April 28, 2016

customize golang tls listener

How ListenAndServeTLS works in Golang

  1. it creates a struct of http.Server type, and then calls the server.ListenAndServe method
  2. http.server.ListenAndServeTLS
    1. clone server.TLSConfig
    2. if tls config has no certs OR a certfile is specified, load certs
    3. create a TLS socket that listens on the TCP port
    4. call server.Serve using that socket
  3. Server.serve
    1. Accept the new connection, returns http.conn
    2. http.conn.serve()

The customize this, one could write his own function like this:

   srv := &Server{Addr: addr, Handler: handler}
    addr := srv.Addr
    if addr == "" {
        addr = ":https"
    config := cloneTLSConfig(srv.TLSConfig)
    if config.NextProtos == nil {
        config.NextProtos = []string{"http/1.1"}

    if len(config.Certificates) == 0 || certFile != "" || keyFile != "" {
        var err error
        config.Certificates = make([]tls.Certificate, 1)
        config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
        if err != nil {
            return err

    ln, err := net.Listen("tcp", addr)
    if err != nil {
        return err

    tlsListener := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config)
    return srv.Serve(tlsListener)

April 22, 2016

ipset netlink data structure

\x4c\x00 \x00\x00 total length
\x09\x06 type=09 CMD_ADD \x05\x02 flags:0x0205 request/ack/return-all-matching
\xbb\x83\x1a\x57 seq
\x00\x00\x00\x00 port id

extra header

payload, in the form of Leng-Type-Value
(len and type are 2 bytes, len includes itself and type. 0 Padded to 4-byte alignment)
Type flags:
   0x80: NEST structure
   0x40: Network Order

\x05\x00 \x01\x00 \x06 \x00\x00\x00 PROTOCOL=6
\x0a\x00 \x02\x00 \x70\x61\x69\x72\x31\x00\x00\x00 SETNAME=pair1
\x24\x00 \x07\x80 IPSET_ATTR_DATA
\x0c\x00 \x01\x80\ IPSET_ATTR_IP
x08\x00\x01\x40\x02\x02\x02\x02 IPV4
\x0c\x00\x14\x80 IPSET_ATTR_IP2
\x08\x00\x01\x40 \x04\x04\x04\x04 IP
\x08\x00\x09\x40 \x00\x00\x00\x00 IPSTE_ATTR_LINENO 0, network order

April 7, 2016

curl test api

In curl, use "--data-urlencode" to encode data

use "-G" to send data in "GET" instead of "POST".

curl  -G "https://myserver.com:1234/msg?msgtype=PUSH" --data-urlencode "msg=hello how are you"