unix socket support #378
unix socket support #378
Conversation
Signed-off-by: Boris Rybalkin <ribalkin@gmail.com>
There was a problem hiding this comment.
Overall I'm happy with the idea, but there's some extra bits to do to get it over the line:
- Factor out the unix socket detection to a helper function (aids readability and allows us to be more intelligent easily in the future)
- Mention this new support in the docs (README and the big help message in
./cmd/syncv3/main.go) - Run E2E tests with unix sockets so we can make sure this works and won't bitrot. I'm also particularly concerned about size limits given sync v2 responses can be huge e.g https://stackoverflow.com/questions/21856517/whats-the-practical-limit-on-the-size-of-single-packet-transmitted-over-domain
Thanks for your contribution!
|
e2e test use real synapse server which I am not sure even supports unix sockets (dendrite does), I will need to check if there is an env, but even if there is do you want to run all e2e tests on each type (http and unix)? |
|
Hmm, good point. Synapse does support unix sockets via Let me know how much work this will be, and if it's not really feasible we'll think of something else. |
There was a problem hiding this comment.
I don't think HomeServerUrl makes things much clearer here, and it adds boilerplate where it is not necessary. Please:
- revert it back and just add
internal.IsUnixSocket(u string) booland call that in places where you previously hadstrings.HasPrefix. That is just as easily unit testable should you wish to do so, but please do not addtestifyfor basic equality checks. - add a function to map a unix socket string to a unix transport:
internal.UnixTransport(u string) http.Transport - tie the two functions together in
newClient:
func newClient(timeout time.Duration, destinationURL string) *http.Client {
transport := http.DefaultTransport
if internal.IsUnixSocket(destinationURL) (
transport = internal.UnixTransport(destinationURL)
}
return &http.Client{
Timeout: timeout,
Transport: transport,
}
}
internal/errors.go
Outdated
| if !expr { | ||
| GetSentryHubFromContextOrDefault(ctx).CaptureException(fmt.Errorf("assertion failed: %s", msg)) | ||
| } | ||
| } | ||
|
|
||
| func assert(msg string, expr bool) { | ||
| func assertCustom(msg string, expr bool) { |
go.mod
Outdated
| @@ -15,6 +15,7 @@ require ( | |||
| github.com/pressly/goose/v3 v3.14.0 | |||
| github.com/prometheus/client_golang v1.13.0 | |||
| github.com/rs/zerolog v1.29.0 | |||
| github.com/stretchr/testify v1.8.4 | |||
There was a problem hiding this comment.
Please don't add an entire test package just for basic equality checks.
| if err != nil { | ||
| logger.Fatal().Err(err).Msg("failed to serve unix socket") | ||
| } | ||
| err = os.Chmod(bindAddr, 0755) |
There was a problem hiding this comment.
Please document the respective r/w/x permissions you wish to give to this socket as a comment.
|
Thank you! |
| // TODO: safe default for now (rwxr-xr-x), could be extracted as env variable if needed | ||
| err = os.Chmod(bindAddr, 0755) |
There was a problem hiding this comment.
Not sure what is meant by "safe default" here.
Unix sockets don't need the write permissions.
To connect to and use a unix socket as a client, all you need is the read permissions bit.
0755, which translates to u=rwx,go=rw, renders this unix socket world readable, thus making it world-connectable.
There was a problem hiding this comment.
I was under impression that 755 will only allow the owner to use it.
After googling looks like eXecute is not need but read and write are needed to use it.
Ideally we pass it as a parameter, if not then probably 600 is what I wanted.
There was a problem hiding this comment.
According to unix(7), write permission is required to connect to a unix domain socket.
On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket.
I'd suggest to make it at least user and group connectable, that is 0660 (execution bit has no effect).
There was a problem hiding this comment.
First and foremost: Sorry for my original comment.
I was in a bit of a rush when I wrote it, and should just have waited a bit longer before commenting.
Multiple /bit flips/ happened in my original comment, which I want to point out:
writeperms are needed to connect and talk over a unix socket, notread, as @n3vu0r correctly pointed out.0755does not translate tou=rwx,go=rwbut ratheru=rwx,go=rx.- Which in turn makes, as intended, the socket not world-connectable but rather only by the owner itself.
I just was very happy to see unix socket support implemented so soon, but then saw some unusual permission bits.
Given I worked on unix socket permission bits as part of caddyserver/caddy#4741, I figured I should comment. Which then lead to that hastily, and more importantly, incorrect comment. Sorry for that.
According to the current unix(7), only write perms are needed.
There are, however, still a lot of old unix(7) versions hosted on the web, which still mention read and write being needed.
For more details on this, see caddyserver/caddy#4741 (comment).
I'd suggest to make it at least user and group connectable, that is
0660(execution bit has no effect).
I would suggest the same, but without read, so 0220.
Allows using unix socket on both ends:
Tested in Syncloud (https://github.com/syncloud/matrix) which allows me to use Element X now.
Pull Request Checklist