[patch] UNIX sockets support for lwresd

Ilya Bakulin webmaster at kibab.com
Tue Jan 17 14:00:09 UTC 2012 

Hi Danny,
thanks for your comments.
Please see my answers below. Also, I'm moving this thread to bind-workers.

For those who're reading only bind-workers list, here is my initial message:
https://lists.isc.org/pipermail/bind-users/2012-January/086302.html

On 17.01.12 8:31, Danny Mayer wrote:
> This really belongs in bind-workers rather than bind-users. See also below.
>
> On 1/16/2012 9:19 AM, Ilya Bakulin wrote:
>> 1.1) libisc seems to have basic UNIX stream sockets support, but seems it
>> was not finished, because many if() statements only checked if the
>> connection type is TCP or UDP. I have added handling of UNIX *datagram*
>> sockets to all (I hope so) nessesary places. I needed only datagram
>> sockets, not stream, but since UNIX sockets support in libisc seems to be
>> unusable anyway, I decided to change the type of socket that is created if
>> LWRES_ADDRTYPE_UNIXSOCK is requested.
> This breaks O/S's that don't support Unix sockets, specifically Windows.
> Please explain why Unix domain sockets are more effective and secure
> rather than using localhost with standard sockets.
I didn't change the default way of connecting to lwresd daemon. What I
changed is the type of UNIX domain socket that is created when you call
opensocket() function in libisc. Earlier it was SOCK_STREAM, I've
changed it to SOCK_DGRAM.
Regarding the question of UNIX sockets performance, there is a great
email about that, sent by Robert back in 2005:
http://lists.freebsd.org/pipermail/freebsd-performance/2005-February/001143.html

Robert may be able to provide additional benefits of using UNIX domain
sockets within Capsicum.
>> 2.1) The library is modified to use UNIX socket _by_default_. As I
>> understand it's better to add a support for reading UNIX socket path from
>> configuration file. Or at least add such command-line option.
> No, please don't do that. At best you should make it a buildable option
> but there really should be no need for Unix sockets at all.
OK, I will make it a buildable option.
>> 2.3) Maybe add a config file switch to prevent lwresd from closing
>> communication socket after each use? I.e. make a behaviour described in
>> 1.2 optional.
> This seems to need overall architectural review rather than just hacking
> the code for your specific purpose. I don't have solutions, just questions.

> I'm not convinced that this is the right approach but I'm sure Michael
> or Mark will chime in with their own opinions.
>
>
OK, I'm more than welcome for any suggestions!

-- 
Regards,
Ilya Bakulin
http://kibab.com
xmpp://kibab612@jabber.ru


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20120117/fc50cc34/attachment.bin>

More information about the bind-workers mailing list