
|
|
}
|
|
|
|
// MediaType let client know if HijackedResponse hold a raw or multiplexed stream.
|
|
// returns false if HTTP Content-Type is not relevant, and the container must be
|
|
// inspected.
|
|
func (h *HijackedResponse) MediaType() (string, bool) {
|
|
if h.mediaType == "" {
|
|
return "", false
|
|
}
|
|
return h.mediaType, true
|
|
}
|
|
|
|
// CloseWriter is an interface that implements structs
|
|
// that close input streams to prevent from writing.
|
|
type CloseWriter interface {
|
|
CloseWrite() error
|
|
}
|
|
|
|
// CloseWrite closes a readWriter for writing.
|
|
func (h *HijackedResponse) CloseWrite() error {
|
|
if conn, ok := h.Conn.(CloseWriter); ok {
|
|
return conn.CloseWrite()
|
|
}
|
|
return nil
|
|
}
|