The unreliability of AF_UNIX datagram sockets
Ken Brown
kbrown@cornell.edu
Thu Apr 29 14:38:05 GMT 2021
On 4/29/2021 7:05 AM, Corinna Vinschen wrote:
> On Apr 27 11:47, Ken Brown wrote:
>> This is a follow-up to
>>
>> https://cygwin.com/pipermail/cygwin/2021-April/248383.html
>>
>> I'm attaching a test case slightly simpler than the one posted by the OP in
>> that thread. This is a client/server scenario, with non-blocking AF_UNIX
>> datagram sockets. The client writes COUNT messages while the server is
>> playing with his toes. Then the server reads the messages.
>>
>> If COUNT is too big, the expectation is that the client's sendto call will
>> eventually return EAGAIN. This is what happens on Linux. On Cygwin,
>> however, there is never a sendto error; the program ends when recv fails
>> with EAGAIN, indicating that some messages were dropped.
>>
>> I think what's happening is that WSASendTo is silently dropping messages
>> without returning an error. I guess this is acceptable because of the
>> documented unreliability of AF_INET datagram sockets. But AF_UNIX datagram
>> sockets are supposed to be reliable.
>>
>> I can't think of anything that Cygwin can do about this (but I would love to
>> be proven wrong). My real reason for raising the issue is that, as we
>> recently discussed in a different thread, maybe it's time for Cygwin to
>> start using native Windows AF_UNIX sockets. But then we would still have to
>> come up with our own implementation of AF_UNIX datagram sockets, and it
>> seems that we can't simply use the current implementation. AFAICT, Mark's
>> suggestion of using message queues is the best idea so far.
>>
>> I'm willing to start working on the switch to native AF_UNIX sockets. (I'm
>> frankly getting bored with working on the pipe implementation, and this
> ^^^^^^^^^^^^^
> I not really surprised, Windows pipe semantics are annoying.
>
>> doesn't really seem like it has much of a future.) But I'd like to be
>> confident that there's a good solution to the datagram problem before I
>> invest too much time in this.
>
> Summary of our short discussion on IRC:
>
> - Switching to SOCK_STREAM under the hood adds the necessary reliabilty
> but breaks DGRAM message boundaries.
>
> - There appears to be no way in Winsock to handle send buffer overflow
> gracefully so that user space knows that messages have been discarded.
> Strange enoug there's a SIO_ENABLE_CIRCULAR_QUEUEING ioctl, but that
> just makes things worse, by dropping older messages in favor of the
> newer ones :-P
>
> I think it should be possible to switch to STREAM sockets to emulate
> DGRAM semantics. Our advantage is that this is all local. For all
> practical purposes there's no chance data gets really lost. Windows has
> an almost indefinite send buffer.
>
> If you look at the STREAM as a kind of tunneling layer for getting DGRAM
> messages over the (local) line, the DGRAM content could simply be
> encapsulated in a tunnel packet or frame, basically the same way the
> new, boring AF_UNIX code does it. A DGRAM message encapsulated in a
> STREAM message always has a header which at least contains the length of
> the actual DGRAM message. So when the peer reads from the socket, it
> always only reads the header until it's complete. Then it knows how
> much payload is expected and then it reads until the payload has been
> received.
This should work. We could even use MSG_PEEK to read the header and then
MSG_WAITALL to read the whole packet.
I'd be happy to try to implement this. Do you want to create a branch (maybe
topic/dgram or something like that) for working on it?
> Ultimately this would even allow to emulate DGRAMs when using native
> Windows AF_UNIX sockets. Then we'd just have to keep the old code for
> backward compat.
Yep.
> There's just one problem with this entire switch to non-pipes: Sending
> descriptors between peers running under different accounts requires to
> be able to switch the user context. You need this if the sender is a
> non-admin account to call ImpersonateNamedPipeClient in the receiver.
> So we might need to keep the pipes even if just for the purpose of being
> able to call ImpersonateNamedPipeClient...
>
>
> Thoughts?
Sounds great. Thanks.
Ken
More information about the Cygwin-developers
mailing list