Add support for host names
aszlig opened this issue · 0 comments
Right now, we only support IP addresses when matching connections, but for test environments it's very useful if we could directly match host names. To some extent, this is already possible by using libredirect
and providing a custom /etc/hosts
, eg. like this:
{ stdenv, writeText, libredirect }:
stdenv.mkDerivation {
# ...
LD_PRELOAD = "${libredirect}/lib/libredirect.so";
NIX_REDIRECTS = "/etc/hosts=${writeText "hosts" ''
127.0.0.1 localhost somehost
::1 localhost somehost
''}";
# ...
}
This however does have a few issues:
-
Existing entries from the real
/etc/hosts
are not honored and thus would need to be duplicated. -
Adding additional host names would also add a layer of indirection, for example if we have the following
hosts
file:127.0.0.2 example.org 127.0.0.1 example.com ::1 example.net
The corresponding
ip2unix
command would be:ip2unix -r addr=127.0.0.2,path=/run/org.sock \ -r addr=127.0.0.1,path=/run/com.sock \ -r addr=::1,path=net.sock \ some_command
Using only
ip2unix
would make way more compact and we no longer would need to have an extrahosts
file:ip2unix -r host=example.org,path=/run/org.sock \ -r host=example.com,path=/run/com.sock \ -r host=example.net,path=net.sock \ some_command
Maybe we could even do something like this (although I'm not sure whether this could be done moderately stateless):
ip2unix -r path=/run/%h.sock some_command
-
Since
libredirect
wraps all all calls that deal with opening files, the amount of calls needed to wrap is quite large. Since we only need to targetgetaddrinfo
,getaddrinfo_a
,gethostbyname
,gethostent
andgethostent_r
, the amount of calls we need to wrap is rather low.
Some things we need to investigate to check whether this is worth having in ip2unix
:
-
Wrapping the
getaddrinfo_a
GNU extension could be quite tricky. -
It could be quite challenging to find an intermediate IP address to resolve to.
-
Let's say we have a command like this:
ip2unix -r host=example.org,port=1234,path=/run/foo.sock
In this case, we only want to use Unix domain sockets for port 1234, but all other connections should use the real IP address of
example.org
. Implementing this without getting vastly more error-prone will be quite hard.
While there are some benefits as outlined above, it's also tricky to implement and if we don't find a way to do it elegantly or at least not ugly as hell, I won't pursue this further.