github.com/daaku/docker@v1.5.0/api/client/hijack.go (about) 1 package client 2 3 import ( 4 "crypto/tls" 5 "errors" 6 "fmt" 7 "io" 8 "net" 9 "net/http" 10 "net/http/httputil" 11 "os" 12 "runtime" 13 "strings" 14 "time" 15 16 log "github.com/Sirupsen/logrus" 17 "github.com/docker/docker/api" 18 "github.com/docker/docker/dockerversion" 19 "github.com/docker/docker/pkg/promise" 20 "github.com/docker/docker/pkg/stdcopy" 21 "github.com/docker/docker/pkg/term" 22 ) 23 24 type tlsClientCon struct { 25 *tls.Conn 26 rawConn net.Conn 27 } 28 29 func (c *tlsClientCon) CloseWrite() error { 30 // Go standard tls.Conn doesn't provide the CloseWrite() method so we do it 31 // on its underlying connection. 32 if cwc, ok := c.rawConn.(interface { 33 CloseWrite() error 34 }); ok { 35 return cwc.CloseWrite() 36 } 37 return nil 38 } 39 40 func tlsDial(network, addr string, config *tls.Config) (net.Conn, error) { 41 return tlsDialWithDialer(new(net.Dialer), network, addr, config) 42 } 43 44 // We need to copy Go's implementation of tls.Dial (pkg/cryptor/tls/tls.go) in 45 // order to return our custom tlsClientCon struct which holds both the tls.Conn 46 // object _and_ its underlying raw connection. The rationale for this is that 47 // we need to be able to close the write end of the connection when attaching, 48 // which tls.Conn does not provide. 49 func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Config) (net.Conn, error) { 50 // We want the Timeout and Deadline values from dialer to cover the 51 // whole process: TCP connection and TLS handshake. This means that we 52 // also need to start our own timers now. 53 timeout := dialer.Timeout 54 55 if !dialer.Deadline.IsZero() { 56 deadlineTimeout := dialer.Deadline.Sub(time.Now()) 57 if timeout == 0 || deadlineTimeout < timeout { 58 timeout = deadlineTimeout 59 } 60 } 61 62 var errChannel chan error 63 64 if timeout != 0 { 65 errChannel = make(chan error, 2) 66 time.AfterFunc(timeout, func() { 67 errChannel <- errors.New("") 68 }) 69 } 70 71 rawConn, err := dialer.Dial(network, addr) 72 if err != nil { 73 return nil, err 74 } 75 // When we set up a TCP connection for hijack, there could be long periods 76 // of inactivity (a long running command with no output) that in certain 77 // network setups may cause ECONNTIMEOUT, leaving the client in an unknown 78 // state. Setting TCP KeepAlive on the socket connection will prohibit 79 // ECONNTIMEOUT unless the socket connection truly is broken 80 if tcpConn, ok := rawConn.(*net.TCPConn); ok { 81 tcpConn.SetKeepAlive(true) 82 tcpConn.SetKeepAlivePeriod(30 * time.Second) 83 } 84 85 colonPos := strings.LastIndex(addr, ":") 86 if colonPos == -1 { 87 colonPos = len(addr) 88 } 89 hostname := addr[:colonPos] 90 91 // If no ServerName is set, infer the ServerName 92 // from the hostname we're connecting to. 93 if config.ServerName == "" { 94 // Make a copy to avoid polluting argument or default. 95 c := *config 96 c.ServerName = hostname 97 config = &c 98 } 99 100 conn := tls.Client(rawConn, config) 101 102 if timeout == 0 { 103 err = conn.Handshake() 104 } else { 105 go func() { 106 errChannel <- conn.Handshake() 107 }() 108 109 err = <-errChannel 110 } 111 112 if err != nil { 113 rawConn.Close() 114 return nil, err 115 } 116 117 // This is Docker difference with standard's crypto/tls package: returned a 118 // wrapper which holds both the TLS and raw connections. 119 return &tlsClientCon{conn, rawConn}, nil 120 } 121 122 func (cli *DockerCli) dial() (net.Conn, error) { 123 if cli.tlsConfig != nil && cli.proto != "unix" { 124 // Notice this isn't Go standard's tls.Dial function 125 return tlsDial(cli.proto, cli.addr, cli.tlsConfig) 126 } 127 return net.Dial(cli.proto, cli.addr) 128 } 129 130 func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer, data interface{}) error { 131 defer func() { 132 if started != nil { 133 close(started) 134 } 135 }() 136 137 params, err := cli.encodeData(data) 138 if err != nil { 139 return err 140 } 141 req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params) 142 if err != nil { 143 return err 144 } 145 req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) 146 req.Header.Set("Content-Type", "text/plain") 147 req.Header.Set("Connection", "Upgrade") 148 req.Header.Set("Upgrade", "tcp") 149 req.Host = cli.addr 150 151 dial, err := cli.dial() 152 // When we set up a TCP connection for hijack, there could be long periods 153 // of inactivity (a long running command with no output) that in certain 154 // network setups may cause ECONNTIMEOUT, leaving the client in an unknown 155 // state. Setting TCP KeepAlive on the socket connection will prohibit 156 // ECONNTIMEOUT unless the socket connection truly is broken 157 if tcpConn, ok := dial.(*net.TCPConn); ok { 158 tcpConn.SetKeepAlive(true) 159 tcpConn.SetKeepAlivePeriod(30 * time.Second) 160 } 161 if err != nil { 162 if strings.Contains(err.Error(), "connection refused") { 163 return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") 164 } 165 return err 166 } 167 clientconn := httputil.NewClientConn(dial, nil) 168 defer clientconn.Close() 169 170 // Server hijacks the connection, error 'connection closed' expected 171 clientconn.Do(req) 172 173 rwc, br := clientconn.Hijack() 174 defer rwc.Close() 175 176 if started != nil { 177 started <- rwc 178 } 179 180 var receiveStdout chan error 181 182 var oldState *term.State 183 184 if in != nil && setRawTerminal && cli.isTerminalIn && os.Getenv("NORAW") == "" { 185 oldState, err = term.SetRawTerminal(cli.inFd) 186 if err != nil { 187 return err 188 } 189 defer term.RestoreTerminal(cli.inFd, oldState) 190 } 191 192 if stdout != nil || stderr != nil { 193 receiveStdout = promise.Go(func() (err error) { 194 defer func() { 195 if in != nil { 196 if setRawTerminal && cli.isTerminalIn { 197 term.RestoreTerminal(cli.inFd, oldState) 198 } 199 // For some reason this Close call blocks on darwin.. 200 // As the client exists right after, simply discard the close 201 // until we find a better solution. 202 if runtime.GOOS != "darwin" { 203 in.Close() 204 } 205 } 206 }() 207 208 // When TTY is ON, use regular copy 209 if setRawTerminal && stdout != nil { 210 _, err = io.Copy(stdout, br) 211 } else { 212 _, err = stdcopy.StdCopy(stdout, stderr, br) 213 } 214 log.Debugf("[hijack] End of stdout") 215 return err 216 }) 217 } 218 219 sendStdin := promise.Go(func() error { 220 if in != nil { 221 io.Copy(rwc, in) 222 log.Debugf("[hijack] End of stdin") 223 } 224 225 if conn, ok := rwc.(interface { 226 CloseWrite() error 227 }); ok { 228 if err := conn.CloseWrite(); err != nil { 229 log.Debugf("Couldn't send EOF: %s", err) 230 } 231 } 232 // Discard errors due to pipe interruption 233 return nil 234 }) 235 236 if stdout != nil || stderr != nil { 237 if err := <-receiveStdout; err != nil { 238 log.Debugf("Error receiveStdout: %s", err) 239 return err 240 } 241 } 242 243 if !cli.isTerminalIn { 244 if err := <-sendStdin; err != nil { 245 log.Debugf("Error sendStdin: %s", err) 246 return err 247 } 248 } 249 return nil 250 }