socket-wrapper fd-passing

Stefan Metzmacher metze at samba.org
Wed Jun 24 21:14:40 UTC 2020 

Hi Anoop,

I rebased your fd-passing patches on top of socket_wrapper master.

See https://gitlab.com/metze/socket_wrapper/-/commits/fd-passing/

Please also notice my commit on top where I added some more hints
on a better design:

  - We need to maintain a small file using mmap and protected
    by pthread robust mutexes. E.g. one file per local ip address.
  - The path specified in SOCKET_WRAPPER_FD_PASSING_DB will
    be used as the file name, if this is not specified we'll
    use malloc'ed and fd-passing is not enabled.
  - The file contains a header (with magic, unique id, size and
free-list pointer)
    followed by an array of socket_info structures.
  - The socket_info_fd structures will only maintain the index
    into the mmap'ed array.
  - fd-passing is limited to fixed number (~ 127), this should be
    more than enough for typical caller (Samba would just use 1).
  - In order to do fd-passing of tcp/udp sockets, we'll create
    a pipe (or similar) where we write an array of with indexes
    into the mmap'ed array into the write end of the pipe.
    We would also pass the device/inode and a unique identifier
    for the file.
    The read end of the pipe is then passed as the last fd to
    the destination process. The destination process can rebuild
    the socket_info_fd structures by reading the array indexes.
    out of the read end of the pipe.
  - A tricky part will be the reference counting in the database
    entries. The sender needs to write the data into the pipe
    and increment the refcounts in the db file before calling
    sendmsg(). The sender may hold a mutex for each socket
    during sendmsg().
  - In order to allow multiple threads (or processes) to share a single
    socket we need to add mutex protection in quite a few places.
    In the most common cases there won't be any contention on the mutexes,
    but it will garantee correctness for the corner cases which happens
    for fd-passing.

An additional idea would be using temporary anonymous files (maybe
memfd_create() or an similation for it) for shared structures for passed
sockets. In sendmsg() the sender would move the socket_info[_container]
structures from malloc'ed memory to an temporary memory file.
This will replace the pipe fd of the original design.
If multiple fd's are passed, the memory file contains an array of
socket_info[_container] structures.
int *socket_fds_idx would be changed to an array of structures
or we have an additional array to store possible fd for the temporary
files and have the destructing code lock at it and select between
free() and munmap()/close().
This design would not require a named file, like the one specified
by SOCKET_WRAPPER_FD_PASSING_DB.

Do you have comments on these additions?

Thanks!
metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200624/39f04fd4/signature.sig>

More information about the samba-technical mailing list