|
|
Log in / Subscribe / Register

The trouble with struct sockaddr's fake flexible array

By Jonathan Corbet
November 7, 2024
Flexible arrays — arrays that are declared as the final member of a structure and which have a size determined at run time — have long drawn the attention of developers seeking to harden the kernel against buffer-overflow vulnerabilities. These arrays have reliably been a source of bugs, so anything that can be done to ensure that operations on them stay within bounds is a welcome improvement. While many improvements, including the recent counted-by work, have been made, one of the most difficult cases remains. Now, however, developers who are interested in using recent compiler bounds-checking features are trying to get a handle on struct sockaddr.

The many faces of struct sockaddr

The sockaddr structure dates back to the beginning of the BSD socket API; it is used to hold an address corresponding to one side of a network connection. The 4.2 BSD networking implementation notes from 1983 give its format as: 

    struct sockaddr {
        short sa_family;
	char sa_data[14];
    };

The sa_family field describes which address family is in use — AF_INET for an IPv4 address, for example. sa_data holds the actual address, the format of which will vary depending on the family. The implementation notes say that: "the size of the data field, 14 bytes, was selected based on a study of current address formats". In other words, 14 bytes — much longer than the four needed for an IPv4 address — should really be enough for anybody.

Need it be said that 14 bytes turned out not to be enough? As new protocols came along, they brought address formats that were longer than would fit in sa_data. But the sockaddr structure was firmly set in stone as user-space API and could not be changed. It appears in essentially the same form in any modern Unix-like system; on Linux the type of sa_family is now sa_family_t, but otherwise the structure is the same.

The result was one of the (many) historic kludges of the Unix API. New protocol implementations typically brought with them a variant of struct sockaddr that was suitably sized for the addresses in use; struct sockaddr_in6 for IPv6 addresses, for example, or struct sockaddr_ax25 for AX.25. All of the socket API interfaces still specified struct sockaddr, but implementations on both sides would use the appropriate structure for the protocol in use. Code on both sides of the API would cast pointers to and from struct sockaddr as needed.

Even now, the documented APIs for system calls like connect() and library functions like getaddrinfo() use struct sockaddr. As a result, both user-space programs and the kernel contain a whole set of casts between that type and the type they are (hopefully) actually using. Needless to say, these casts can be error prone; casting a pointer between different structure types is also deemed to be undefined behavior in current C. But that's the price we pay for API compatibility.

The advent of IPv6 also brought another type: struct sockaddr_storage; it is defined as starting with the same sa_family field, but being large enough to hold any of the other sockaddr variants. Code dealing with network addresses can allocate a structure of this type and be sure of having enough space to store any address. This structure is now what is often allocated, but it never appears explicitly in the system-call interface.

Making the flexible array explicit

The C language has accumulated a few idioms for the declaration of flexible arrays over the years; specifying a dimension of zero or one are both common (though deprecated) examples. The syntax blessed by the language standard, though, is to omit the dimension entirely: 

    struct something {
        /* ... */
	int flex_member[]; /* A flexible array */
    };

This syntax makes it clear that a flexible array is in use and that the type declaration cannot be used, on its own, to check for overflows of that array. In no convention is it deemed reasonable to use a dimension of 14 for a flexible array, but that is exactly what now happens with struct sockaddr. The actual length of sa_data is not known, and has a good chance of being larger than the declared size. It is a flexible array disguised as an ordinary array.

That usage complicates checking of struct sockaddr usage for overflows, but the effects go beyond that; it makes detection of flexible arrays harder across the kernel. As Kees Cook noted in this 2022 patch:

One of the worst offenders of "fake flexible arrays" is struct sockaddr, as it is the classic example of why GCC and Clang have been traditionally forced to treat all trailing arrays as fake flexible arrays: in the distant misty past, sa_data became too small, and code started just treating it as a flexible array, even though it was fixed-size.

As long as this usage remains, the checking tools built into both compilers must treat any trailing array in a structure as if it were flexible; that can disable overflow checking on that array entirely.

It would be nice to change this usage but, as was noted above, the layout of struct sockaddr is wired deeply into the socket interface and cannot be changed without breaking applications. But that doesn't mean that the kernel must treat sa_data as anything but a flexible array. To enable that without changing the binary interface, Cook redefined struct sockaddr within the kernel to: 

    struct sockaddr {
        sa_family_t	sa_family;
	union {
	    char sa_data_min[14];
	    DECLARE_FLEX_ARRAY(char, sa_data);
	};
    };

(The DECLARE_FLEX_ARRAY() macro jumps through some hoops needed to declare a flexible array within a union). This change made it clear that sa_data is a flexible array, which helped, in turn, in the goal of allowing the compilers to treat trailing arrays as non-flexible unless they are explicitly declared as such.

This patch was merged for the 6.2 release, and all seemed to be well. But, as Gustavo A. R. Silva pointed out in this patch series, there is a problem with this approach. There are many places in the kernel where struct sockaddr is embedded within another structure, usually not at the end. That has the result of placing a flexible array in the middle of the embedding structure, which is problematic for fairly obvious reasons; the compiler no longer knows what the offsets to the members after struct sockaddr should be. That has resulted in "thousands of warnings" when the suitable check is enabled in the compiler.

Silva's solution was to introduce yet another variant with a familiar form: 

    struct sockaddr_legacy {
        sa_family_t	sa_family;
	char		sa_data[14];
    };

This structure, which lacks the flexible-array member, was then embedded in the other structures, making the warning go away. Since the embedding cases did not use sa_data as a flexible array (otherwise things would never have worked in the first place), this change was deemed safe to make.

Networking maintainer Jakub Kicinski was not convinced about this change, though. He suggested that perhaps Cook's patch should be reverted instead, and a new type should be added for places where a flexible array is actually needed. Cook acknowledged this suggestion as "a pretty reasonable position" and started to ponder on alternatives. He concluded: "Now, if we want to get to a place with the least ambiguity, we need to abolish sockaddr from the kernel internally, and I think that might take a while."

Leaving struct sockaddr behind

In early November, Cook returned with a brief patch series meant to show what that approach would look like. It begins by reverting the 2022 patch, returning struct sockaddr to its original non-flexible form. There is a patch adding comments to places in the networking code that are known to use this structure within its original bounds; they do not need to be changed, and do not need sa_data to be flexible. But that still leaves many uses of struct sockaddr where the data area may, in reality, be larger than 14 bytes.

The solution for many of those places is just to use struct sockaddr_storage instead. Indeed, parts of the network stack already use that structure, but then cast pointers to struct sockaddr for functions that expect that type. One example is inet_addr_is_any(), which takes a struct sockaddr * argument, but is only called by functions using struct sockaddr_storage. In this case, the solution is to change the prototype of the function to match what is really being passed to it and remove the casts from the callers.

Some changes will require more churn, even if they are conceptually simple. The getname() callback (in the proto_ops structure) has long expected a pointer to a sockaddr_storage structure, but its prototype was never changed to match. The patch eliminating the use of struct sockaddr for getname() mostly consists of name changes and cast removal, but it touches 66 files. It also, as Cook noted in the cover letter, is still lying to the compiler in cases where the backing structure is actually smaller than struct sockaddr_storage, "these remain just as safe as they used to be. :)"

This series shows that truly eliminating the use of this structure's sa_data field as a flexible array in disguise will involve a fair amount of work and code churn. Even so, Kicinski commented that it "feels like the right direction". So, while struct sockaddr will likely remain part of the kernel's system-call API forever, its use within the kernel can be expected to fade away over time. A design miscalculation made over 40 years ago may finally stop impeding the use of modern memory-safety tools.

Index entries for this article
KernelFlexible array members
KernelNetworking/struct sockaddr

to post comments

BSD didn't even save a size_t by doing this

Posted Nov 7, 2024 19:37 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (1 responses)

As I read this, it looks like this comes down to a poor design decision in the initial API, namely the choice to use a statically-sized array instead of a dynamic array. It's easy to claim that this would have made sense at the time because it saves a size_t... but that's not actually true:

> The sa_family field describes which address family is in use — AF_INET for an IPv4 address, for example. sa_data holds the actual address, the format of which will vary depending on the family. The implementation notes say that: "the size of the data field, 14 bytes, was selected based on a study of current address formats". In other words, 14 bytes — much longer than the four needed for an IPv4 address — should really be enough for anybody.

A size_t (or the moral equivalent in pre-standards C) has never been 10+ bytes on any real platform that people have used for serious purposes, with the possible exception of a small handful of natively 128-bit supercomputers. If you're willing to waste 10 bytes in the extremely common case of IPv4, you should be willing to spend 4 bytes on a size_t/long/whatnot (or however many bytes a size_t-ish was in 1983), since that would net out to 6 bytes saved in the case of IPv4. I think the more plausible explanation is that somebody didn't feel like writing the extra code to initialize the size field.

(And no, using something other than a size_t due to its lack of standardization would not have caused problems today. Unless there's some weird networking protocol I don't know about that requires addresses bigger than 64K, a 16-bit size field would still be more than adequate even if it would be a bit nonstandard.)

BSD didn't even save a size_t by doing this

Posted Nov 7, 2024 20:53 UTC (Thu) by khim (subscriber, #9252) [Link]

> I think the more plausible explanation is that somebody didn't feel like writing the extra code to initialize the size field.

The simple explanation is that was 1983. Time where backward compatibility started becoming important but no one really felt it would become critical.

Just five years before that FORTRAN removed some pieces from standard without anyone batting an eye!

Surely it's a software, it's malleable, people would just fix it later, when requirements would change?

It's only when people started dragging feet with upgrade to FORTRAN 77, when people essentially boycotted MS-DOS 4.0 (in 1988!) because it changed some internal data structures which “programs were not supposed to ever touch”, only when OS/2 completely imploded because someone decided to “improve” Presentation Manager API… only then developers of operation systems realized that keeping ABI stable would make or break them (and even after that moment Linux developers denied the obvious for decades, but that's another thing).

I would bet that no one expected to see sockaddr, casually introduced in 1983 just for the “large-scale experiment” (as Vint Cerf attests IPv4 was envisioned as large-scale experiment, no one expected it to be used outside of academy and there were expectation that another thing or yet another thing would be used by everyone else) – would still be in use 40 years later and would affect hundreds of billions devices… if they have heard about it they would have assumed you have lost all your marbles.

Why oh why …?

Posted Nov 7, 2024 20:19 UTC (Thu) by smurf (subscriber, #17840) [Link]

> places in the kernel where struct sockaddr is embedded within another structure, usually not at the end

Well since the subtype of "struct sockaddr" that's actually used in these places is not and never was 14+2 bytes long, why was the option to replace these with the sockaddr type that's actually used there not considered?

Seems like a no-brainer to me.

sockaddr API design

Posted Nov 7, 2024 23:52 UTC (Thu) by jengelh (subscriber, #33263) [Link] (1 responses)

>struct sockaddr_storage [...] is now what is often allocated, but it never appears explicitly in the system-call interface.

I am surprised no one has mentioned that the sockaddr struct family essentially forms a class hierarchy. Think of it like so:

struct sockaddr { sa_family_t family; } struct sockaddr_in6 : public sockaddr { uint16_t port; ... } struct sockaddr_storage : public sockaddr { char moarroom[126]; };

And then it's obvious why bind() and connect() take a struct sockaddr. It works with any sockaddr type, and in that sense, userland should have no need to care about the size of sockaddr::sa_data, or that this member even exists. sockaddr::sa_data (as well as sockaddr_storage) may help code reduction, fewer casts, or performance optimizations, but it is not needed conceptually.

>Code dealing with network addresses can allocate a [sockaddr_storage] and be sure of having enough space to store any address

sockaddrs are inherently variable-length (as evidenced by the length argument to bind/connect/accept), and sockaddr_storage does not fix that. It's just a conveniently-sized buffer for "this operating system's most common sockaddrs at the time of compilation", but it is not completely future-proof.

In fact, we could have limitness AF_UNIX paths already if we did not constrain ourselves to using sockaddr_un (in both userland and kernelspace):

const char *path = argv[1];
socklen_t addrlen = offsetof(struct sockaddr, sa_data) + strlen(path) + 1;
char *addr = malloc(addrlen);
((struct sockaddr *)addr)->sa_family = AF_UNIX;
strcpy(&addr[2], argv[1]);
int ret = bind(sk, (struct sockaddr *)addr, addrlen);

sockaddr API design

Posted Nov 8, 2024 1:37 UTC (Fri) by wahern (subscriber, #37304) [Link]

> In fact, we could have limitness AF_UNIX paths already if we did not constrain ourselves to using sockaddr_un (in both userland and kernelspace):

Some systems, like macOS, do allow providing a path larger than sizeof .sun_path (104 on my laptop). On those systems, when querying an address using getsockname or getpeername, you should check the returned addrlen and try again if it's larger than the provided buffer. Though in the case of macOS the path length isn't limitless, but 252 characters (address structure size of 255, including a trailing NUL character).

sockaddr used in the kernel?

Posted Nov 8, 2024 2:59 UTC (Fri) by clugstj (subscriber, #4020) [Link] (13 responses)

"There are many places in the kernel where struct sockaddr is embedded within another structure"

How can this be anything but a bug? It's not big enough for many address formats.

sockaddr used in the kernel?

Posted Nov 8, 2024 3:41 UTC (Fri) by iabervon (subscriber, #722) [Link] (12 responses)

I was wondering the same thing, so I looked at some of the patches. The answer is that it's an address from a specific family. E.g., your wireless card's MAC address is always a MAC address, not an IPv6 address. However, storing those 6 bytes next to the right 2 bytes and 8 unused bytes allows it to be passed in situ to functions that can take all sorts of addresses, without needing a ton of MAC-address-specific functions or using two function arguments per address in all of the functions.

sockaddr used in the kernel?

Posted Nov 8, 2024 7:02 UTC (Fri) by smurf (subscriber, #17840) [Link] (11 responses)

Well. But several addresses are longer anyway, so presumably the called functions restrict themselves to the sa_family-specified length.

So why do the short variants need padding up to an arbitrary 14, which happens to not match *any* actual address type's length?

sockaddr used in the kernel?

Posted Nov 8, 2024 7:58 UTC (Fri) by johill (subscriber, #25196) [Link] (10 responses)

Because ... history. The API to userspace was defined that way (some of it perhaps even back when 14 "was enough for everyone"), so it cannot be changed now.

Sure, wireless extensions wouldn't need 14 bytes for a MAC address there, only ever 6. But now it's stuck with 14 and can't use 6, and shouldn't use "14 or variable" either because it's embedded in other types.

sockaddr used in the kernel?

Posted Nov 8, 2024 21:31 UTC (Fri) by magfr (subscriber, #16052) [Link]

I am actually also curious about why the padding is needed?

Would it be confirming if the kernel returned a size of 8 and only filled in the sin_family, sin_port, and sin_addr fields?

I suppose the kernel does nothing with the padding as it is today so beeing explicit about it should be ok.

It should be noted that posix says sa_data must exist but it says nothing about it's size.

Then there is the issue that all the sockaddr_xx types must have the same alignment.

What I am going for is if the following is standards conforming:

typedef alignas(16) int16_t sa_family_t;
struct sockaddr { sa_family_t sa_family; char sa_data[]; };
struct sockaddr_in { sa_family_t sin_family; uint16_t sin_port; struct inaddr sin_addr; };

with an obvious caveat for what the alignment of sa_family_t should be.

In particular this makes sizeof(struct sockaddr) == 2 and sizeof(struct sockaddr_in) == 8 but note that
sizeof(struct sockaddr[2]) == 32 due to the alignment.

sockaddr used in the kernel?

Posted Nov 9, 2024 8:33 UTC (Sat) by smurf (subscriber, #17840) [Link] (8 responses)

Exactly which userspace API requires a 16-byte sockaddr? Using that type always requires a socket type. Some addresses are larger than the traditional sockaddr_t (Unix, IPv6, …) some are smaller (IPv4); there's nothing that requires zeroing out the padding in the latter.

So why does the kernel really need padded addresses anywhere? Just use / copy however many bytes the address's type requires and be done with it.

sockaddr used in the kernel?

Posted Nov 9, 2024 23:15 UTC (Sat) by johill (subscriber, #25196) [Link] (7 responses)

None requires 16 bytes, probably?

But for some APIs the address is _embedded_ into other structures (which is what most of the article is about), and changing the size now would change the position of everything that comes after it, breaking the ABI.

sockaddr used in the kernel?

Posted Nov 10, 2024 9:17 UTC (Sun) by smurf (subscriber, #17840) [Link] (6 responses)

Exactly which API are we talking about here? (Presumably one that doesn't support IPv6 …)

I'm not aware of any system call that embeds a sockaddr in some other data structure, but maybe that's just me.

sockaddr used in the kernel?

Posted Nov 10, 2024 19:20 UTC (Sun) by johill (subscriber, #25196) [Link] (5 responses)

Yeah, it's just you? ;-)

You can take a look at https://lore.kernel.org/netdev/cover.1729802213.git.gusta... for probably most/all of the APIs affected.

sockaddr used in the kernel?

Posted Nov 10, 2024 21:18 UTC (Sun) by smurf (subscriber, #17840) [Link] (4 responses)

Ah, so ioctls for the IPv4 ARP table, legacy routing, and similar stuff that frankly I'd deprecate in a heartbeat. Does anybody (except /sbin/arp AFAICT) still not use netlink for that, these days?

Oh well.

sockaddr used in the kernel?

Posted Nov 10, 2024 21:32 UTC (Sun) by johill (subscriber, #25196) [Link] (3 responses)

A surprisingly large number of tools still use(d) wext, but I'm kicking them out - WiFi7 hardware no longer supports wext in any way. Let's see if I can win that fight ...

sockaddr used in the kernel?

Posted Nov 11, 2024 9:21 UTC (Mon) by Sesse (subscriber, #53779) [Link] (2 responses)

I'd happily switch to iw, except… I really like the output of iwconfig and iwlist? I don't understand why we need to couple API changes with how a CLI works (especially when said CLI moves more towards the needs of low-level expert users).

sockaddr used in the kernel?

Posted Nov 11, 2024 10:36 UTC (Mon) by mb (subscriber, #50428) [Link] (1 responses)

cfg80211 has always included a wireless-extensions API emulation to keep iwconfig and lwlist working.
So it's exactly the opposite of what you say: The fundamental API has changed, but the obsolete CLI and its obsolete API have not.
So, if almost two decades is not enough for you to adapt to the "new" iw CLI, then you can keep using iwconfig/iwlist.

sockaddr used in the kernel?

Posted Nov 11, 2024 12:34 UTC (Mon) by johill (subscriber, #25196) [Link]

Well, no, as I said - I'm removing that part too now for WiFi7 hardware. There are some technical reasons for that even.

As for the question about why it "must" be coupled with changes in the CLI, well ... it doesn't really need to be, but when writing a completely new tool that for the most part has completely new semantics, keeping the CLI intact really isn't the first priority.

If you want to submit patches to make 'iw' have a mode where it behaves like iwconfig/iwlist for a subset of functionality, I guess I'd even apply them if they're reasonably well implemented.

But you can keep using it for eternity, for all I care, just don't expect new hardware support etc., and then you can just keep using an old kernel version too.

minimum size for flexible arrays

Posted Nov 8, 2024 6:23 UTC (Fri) by magnus (subscriber, #34778) [Link] (3 responses)

I guess the data length of 14 in the sockaddr was also chosen to get a nice even size of 16 bytes on older archs where short is 2 bytes long.

Beside legacy issues, could it make sense to have a minimum size for flex arrays in some cases, like to know you can always use a bigger access to fetch it or use the first n bytes as a hash or something (provided the unused bytes are always 0)?

minimum size for flexible arrays

Posted Nov 8, 2024 6:57 UTC (Fri) by intelfx (subscriber, #130118) [Link] (2 responses)

> on older archs where short is 2 bytes long

Isn't short more-or-less always 2 bytes long? (Checked x86-64, aarch64, mips64 and ppc64, what did I miss?)

minimum size for flexible arrays

Posted Nov 8, 2024 10:20 UTC (Fri) by jengelh (subscriber, #33263) [Link]

Common, but not required. It's not the size that is mandated, but the bit width/value range. Think sizeof(long long)=1 with CHAR_BIT=64.

minimum size for flexible arrays

Posted Nov 8, 2024 13:19 UTC (Fri) by magnus (subscriber, #34778) [Link]

I learned something today! Thanks..

Backwards compatibility at any cost?

Posted Nov 8, 2024 8:57 UTC (Fri) by taladar (subscriber, #68407) [Link] (14 responses)

Sounds to me like a good example why backwards compatibility should sometimes be broken even if it causes great pain once so we won't be stuck with bad design decisions from literally decades ago forever.

Backwards compatibility at any cost?

Posted Nov 8, 2024 19:48 UTC (Fri) by jeremyhetzler (subscriber, #127663) [Link]

I would love to read a book about the history of API backward compatibility in OSes, and how we got to where we are today.

Because intuitively I see your point, but demonstrably Linux is very *very* committed to the concept. MS maybe less so, but still more than I imagine is convenient for them.

Backwards compatibility at any cost?

Posted Nov 8, 2024 20:25 UTC (Fri) by rweikusat2 (subscriber, #117920) [Link] (4 responses)

The chances that people will modify all existing software ever developed for the BSD sockets API just because someone thinks he has a better idea for representing network addresses are - politely put - not very great.

:-)

Backwards compatibility at any cost?

Posted Nov 9, 2024 8:38 UTC (Sat) by smurf (subscriber, #17840) [Link]

IMHO the only incompatibility is that for addresses smaller than 16 bytes the kernel will no longer zero out the padding when it copies an address to userspace / require the padding to even exist when it reads an address.

Everything else should literally stay the same. I have no idea how many programs go splat because their address padding is no longer overwritten but if the number is nonzero then a compatibility mode can be added to the place where the address is copied to userspace. Not spread across the whole of the kernel.

Backwards compatibility at any cost?

Posted Nov 14, 2024 5:40 UTC (Thu) by dvdeug (subscriber, #10998) [Link] (2 responses)

You can always have a BSD sockets API translation layer. It could be constrained to libc, but the kernel would probably support those system calls indefinitely. But that wouldn't stop a new set of system calls and the old system calls being wrappers around the new system calls.

Backwards compatibility at any cost?

Posted Nov 14, 2024 7:01 UTC (Thu) by smurf (subscriber, #17840) [Link] (1 responses)

The Sockets API isn't the problem. It happens not to embed a sockaddr in anything, much less in the middle of another struct.

Backwards compatibility at any cost?

Posted Nov 14, 2024 21:29 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

It kinda is...

A lot of the sockets API needs to be rewritten. It needs to support Happy Eyeballs, it needs to expose the DNS data explicitly (TXT queries, etc.), it needs to be able to deal with changing/multiple addresses for the bound sockets, etc.

Backwards compatibility at any cost?

Posted Nov 10, 2024 18:33 UTC (Sun) by lunaryorn (subscriber, #111088) [Link] (7 responses)

If we go that way we might just as well deprecate the entire socket API right away and invent an entirely new networking API, because frankly, the socket API is not a great by modern standards.

Backwards compatibility at any cost?

Posted Nov 10, 2024 21:31 UTC (Sun) by intelfx (subscriber, #130118) [Link] (1 responses)

> If we go that way we might just as well deprecate the entire socket API right away and invent an entirely new networking API, because frankly, the socket API is not a great by modern standards.

How would you do one better? (Architecturally, not just minor C technicalities like the one discussed in the article.)

Backwards compatibility at any cost?

Posted Nov 23, 2024 18:15 UTC (Sat) by anton (subscriber, #25547) [Link]

How would you do one better?
By looking at what Ken Thompson did, i.e. Plan 9. The Berkeley socket API appears totally alien to Unix, and was probably designed to have as little to do with the rest of the kernel as possible. E.g., send() instead of write() and recv() instead of read(); at least that was corrected later, but we still have send() and recv().

Backwards compatibility at any cost?

Posted Nov 10, 2024 21:35 UTC (Sun) by smurf (subscriber, #17840) [Link]

While the Berkeley socket API is in fact not that great by today's standard, it's also not interesting WRT this discussion because it does *not* have sockaddr structs embedded somewhere in the middle of other objects.

Backwards compatibility at any cost?

Posted Nov 17, 2024 19:35 UTC (Sun) by skissane (subscriber, #38675) [Link] (3 responses)

> the socket API is not a great by modern standards.

The IETF is working on a "successor to the sockets API": https://datatracker.ietf.org/doc/draft-ietf-taps-interface/

Although who knows who will actually implement it.

Backwards compatibility at any cost?

Posted Nov 17, 2024 21:05 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

STREAMS, but different!

Backwards compatibility at any cost?

Posted Nov 18, 2024 6:18 UTC (Mon) by smurf (subscriber, #17840) [Link]

Streams are *way* cool when you do them The Right Way.
They can also eat your machine's performance for breakfast (and have room left over) when you do them naïvely.

Backwards compatibility at any cost?

Posted Nov 17, 2024 21:13 UTC (Sun) by smurf (subscriber, #17840) [Link]

> The IETF is working on a "successor to the sockets API":

Well. Eight people have written 26 RFC drafts, during the last 6 years, for this one.
That's four people, five years, and 20 drafts too many IMHO.
Also, the latest of those drafts expired two months ago, but at least it's in Approved state and in the RFC editor queue by now.

> Although who knows who will actually implement it.

IMHO the comment by Roman Danyliw (see the RFC history) is telling:

> […] I am abstaining on this document because there is a degree of specificity in the abstract API in this document that I cannot reconcile with proposed standard status. […]

… meaning that it's way not specific enough that, given this RFC, somebody'd be able to write a program that's expected to work with any specific implementation. Thus, more RFCs and system-specific (thus mostly-incompatible) scaffolding will be needed.

Thus, again IMHO, this will not replace the Socket API any time soon.

Interesting problem

Posted Nov 9, 2024 13:08 UTC (Sat) by jd (guest, #26381) [Link] (1 responses)

The non-existent uptake of the Naval Research Lab's library for dealing with struct sockaddr (IIRC, it provided a portable replacement structure and hid all the fine details) suggests that, at least in the mid 90s, there wasn't much interest in reliable memory handling.

It would have required a fair bit of work for legacy code, yes, but you might have expected new code to use it as IPv6 was quite difficult to handle.

This suggests that there's a degree of conservatism in programming, a preference for The Old Ways. This is going to complicate efforts to do anything new that is visible.

Interesting problem

Posted Nov 17, 2024 19:24 UTC (Sun) by skissane (subscriber, #38675) [Link]

> the Naval Research Lab's library for dealing with struct sockaddr

Is that available somewhere still? Would be an interesting bit of history to look at.


Copyright © 2024, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds