Re: [core] Interest in defining CoAP over Unix Domain sockets?

Jon Shallow <supjps-ietf@jpshallow.com> Fri, 16 June 2023 09:06 UTC

Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C357AC151719 for <core@ietfa.amsl.com>; Fri, 16 Jun 2023 02:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Rm0fVHgRSKr for <core@ietfa.amsl.com>; Fri, 16 Jun 2023 02:06:35 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [31.22.13.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CC78C151544 for <core@ietf.org>; Fri, 16 Jun 2023 02:06:34 -0700 (PDT)
Received: from [192.168.0.78] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1qA5Pb-0005kH-04; Fri, 16 Jun 2023 10:06:31 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: 'Christian Amsüss' <christian@amsuess.com>
Cc: core@ietf.org
References: <004601d90ee3$dd59df80$980d9e80$@jpshallow.com> <ZIr7p/t2jw7NILUW@hephaistos.amsuess.com>
In-Reply-To: <ZIr7p/t2jw7NILUW@hephaistos.amsuess.com>
Date: Fri, 16 Jun 2023 10:06:23 +0100
Message-ID: <076101d9a031$d2d0a0f0$7871e2d0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI0eiyo13tkLZMJo+2rfTYfx7famQJ0YPf5rsPHWoA=
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/DLAaptNsZACejI6p1RgtBnd39u0>
Subject: Re: [core] Interest in defining CoAP over Unix Domain sockets?
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 09:06:36 -0000

Hi Christian,

Thanks for coming back on this - please see comments inline.

Regards

Jon

> -----Original Message-----
> From: Christian Amsüss [mailto: christian@amsuess.com]
> Sent: 15 June 2023 12:53
> To: Jon Shallow
> Cc: core@ietf.org
> Subject: Re: [core] Interest in defining CoAP over Unix Domain sockets?
> 
> Hi Jon, list,
> 
> On Tue, Dec 13, 2022 at 11:13:01AM -0000, Jon Shallow wrote:
> > There has been a request for supporting CoAP over Unix Domain sockets
> > - primarily for a reverse proxy which is secured to the outside world
> > but wants to distribute the CoAP traffic internally [...]
> 
> I agree this is a valuable use case.

Good.

> 
> I don't agree that we'd necessarily need to provide URIs for these: 

URIs are useful for test clients to test the Unix socket link.

> It might
> make sense to make this a proxy-only hop.

Maybe, but port forwarding is certainly an option.

>This would mean that
> 
> * the Uri-Host and Uri-Port options don't have default values (maybe
>   it's an error to assume any value unless they are explicit), and/or
> * it is mandatory to set Proxy-Scheme, Uri-Host (and, if different from
>   the scheme's default), Uri-Port.
> 
> Implementations would probably want to do this anyway, for otherwise the
> server would not know which address the client assumes to be the Base URI,
> and experience deploying WebDAV behind reverse proxies shows that that's
> problematic.

Makes sense these are in the proxy to Unix socket server "connection".

> 
> If the (socket) server decides to ignore those options, it may do so with
the
> same caveats with which a regular server would ignore a Uri-Host (I don't
know
> the list of caveats, and it's likely subtle, but at least it's something
people
> already do or do not ignore).
> 
> ---
> 
> That being said, what other open questions are there? Off the top of my
head,
> 
> * The transport is reliable. Do we need MID and message types? (We
>   stripped them for RFC8323 protocols)

For stream Unix Sockets, no, for datagram Unix sockets depends whether we
want to maintain the tcp/udp (stream/datagram) differences across the
AF_UNIX, AF_INET and AF_INET6 (and potentially others) families.

> * The transport is ordered. Do RFC8323's rule about Observe being empty
>   in responses apply?

If external "connection" is UDP, then Observe values will be needed for
that.  Not convinced that proxy needs to be that smart to add in observe
values.

I see this as UDP -> datagram Unix socket, and TCP-> stream Unix socket, so
that the Unix socket server knows whether it is handling reliable or
unreliable protocols.

> * The client can open the socket multiple times. Should it do so when
>   sending multiple requests? If so, it we could also do away with
>   tokens. (Admittedly I'm a sucker for token-less transports; the
>   practical answer is probably still "no" for performance reasons).

Hmm - not convinced.  However, each new open needs to have a unique client
'file name' so that the server knows which "connection" to send the response
back on.

> 
> I've always assumed that the UDP-to-socket thing is acting a proxy here,
with
> all the rights and responsibilities (like, the transport has no MTU, thus
> applications may respond with arbitrarily large messages, and the proxy
will
> blockwise for them -- but also, unknown proxy-unsafe options are
> showstoppers). If we go full same-wire-format, there is an
> alternative: Treat this not like a proxy but like a port forwarder, and
open the
> socket anew for every new client. Then, it could forward even completely
> unparsable messages. In that scenario, it may make sense to send a
signaling
> message first to tell the server what the actual addresses (and
characteristics
> like MTU) are.

For TCP->stream it would be easy to inject a CSM containing the necessary
information.  CSMs could be added to the UDP->datagram case.

> 
> BR
> c
> 
> --
> To use raw power is to make yourself infinitely vulnerable to greater
powers.
>   -- Bene Gesserit axiom