dgram Unix domain sockets

dirk.feytons · 2012-09-07T21:34:15+00:00

Hello! On Fri, Sep 7, 2012 at 8:09 AM, Jane C wrote: > Thanks a lot for introducing me to openresty-en mailing list. Looks like I > need to join the...

dgram Unix domain sockets

dirk.feytons

Hi,

I want to use ngx.socket.udp() to create a unix domain socket to
communicate with a backend service. With the current API I can use
sk:setpeername() to specify the path of the backend service so I can
send it a message. However, the service can never respond back because
my (co)socket is not bound. Because it is not bound the recvfrom()
call of the backend service returns an empty struct sockaddr and thus
it has no way to know where to sendto() the response.

So it seems the UDP API is lacking a bind() method to make it more
useful. Is this something that could be added?

While I'm at it I would also like to ask about support for abstract
unix domain sockets (i.e. where sun_addr in a struct sockaddr_un
starts with a '\0'. I've seen that the ngx.socket.* API is built on
top of nginx functionality so I'm not sure whether it is feasible to
add this (and the abstract namespace is Linux-only apparently so this
could get messy).

And in the TIL category: to avoid having to guess at a good path to
bind the (co)socket to you can let the kernel assign one for you by
doing a bind(sk, &addr, sizeof(short)) with a struct sockaddr_un where
sun_family is set to AF_UNIX. Note the sizeof(short). This will result
the other side getting a valid address from recvfrom(). See
http://stackoverflow.com/questions/94594/automated-naming-of-af-unix-local-datagram-sockets


Dirk F.

agentzh

Hello!

On Fri, Sep 7, 2012 at 6:34 AM, Dirk Feytons <dirk....@gmail.com> wrote:
> I want to use ngx.socket.udp() to create a unix domain socket to
> communicate with a backend service. With the current API I can use
> sk:setpeername() to specify the path of the backend service so I can
> send it a message. However, the service can never respond back because
> my (co)socket is not bound. Because it is not bound the recvfrom()
> call of the backend service returns an empty struct sockaddr and thus
> it has no way to know where to sendto() the response.
>
> So it seems the UDP API is lacking a bind() method to make it more
> useful. Is this something that could be added?
>

+1

Patches welcome!

It seems to me that there's no bind method for the UDP API in
LuaSocket either :)

> While I'm at it I would also like to ask about support for abstract
> unix domain sockets (i.e. where sun_addr in a struct sockaddr_un
> starts with a '\0'. I've seen that the ngx.socket.* API is built on
> top of nginx functionality so I'm not sure whether it is feasible to
> add this (and the abstract namespace is Linux-only apparently so this
> could get messy).
>

Are you referring to the "sun_path" field of "struct sockaddr_un"? I
think we can just specify path values like "\0blahblah" on the Lua
land? Untested though :)

> And in the TIL category: to avoid having to guess at a good path to
> bind the (co)socket to you can let the kernel assign one for you by
> doing a bind(sk, &addr, sizeof(short)) with a struct sockaddr_un where
> sun_family is set to AF_UNIX. Note the sizeof(short). This will result
> the other side getting a valid address from recvfrom(). See
> http://stackoverflow.com/questions/94594/automated-naming-of-af-unix-local-datagram-sockets
>

I (personally) prefer SO_PASSCRED though ;)

Best regards,
-agentzh

dirk.feytons

On Fri, Sep 7, 2012 at 9:23 PM, agentzh <age...@gmail.com> wrote:
> Hello!
>
> On Fri, Sep 7, 2012 at 6:34 AM, Dirk Feytons <dirk....@gmail.com> wrote:
>> I want to use ngx.socket.udp() to create a unix domain socket to
>> communicate with a backend service. With the current API I can use
>> sk:setpeername() to specify the path of the backend service so I can
>> send it a message. However, the service can never respond back because
>> my (co)socket is not bound. Because it is not bound the recvfrom()
>> call of the backend service returns an empty struct sockaddr and thus
>> it has no way to know where to sendto() the response.
>>
>> So it seems the UDP API is lacking a bind() method to make it more
>> useful. Is this something that could be added?
>>
>
> +1
>
> Patches welcome!

I'll see what I can do :)

> It seems to me that there's no bind method for the UDP API in
> LuaSocket either :)
>
>> While I'm at it I would also like to ask about support for abstract
>> unix domain sockets (i.e. where sun_addr in a struct sockaddr_un
>> starts with a '\0'. I've seen that the ngx.socket.* API is built on
>> top of nginx functionality so I'm not sure whether it is feasible to
>> add this (and the abstract namespace is Linux-only apparently so this
>> could get messy).
>>
>
> Are you referring to the "sun_path" field of "struct sockaddr_un"? I
> think we can just specify path values like "\0blahblah" on the Lua
> land? Untested though :)

(I meant "sun_path", yes.)
I thought about it too but haven't tested it yet. If I get to it I'll
let you know the results.

>> And in the TIL category: to avoid having to guess at a good path to
>> bind the (co)socket to you can let the kernel assign one for you by
>> doing a bind(sk, &addr, sizeof(short)) with a struct sockaddr_un where
>> sun_family is set to AF_UNIX. Note the sizeof(short). This will result
>> the other side getting a valid address from recvfrom(). See
>> http://stackoverflow.com/questions/94594/automated-naming-of-af-unix-local-datagram-sockets
>>
>
> I (personally) prefer SO_PASSCRED though ;)

Sure; that's probably the easiest way to implement it.

Tomorrow I'll have a look at the code. Any pointers on where to start?
I'm quite unfamiliar with the nginx code base.


Dirk F.

agentzh

Hello!

On Sun, Sep 9, 2012 at 1:31 PM, Dirk Feytons wrote:
>> Patches welcome!
>
> I'll see what I can do :)
>

Awesome!

>> Are you referring to the "sun_path" field of "struct sockaddr_un"? I
>> think we can just specify path values like "\0blahblah" on the Lua
>> land? Untested though :)
>
> (I meant "sun_path", yes.)
> I thought about it too but haven't tested it yet. If I get to it I'll
> let you know the results.
>

Excellent!

>> I (personally) prefer SO_PASSCRED though ;)
>
> Sure; that's probably the easiest way to implement it.
>

Cool :)

> Tomorrow I'll have a look at the code. Any pointers on where to start?
> I'm quite unfamiliar with the nginx code base.
>

Just take a look at the src/ngx_http_lua_socket_udp.c file in the
ngx_lua source tree. It does not really use the Nginx API much, just a
very thin layer of the raw socket API.

If you have any questions on your way, feel free to ask here :)

Thanks!
-agentzh

dirk.feytons

On Mon, Sep 10, 2012 at 12:43 AM, agentzh <age...@gmail.com> wrote:
[...]
>> Tomorrow I'll have a look at the code. Any pointers on where to start?
>> I'm quite unfamiliar with the nginx code base.
>>
>
> Just take a look at the src/ngx_http_lua_socket_udp.c file in the
> ngx_lua source tree. It does not really use the Nginx API much, just a
> very thin layer of the raw socket API.
>
> If you have any questions on your way, feel free to ask here :)

So here's a first attempt that seems to work for me.

A couple of notes and questions:
- I followed the LuaSocket API where you pass a string naming the
option you want to set and then the value. Right now only "passcred"
with a boolean value is accepted. Alternative could be to register the
various supported options with their numeric value as
ngx.socket.option.SO_PASSCRED etcetera. Any preference?
- I directly included the various Linux header files defining
setsockopt(), SO_PASSCRED and such. I suspect this should happen in a
more portable way?
- As mentioned in the commit comment setoption() can only be called
after calling setpeername() because only then there's a valid
ngx_http_lua_socket_udp_upstream_t*. Is this acceptable? Should we
cache the option(s) and apply them when the socket is actually
created? But then we can only do delayed error reporting...

And some more generic questions regarding the cosocket code:
- Do you feel it's really necessary to strictly check the number of
arguments with which a Lua C function is called? I'm more inclined to
just ignore extraneous arguments. Less code for me to write and
maintain, and a smaller binary. That's also how lots of other Lua
libraries are written, including Lua's standard libraries.
- I saw some calls to lua_tonumber() that should be lua_tointeger() I
think. I can change it and send a pull request.
- In ngx_http_lua_socket_udp_setpeername() there's a call to
ngx_http_lua_check_context(); is this really needed?
- I see some opportunity to reduce the amount of string data from
error traces by parameterizing them. E.g. write luaL_error(L, "no %s
found", "ctx")/luaL_error(L, "no %s found", "request") instead of "no
ctx found" and "no request found". One disadvantage of this is that
you can't grep the code for an error string anymore. Would you be
willing to accept such changes?

(I'm used to develop for embedded systems; can you tell? :))


Regards,

Dirk F.

Attachment: udp_setoption001.patch
Description: Binary data

dirk.feytons

On Fri, Sep 7, 2012 at 9:23 PM, agentzh <age...@gmail.com> wrote:
[...]
>> While I'm at it I would also like to ask about support for abstract
>> unix domain sockets (i.e. where sun_addr in a struct sockaddr_un
>> starts with a '\0'. I've seen that the ngx.socket.* API is built on
>> top of nginx functionality so I'm not sure whether it is feasible to
>> add this (and the abstract namespace is Linux-only apparently so this
>> could get messy).
>>
>
> Are you referring to the "sun_path" field of "struct sockaddr_un"? I
> think we can just specify path values like "\0blahblah" on the Lua
> land? Untested though :)

I just tried it and it doesn't work :(

It seems to go wrong in ngx_inet.c:ngx_parse_unix_domain_url(). The
function ngx_cpystrn() that is used to copy the path in the struct
sockaddr_un doesn't deal properly with the leading '\0'. If I change
it to a memcpy() it works!


Regards,

Dirk F.

agentzh

Hello!

On Mon, Sep 10, 2012 at 7:14 AM, Dirk Feytons <dirk....@gmail.com> wrote:
>
> So here's a first attempt that seems to work for me.
>

Thank you for your work! I'm sorry I'm still busy with the new I/O
scheduler for ngx_lua in its "thread" branch. I'll look at your patch
when I finish the work on hand :P

Thanks!
-agentzh

dirk.feytons

On Wed, Sep 12, 2012 at 1:25 AM, agentzh <age...@gmail.com> wrote:
> Hello!
>
> On Mon, Sep 10, 2012 at 7:14 AM, Dirk Feytons <dirk....@gmail.com> wrote:
>>
>> So here's a first attempt that seems to work for me.
>>
>
> Thank you for your work! I'm sorry I'm still busy with the new I/O
> scheduler for ngx_lua in its "thread" branch. I'll look at your patch
> when I finish the work on hand :P

Sure; there's no hurry. I can continue my prototyping on my local git
repo. It would be nice if I could get something accepted upstream by
the time I actually integrate everything with the rest of our
software. That won't happen for some weeks though.

I'll ask on the nginx devel mailing list if they are interested in the
change to support unix domain sockets in the abstract namespace. Any
tips to increase my odds? :)

(Could you elaborate a bit on this new I/O scheduler? Sounds interesting.)

Regards,

Dirk F.

agentzh

Hello!

On Wed, Sep 12, 2012 at 12:51 AM, Dirk Feytons <dirk....@gmail.com> wrote:
>
> Sure; there's no hurry. I can continue my prototyping on my local git
> repo. It would be nice if I could get something accepted upstream by
> the time I actually integrate everything with the rest of our
> software. That won't happen for some weeks though.
>

That's cool. I'll surely try my best to integrate your changes ;)

> I'll ask on the nginx devel mailing list if they are interested in the
> change to support unix domain sockets in the abstract namespace. Any
> tips to increase my odds? :)
>

Maxim Dounin will probably tell you what he dislikes (and what he likes) ;)

> (Could you elaborate a bit on this new I/O scheduler? Sounds interesting.)
>

The main goal of the new I/O scheduler of ngx_lua is to keep track of
the current Lua coroutine in every (nonblocking) I/O operation. So
that we can have multiple Lua coroutines running concurrently in a
single Nginx request handler. I can these concurrent coroutines
"ngx.thread" in the API. They'll look like very much like Erlang's
lightweight processes, but without time slicing at least in the early
implementation.

Here's a sample Lua code to illustrate the basic idea about the ngx.thread API:

    http://agentzh.org/misc/nginx/lua-thread2.lua

Best regards,
-agentzh

agentzh

Hello Dirk!

First of all, I must say sorry for the long delay on my side!

On Mon, Sep 10, 2012 at 7:14 AM, Dirk Feytons wrote:
>
> So here's a first attempt that seems to work for me.
>
> A couple of notes and questions:
> - I followed the LuaSocket API where you pass a string naming the
> option you want to set and then the value. Right now only "passcred"
> with a boolean value is accepted. Alternative could be to register the
> various supported options with their numeric value as
> ngx.socket.option.SO_PASSCRED etcetera. Any preference?
> - I directly included the various Linux header files defining
> setsockopt(), SO_PASSCRED and such. I suspect this should happen in a
> more portable way?
> - As mentioned in the commit comment setoption() can only be called
> after calling setpeername() because only then there's a valid
> ngx_http_lua_socket_udp_upstream_t*. Is this acceptable? Should we
> cache the option(s) and apply them when the socket is actually
> created? But then we can only do delayed error reporting...
>

I've just committed a patch based on your version:

    https://github.com/chaoslawful/lua-nginx-module/commit/dfc7a4c

Basically I do not introduce a new method for this, but rather make it
happen automatically within the setpeername method. Also, this
autobind happens only on systems with SO_PASSCRED defined (I do the
feature test in "config"). So it still does not work on systems like
FreeBSD (yet).

In the future, I'd introduce a second argument to the setpeername()
method to allow the user specify the socket file path for the client
endpoint, so that datagram unix domain sockets can work on other
systems lacking support for autobind.

Do you like it?

> And some more generic questions regarding the cosocket code:
> - Do you feel it's really necessary to strictly check the number of
> arguments with which a Lua C function is called? I'm more inclined to
> just ignore extraneous arguments. Less code for me to write and
> maintain, and a smaller binary. That's also how lots of other Lua
> libraries are written, including Lua's standard libraries.

I'm adding this check to help beginners diagnose problems and also
reduce the risk that existing user Lua code breaks when I add new
arguments to the API in a new version of ngx_lua.

I think it is fine for the standard Lua implementation to omit such
checks because it does have a fixed ABI.

> - I saw some calls to lua_tonumber() that should be lua_tointeger() I
> think. I can change it and send a pull request.

Yes please :)

> - In ngx_http_lua_socket_udp_setpeername() there's a call to
> ngx_http_lua_check_context(); is this really needed?

We should probably move such checks from setpeername() to receive().
In theory, ngx.socket.udp()'s setpeername() and send() could be used
in all contexts including log_by_lua*, which could be very useful.

> - I see some opportunity to reduce the amount of string data from
> error traces by parameterizing them. E.g. write luaL_error(L, "no %s
> found", "ctx")/luaL_error(L, "no %s found", "request") instead of "no
> ctx found" and "no request found". One disadvantage of this is that
> you can't grep the code for an error string anymore. Would you be
> willing to accept such changes?
>

Not really :)

> (I'm used to develop for embedded systems; can you tell? :))
>

Yes, I can :)

I apologize again for replying so late!

Best regards,
-agentzh

agentzh

Hello!

On Tue, Mar 19, 2013 at 10:01 PM, agentzh wrote:
>> - In ngx_http_lua_socket_udp_setpeername() there's a call to
>> ngx_http_lua_check_context(); is this really needed?
>
> We should probably move such checks from setpeername() to receive().
> In theory, ngx.socket.udp()'s setpeername() and send() could be used
> in all contexts including log_by_lua*, which could be very useful.
>

Sorry, my bad. The setpeername() method *could* require nonblocking
I/O when a domain name requiring DNS resolving is given, as in

    sock:setpeername("foo.bar.com", 1234)

But still, the context check is not necessary when no DNS resolving is
required, as in the case of unix domain sockets.

Best regards,
-agentzh

dirk.feytons

On Wed, Mar 20, 2013 at 6:01 AM, agentzh <age...@gmail.com> wrote:

Hello Dirk!

First of all, I must say sorry for the long delay on my side!

No problem :)

[...]

I've just committed a patch based on your version:

https://github.com/chaoslawful/lua-nginx-module/commit/dfc7a4c

Basically I do not introduce a new method for this, but rather make it
happen automatically within the setpeername method. Also, this
autobind happens only on systems with SO_PASSCRED defined (I do the
feature test in "config"). So it still does not work on systems like
FreeBSD (yet).

In the future, I'd introduce a second argument to the setpeername()
method to allow the user specify the socket file path for the client
endpoint, so that datagram unix domain sockets can work on other
systems lacking support for autobind.

Do you like it?

Looks good for me but I'm not entirely sure that always setting SO_PASSCRED is a good idea in the generic case. It has a performance impact, although I don't have any exact figures. A quick Google seems to suggest it is not negligible: http://marc.info/?l=linux-netdev&m=131644754421737&w=2

So perhaps an explicit option is better?
Also, we have to be careful not to mix autobinding with sending ancillary credential information. Using SO_PASSCRED only for its autobind side effect is a bit ... unfortunate. If only autobinding is needed perhaps the "bind(sk, &addr, sizeof(short))" solution is not so bad?

In my particular case I actually need both. I also would like to use abstract adresses but that requires modifications to nginx as mentioned in my earlier messages. I haven't had the time to properly look into this after initial feedback I received from Maxim Dounin.

[...]

> - I saw some calls to lua_tonumber() that should be lua_tointeger() I
> think. I can change it and send a pull request.

Yes please :)

Hmm, I have to look this up again :)

Regards,

Dirk F.

agentzh

Hello!

On Thu, Mar 21, 2013 at 2:03 AM, Dirk Feytons wrote:
>
> Looks good for me but I'm not entirely sure that always setting SO_PASSCRED
> is a good idea in the generic case. It has a performance impact, although I
> don't have any exact figures. A quick Google seems to suggest it is not
> negligible: http://marc.info/?l=linux-netdev&m=131644754421737&w=2
> So perhaps an explicit option is better?
> Also, we have to be careful not to mix autobinding with sending ancillary
> credential information. Using SO_PASSCRED only for its autobind side effect
> is a bit ... unfortunate. If only autobinding is needed perhaps the
> "bind(sk, &addr, sizeof(short))" solution is not so bad?
>

Yeah, good point! I've committed a patch to use bind() instead for autobind:

    https://github.com/chaoslawful/lua-nginx-module/commit/a38ceeb

> In my particular case I actually need both. I also would like to use
> abstract adresses but that requires modifications to nginx as mentioned in
> my earlier messages. I haven't had the time to properly look into this after
> initial feedback I received from Maxim Dounin.
>

Regarding SO_PASSCRED, I'd implement a "setoption" method for
ngx.socket.udp() instances in the future, similar to the LuaSocket
API:

http://w3.impa.br/~diego/software/luasocket/udp.html#setoption

And for custom abstrace address binding, we indeed need support in the
Nginx core, otherwise we'll have to fork the standard ngx_parse_url
function in ngx_lua ;) But anyway, we can make it :)

>> > - I saw some calls to lua_tonumber() that should be lua_tointeger() I
>> > think. I can change it and send a pull request.
>>
>> Yes please :)
>
> Hmm, I have to look this up again :)
>

Thanks!

Best regards,
-agentzh

dirk.feytons

On Thu, Mar 21, 2013 at 8:07 PM, agentzh <age...@gmail.com> wrote:

Hello!

On Thu, Mar 21, 2013 at 2:03 AM, Dirk Feytons wrote:

[...]

> In my particular case I actually need both. I also would like to use
> abstract adresses but that requires modifications to nginx as mentioned in
> my earlier messages. I haven't had the time to properly look into this after
> initial feedback I received from Maxim Dounin.
>

Regarding SO_PASSCRED, I'd implement a "setoption" method for
ngx.socket.udp() instances in the future, similar to the LuaSocket
API:

http://w3.impa.br/~diego/software/luasocket/udp.html#setoption

Seems more consistent, yes.

But it's not strictly needed for me. In Linux it's OK if one of the two socket endpoints has SO_PASSCRED set when the send() happens to include the credential information (and not just the sender). As long as my backend service uses the socket option on its listen socket then I'll get the necessary information.

And for custom abstrace address binding, we indeed need support in the
Nginx core, otherwise we'll have to fork the standard ngx_parse_url
function in ngx_lua ;) But anyway, we can make it :)

Let's not fork such a crucial function :)

Regards,

Dirk F.