Accueil Explorer Aide
Connexion
zorun
/
kea
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 8431fb8b25
Branches Tags
kea
/
src
/
bin
/
bind10
/
creatorapi.txt

creatorapi.txt 5.7 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. Socket creator API
    2. 

  2. ==================
    3. 

  3. 

  4. This API is between Boss and other modules to allow them requesting of sockets.
    5. 

  5. For simplicity, we will use the socket creator for all (even non-privileged)
    6. 

  6. ports for now, but we should have some function where we can abstract it later.
    7. 

  7. 

  8. Goals
    9. 

  9. -----
    10. 

  10. * Be able to request a socket of any combination IPv4/IPv6 UDP/TCP bound to given
    11. 

  11.   port and address (sockets that are not bound to anything can be created
    12. 

  12.   without privileges, therefore are not requested from the socket creator).
    13. 

  13. * Allow to provide the same socket to multiple modules (eg. multiple running
    14. 

  14.   auth servers).
    15. 

  15. * Allow releasing the sockets (in case all modules using it give it up,
    16. 

  16.   terminate or crash).
    17. 

  17. * Allow restricting of the sharing (don't allow shared socket between auth
    18. 

  18.   and recursive, as the packets would often get to the wrong application,
    19. 

  19.   show error instead).
    20. 

  20. * Get the socket to the application.
    21. 

  21. 

  22. Transport of sockets
    23. 

  23. --------------------
    24. 

  24. It seems we are stuck with current msgq for a while and there's a chance the
    25. 

  25. new replacement will not be able to send sockets inbound. So, we need another
    26. 

  26. channel.
    27. 

  27. 

  28. The boss will create a unix-domain socket and listen on it. When something
    29. 

  29. requests a socket over the command channel and the socket is created, some kind
    30. 

  30. of token is returned to the application (which will represent the future
    31. 

  31. socket). The application then connects to the unix-domain socket, sends the
    32. 

  32. token over the connection (so Boss will know which socket to send there, in case
    33. 

  33. multiple applications ask for sockets simultaneously) and Boss sends the socket
    34. 

  34. in return.
    35. 

  35. 

  36. In theory, we could send the requests directly over the unix-domain
    37. 

  37. socket, but it has two disadvantages:
    38. 

  38. * The msgq handles serializing/deserializing of structured
    39. 

  39.   information (like the parameters to be used), we would have to do it
    40. 

  40.   manually on the socket.
    41. 

  41. * We could place some kind of security in front of msgq (in case file
    42. 

  42.   permissions are not enough, for example if they are not honored on
    43. 

  43.   socket files, as indicated in the first paragraph of:
    44. 

  44.   http://lkml.indiana.edu/hypermail/linux/kernel/0505.2/0008.html).
    45. 

  45.   The socket would have to be secured separately. With the tokens,
    46. 

  46.   there's some level of security already - someone not having the
    47. 

  47.   token can't request a priviledged socket.
    48. 

  48. 

  49. Caching of sockets
    50. 

  50. ------------------
    51. 

  51. To allow sending the same socket to multiple application, the Boss process will
    52. 

  52. hold a cache. Each socket that is created and sent is kept open in Boss and
    53. 

  53. preserved there as well. A reference count is kept with each of them.
    54. 

  54. 

  55. When another application asks for the same socket, it is simply sent from the
    56. 

  56. cache instead of creating it again by the creator.
    57. 

  57. 

  58. When application gives the socket willingly (by sending a message over the
    59. 

  59. command channel), the reference count can be decreased without problems. But
    60. 

  60. when the application terminates or crashes, we need to decrease it as well.
    61. 

  61. There's a problem, since we don't know which command channel connection (eg.
    62. 

  62. lname) belongs to which PID. Furthermore, the applications don't need to be
    63. 

  63. started by boss.
    64. 

  64. 

  65. There are two possibilities:
    66. 

  66. * Let the msgq send messages about disconnected clients (eg. group message to
    67. 

  67.   some name). This one is better if we want to migrate to dbus, since dbus
    68. 

  68.   already has this capability as well as sending the sockets inbound (at least it
    69. 

  69.   seems so on unix) and we could get rid of the unix-domain socket completely.
    70. 

  70. * Keep the unix-domain connections open forever. Boss can remember which socket
    71. 

  71.   was sent to which connection and when the connection closes (because the
    72. 

  72.   application crashed), it can drop all the references on the sockets. This
    73. 

  73.   seems easier to implement.
    74. 

  74. 

  75. The commands
    76. 

  76. ------------
    77. 

  77. * Command to release a socket. This one would have single parameter, the token
    78. 

  78.   used to get the socket. After this, boss would decrease its reference count
    79. 

  79.   and if it drops to zero, close its own copy of the socket. This should be used
    80. 

  80.   when the module stops using the socket (and after closes it). The
    81. 

  81.   library could remember the file-descriptor to token mapping (for
    82. 

  82.   common applications that don't request the same socket multiple
    83. 

  83.   times in parallel).
    84. 

  84. * Command to request a socket. It would have parameters to specify which socket
    85. 

  85.   (IP address, address family, port) and how to allow sharing. Sharing would be
    86. 

  86.   one of:
    87. 

  87.   - None
    88. 

  88.   - Same kind of application (however, it is not entirely clear what
    89. 

  89.     this means, in case it won't work out intuitively, we'll need to
    90. 

  90.     define it somehow)
    91. 

  91.   - Any kind of application
    92. 

  92.   And a kind of application would be provided, to decide if the sharing is
    93. 

  93.   possible (eg. if auth allows sharing with the same kind and something else
    94. 

  94.   allows sharing with anything, the sharing is not possible, two auths can).
    95. 

  95. 

  96.   It would return either error (the socket can't be created or sharing is not
    97. 

  97.   possible) or the token. Then there would be some time for the application to
    98. 

  98.   pick up the requested socket.
    99. 

  99. 

  100. Examples
    101. 

  101. --------
    102. 

  102. We probably would have a library with blocking calls to request the
    103. 

  103. sockets, so a code could look like:
    104. 

  104. 

  105. (socket_fd, token) = request_socket(address, port, 'UDP', SHARE_SAMENAME, 'test-application')
    106. 

  106. sock = socket.fromfd(socket_fd)
    107. 

  107. 

  108. # Some sock.send and sock.recv stuff here
    109. 

  109. 

  110. sock.close()
    111. 

  111. release_socket(socket_fd) # or release_socket(token)
    112. 

  112. 

  113. Known limitations
    114. 

  114. -----------------
    115. 

  115. Currently the socket creator doesn't support specifying any socket
    116. 

  116. options. If it turns out there are any options that need to be set
    117. 

  117. before bind(), we'll need to extend it (and extend the protocol as
    118. 

  118. well). If we want to support them, we'll have to solve a possible
    119. 

  119. conflict (what to do when two applications request the same socket and
    120. 

  120. want to share it, but want different options).
    121. 

  121. 

  122. The current socket creator doesn't know raw sockets, but if they are
    123. 

  123. needed, it should be easy to add.
    124.