Add socket-mark-id support for marking sockets. by devnexen · Pull Request #10349 · redis/redis

devnexen · 2022-02-27T10:57:26Z

Add a configuration option to attach an operating system-specific identifier to Redis sockets, supporting advanced network configurations using iptables (Linux) or ipfw (FreeBSD).

yossigo · 2022-03-08T13:32:40Z

@devnexen Generally this looks good to me, but I'd like to consider if this should be a FreeBSD-specific feature or something more generic that we implement also on Linux (as a connection mark maybe? not sure, need to look into that).

devnexen · 2022-03-11T07:42:40Z

that might be a tricky decision indeed, might be a risk to give a false sense of equivalence, so far I have not seen anything even remotely ressemblant on Linux, socket options in this system have very different contexts (but which can be used in redis though but as system specific like controlling thp support in some sense).

adding the possibility to tag sockets with an ID when netfiltering filters above operates in that level.

devnexen · 2022-04-13T18:11:39Z

finally taking back what I said, I found some equivalence :)

yossigo · 2022-04-14T06:27:19Z

@devnexen It sounded this ID is the equivalent of a conn mark but I didn't have the bandwidth to dig deep and validate, thank you!

yossigo · 2022-04-14T06:32:31Z

Calling @redis/core-team for approval, this is a small change but potentially high value in some environments - see top comments.

oranagra

I'm a bit uncomfortable adding an interface that's not supported on Linux.
but i guess it won't harm anyone, and for some it could be useful.
so @yossigo if you're ok with it, i'm too.

oranagra · 2022-04-14T06:51:38Z

are we sure we wanna return OK here?
alternatively, maybe we should add an isValid callback to the config, and fail the configuration when this is not supported?

devnexen · 2022-04-14T06:55:24Z

In fact Linux is supported (finally). Originally not planned but found a way.

oranagra · 2022-04-14T06:57:12Z

ohh, i missed it.

sundb · 2022-04-14T07:53:36Z

SO_MARK (since Linux 2.6.25)
Check with #ifdef SO_MARK?

* A bit more generalized, OS-agnostic terms. * Avoid any setsockopt() call by default.

yossigo · 2022-04-19T13:00:12Z

@devnexen I've slightly modified the PR to be more generalized, and avoid calling setsockopt() if not explicitly enabled. I assume that a zero value is anyway the default and that there's no need to make this explicit call, please let me know if these changes make sense.

devnexen · 2022-04-19T13:01:01Z

Yes I ve seen it, it s fine by me.

Add a configuration option to attach an operating system-specific identifier to Redis sockets, supporting advanced network configurations using iptables (Linux) or ipfw (FreeBSD).

devnexen force-pushed the fbsd_sock_cookie branch 5 times, most recently from 1e512b6 to 1f1bb97 Compare February 27, 2022 11:48

yossigo added the state:major-decision Requires core team consensus label Mar 8, 2022

socket-id new config setting proposal.

e5b7e84

adding the possibility to tag sockets with an ID when netfiltering filters above operates in that level.

devnexen force-pushed the fbsd_sock_cookie branch from 1f1bb97 to b7adc13 Compare April 13, 2022 18:11

yossigo added the approval-needed Waiting for core team approval to be merged label Apr 14, 2022

oranagra approved these changes Apr 14, 2022

View reviewed changes

sundb reviewed Apr 14, 2022

View reviewed changes

devnexen force-pushed the fbsd_sock_cookie branch from b7adc13 to 1c92baa Compare April 14, 2022 08:15

sundb reviewed Apr 14, 2022

View reviewed changes

Comment thread src/anet.c Outdated

devnexen force-pushed the fbsd_sock_cookie branch from 1c92baa to ba1d2e7 Compare April 14, 2022 09:14

sundb reviewed Apr 14, 2022

View reviewed changes

Comment thread src/config.c Outdated

devnexen force-pushed the fbsd_sock_cookie branch from ba1d2e7 to 7487ced Compare April 14, 2022 09:35

sundb reviewed Apr 14, 2022

View reviewed changes

Comment thread src/anet.c Outdated

Add Linux and OpenBSD support

4d96b47

devnexen force-pushed the fbsd_sock_cookie branch from 7487ced to 4d96b47 Compare April 14, 2022 09:39

fix failing tests

afd30d0

oranagra assigned yossigo Apr 19, 2022

Minor cleanups.

ce2b204

* A bit more generalized, OS-agnostic terms. * Avoid any setsockopt() call by default.

yossigo changed the title ~~socket-id new config setting proposal.~~ Add socket-mark-id support for marking sockets. Apr 19, 2022

yossigo added 2 commits April 19, 2022 16:01

Typo fix.

6da7c4f

Fix compile issue.

a15af6e

yossigo added the release-notes indication that this issue needs to be mentioned in the release notes label Apr 20, 2022

yossigo merged commit aba2865 into redis:unstable Apr 20, 2022

oranagra mentioned this pull request Apr 27, 2022

Redis 7.0.0 #10652

Merged

Conversation

devnexen commented Feb 27, 2022 • edited by yossigo Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

yossigo commented Mar 8, 2022

Uh oh!

devnexen commented Mar 11, 2022

Uh oh!

devnexen commented Apr 13, 2022

Uh oh!

yossigo commented Apr 14, 2022

Uh oh!

yossigo commented Apr 14, 2022

Uh oh!

oranagra left a comment

Choose a reason for hiding this comment

Uh oh!

oranagra Apr 14, 2022

Choose a reason for hiding this comment

Uh oh!

devnexen commented Apr 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

oranagra commented Apr 14, 2022

Uh oh!

Uh oh!

sundb Apr 14, 2022

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yossigo commented Apr 19, 2022

Uh oh!

devnexen commented Apr 19, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

devnexen commented Feb 27, 2022 •

edited by yossigo

Loading

devnexen commented Apr 14, 2022 •

edited

Loading