-
Notifications
You must be signed in to change notification settings - Fork 676
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change Sockaddr to a union #1544
Comments
That seems like a good idea! The one concern I'd have is that it makes it harder to introspect a |
But |
Would this be pre or post 0.23? |
Yes, you wouldn't be able to match on a Sockaddr. You'd have to do this instead, which is a little bit more complicated, but only a little bit: match sa.family() {
AddressFamily::Inet => sa.as_sockaddr_in().unwrap().do_something(),
...
} This would be post 0.23. I don't want to hold up the release any longer, so I would revert #1447 , do the release, then start working on this new scheme. |
This reverts commit ed43d2c. As discussed in nix-rust#1544 the API of this function needs to change. For now, revert the PR that made it public, because it has not yet been included in any release.
1538: posix_fadvise doesn't return -1 as sentinel value r=asomers a=ocadaruma ## Summary - `posix_fadvise(2)` does return error number directly (i.e. not through `errno`) * refs: https://man7.org/linux/man-pages/man2/posix_fadvise.2.html , https://man7.org/linux/man-pages/man2/posix_fadvise.2.html - However `posix_fadvise`-binding uses `Errno::result` to translate the error now, which is mis-use. 1545: Fix memory unsafety in unistd::getgrouplist r=asomers a=asomers Fixes #1541 1546: Revert "Expose SockAddr::from_raw_sockaddr" r=asomers a=asomers This reverts commit ed43d2c. As discussed in #1544 the API of this function needs to change. For now, revert the PR that made it public, because it has not yet been included in any release. Co-authored-by: Haruki Okada <[email protected]> Co-authored-by: vitalyd <[email protected]> Co-authored-by: Alan Somers <[email protected]>
I've been working on this. But Unix domain sockets are an Achilles' heel. There's simply no way to distinguish an unnamed socket from an abstract socket unless you also know the length of the sun_path field, which isn't recorded anywhere within the structure itself. |
* All sockaddr newtypes should be repr(transparent) * All sockaddr newtypes should be opaque, so the user can't do something like change the sa_family field in a way that violates invariants. This is a prerequisite for nix-rust#1544.
* All sockaddr newtypes should be repr(transparent) * All sockaddr newtypes should be opaque, so the user can't do something like change the sa_family field in a way that violates invariants. This is a prerequisite for nix-rust#1544.
Ok, I think I have a plan that will handle Unix-domain sockets:
|
1614: Improve the sockaddr interface: r=asomers a=asomers * All sockaddr newtypes should be repr(transparent) * All sockaddr newtypes should be opaque, so the user can't do something like change the sa_family field in a way that violates invariants. This is a prerequisite for #1544. Co-authored-by: Alan Somers <[email protected]>
* All sockaddr newtypes should be repr(transparent) * All sockaddr newtypes should be opaque, so the user can't do something like change the sa_family field in a way that violates invariants. This is a prerequisite for nix-rust#1544.
* All sockaddr newtypes should be repr(transparent) * All sockaddr newtypes should be opaque, so the user can't do something like change the sa_family field in a way that violates invariants. This is a prerequisite for nix-rust#1544.
No, that was just one step. I've got a WIP branch for the rest of the changes. |
Yes, I think so, and I would too. BTW, here is my WIP for this issue: |
The SockAddr enum is quite large, and the user must allocate space for the whole thing even though he usually knows what type he needs. Furthermore, thanks to the sa_family field, the sockaddr types are basically an enum even in C. So replace the ungainly enum with a SockaddrLike trait implemented by all sockaddr types and a SockaddrStorage union that has safe accessors. Also, deprecate InetAddr, which only existed to support SockAddr. Supplants nix-rust#1504 Fixes nix-rust#1544
The SockAddr enum is quite large, and the user must allocate space for the whole thing even though he usually knows what type he needs. Furthermore, thanks to the sa_family field, the sockaddr types are basically an enum even in C. So replace the ungainly enum with a SockaddrLike trait implemented by all sockaddr types and a SockaddrStorage union that has safe accessors. Also, deprecate InetAddr, which only existed to support SockAddr. Supplants nix-rust#1504 Fixes nix-rust#1544
The SockAddr enum is quite large, and the user must allocate space for the whole thing even though he usually knows what type he needs. Furthermore, thanks to the sa_family field, the sockaddr types are basically an enum even in C. So replace the ungainly enum with a SockaddrLike trait implemented by all sockaddr types and a SockaddrStorage union that has safe accessors. Also, deprecate InetAddr, which only existed to support SockAddr. Supplants nix-rust#1504 Fixes nix-rust#1544
1684: Replace the Sockaddr enum with a union r=rtzoeller a=asomers The SockAddr enum is quite large, and the user must allocate space for the whole thing even though he usually knows what type he needs. Furthermore, thanks to the sa_family field, the sockaddr types are basically an enum even in C. So replace the ungainly enum with a SockaddrLike trait implemented by all sockaddr types and a SockaddrStorage union that has safe accessors. Also, deprecate InetAddr, which only existed to support SockAddr. Supplants #1504 Fixes #1544 Co-authored-by: Alan Somers <[email protected]>
PR #1504 addresses a few safety and soundness issues with our
Sockaddr
type, which all boil down to "We should never create a&T
reference if the entire T isn't initialized". But in reviewing it, I realized another problem: many Nix functions force the user to allocate a struct large enough for any type of sockaddr, even if they know exactly which type they need. For example,nix::sys::socket::bind
takes anenum Sockaddr
as its argument, which can be very large, even though all it does is immediately transform that argument into a pointer. Many Nix users undoubtedly know which type of Sockaddr they need before they call bind, but we force them to allocate a wholeenum Sockaddr
. And that begs the question: why use an enum at all? These types are basically already an enum in C. They can all be cast to and from sockaddr and sockaddr_storage, using the s*_family field as a discriminator. So here is my proposal for how to fix the problems raised by #1504 , stop requiring such large allocations, and make the sockaddr types more ergonomic too:SockaddrLike
trait, mostly because for theas_ffi_pair
method. The trait will be sealed, because it requires thesa_family_t
andsa_len
fields to be located at fixed offsets.#[repr(transparent)]
.SockaddrStorage
. Thanks to thesa_family_t
tag, this union will be safely, falliably convertible to the other sockaddr types.bind
to accept a generic parameter of anySockaddrLike
type.enum Sockaddr
and related functions.@coolreader18 what do you think of this idea? Here's an outline of the code:
The text was updated successfully, but these errors were encountered: