Re: [core] Interest in defining CoAP over Unix Domain sockets?

Jon Shallow <> Fri, 16 June 2023 09:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C357AC151719 for <>; Fri, 16 Jun 2023 02:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0Rm0fVHgRSKr for <>; Fri, 16 Jun 2023 02:06:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6CC78C151544 for <>; Fri, 16 Jun 2023 02:06:34 -0700 (PDT)
Received: from [] (helo=N01332) by with esmtp (Exim 4.92.3) (envelope-from <>) id 1qA5Pb-0005kH-04; Fri, 16 Jun 2023 10:06:31 +0100
From: Jon Shallow <>
To: 'Christian Amsüss' <>
References: <004601d90ee3$dd59df80$980d9e80$> <ZIr7p/>
In-Reply-To: <ZIr7p/>
Date: Fri, 16 Jun 2023 10:06:23 +0100
Message-ID: <076101d9a031$d2d0a0f0$7871e2d0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI0eiyo13tkLZMJo+2rfTYfx7famQJ0YPf5rsPHWoA=
Content-Language: en-gb
Archived-At: <>
Subject: Re: [core] Interest in defining CoAP over Unix Domain sockets?
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Jun 2023 09:06:36 -0000

Hi Christian,

Thanks for coming back on this - please see comments inline.



> -----Original Message-----
> From: Christian Amsüss [mailto:]
> Sent: 15 June 2023 12:53
> To: Jon Shallow
> Cc:
> Subject: Re: [core] Interest in defining CoAP over Unix Domain sockets?
> Hi Jon, list,
> On Tue, Dec 13, 2022 at 11:13:01AM -0000, Jon Shallow wrote:
> > There has been a request for supporting CoAP over Unix Domain sockets
> > - primarily for a reverse proxy which is secured to the outside world
> > but wants to distribute the CoAP traffic internally [...]
> I agree this is a valuable use case.


> I don't agree that we'd necessarily need to provide URIs for these: 

URIs are useful for test clients to test the Unix socket link.

> It might
> make sense to make this a proxy-only hop.

Maybe, but port forwarding is certainly an option.

>This would mean that
> * the Uri-Host and Uri-Port options don't have default values (maybe
>   it's an error to assume any value unless they are explicit), and/or
> * it is mandatory to set Proxy-Scheme, Uri-Host (and, if different from
>   the scheme's default), Uri-Port.
> Implementations would probably want to do this anyway, for otherwise the
> server would not know which address the client assumes to be the Base URI,
> and experience deploying WebDAV behind reverse proxies shows that that's
> problematic.

Makes sense these are in the proxy to Unix socket server "connection".

> If the (socket) server decides to ignore those options, it may do so with
> same caveats with which a regular server would ignore a Uri-Host (I don't
> the list of caveats, and it's likely subtle, but at least it's something
> already do or do not ignore).
> ---
> That being said, what other open questions are there? Off the top of my
> * The transport is reliable. Do we need MID and message types? (We
>   stripped them for RFC8323 protocols)

For stream Unix Sockets, no, for datagram Unix sockets depends whether we
want to maintain the tcp/udp (stream/datagram) differences across the
AF_UNIX, AF_INET and AF_INET6 (and potentially others) families.

> * The transport is ordered. Do RFC8323's rule about Observe being empty
>   in responses apply?

If external "connection" is UDP, then Observe values will be needed for
that.  Not convinced that proxy needs to be that smart to add in observe

I see this as UDP -> datagram Unix socket, and TCP-> stream Unix socket, so
that the Unix socket server knows whether it is handling reliable or
unreliable protocols.

> * The client can open the socket multiple times. Should it do so when
>   sending multiple requests? If so, it we could also do away with
>   tokens. (Admittedly I'm a sucker for token-less transports; the
>   practical answer is probably still "no" for performance reasons).

Hmm - not convinced.  However, each new open needs to have a unique client
'file name' so that the server knows which "connection" to send the response
back on.

> I've always assumed that the UDP-to-socket thing is acting a proxy here,
> all the rights and responsibilities (like, the transport has no MTU, thus
> applications may respond with arbitrarily large messages, and the proxy
> blockwise for them -- but also, unknown proxy-unsafe options are
> showstoppers). If we go full same-wire-format, there is an
> alternative: Treat this not like a proxy but like a port forwarder, and
open the
> socket anew for every new client. Then, it could forward even completely
> unparsable messages. In that scenario, it may make sense to send a
> message first to tell the server what the actual addresses (and
> like MTU) are.

For TCP->stream it would be easy to inject a CSM containing the necessary
information.  CSMs could be added to the UDP->datagram case.

> BR
> c
> --
> To use raw power is to make yourself infinitely vulnerable to greater
>   -- Bene Gesserit axiom