nixcloud/ip2unix

Add support for host names

aszlig opened this issue · 0 comments

aszlig commented

Right now, we only support IP addresses when matching connections, but for test environments it's very useful if we could directly match host names. To some extent, this is already possible by using libredirect and providing a custom /etc/hosts, eg. like this:

{ stdenv, writeText, libredirect }:

stdenv.mkDerivation {
  # ...
  LD_PRELOAD = "${libredirect}/lib/libredirect.so";
  NIX_REDIRECTS = "/etc/hosts=${writeText "hosts" ''
    127.0.0.1 localhost somehost
    ::1 localhost somehost
  ''}";
  # ...
}

This however does have a few issues:

  • Existing entries from the real /etc/hosts are not honored and thus would need to be duplicated.

  • Adding additional host names would also add a layer of indirection, for example if we have the following hosts file:

    127.0.0.2 example.org
127.0.0.1 example.com
::1 example.net

    The corresponding ip2unix command would be:

    ip2unix -r addr=127.0.0.2,path=/run/org.sock \
        -r addr=127.0.0.1,path=/run/com.sock \
        -r addr=::1,path=net.sock \
        some_command

    Using only ip2unix would make way more compact and we no longer would need to have an extra hosts file:

    ip2unix -r host=example.org,path=/run/org.sock \
        -r host=example.com,path=/run/com.sock \
        -r host=example.net,path=net.sock \
        some_command

    Maybe we could even do something like this (although I'm not sure whether this could be done moderately stateless):

    ip2unix -r path=/run/%h.sock some_command

  • Since libredirect wraps all all calls that deal with opening files, the amount of calls needed to wrap is quite large. Since we only need to target getaddrinfo, getaddrinfo_a, gethostbyname, gethostent and gethostent_r, the amount of calls we need to wrap is rather low.

Some things we need to investigate to check whether this is worth having in ip2unix:

  • Wrapping the getaddrinfo_a GNU extension could be quite tricky.

  • It could be quite challenging to find an intermediate IP address to resolve to.

  • Let's say we have a command like this:

    ip2unix -r host=example.org,port=1234,path=/run/foo.sock

    In this case, we only want to use Unix domain sockets for port 1234, but all other connections should use the real IP address of example.org. Implementing this without getting vastly more error-prone will be quite hard.

While there are some benefits as outlined above, it's also tricky to implement and if we don't find a way to do it elegantly or at least not ugly as hell, I won't pursue this further.