Issue 690903002: Remove timing limitation of SetOption invocation for PPAPI sockets.

hidehiko

hidehiko@chromium.org changed reviewers: + dmichael@chromium.org, mmenke@chromium.org, sergeyu@chromium.org

6 years, 1 month ago (2014-10-30 09:10:55 UTC) #1

hidehiko

Dave, could you review this CL from PPAPI's point of view? Matt, could you review ...

6 years, 1 month ago (2014-10-30 09:10:56 UTC) #2

mmenke

I'm not terribly familiar with the UDP code. Maybe someone who's been working on QUIC, ...

6 years, 1 month ago (2014-10-30 14:40:38 UTC) #3

hidehiko

On 2014/10/30 14:40:38, mmenke wrote: > I'm not terribly familiar with the UDP code. Maybe ...

6 years, 1 month ago (2014-10-30 16:38:41 UTC) #4

dmichael (off chromium)

dmichael@chromium.org changed reviewers: + bbudge@chromium.org

6 years, 1 month ago (2014-10-30 17:59:25 UTC) #5

dmichael (off chromium)

FYI, bbudge is going to look, since he's also working on the socket APIs right ...

6 years, 1 month ago (2014-10-30 17:59:25 UTC) #6

mmenke

Just FYI, moving myself from the reviewer to the CC list, to clean up my ...

6 years, 1 month ago (2014-10-31 14:21:26 UTC) #8

hidehiko

hidehiko@chromium.org changed reviewers: + rch@chromium.org - bbudge@chromium.org, mmenke@chromium.org

6 years, 1 month ago (2014-10-31 14:23:04 UTC) #9

hidehiko

Ryan, could you kindly review net/... part of this CL as an OWNER? I'd appreciate ...

6 years, 1 month ago (2014-10-31 14:23:49 UTC) #10

hidehiko

https://codereview.chromium.org/690903002/diff/40001/net/udp/udp_socket_libevent.cc File net/udp/udp_socket_libevent.cc (right): https://codereview.chromium.org/690903002/diff/40001/net/udp/udp_socket_libevent.cc#newcode323 net/udp/udp_socket_libevent.cc:323: return OK; On 2014/10/30 14:40:38, mmenke wrote: > Sockets ...

6 years, 1 month ago (2014-11-03 13:34:37 UTC) #11

hidehiko

hidehiko@chromium.org changed reviewers: + bbudge@chromium.org

6 years, 1 month ago (2014-11-04 17:50:57 UTC) #12

hidehiko

+bbudge@. (I should have noticed he's not in the R= list...) Could you take a ...

6 years, 1 month ago (2014-11-04 17:52:31 UTC) #13

Ryan Hamilton

rch@chromium.org changed reviewers: + jar@chromium.org

6 years, 1 month ago (2014-11-04 20:08:18 UTC) #14

Ryan Hamilton

Sorry to redirect you again. I'm going to actually hand this off to jar who ...

6 years, 1 month ago (2014-11-04 20:08:20 UTC) #15

jar (doing other things)

Can you better motivate why this is a valuable change, rather than merely correcting the ...

6 years, 1 month ago (2014-11-04 22:51:09 UTC) #16

jar (doing other things)

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.cc File net/udp/udp_socket_win.cc (right): https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.cc#newcode503 net/udp/udp_socket_win.cc:503: } On 2014/11/04 22:51:09, jar wrote: > Note that ...

6 years, 1 month ago (2014-11-05 01:18:31 UTC) #17

hidehiko

Thank you for review! PATL. The main goal of this CL is fixing crbug.com/425563. Could ...

6 years, 1 month ago (2014-11-05 12:48:30 UTC) #19

Thank you for review! PATL.

The main goal of this CL is fixing crbug.com/425563.
Could you look at it?

As for, e.g., SO_REUSEADDR after bind(), it actually has an effect. So, this
change is valuable.

Also, this CL changes the behavior of the cases that are currently treated as
errors. So I hope this has not that big side effect. In addition, this CL
changes the socket behavior closer to one on the linux for example, I believe
added edge cases are acceptable.

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
(right):

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc:792:
SendConnectError(context, pp_result);
On 2014/11/04 22:51:08, jar wrote:
> What are the list of previously expectable error conditions from DoBind?
Haven't
> you expanded the list now?

IIUC, it is not managed, at least not-documented. Dave, Bill, any thoughts?
According to man, all errors possibly returned from setsockopt except
ENOPROTOOPT can already be returned from this function (with converting it to
the PP_ERROR). We do not expect ENOPROTOOPT, because level/optname of setsockopt
is fixed in current implementation.
Also, practically, at least on linux, setting options always succeeds, so it
seems ok. Though, I'm not an expert of other platforms. Do you know if it may
fail, like on Windows?

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc:797: //
because in the private or v1.0 API, connect must be the first operation.
On 2014/11/04 22:51:09, jar wrote:
> This comment appears to be broken by this change.  

I think this is still correct comment? Could you kindly explain what is broken?

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h
(right):

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:198: //
Receive/Send buffer sizes which is set before connect().
On 2014/11/04 22:51:09, jar wrote:
> This code actually sets this value whether called before, or after connect().
> 
> I think the comment should be something like:
> 
> "Locally cached value of buffer sizes, if set to a non-default value."

As we do not take care about "default" value here, I just said:
"Locally cached value of buffer sizes."
Please note that, this is actually used only "before" connect() in *this layer*,
unlike net/... changes I made in this CL.

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
File content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc
(left):

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc:267:
socket->AllowAddressReuse();
On 2014/11/04 22:51:09, jar wrote:
> For better or worse... it appears that the old code did not monitor
return/error
> values.

Yes... IMHO, we should handle the error, rather than just ignoring it... Any
thoughts?

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
File content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc
(right):

https://codereview.chromium.org/690903002/diff/80001/content/browser/renderer...
content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc:291:
SendBindError(context, pp_result);
On 2014/11/04 22:51:09, jar wrote:
> It is valid to SendBindError an error which may previously never have been
seen
> by that function?

I think it is ok, as this function already returns an error on, like
GetLocalAddress failure, for example. Dave, Bill, any comments?

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_libev...
File net/udp/udp_socket_libevent.cc (right):

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_libev...
net/udp/udp_socket_libevent.cc:344: if (is_connected()) {
On 2014/11/04 22:51:09, jar wrote:
> What are the semantics for setting AllowAddressRuse *after* connecting?  
> 
> Is this just an invitation for an effective no-op, with no programmer warning?

It affects the behavior of other socket's for the same address.
I think following example illustrates the behavior.
Let be two processes, and each has a socket, s1 and s2.

case 1)
bind(s1, 'localhost', 12345)
bind(s2, 'localhost', 12345)  <- fails due to address conflicting.

case 2)
bind(s1, 'localhost', 12345)
setsockopt(s2, SO_REUSEADDR, 1)
bind(s2, 'localhost', 12345)  <- fails due to address conflicting.

case 3)
setsockopt(s1, SO_REUSEADDR, 1)
bind(s1, 'localhost', 12345)
setsockopt(s2, SO_REUSEADDR, 1)
bind(s2, 'localhost', 12345)  <- success

case 4)
bind(s1, 'localhost', 12345)
setsockopt(s1, SO_REUSEADDR, 1)
setsockopt(s2, SO_REUSEADDR, 1)
bind(s2, 'localhost', 12345)  <- success, too!

So, setting SO_REUSEADDR after bind() has effect, I think.

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_libev...
net/udp/udp_socket_libevent.cc:364: int UDPSocketLibevent::AllowBroadcast() {
On 2014/11/04 22:51:09, jar wrote:
> Why don't you use a single setter method, taking a boolean, rather than having
> two nearly identical functions, with mostly duplicated code?
> 
> Same question for (Dis)AllowAddressReuse().

I just kept the current interface, as
UDPSocket{Libevent,Win}::Allow{Broadcast,AddressReuse} are used from several
places outside from net/... and ppapi/...

If unified version is better, I'm happy to work on unifying (Dis)Allow...
methods, but I'd like to do it in a separate CL as a refactoring, in order to
focus on fixing PPAPI in this CL.

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_libev...
File net/udp/udp_socket_libevent.h (right):

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_libev...
net/udp/udp_socket_libevent.h:251: int SetAddressReuseInternal(bool value);
On 2014/11/04 22:51:09, jar wrote:
> nit: use better variable name than |value|.
> 
> Perhaps |reuse_address|, and in the next line |broadcast|.

Done.

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.cc
File net/udp/udp_socket_win.cc (right):

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.c...
net/udp/udp_socket_win.cc:503: }
On 2014/11/05 01:18:31, jar wrote:
> On 2014/11/04 22:51:09, jar wrote:
> > Note that you have changed the semantics here, as now an error falls
through,
> > with hopes of being acted upon later.
> > 
> > Should this return an error when is_connected() and the internal method
fails?
> 
> <doh>... My mistake... please ignore this comment.

Acknowledged.

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.h
File net/udp/udp_socket_win.h (right):

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.h...
net/udp/udp_socket_win.h:215: // Applies |socket_options_| to |socket_|. Should
be called before
On 2014/11/04 22:51:09, jar wrote:
> What does this "Should...." comment mean now?

Maybe we should say DoBind rather than Bind.
To be honest, I'm not sure its meaning in the original context, but what Bind()
does are:
- create an socket.
- set options which are set before Bind() invocation.
- Run DoBind() for actual bind operation.
We need to call SetSocketOptions between socket creation and DoBind().

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.h...
net/udp/udp_socket_win.h:219: int SetBroadcastInternal(bool value);
On 2014/11/04 22:51:09, jar wrote:
> nit: please use a better variable name in the above two lines.

Done.

https://codereview.chromium.org/690903002/diff/80001/net/udp/udp_socket_win.h...
net/udp/udp_socket_win.h:238: // Buffer size set before Bind(). This should be
applied
On 2014/11/04 22:51:09, jar wrote:
> Rather than the passive voice "This should..."  Please use active voice "This
is
> automatically applied when SetSocketOptions() is called."

Done.

bbudge

Some nits, and a general comment: I'm worried about this behavior change. I don't think ...

6 years, 1 month ago (2014-11-06 01:27:55 UTC) #20

Ryan Hamilton

rch@chromium.org changed reviewers: - rch@chromium.org

6 years, 1 month ago (2014-11-06 01:30:20 UTC) #21

hidehiko

Thank you for review. PTAL. As for browser_tests, which platform do you mean, Bill? It ...

6 years, 1 month ago (2014-11-06 14:13:22 UTC) #22

Thank you for review. PTAL.

As for browser_tests, which platform do you mean, Bill?
It seems the {TCP,UDP}Socket's SetOption tests run on same platforms where other
tests run:
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/test/ppapi/...
and
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/test/ppapi/...

As for versionize, there are couple of way to do.
1) Add a new version of interface, like TPC_Socket_1_2. This seems a bit
painful, because we do NOT change the interface in this case, and generator.py
does not support such a situation.

2) Add new flags to Options. Such as:
TCP_SOCKET_OPTION_NO_DELAY_NEW or something (better names are welcome), and
remove timing limitation only for those new flags.

3) Rename the existing flags to, like, TCP_SOCKET_OPTION_NO_DELAY_DEPRECATED or
something, and add yet another new TCP_SOCKET_OPTION_NO_DELAY with new value.
Remove timing limitation only for new flags.

Which approach do you prefere, Bill? I'll make a change upon your preference.
Also, IMHO, it is ok to check Bind()/Connect() invocation at ppapi/proxy/...
layer only for simplicity. WDYT?

https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h
(right):

https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:66: enum
SocketOptions {
On 2014/11/06 01:27:55, bbudge wrote:
> nit: Make this consistent with UDP name (SocketOption).

Done.

https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:194: //
Bitwise-or of SocketOption flags. This stores the state about whether
On 2014/11/06 01:27:55, bbudge wrote:
> nit: doesn't match enum name above.

Acknowledged.

https://codereview.chromium.org/690903002/diff/140001/ppapi/tests/test_udp_so...
File ppapi/tests/test_udp_socket.cc (right):

https://codereview.chromium.org/690903002/diff/140001/ppapi/tests/test_udp_so...
ppapi/tests/test_udp_socket.cc:290: // All ADDRESS_REUSE, BROADCAST,
SEND_BUFFER_SIZE and RECV_BUFFER_SIZE can
On 2014/11/06 01:27:55, bbudge wrote:
> s/All // or
> s/All /All of/

Done.

jar (doing other things)

jar@chromium.org changed reviewers: + rvargas@chromium.org, shess@chromium.org - jar@chromium.org

6 years, 1 month ago (2014-11-06 19:01:35 UTC) #23

jar (doing other things)

I too continue to be nervous about changing semantics, and vastly prefer avoiding such a ...

6 years, 1 month ago (2014-11-06 19:01:36 UTC) #24

dmichael (off chromium)

On 2014/11/06 14:13:22, hidehiko wrote: > Thank you for review. PTAL. > > As for ...

6 years, 1 month ago (2014-11-06 19:27:03 UTC) #25

On 2014/11/06 14:13:22, hidehiko wrote:
> Thank you for review. PTAL.
> 
> As for browser_tests, which platform do you mean, Bill?
> It seems the {TCP,UDP}Socket's SetOption tests run on same platforms where
other
> tests run:
>
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/test/ppapi/...
> and
>
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/test/ppapi/...
> 
> As for versionize, there are couple of way to do.
> 1) Add a new version of interface, like TPC_Socket_1_2. This seems a bit
> painful, because we do NOT change the interface in this case, and generator.py
> does not support such a situation.
Have you tried it? It should work. If it doesn't, that's a bug in the IDL
generator.

> 
> 2) Add new flags to Options. Such as:
> TCP_SOCKET_OPTION_NO_DELAY_NEW or something (better names are welcome), and
> remove timing limitation only for those new flags.
> 
> 3) Rename the existing flags to, like, TCP_SOCKET_OPTION_NO_DELAY_DEPRECATED
or
> something, and add yet another new TCP_SOCKET_OPTION_NO_DELAY with new value.
> Remove timing limitation only for new flags.
> 
> Which approach do you prefere, Bill? I'll make a change upon your preference.
> Also, IMHO, it is ok to check Bind()/Connect() invocation at ppapi/proxy/...
> layer only for simplicity. WDYT?
> 
>
https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
> File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h
> (right):
> 
>
https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
> content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:66:
enum
> SocketOptions {
> On 2014/11/06 01:27:55, bbudge wrote:
> > nit: Make this consistent with UDP name (SocketOption).
> 
> Done.
> 
>
https://codereview.chromium.org/690903002/diff/140001/content/browser/rendere...
> content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:194:
//
> Bitwise-or of SocketOption flags. This stores the state about whether
> On 2014/11/06 01:27:55, bbudge wrote:
> > nit: doesn't match enum name above.
> 
> Acknowledged.
> 
>
https://codereview.chromium.org/690903002/diff/140001/ppapi/tests/test_udp_so...
> File ppapi/tests/test_udp_socket.cc (right):
> 
>
https://codereview.chromium.org/690903002/diff/140001/ppapi/tests/test_udp_so...
> ppapi/tests/test_udp_socket.cc:290: // All ADDRESS_REUSE, BROADCAST,
> SEND_BUFFER_SIZE and RECV_BUFFER_SIZE can
> On 2014/11/06 01:27:55, bbudge wrote:
> > s/All // or
> > s/All /All of/
> 
> Done.

hidehiko

jar@, which layer do you worry about? For PPAPI? or for net/... implementation? For PPAPI, ...

6 years, 1 month ago (2014-11-06 19:45:21 UTC) #26

dmichael (off chromium)

On Thu, Nov 6, 2014 at 12:45 PM, <hidehiko@chromium.org> wrote: > jar@, which layer do ...

6 years, 1 month ago (2014-11-06 21:16:11 UTC) #27

On Thu, Nov 6, 2014 at 12:45 PM, <hidehiko@chromium.org> wrote:

> jar@, which layer do you worry about? For PPAPI? or for net/...
> implementation?
>
> For PPAPI, we probably tweak somehow, but in either way, I think we need to
> change net/... somehow similar to this CL.
> Except backward compatibility, I think this CL simply illustrates what
> we'd like
> to do, and I don't have better alternatives right now. If your concern is
> for
> net/..., could you share ideas about alternatives?
>
> dmichael@, as for generator.py, yes, I tried.
> What I did is adding a new version, M40 = 1.2 to TCP, and M40 = 1.1 to UDP,
> without any modification of the interface (actually we do not need to
> change the
> interface itself).

To get the IDL generator to generate a new API, you have to copy the
affected method(s) and add a version annotation on the new method (1.2 for
TCP, 1.1 for UDP). That should force it to generate a new struct and
interface string for each of them. If it doesn't, let me know.

> However, generator.py does NOT create a new interface. It
> seems an expected behavior, rather than a bug? For example, FileIO
> (ppb_file_io.idl) has the similar situation. There is M29 = 1.2 label and
> no new
> API for FileIO at version 1.2. Then, ppapi/c/ppb_file_io.h contains only
> 1.0 and
> 1.1 interfaces. Is it a bug? or am I missing something?

That's a little different, since the version annotation was added to a new
enum value and not to any function...  the IDL generator is definitely
limited when it comes to recognizing that kind of change. It won't applying
a version rev to any API that has a function that takes that struct as a
parm. We probably *should* have added a new version of PPB_FileIO::Open so
that plugins could detect whether it was legal to append, but I guess that
didn't happen in that case.

>
> https://codereview.chromium.org/690903002/
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-reviews+unsubscribe@chromium.org.
>

To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

hidehiko

hidehiko@chromium.org changed reviewers: + jar@chromium.org

6 years, 1 month ago (2014-11-07 12:27:56 UTC) #29

hidehiko

Thank you for advice, Dave. Versionized. PTAL. Added jar@ to R= again, for histograms.xml. Best ...

6 years, 1 month ago (2014-11-07 12:27:57 UTC) #30

jar (doing other things)

jar@chromium.org changed reviewers: + asvitkine@chromium.org

6 years, 1 month ago (2014-11-07 17:41:17 UTC) #31

jar (doing other things)

jar@chromium.org changed required reviewers: + rvargas@chromium.org

6 years, 1 month ago (2014-11-07 17:41:17 UTC) #32

jar (doing other things)

Added asvitkine for (tiny/good looking) histograms.xml review, so as to avoid confusion with overall net/* ...

6 years, 1 month ago (2014-11-07 17:41:18 UTC) #33

bbudge

Thanks for versioning the API. This is almost there, just a few comments. https://codereview.chromium.org/690903002/diff/240001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h File ...

6 years, 1 month ago (2014-11-07 17:50:39 UTC) #34

hidehiko

Thank you for review. PTAL. https://codereview.chromium.org/690903002/diff/240001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h (right): https://codereview.chromium.org/690903002/diff/240001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h#newcode195 content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h:195: // each option is ...

6 years, 1 month ago (2014-11-07 21:13:55 UTC) #36

bbudge

Whoops, 1 comment, still LGTM https://codereview.chromium.org/690903002/diff/260001/ppapi/proxy/udp_socket_resource_base.h File ppapi/proxy/udp_socket_resource_base.h (right): https://codereview.chromium.org/690903002/diff/260001/ppapi/proxy/udp_socket_resource_base.h#newcode113 ppapi/proxy/udp_socket_resource_base.h:113: // the timing on ...

6 years, 1 month ago (2014-11-07 21:39:14 UTC) #38

hidehiko

Thank you for review, Bill, Alexei. Ricardo, Scott, could you review as net OWNER? M40 ...

6 years, 1 month ago (2014-11-07 22:12:21 UTC) #39

rvargas (doing something else)

I made a first pass (very superficial). Regarding the branch, a change like this should ...

6 years, 1 month ago (2014-11-08 02:17:20 UTC) #40

hidehiko

Thank you for review and comments. So, I looked into SO_REUSEADDR a bit more carefully, ...

6 years, 1 month ago (2014-11-11 16:48:49 UTC) #41

Thank you for review and comments.

So, I looked into SO_REUSEADDR a bit more carefully, and it turned out that
its detailed behavior is different between linux and Windows at least.

The case is 4) in my previous comment, which is:
bind(s1, some-address)
setsockopt(s1, SO_REUSEADDR)
setsockopt(s2, SO_REUSEADDR)
bind(s2, same-address-with-s1)

On linux, the second bind() succeeds, while it fails on Windows.
Note that setsockopt for s1 (bound socket) succeeds even on Windows.
I thought about alternative implementation, but it seems like there is no good
way to implement linux's
behavior on Windows. So, probably our options for PPAPI change would be:
1) Let platform decide the behavior.
2) Align to Windows' behavior. (i.e. return error on second bind() even on Linux
platform).
   This can be easily doable by ignoring setsockopt(SO_REUSEADDR) for bound
socket.
3) Return setsockopt() for bound socket. (This is current behavior).
4) Anything else?

IMHO, 2) would be a better approach. WDYT from PPAPI design point of view, Bill?
If we choose 2) or 3), we do not need to change net/'s udp socket for REUSEADDR.

Also, regardless of REUSEADDR, I would still like to remove timing limitations
for other options
(TCP_NODELAY for tcp socket, BROADCAST for udp socket, RCVBUF_SIZE, SNDBUF_SIZE
for both),
and so I'd like to add these changes to net/'s udp socket.
Ricardo, do you have any concerns on them, too?

Thanks,
- hidehiko

On 2014/11/08 02:17:20, rvargas wrote:
> I made a first pass (very superficial).
> 
> Regarding the branch, a change like this should never land in the last week
> before a branch.
> 
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win.cc
> File net/udp/udp_socket_win.cc (right):
> 
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> net/udp/udp_socket_win.cc:488: int result =
SetReceiveBufferSizeInternal(size);
> I actually don't see why we want to embrace this model of caching everything
> only to call setsockopt multiple times in a row later on. Is it to protect
> against caller calling multiple times this method in a row before bind? It
looks
> more twisted and there are other ways to prevent that (*if* we really care)
> 
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> net/udp/udp_socket_win.cc:512: int result = SetAddressReuseInternal(true);
> This path should fail so there is no reason to continue.
> 
> "Note  When using bind with the SO_EXCLUSIVEADDRUSE or SO_REUSEADDR socket
> option, the socket option must be set prior to executing bind to have any
> affect."[sic]
> 
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms737550(v=vs.85).aspx
> 
> It probably doesn't make sense to change our API unless there's a strong
reason
> to allow clients to attempt this later only to receive a failure.
> 
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> net/udp/udp_socket_win.cc:531: int UDPSocketWin::AllowBroadcast() {
> I'd prefer not having two independent methods to control the same thing,
> especially considering the behavior of SetMulticastLoopbackMode
> 
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> net/udp/udp_socket_win.cc:818: int opt_value = broadcast ? 1 : 0;
> BOOL, TRUE, FALSE

bbudge

On 2014/11/11 16:48:49, hidehiko wrote: > Thank you for review and comments. > > So, ...

6 years, 1 month ago (2014-11-11 18:09:33 UTC) #42

On 2014/11/11 16:48:49, hidehiko wrote:
> Thank you for review and comments.
> 
> So, I looked into SO_REUSEADDR a bit more carefully, and it turned out that
> its detailed behavior is different between linux and Windows at least.
> 
> The case is 4) in my previous comment, which is:
> bind(s1, some-address)
> setsockopt(s1, SO_REUSEADDR)
> setsockopt(s2, SO_REUSEADDR)
> bind(s2, same-address-with-s1)
> 
> On linux, the second bind() succeeds, while it fails on Windows.
> Note that setsockopt for s1 (bound socket) succeeds even on Windows.
> I thought about alternative implementation, but it seems like there is no good
> way to implement linux's
> behavior on Windows. So, probably our options for PPAPI change would be:
> 1) Let platform decide the behavior.
> 2) Align to Windows' behavior. (i.e. return error on second bind() even on
Linux
> platform).
>    This can be easily doable by ignoring setsockopt(SO_REUSEADDR) for bound
> socket.
> 3) Return setsockopt() for bound socket. (This is current behavior).
> 4) Anything else?
> 
> IMHO, 2) would be a better approach. WDYT from PPAPI design point of view,
Bill?

Pepper is intended to be platform neutral, so any behavior that depends on the
platform is undesirable. It makes plugin writing even more difficult. So 2)
sounds best to me.

> If we choose 2) or 3), we do not need to change net/'s udp socket for
REUSEADDR.
> 
> Also, regardless of REUSEADDR, I would still like to remove timing limitations
> for other options
> (TCP_NODELAY for tcp socket, BROADCAST for udp socket, RCVBUF_SIZE,
SNDBUF_SIZE
> for both),
> and so I'd like to add these changes to net/'s udp socket.
> Ricardo, do you have any concerns on them, too?
> 
> Thanks,
> - hidehiko
> 
> 
> On 2014/11/08 02:17:20, rvargas wrote:
> > I made a first pass (very superficial).
> > 
> > Regarding the branch, a change like this should never land in the last week
> > before a branch.
> > 
> >
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win.cc
> > File net/udp/udp_socket_win.cc (right):
> > 
> >
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> > net/udp/udp_socket_win.cc:488: int result =
> SetReceiveBufferSizeInternal(size);
> > I actually don't see why we want to embrace this model of caching everything
> > only to call setsockopt multiple times in a row later on. Is it to protect
> > against caller calling multiple times this method in a row before bind? It
> looks
> > more twisted and there are other ways to prevent that (*if* we really care)
> > 
> >
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> > net/udp/udp_socket_win.cc:512: int result = SetAddressReuseInternal(true);
> > This path should fail so there is no reason to continue.
> > 
> > "Note  When using bind with the SO_EXCLUSIVEADDRUSE or SO_REUSEADDR socket
> > option, the socket option must be set prior to executing bind to have any
> > affect."[sic]
> > 
> >
http://msdn.microsoft.com/en-us/library/windows/desktop/ms737550(v=vs.85).aspx
> > 
> > It probably doesn't make sense to change our API unless there's a strong
> reason
> > to allow clients to attempt this later only to receive a failure.
> > 
> >
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> > net/udp/udp_socket_win.cc:531: int UDPSocketWin::AllowBroadcast() {
> > I'd prefer not having two independent methods to control the same thing,
> > especially considering the behavior of SetMulticastLoopbackMode
> > 
> >
>
https://codereview.chromium.org/690903002/diff/280001/net/udp/udp_socket_win....
> > net/udp/udp_socket_win.cc:818: int opt_value = broadcast ? 1 : 0;
> > BOOL, TRUE, FALSE

Comments inline above. Also, this CL should be of interest to you if you haven't
seen it already:
https://codereview.chromium.org/704133005/

rvargas (doing something else)

On 2014/11/11 16:48:49, hidehiko wrote: > Thank you for review and comments. > > So, ...

6 years, 1 month ago (2014-11-12 01:33:13 UTC) #43

On 2014/11/11 16:48:49, hidehiko wrote:
> Thank you for review and comments.
> 
> So, I looked into SO_REUSEADDR a bit more carefully, and it turned out that
> its detailed behavior is different between linux and Windows at least.
> 
> The case is 4) in my previous comment, which is:
> bind(s1, some-address)
> setsockopt(s1, SO_REUSEADDR)
> setsockopt(s2, SO_REUSEADDR)
> bind(s2, same-address-with-s1)
> 
> On linux, the second bind() succeeds, while it fails on Windows.
> Note that setsockopt for s1 (bound socket) succeeds even on Windows.
> I thought about alternative implementation, but it seems like there is no good
> way to implement linux's
> behavior on Windows. So, probably our options for PPAPI change would be:
> 1) Let platform decide the behavior.
> 2) Align to Windows' behavior. (i.e. return error on second bind() even on
Linux
> platform).
>    This can be easily doable by ignoring setsockopt(SO_REUSEADDR) for bound
> socket.
> 3) Return setsockopt() for bound socket. (This is current behavior).
> 4) Anything else?
> 
> IMHO, 2) would be a better approach. WDYT from PPAPI design point of view,
Bill?
> If we choose 2) or 3), we do not need to change net/'s udp socket for
REUSEADDR.
> 
> Also, regardless of REUSEADDR, I would still like to remove timing limitations
> for other options
> (TCP_NODELAY for tcp socket, BROADCAST for udp socket, RCVBUF_SIZE,
SNDBUF_SIZE
> for both),
> and so I'd like to add these changes to net/'s udp socket.
> Ricardo, do you have any concerns on them, too?
> 
> Thanks,
> - hidehiko

From the point of view of net:

Taking a step back, I don't think I understand why we support SO_REUSEADDR at
all (and I lean more towards removing that from our code).

TCP_NODELAY, RCVBUF_SIZE, SNDBUF_SIZE: Sounds fine to me to allow clients to
optimize this on-flight if they think they can :) (current behavior)

BROADCAST: I don't have a strong opinion about whether this should be allowed
after bind or not. It seems slightly cleaner to me to allow it only before bind
and make it a contract to close the socket and create another one if a different
mode of operation is desired. I think the model is easier to follow that way...
but I may be missing something that makes it performance critical to avoid the
overhead of getting a new socket.

The second point to consider is that the socket layer is not only there for
external consumers but also as a basic layer for the rest of code within net so
it should integrate well with the other layers (and their future direction).
That's important in the broadcast case, although I don't think we currently use
that option. It is better to have APIs that prevent improper use.

I have not been following all the work that exposes lower layer to consumers,
but I believe Sleevi has, so I would like him to weight on the "change operation
mode at any time" vs "create another socket"

hidehiko

Thank you. So, we are on the same page about REUSEADDR, TCP_NODELAY, and buf sizes. ...

6 years, 1 month ago (2014-11-12 02:20:02 UTC) #45

hidehiko

Hmm, Ryan seems OOO for a while. Ricardo, is there anyone else we can ask? ...

6 years, 1 month ago (2014-11-12 02:43:10 UTC) #46

rvargas (doing something else)

On 2014/11/12 02:43:10, hidehiko wrote: > Hmm, Ryan seems OOO for a while. > Ricardo, ...

6 years, 1 month ago (2014-11-12 03:21:21 UTC) #47

hidehiko

On 2014/11/12 03:21:21, rvargas wrote: > On 2014/11/12 02:43:10, hidehiko wrote: > > Hmm, Ryan ...

6 years, 1 month ago (2014-11-12 04:01:24 UTC) #48

On 2014/11/12 03:21:21, rvargas wrote:
> On 2014/11/12 02:43:10, hidehiko wrote:
> > Hmm, Ryan seems OOO for a while.
> > Ricardo, is there anyone else we can ask?
> 
> I think he's been reading email so far... let's wait to see if he sees the
> message or not.

Ok. Thank you for advice.

> 
> > 
> > Thanks,
> > - hidehiko
> > 
> > On 2014/11/12 02:20:02, hidehiko wrote:
> > > Thank you. So, we are on the same page about REUSEADDR, TCP_NODELAY, and
buf
> > > sizes.
> > > 
> > > As for BROADCAST, setting it bind() is actually what the main case we want
> to
> > > fix.
> > > I think about recreating the socket, but it would introduce timing issue.
> > > 
> > > s1 = socket(...);
> > > bind(s1, ...);
> > > setsockopt(s1, BROADCAST);
> > > 
> > > Let's assume s1 is not SO_REUSEADDR.
> > > If we create another socket and re-bind() it to the same address,
> > > then we need to close() s1, before the rebinding.
> > > It means, there is a chance for other process/thread to interrupt it
> > > (i.e., bind() the same address while it is closed).
> > > 
> > > Without allowing set BROADCAST after bind(), I do not think there is a way
> to
> > > avoid such an interruption.
> > > That's why I would like to make a change in net/..., as it looks only
place
> > > where we can fix the problem.
> 
> Well, yes, but why is that a problem? Isn't there something wrong to start
with
> if the app has to be "fighting" with someone else for that specific port? If
> that is really an issue where's the guarantee that makes it so that s1 can
bind
> in the first place?

Practically, it shouldn't have such a situation, but we cannot control
developers' usage, in general.
Also, from API design point of view, I don't think it is healthy to keep such
a pit hole. From users point of view, if an user hits such a issue, it'd be
hard to understand what's going on, and probably it would cause flaky bugs
which are difficult to be reproduced.
Admittedly, we can work around to introduce BROADCAST after bind() except the
buggy situation,
but at the same time, we can simply avoid the situation by allowing BROADCAST
after bind(), too.
So, the allowing looks simpler, consistent and less confusing solution to me?

> 
> 
> > > 
> > > Thanks,
> > > - hidehiko
> > > 
> > > On 2014/11/12 01:34:29, rvargas wrote:
> > > > + Ryan (^^)

Scott Hess - ex-Googler

On Tue, Nov 11, 2014 at 6:20 PM, <hidehiko@chromium.org> wrote: > > Let's assume s1 ...

6 years, 1 month ago (2014-11-12 06:02:35 UTC) #49

rvargas (doing something else)

On 2014/11/12 04:01:24, hidehiko wrote: > On 2014/11/12 03:21:21, rvargas wrote: > > On 2014/11/12 ...

6 years, 1 month ago (2014-11-12 19:01:58 UTC) #50

On 2014/11/12 04:01:24, hidehiko wrote:
> On 2014/11/12 03:21:21, rvargas wrote:
> > On 2014/11/12 02:43:10, hidehiko wrote:
> > > Hmm, Ryan seems OOO for a while.
> > > Ricardo, is there anyone else we can ask?
> > 
> > I think he's been reading email so far... let's wait to see if he sees the
> > message or not.
> 
> Ok. Thank you for advice.
> 
> > 
> > > 
> > > Thanks,
> > > - hidehiko
> > > 
> > > On 2014/11/12 02:20:02, hidehiko wrote:
> > > > Thank you. So, we are on the same page about REUSEADDR, TCP_NODELAY, and
> buf
> > > > sizes.
> > > > 
> > > > As for BROADCAST, setting it bind() is actually what the main case we
want
> > to
> > > > fix.
> > > > I think about recreating the socket, but it would introduce timing
issue.
> > > > 
> > > > s1 = socket(...);
> > > > bind(s1, ...);
> > > > setsockopt(s1, BROADCAST);
> > > > 
> > > > Let's assume s1 is not SO_REUSEADDR.
> > > > If we create another socket and re-bind() it to the same address,
> > > > then we need to close() s1, before the rebinding.
> > > > It means, there is a chance for other process/thread to interrupt it
> > > > (i.e., bind() the same address while it is closed).
> > > > 
> > > > Without allowing set BROADCAST after bind(), I do not think there is a
way
> > to
> > > > avoid such an interruption.
> > > > That's why I would like to make a change in net/..., as it looks only
> place
> > > > where we can fix the problem.
> > 
> > Well, yes, but why is that a problem? Isn't there something wrong to start
> with
> > if the app has to be "fighting" with someone else for that specific port? If
> > that is really an issue where's the guarantee that makes it so that s1 can
> bind
> > in the first place?
> 
> Practically, it shouldn't have such a situation, but we cannot control
> developers' usage, in general.

An API guides what someone can do with it.

> Also, from API design point of view, I don't think it is healthy to keep such
> a pit hole. From users point of view, if an user hits such a issue, it'd be
> hard to understand what's going on, and probably it would cause flaky bugs
> which are difficult to be reproduced.

I'm sorry, but I still don't see what would be issue / flaky behavior that the
dev would face that would not be present in the first bind attempt.


> Admittedly, we can work around to introduce BROADCAST after bind() except the
> buggy situation,
> but at the same time, we can simply avoid the situation by allowing BROADCAST
> after bind(), too.
> So, the allowing looks simpler, consistent and less confusing solution to me?
> 

Are you are calling a bug that someone else can grab the port between close and
the second bind? Or are you referring to something else?. If that is what you
mean, how is that different from someone else grabbing the port before the first
bind? How come the second failure would be unexpected or flaky but not the first
failure?

At the end it's not a big deal; as I said I really don't have a strong opinion
here, but I want to make sure I understand the motivation. I'm not sure we want
to be a thin wrapper around every OS provided API.

> > 
> > 
> > > > 
> > > > Thanks,
> > > > - hidehiko
> > > > 
> > > > On 2014/11/12 01:34:29, rvargas wrote:
> > > > > + Ryan (^^)

rvargas (doing something else)

On 2014/11/12 06:02:35, Scott Hess - On Leave wrote: > On Tue, Nov 11, 2014 ...

6 years, 1 month ago (2014-11-12 19:11:24 UTC) #51

hidehiko

On 2014/11/12 19:01:58, rvargas wrote: > On 2014/11/12 04:01:24, hidehiko wrote: > > On 2014/11/12 ...

6 years, 1 month ago (2014-11-13 17:55:18 UTC) #52

On 2014/11/12 19:01:58, rvargas wrote:
> On 2014/11/12 04:01:24, hidehiko wrote:
> > On 2014/11/12 03:21:21, rvargas wrote:
> > > On 2014/11/12 02:43:10, hidehiko wrote:
> > > > Hmm, Ryan seems OOO for a while.
> > > > Ricardo, is there anyone else we can ask?
> > > 
> > > I think he's been reading email so far... let's wait to see if he sees the
> > > message or not.
> > 
> > Ok. Thank you for advice.
> > 
> > > 
> > > > 
> > > > Thanks,
> > > > - hidehiko
> > > > 
> > > > On 2014/11/12 02:20:02, hidehiko wrote:
> > > > > Thank you. So, we are on the same page about REUSEADDR, TCP_NODELAY,
and
> > buf
> > > > > sizes.
> > > > > 
> > > > > As for BROADCAST, setting it bind() is actually what the main case we
> want
> > > to
> > > > > fix.
> > > > > I think about recreating the socket, but it would introduce timing
> issue.
> > > > > 
> > > > > s1 = socket(...);
> > > > > bind(s1, ...);
> > > > > setsockopt(s1, BROADCAST);
> > > > > 
> > > > > Let's assume s1 is not SO_REUSEADDR.
> > > > > If we create another socket and re-bind() it to the same address,
> > > > > then we need to close() s1, before the rebinding.
> > > > > It means, there is a chance for other process/thread to interrupt it
> > > > > (i.e., bind() the same address while it is closed).
> > > > > 
> > > > > Without allowing set BROADCAST after bind(), I do not think there is a
> way
> > > to
> > > > > avoid such an interruption.
> > > > > That's why I would like to make a change in net/..., as it looks only
> > place
> > > > > where we can fix the problem.
> > > 
> > > Well, yes, but why is that a problem? Isn't there something wrong to start
> > with
> > > if the app has to be "fighting" with someone else for that specific port?
If
> > > that is really an issue where's the guarantee that makes it so that s1 can
> > bind
> > > in the first place?
> > 
> > Practically, it shouldn't have such a situation, but we cannot control
> > developers' usage, in general.
> 
> An API guides what someone can do with it.
> 

I agree that API should guides, admittedly.
However, the situation is not that easy, unfortunately.
We need setsockopt compatible implementation.
PPAPI's {TCP,UDP}Socket::SetOption is the ones we're using, but it has some
inconsistency (timing limitation).
Actually some App hit the real issue (crbug.com/425563) by
setsockopt(SO_BROADCAST) after bind(), which should work.
So, we need to fix the behavior. This is the starting point.

It means; if BROADCAST should not be set after bind(),
navigation by API should be returning an error for that (as the current PPAPI
does).
However, it does not satisfy our requirements, because implementing the
setsockopt behavior
on top of it leaves timing issue, i.e. it cannot be implemented correctly, as I
wrote.

> > Also, from API design point of view, I don't think it is healthy to keep
such
> > a pit hole. From users point of view, if an user hits such a issue, it'd be
> > hard to understand what's going on, and probably it would cause flaky bugs
> > which are difficult to be reproduced.
> 
> I'm sorry, but I still don't see what would be issue / flaky behavior that the
> dev would face that would not be present in the first bind attempt.
> 
> 
> > Admittedly, we can work around to introduce BROADCAST after bind() except
the
> > buggy situation,
> > but at the same time, we can simply avoid the situation by allowing
BROADCAST
> > after bind(), too.
> > So, the allowing looks simpler, consistent and less confusing solution to
me?
> > 
> 
> Are you are calling a bug that someone else can grab the port between close
and
> the second bind? Or are you referring to something else?. If that is what you
> mean, how is that different from someone else grabbing the port before the
first
> bind? How come the second failure would be unexpected or flaky but not the
first
> failure?
> 

From my point of view, the former case is "the port is reserved/used by other
process,"
but the latter case is "the port is suddenly stolen during setsockopt()
invocation."
How client app works is up to the app itself, but "reserved port" is more common
case than "stolen port"
for most of programmers, I think. So, app could be flakier with "stolen port"
case,
because programmers wouldn't assume such a case.
Also, re-bind() is the "implementation details" from the users and should be
hidden/encapsulated in general.
Thus, it would be very hard to understand what's going on then.

Stepping back, as you said, this should be very rare case, or should unlikely
happen (I hope).
However, I'd like to have implementation as correct as possible.
We already hit some nightmare bugs, which are caused by some tiny
inconsistent/flaky behavior
between PPAPIs and posix.
I know, I may be too nervous, but such a bug is what we fight against...
In general, any bug could bite ourselves even if it looks very rare.
So, I would like to avoid such a situation if possible.

> At the end it's not a big deal; as I said I really don't have a strong opinion
> here, but I want to make sure I understand the motivation. I'm not sure we
want
> to be a thin wrapper around every OS provided API.

Our main motivation is, implementing setsockopt behavior, including to allow
SO_BROADCAST after bind() properly
(i.e. without leaving bugs (incl. timing issues) even if these should be very
rare).
If there is an alternative way, I'm fine to leave AllowBroadcast() as is, but I
have no idea about it.
(Note that Re-bind() does not work, because it leaves timing issue).
At least for now, changing it to SetBroadcast(bool) looks better approach.
From my point of view, its semantics look clear and straightforward enough (even
compared to AllowBroadcast()),
because it can be called whenever and effective. Also, the implementation is
straightforward, too.

Surely, we are not necessary to be a thin wrapper of OS APIs,
but we really need enough APIs for setsockopt compatible implementation.
Currently, PPAPI SetOption is not enough, unfortunately, so I'm trying to
improve it.

BTW, because this CL became bigger, I extract net/... related part into another
CL.
https://codereview.chromium.org/721273002/

Thanks,
- hidehiko

> 
> > > 
> > > 
> > > > > 
> > > > > Thanks,
> > > > > - hidehiko
> > > > > 
> > > > > On 2014/11/12 01:34:29, rvargas wrote:
> > > > > > + Ryan (^^)

rvargas (doing something else)

On 2014/11/13 17:55:18, hidehiko wrote: > On 2014/11/12 19:01:58, rvargas wrote: > > On 2014/11/12 ...

6 years, 1 month ago (2014-11-13 20:53:21 UTC) #53

On 2014/11/13 17:55:18, hidehiko wrote:
> On 2014/11/12 19:01:58, rvargas wrote:
> > On 2014/11/12 04:01:24, hidehiko wrote:
> > > On 2014/11/12 03:21:21, rvargas wrote:
> > > > On 2014/11/12 02:43:10, hidehiko wrote:
> > > > > Hmm, Ryan seems OOO for a while.
> > > > > Ricardo, is there anyone else we can ask?
> > > > 
> > > > I think he's been reading email so far... let's wait to see if he sees
the
> > > > message or not.
> > > 
> > > Ok. Thank you for advice.
> > > 
> > > > 
> > > > > 
> > > > > Thanks,
> > > > > - hidehiko
> > > > > 
> > > > > On 2014/11/12 02:20:02, hidehiko wrote:
> > > > > > Thank you. So, we are on the same page about REUSEADDR, TCP_NODELAY,
> and
> > > buf
> > > > > > sizes.
> > > > > > 
> > > > > > As for BROADCAST, setting it bind() is actually what the main case
we
> > want
> > > > to
> > > > > > fix.
> > > > > > I think about recreating the socket, but it would introduce timing
> > issue.
> > > > > > 
> > > > > > s1 = socket(...);
> > > > > > bind(s1, ...);
> > > > > > setsockopt(s1, BROADCAST);
> > > > > > 
> > > > > > Let's assume s1 is not SO_REUSEADDR.
> > > > > > If we create another socket and re-bind() it to the same address,
> > > > > > then we need to close() s1, before the rebinding.
> > > > > > It means, there is a chance for other process/thread to interrupt it
> > > > > > (i.e., bind() the same address while it is closed).
> > > > > > 
> > > > > > Without allowing set BROADCAST after bind(), I do not think there is
a
> > way
> > > > to
> > > > > > avoid such an interruption.
> > > > > > That's why I would like to make a change in net/..., as it looks
only
> > > place
> > > > > > where we can fix the problem.
> > > > 
> > > > Well, yes, but why is that a problem? Isn't there something wrong to
start
> > > with
> > > > if the app has to be "fighting" with someone else for that specific
port?
> If
> > > > that is really an issue where's the guarantee that makes it so that s1
can
> > > bind
> > > > in the first place?
> > > 
> > > Practically, it shouldn't have such a situation, but we cannot control
> > > developers' usage, in general.
> > 
> > An API guides what someone can do with it.
> > 
> 
> 
> I agree that API should guides, admittedly.
> However, the situation is not that easy, unfortunately.
> We need setsockopt compatible implementation.
> PPAPI's {TCP,UDP}Socket::SetOption is the ones we're using, but it has some
> inconsistency (timing limitation).
> Actually some App hit the real issue (crbug.com/425563) by
> setsockopt(SO_BROADCAST) after bind(), which should work.
> So, we need to fix the behavior. This is the starting point.
> 
> It means; if BROADCAST should not be set after bind(),
> navigation by API should be returning an error for that (as the current PPAPI
> does).
> However, it does not satisfy our requirements, because implementing the
> setsockopt behavior
> on top of it leaves timing issue, i.e. it cannot be implemented correctly, as
I
> wrote.
> 
> > > Also, from API design point of view, I don't think it is healthy to keep
> such
> > > a pit hole. From users point of view, if an user hits such a issue, it'd
be
> > > hard to understand what's going on, and probably it would cause flaky bugs
> > > which are difficult to be reproduced.
> > 
> > I'm sorry, but I still don't see what would be issue / flaky behavior that
the
> > dev would face that would not be present in the first bind attempt.
> > 
> > 
> > > Admittedly, we can work around to introduce BROADCAST after bind() except
> the
> > > buggy situation,
> > > but at the same time, we can simply avoid the situation by allowing
> BROADCAST
> > > after bind(), too.
> > > So, the allowing looks simpler, consistent and less confusing solution to
> me?
> > > 
> > 
> > Are you are calling a bug that someone else can grab the port between close
> and
> > the second bind? Or are you referring to something else?. If that is what
you
> > mean, how is that different from someone else grabbing the port before the
> first
> > bind? How come the second failure would be unexpected or flaky but not the
> first
> > failure?
> > 
> 
> From my point of view, the former case is "the port is reserved/used by other
> process,"
> but the latter case is "the port is suddenly stolen during setsockopt()
> invocation."
> How client app works is up to the app itself, but "reserved port" is more
common
> case than "stolen port"
> for most of programmers, I think.

That's an interesting way to put it. But you have not addressed why "reserved"
is not strictly a subset of "stolen". Or to say it in another way, anybody who
is subject to the "stolen" use case needs to worry about the thief stealing the
port before the first bind (making the distinction between the two cases
irrelevant).

- If there is no need to worry about stealing then there is no need to change
the mode of operation in-flight.
- If there is a need to worry about stealing then there is no way to securely
grab the port in the first place (or the same mechanism that copes with it can
be used when the port is gone).

> So, app could be flakier with "stolen port"
> case,
> because programmers wouldn't assume such a case.
> Also, re-bind() is the "implementation details" from the users and should be
> hidden/encapsulated in general.
> Thus, it would be very hard to understand what's going on then.
> 
> Stepping back, as you said, this should be very rare case, or should unlikely
> happen (I hope).
> However, I'd like to have implementation as correct as possible.
> We already hit some nightmare bugs, which are caused by some tiny
> inconsistent/flaky behavior
> between PPAPIs and posix.
> I know, I may be too nervous, but such a bug is what we fight against...
> In general, any bug could bite ourselves even if it looks very rare.
> So, I would like to avoid such a situation if possible.
> 
> > At the end it's not a big deal; as I said I really don't have a strong
opinion
> > here, but I want to make sure I understand the motivation. I'm not sure we
> want
> > to be a thin wrapper around every OS provided API.

I'm glad you say that, but the only motivation that I see at this point is "we
want to promise POSIX semantics to our users" and that basically translates in
net exposing a thin wrapper around the OS API :(

BTW, I filed bug 433024 to remove AllowAddressReuse()

> 
> 
> Our main motivation is, implementing setsockopt behavior, including to allow
> SO_BROADCAST after bind() properly
> (i.e. without leaving bugs (incl. timing issues) even if these should be very
> rare).
> If there is an alternative way, I'm fine to leave AllowBroadcast() as is, but
I
> have no idea about it.
> (Note that Re-bind() does not work, because it leaves timing issue).
> At least for now, changing it to SetBroadcast(bool) looks better approach.
> From my point of view, its semantics look clear and straightforward enough
(even
> compared to AllowBroadcast()),
> because it can be called whenever and effective. Also, the implementation is
> straightforward, too.
> 
> Surely, we are not necessary to be a thin wrapper of OS APIs,
> but we really need enough APIs for setsockopt compatible implementation.
> Currently, PPAPI SetOption is not enough, unfortunately, so I'm trying to
> improve it.
> 
> BTW, because this CL became bigger, I extract net/... related part into
another
> CL.
> https://codereview.chromium.org/721273002/
> 
> Thanks,
> - hidehiko
> 
> > 
> > > > 
> > > > 
> > > > > > 
> > > > > > Thanks,
> > > > > > - hidehiko
> > > > > > 
> > > > > > On 2014/11/12 01:34:29, rvargas wrote:
> > > > > > > + Ryan (^^)

hidehiko

On 2014/11/13 20:53:21, rvargas wrote: > On 2014/11/13 17:55:18, hidehiko wrote: > > On 2014/11/12 ...

6 years, 1 month ago (2014-11-14 01:44:50 UTC) #54

On 2014/11/13 20:53:21, rvargas wrote:
> On 2014/11/13 17:55:18, hidehiko wrote:
> > On 2014/11/12 19:01:58, rvargas wrote:
> > > On 2014/11/12 04:01:24, hidehiko wrote:
> > > > On 2014/11/12 03:21:21, rvargas wrote:
> > > > > On 2014/11/12 02:43:10, hidehiko wrote:
> > > > > > Hmm, Ryan seems OOO for a while.
> > > > > > Ricardo, is there anyone else we can ask?
> > > > > 
> > > > > I think he's been reading email so far... let's wait to see if he sees
> the
> > > > > message or not.
> > > > 
> > > > Ok. Thank you for advice.
> > > > 
> > > > > 
> > > > > > 
> > > > > > Thanks,
> > > > > > - hidehiko
> > > > > > 
> > > > > > On 2014/11/12 02:20:02, hidehiko wrote:
> > > > > > > Thank you. So, we are on the same page about REUSEADDR,
TCP_NODELAY,
> > and
> > > > buf
> > > > > > > sizes.
> > > > > > > 
> > > > > > > As for BROADCAST, setting it bind() is actually what the main case
> we
> > > want
> > > > > to
> > > > > > > fix.
> > > > > > > I think about recreating the socket, but it would introduce timing
> > > issue.
> > > > > > > 
> > > > > > > s1 = socket(...);
> > > > > > > bind(s1, ...);
> > > > > > > setsockopt(s1, BROADCAST);
> > > > > > > 
> > > > > > > Let's assume s1 is not SO_REUSEADDR.
> > > > > > > If we create another socket and re-bind() it to the same address,
> > > > > > > then we need to close() s1, before the rebinding.
> > > > > > > It means, there is a chance for other process/thread to interrupt
it
> > > > > > > (i.e., bind() the same address while it is closed).
> > > > > > > 
> > > > > > > Without allowing set BROADCAST after bind(), I do not think there
is
> a
> > > way
> > > > > to
> > > > > > > avoid such an interruption.
> > > > > > > That's why I would like to make a change in net/..., as it looks
> only
> > > > place
> > > > > > > where we can fix the problem.
> > > > > 
> > > > > Well, yes, but why is that a problem? Isn't there something wrong to
> start
> > > > with
> > > > > if the app has to be "fighting" with someone else for that specific
> port?
> > If
> > > > > that is really an issue where's the guarantee that makes it so that s1
> can
> > > > bind
> > > > > in the first place?
> > > > 
> > > > Practically, it shouldn't have such a situation, but we cannot control
> > > > developers' usage, in general.
> > > 
> > > An API guides what someone can do with it.
> > > 
> > 
> > 
> > I agree that API should guides, admittedly.
> > However, the situation is not that easy, unfortunately.
> > We need setsockopt compatible implementation.
> > PPAPI's {TCP,UDP}Socket::SetOption is the ones we're using, but it has some
> > inconsistency (timing limitation).
> > Actually some App hit the real issue (crbug.com/425563) by
> > setsockopt(SO_BROADCAST) after bind(), which should work.
> > So, we need to fix the behavior. This is the starting point.
> > 
> > It means; if BROADCAST should not be set after bind(),
> > navigation by API should be returning an error for that (as the current
PPAPI
> > does).
> > However, it does not satisfy our requirements, because implementing the
> > setsockopt behavior
> > on top of it leaves timing issue, i.e. it cannot be implemented correctly,
as
> I
> > wrote.
> > 
> > > > Also, from API design point of view, I don't think it is healthy to keep
> > such
> > > > a pit hole. From users point of view, if an user hits such a issue, it'd
> be
> > > > hard to understand what's going on, and probably it would cause flaky
bugs
> > > > which are difficult to be reproduced.
> > > 
> > > I'm sorry, but I still don't see what would be issue / flaky behavior that
> the
> > > dev would face that would not be present in the first bind attempt.
> > > 
> > > 
> > > > Admittedly, we can work around to introduce BROADCAST after bind()
except
> > the
> > > > buggy situation,
> > > > but at the same time, we can simply avoid the situation by allowing
> > BROADCAST
> > > > after bind(), too.
> > > > So, the allowing looks simpler, consistent and less confusing solution
to
> > me?
> > > > 
> > > 
> > > Are you are calling a bug that someone else can grab the port between
close
> > and
> > > the second bind? Or are you referring to something else?. If that is what
> you
> > > mean, how is that different from someone else grabbing the port before the
> > first
> > > bind? How come the second failure would be unexpected or flaky but not the
> > first
> > > failure?
> > > 
> > 
> > From my point of view, the former case is "the port is reserved/used by
other
> > process,"
> > but the latter case is "the port is suddenly stolen during setsockopt()
> > invocation."
> > How client app works is up to the app itself, but "reserved port" is more
> common
> > case than "stolen port"
> > for most of programmers, I think.
> 
> That's an interesting way to put it. But you have not addressed why "reserved"
> is not strictly a subset of "stolen". Or to say it in another way, anybody who
> is subject to the "stolen" use case needs to worry about the thief stealing
the
> port before the first bind (making the distinction between the two cases
> irrelevant).
> 
> - If there is no need to worry about stealing then there is no need to change
> the mode of operation in-flight.
> - If there is a need to worry about stealing then there is no way to securely
> grab the port in the first place (or the same mechanism that copes with it can
> be used when the port is gone).
> 

Sorry, but I don't understand your meaning.
Why "If there is no need to worry about stealing then there is no need to change
the mode of operation in-flight."?
Changing the socket mode and if port will be stolen or not does not sound
connected each other?

Why "If there is a need to worry about stealing then there is no way to securely
grab the port in the first place (or the same mechanism that copes with it can
be used when the port is gone)."?
There could be some period between the bind() and setsockopt().
Then first bind() succeeds but then stolen?

I'd appreciate more detailed explanation.


> > So, app could be flakier with "stolen port"
> > case,
> > because programmers wouldn't assume such a case.
> > Also, re-bind() is the "implementation details" from the users and should be
> > hidden/encapsulated in general.
> > Thus, it would be very hard to understand what's going on then.
> > 
> > Stepping back, as you said, this should be very rare case, or should
unlikely
> > happen (I hope).
> > However, I'd like to have implementation as correct as possible.
> > We already hit some nightmare bugs, which are caused by some tiny
> > inconsistent/flaky behavior
> > between PPAPIs and posix.
> > I know, I may be too nervous, but such a bug is what we fight against...
> > In general, any bug could bite ourselves even if it looks very rare.
> > So, I would like to avoid such a situation if possible.
> > 
> > > At the end it's not a big deal; as I said I really don't have a strong
> opinion
> > > here, but I want to make sure I understand the motivation. I'm not sure we
> > want
> > > to be a thin wrapper around every OS provided API.
> 
> I'm glad you say that, but the only motivation that I see at this point is "we
> want to promise POSIX semantics to our users" and that basically translates in
> net exposing a thin wrapper around the OS API :(
> 

I also do not understand your motivation, then...
POSIX semantics is the requirements for ARC.
The new API incl. semantics looks simple.
We do not need platform-depended hack for its implementation.
What is the main problem here?

- hidehiko


> BTW, I filed bug 433024 to remove AllowAddressReuse()
> 
> > 
> > 
> > Our main motivation is, implementing setsockopt behavior, including to allow
> > SO_BROADCAST after bind() properly
> > (i.e. without leaving bugs (incl. timing issues) even if these should be
very
> > rare).
> > If there is an alternative way, I'm fine to leave AllowBroadcast() as is,
but
> I
> > have no idea about it.
> > (Note that Re-bind() does not work, because it leaves timing issue).
> > At least for now, changing it to SetBroadcast(bool) looks better approach.
> > From my point of view, its semantics look clear and straightforward enough
> (even
> > compared to AllowBroadcast()),
> > because it can be called whenever and effective. Also, the implementation is
> > straightforward, too.
> > 
> > Surely, we are not necessary to be a thin wrapper of OS APIs,
> > but we really need enough APIs for setsockopt compatible implementation.
> > Currently, PPAPI SetOption is not enough, unfortunately, so I'm trying to
> > improve it.
> > 
> > BTW, because this CL became bigger, I extract net/... related part into
> another
> > CL.
> > https://codereview.chromium.org/721273002/
> > 
> > Thanks,
> > - hidehiko
> > 
> > > 
> > > > > 
> > > > > 
> > > > > > > 
> > > > > > > Thanks,
> > > > > > > - hidehiko
> > > > > > > 
> > > > > > > On 2014/11/12 01:34:29, rvargas wrote:
> > > > > > > > + Ryan (^^)

Ryan Sleevi

rsleevi@chromium.org changed reviewers: + rsleevi@chromium.org

6 years, 1 month ago (2014-11-14 02:00:16 UTC) #55

Ryan Sleevi

I'm sorry, it's still taking time for me to catch up. However, I want to ...

6 years, 1 month ago (2014-11-14 02:00:17 UTC) #56

I'm sorry, it's still taking time for me to catch up. However, I want to echo
Ricardo's concerns, as from what I've read, I'm not really comfortable with the
design/approach.

Our API design has been explicitly NOT to provide a "general POSIX-compatible
API", because that's not an expectation we can meet in a cross-platform way in
many areas. We tell this to consumers of //net stack code regularly, and it's
come up in past designs (for example, Mojo). For the general health of //net and
"Chrome as a Browser", it's better to ensure the API is something that 99% can
use correctly and that hides much of the complexity.

On more minor points, I'm uncomfortable with the Allow/Disallow pairing of
methods, as that is an API smell that leaves ambiguity as to the default state
or to the general state. A bool or enum approach is far better, with the latter.
For example, SetX(ALLOW_X / DISALLOW_X) and GetX() returning ALLOW_X /
DISALLOW_X (or whatever appropriate verb/noun combinations are appropriate for
the enum) generally represents a better state.

The whole caching + repeated calls also strikes me as an implementation smell
that I'm not very keen on either, and it looks like Ricardo has already pointed
that out.

Given the unease it's given three //net reviewers, I think it may help to more
generally discuss this on net-dev@, to ensure there is consensus on what
//net/udp should provide to //net-stack consumers, what we're willing and able
to support, to understand about your use cases (to the extent that you can
share; being unable to share use cases publicly is also generally a red flag),
and to see what sort of solutions we can come up given that space. This is
fundamentally a question of code health and API design, and I don't want you to
take this as a "No, go away", but as a "This is not as trivial as you think, and
I also want to make sure we're all on the same page, lest you feel you might
need to send this to other reviewers to LG"

rvargas (doing something else)

On 2014/11/14 01:44:50, hidehiko wrote: I'm cleaning a little this thread to make the response ...

6 years, 1 month ago (2014-11-14 02:39:26 UTC) #57

On 2014/11/14 01:44:50, hidehiko wrote:

I'm cleaning a little this thread to make the response more readable.

> > That's an interesting way to put it. But you have not addressed why
"reserved"
> > is not strictly a subset of "stolen". Or to say it in another way, anybody
who
> > is subject to the "stolen" use case needs to worry about the thief stealing
> the
> > port before the first bind (making the distinction between the two cases
> > irrelevant).
> > 
> > - If there is no need to worry about stealing then there is no need to
change
> > the mode of operation in-flight.
> > - If there is a need to worry about stealing then there is no way to
securely
> > grab the port in the first place (or the same mechanism that copes with it
can
> > be used when the port is gone).
> > 
> 
> Sorry, but I don't understand your meaning.
> Why "If there is no need to worry about stealing then there is no need to
change
> the mode of operation in-flight."?

I'm just making the two cases explicit.

What I mean is that if I'm a random app developer and I know that I don't have
to worry about losing the port, then no changes to the current API are needed. I
believe we agree here, so that means that this is a case that is not very
interesting to us for the purpose of this discussion.

> Changing the socket mode and if port will be stolen or not does not sound
> connected each other?
> 
> Why "If there is a need to worry about stealing then there is no way to
securely
> grab the port in the first place (or the same mechanism that copes with it can
> be used when the port is gone)."?

This is the case that is interesting... In this case, I know (as a random app
developer), that I have to worry about port squatting (someone else attempting
to use the port I want, at any time). In this case, closing the socket and
creating a new one presents an opportunity for that squatter to sit in the port
that I want. But that squatter can also do that before I grab the port for the
first time.

My question is why could we say that a squatter can grab the port while I try to
change the mode but not before I create the first socket?
I don't see any reason to dismiss that scenario to be less likely, because we
start from the assumption that there is someone trying to grab that port. And
that means that I (as an app dev) have to write my app (protocol or whatever) in
a way that I can deal properly with that case: not getting the port that I want
when I start, or not getting it when I switch mode.

Covering one hole but leaving the other one open doesn't really help me.

> There could be some period between the bind() and setsockopt().
> Then first bind() succeeds but then stolen?
> 
> I'd appreciate more detailed explanation.

> > > Surely, we are not necessary to be a thin wrapper of OS APIs,
> > > but we really need enough APIs for setsockopt compatible implementation.
> > I'm glad you say that, but the only motivation that I see at this point is
"we
> > want to promise POSIX semantics to our users" and that basically translates
in
> > net exposing a thin wrapper around the OS API :(
> > 
> 
> I also do not understand your motivation, then...
> POSIX semantics is the requirements for ARC.
> The new API incl. semantics looks simple.
> We do not need platform-depended hack for its implementation.
> What is the main problem here?

What is ARC? When I read the linked bugs that was mentioned but that is far away
from src/net... which means that may motivate changes to PPAPI but not
necessarily to net (which is what I'm focusing on here).

If we _have_to_ provide POSIX semantics then sure, let's change the mode at any
time.

If we don't _have_to_ provide POSIX semantics, keeping the same mode for the
lifetime of the socket is a little cleaner (IMHO). A pretty convincing counter
argument would be performance degradation (we do almost anything for
performance), but I don't think that applies in this case.

Most likely what's going on is that I have no idea how important is to change
the behavior.

hidehiko

On 2014/11/14 02:39:26, rvargas wrote: > On 2014/11/14 01:44:50, hidehiko wrote: > > I'm cleaning ...

6 years, 1 month ago (2014-11-19 05:57:24 UTC) #58

On 2014/11/14 02:39:26, rvargas wrote:
> On 2014/11/14 01:44:50, hidehiko wrote:
> 
> I'm cleaning a little this thread to make the response more readable.
> 
> > > That's an interesting way to put it. But you have not addressed why
> "reserved"
> > > is not strictly a subset of "stolen". Or to say it in another way, anybody
> who
> > > is subject to the "stolen" use case needs to worry about the thief
stealing
> > the
> > > port before the first bind (making the distinction between the two cases
> > > irrelevant).
> > > 
> > > - If there is no need to worry about stealing then there is no need to
> change
> > > the mode of operation in-flight.
> > > - If there is a need to worry about stealing then there is no way to
> securely
> > > grab the port in the first place (or the same mechanism that copes with it
> can
> > > be used when the port is gone).
> > > 
> > 
> > Sorry, but I don't understand your meaning.
> > Why "If there is no need to worry about stealing then there is no need to
> change
> > the mode of operation in-flight."?
> 
> I'm just making the two cases explicit.
> 
> What I mean is that if I'm a random app developer and I know that I don't have
> to worry about losing the port, then no changes to the current API are needed.
I
> believe we agree here, so that means that this is a case that is not very
> interesting to us for the purpose of this discussion.
> 

At which time? On bind() or on setsockopt()? It is what I'm interested in.
If I were a developer, I'd probably imagine an error case on bind() (and write
an error handling),
but I would not think to loose it on setsockopt(). I.e., if setsockopt() failed,
I would imagine it is a missing feature or something, but I would not think the
port was stolen.
I still think "cannot grab the port" and "the grabbed port is stolen" are
different...
Am I missing something?

> > Changing the socket mode and if port will be stolen or not does not sound
> > connected each other?
> > 
> > Why "If there is a need to worry about stealing then there is no way to
> securely
> > grab the port in the first place (or the same mechanism that copes with it
can
> > be used when the port is gone)."?
> 
> This is the case that is interesting... In this case, I know (as a random app
> developer), that I have to worry about port squatting (someone else attempting
> to use the port I want, at any time). In this case, closing the socket and
> creating a new one presents an opportunity for that squatter to sit in the
port
> that I want. But that squatter can also do that before I grab the port for the
> first time.
> 
> My question is why could we say that a squatter can grab the port while I try
to
> change the mode but not before I create the first socket?
> I don't see any reason to dismiss that scenario to be less likely, because we
> start from the assumption that there is someone trying to grab that port. And
> that means that I (as an app dev) have to write my app (protocol or whatever)
in
> a way that I can deal properly with that case: not getting the port that I
want
> when I start, or not getting it when I switch mode.
> 
> Covering one hole but leaving the other one open doesn't really help me.
> 
> > There could be some period between the bind() and setsockopt().
> > Then first bind() succeeds but then stolen?
> > 
> > I'd appreciate more detailed explanation.
> 
> > > > Surely, we are not necessary to be a thin wrapper of OS APIs,
> > > > but we really need enough APIs for setsockopt compatible implementation.
> > > I'm glad you say that, but the only motivation that I see at this point is
> "we
> > > want to promise POSIX semantics to our users" and that basically
translates
> in
> > > net exposing a thin wrapper around the OS API :(
> > > 
> > 
> > I also do not understand your motivation, then...
> > POSIX semantics is the requirements for ARC.
> > The new API incl. semantics looks simple.
> > We do not need platform-depended hack for its implementation.
> > What is the main problem here?
> 
> What is ARC? When I read the linked bugs that was mentioned but that is far
away
> from src/net... which means that may motivate changes to PPAPI but not
> necessarily to net (which is what I'm focusing on here).
> 
> If we _have_to_ provide POSIX semantics then sure, let's change the mode at
any
> time.
> 

Oh, sorry. Please let me share more backgrounds.
I'm working on ARC (App Runtime for Chrome) project, which is to run android
applications on Chrome, launched two months ago.
In the project, we implement posix-layer on top of NaCl IRTs and PPAPIs.
Specifically, we implement socket related posix functions on top of socket
related PPAPIs.
{TCP,UDP}Socket::SetOption is the ones we use for setsockopt implementation.
We are thinking that the compatibility is VERY important. I believe you agree
that,
"in this kind of project", incompatibility easily causes a nightmare bugs, even
if the
incompatibility looks very small. Considering to increase the number of
supported apps,
its risk would be increased rapidly.
Actually, we received a real problem on it (like crbug.com/425563), so it's time
to fix it.

I'd like to make a change on SO_BROADCAST in net/ layer,
rather than re-binding hack workaround in PPAPI or ARC layer, because;
1) It does not leave a pit hole bug/trap in setsockopt implementation.
2) It can be simply implemented on among platforms, incl. Win, Mac, Linux and
Chrome OS.
   (Though current our focus is Chrome OS). I.e., it can be provided as a
platform independent API.
3) Its semantics is simple and understandable. The user of UDPSocket can call
SetBroadcast anytime they wants,
   and it works.

Thanks,
- hidehiko

> If we don't _have_to_ provide POSIX semantics, keeping the same mode for the
> lifetime of the socket is a little cleaner (IMHO). A pretty convincing counter
> argument would be performance degradation (we do almost anything for
> performance), but I don't think that applies in this case.
> 
> Most likely what's going on is that I have no idea how important is to change
> the behavior.

rvargas (doing something else)

On 2014/11/19 05:57:24, hidehiko wrote: > On 2014/11/14 02:39:26, rvargas wrote: > > On 2014/11/14 ...

6 years, 1 month ago (2014-11-19 21:14:04 UTC) #59

On 2014/11/19 05:57:24, hidehiko wrote:
> On 2014/11/14 02:39:26, rvargas wrote:
> > On 2014/11/14 01:44:50, hidehiko wrote:
> > 
> > I'm cleaning a little this thread to make the response more readable.
> > 
> > > > That's an interesting way to put it. But you have not addressed why
> > "reserved"
> > > > is not strictly a subset of "stolen". Or to say it in another way,
anybody
> > who
> > > > is subject to the "stolen" use case needs to worry about the thief
> stealing
> > > the
> > > > port before the first bind (making the distinction between the two cases
> > > > irrelevant).
> > > > 
> > > > - If there is no need to worry about stealing then there is no need to
> > change
> > > > the mode of operation in-flight.
> > > > - If there is a need to worry about stealing then there is no way to
> > securely
> > > > grab the port in the first place (or the same mechanism that copes with
it
> > can
> > > > be used when the port is gone).
> > > > 
> > > 
> > > Sorry, but I don't understand your meaning.
> > > Why "If there is no need to worry about stealing then there is no need to
> > change
> > > the mode of operation in-flight."?
> > 
> > I'm just making the two cases explicit.
> > 
> > What I mean is that if I'm a random app developer and I know that I don't
have
> > to worry about losing the port, then no changes to the current API are
needed.
> I
> > believe we agree here, so that means that this is a case that is not very
> > interesting to us for the purpose of this discussion.
> > 
> 
> At which time? On bind() or on setsockopt()? It is what I'm interested in.

setsockopt()? I thought we were talking about AllowBroadcast() :p

> If I were a developer, I'd probably imagine an error case on bind() (and write
> an error handling),
> but I would not think to loose it on setsockopt(). I.e., if setsockopt()
failed,
> I would imagine it is a missing feature or something, but I would not think
the
> port was stolen.
> I still think "cannot grab the port" and "the grabbed port is stolen" are
> different...
> Am I missing something?

I think the misunderstanding comes from thinking about a different starting
point. If I'm a dev, and I start from something that says "the mode can be
changed at anytime during the socket lifetime" then yes, I have no reason to
believe that I'm losing the socket when calling AllowBroadcast. On the other
hand, if I start from something that says "the mode is set for the whole
lifetime of the socket", and the way to change the mode is to use another socket
then that points me immediately to the same code that I had to use when calling
Bind().

This is why I said that the argument boils down to net having to provide POSIX
semantics.


> 
> > > Changing the socket mode and if port will be stolen or not does not sound
> > > connected each other?
> > > 
> > > Why "If there is a need to worry about stealing then there is no way to
> > securely
> > > grab the port in the first place (or the same mechanism that copes with it
> can
> > > be used when the port is gone)."?
> > 
> > This is the case that is interesting... In this case, I know (as a random
app
> > developer), that I have to worry about port squatting (someone else
attempting
> > to use the port I want, at any time). In this case, closing the socket and
> > creating a new one presents an opportunity for that squatter to sit in the
> port
> > that I want. But that squatter can also do that before I grab the port for
the
> > first time.
> > 
> > My question is why could we say that a squatter can grab the port while I
try
> to
> > change the mode but not before I create the first socket?
> > I don't see any reason to dismiss that scenario to be less likely, because
we
> > start from the assumption that there is someone trying to grab that port.
And
> > that means that I (as an app dev) have to write my app (protocol or
whatever)
> in
> > a way that I can deal properly with that case: not getting the port that I
> want
> > when I start, or not getting it when I switch mode.
> > 
> > Covering one hole but leaving the other one open doesn't really help me.
> > 
> > > There could be some period between the bind() and setsockopt().
> > > Then first bind() succeeds but then stolen?
> > > 
> > > I'd appreciate more detailed explanation.
> > 
> > > > > Surely, we are not necessary to be a thin wrapper of OS APIs,
> > > > > but we really need enough APIs for setsockopt compatible
implementation.
> > > > I'm glad you say that, but the only motivation that I see at this point
is
> > "we
> > > > want to promise POSIX semantics to our users" and that basically
> translates
> > in
> > > > net exposing a thin wrapper around the OS API :(
> > > > 
> > > 
> > > I also do not understand your motivation, then...
> > > POSIX semantics is the requirements for ARC.
> > > The new API incl. semantics looks simple.
> > > We do not need platform-depended hack for its implementation.
> > > What is the main problem here?
> > 
> > What is ARC? When I read the linked bugs that was mentioned but that is far
> away
> > from src/net... which means that may motivate changes to PPAPI but not
> > necessarily to net (which is what I'm focusing on here).
> > 
> > If we _have_to_ provide POSIX semantics then sure, let's change the mode at
> any
> > time.
> > 
> 
> Oh, sorry. Please let me share more backgrounds.
> I'm working on ARC (App Runtime for Chrome) project, which is to run android
> applications on Chrome, launched two months ago.
> In the project, we implement posix-layer on top of NaCl IRTs and PPAPIs.
> Specifically, we implement socket related posix functions on top of socket
> related PPAPIs.

So we are talking about taking code that was targeted to a platform and
emulating the expected behavior on another platform, right? That says to me that
PPAPI wants to use a POSIX version of a socket, which means that net should
export a POSIX version of a socket, right?

Which prompts two general questions:
1. What is the plan for platforms where the OS layer doesn't provide POSIX
behavior for sockets?
2. Why is net exposing that functionality at all? Why have some class in net
expose something called AllowBroadcast if what the callers want is something
that behaves like setsockopt on POSIX? Why not call setsockopt without involving
net code at all?



> {TCP,UDP}Socket::SetOption is the ones we use for setsockopt implementation.
> We are thinking that the compatibility is VERY important. I believe you agree
> that,
> "in this kind of project", incompatibility easily causes a nightmare bugs,
even
> if the
> incompatibility looks very small. Considering to increase the number of
> supported apps,
> its risk would be increased rapidly.
> Actually, we received a real problem on it (like crbug.com/425563), so it's
time
> to fix it.
> 
> I'd like to make a change on SO_BROADCAST in net/ layer,
> rather than re-binding hack workaround in PPAPI or ARC layer, because;
> 1) It does not leave a pit hole bug/trap in setsockopt implementation.
> 2) It can be simply implemented on among platforms, incl. Win, Mac, Linux and
> Chrome OS.
>    (Though current our focus is Chrome OS). I.e., it can be provided as a
> platform independent API.
> 3) Its semantics is simple and understandable. The user of UDPSocket can call
> SetBroadcast anytime they wants,
>    and it works.
> 
> Thanks,
> - hidehiko
> 
> > If we don't _have_to_ provide POSIX semantics, keeping the same mode for the
> > lifetime of the socket is a little cleaner (IMHO). A pretty convincing
counter
> > argument would be performance degradation (we do almost anything for
> > performance), but I don't think that applies in this case.
> > 
> > Most likely what's going on is that I have no idea how important is to
change
> > the behavior.

hidehiko

hidehiko@chromium.org changed reviewers: - jar@chromium.org, rsleevi@chromium.org, rvargas@chromium.org, sergeyu@chromium.org, shess@chromium.org

6 years ago (2014-12-08 12:12:51 UTC) #60

hidehiko

hidehiko@chromium.org changed required reviewers: - rvargas@chromium.org

6 years ago (2014-12-08 12:12:52 UTC) #61

hidehiko

Moved net/ reviewers from R= to CC=, because the net/ part are submitted separately. Bill, ...

6 years ago (2014-12-08 12:33:24 UTC) #62

bbudge

https://codereview.chromium.org/690903002/diff/300001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc (right): https://codereview.chromium.org/690903002/diff/300001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc#newcode66 content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc:66: socket_options_(SOCKET_OPTION_NODELAY), Even though not strictly necessary in this case, ...

6 years ago (2014-12-09 18:37:38 UTC) #63

hidehiko

Thank you for review! PTAL. https://codereview.chromium.org/690903002/diff/300001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc File content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc (right): https://codereview.chromium.org/690903002/diff/300001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc#newcode66 content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc:66: socket_options_(SOCKET_OPTION_NODELAY), On 2014/12/09 18:37:37, ...

6 years ago (2014-12-09 19:51:42 UTC) #64

hidehiko

On 2014/12/09 19:51:42, hidehiko wrote: > Thank you for review! PTAL. > > https://codereview.chromium.org/690903002/diff/300001/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc > ...

6 years ago (2014-12-11 02:35:09 UTC) #65

bbudge

LGTM w comment https://codereview.chromium.org/690903002/diff/320001/ppapi/proxy/udp_socket_resource_base.cc File ppapi/proxy/udp_socket_resource_base.cc (right): https://codereview.chromium.org/690903002/diff/320001/ppapi/proxy/udp_socket_resource_base.cc#newcode80 ppapi/proxy/udp_socket_resource_base.cc:80: // successful Bind() call, so it's ...

6 years ago (2014-12-11 02:49:06 UTC) #66

hidehiko

Thank you for review. Submitting. https://codereview.chromium.org/690903002/diff/320001/ppapi/proxy/udp_socket_resource_base.cc File ppapi/proxy/udp_socket_resource_base.cc (right): https://codereview.chromium.org/690903002/diff/320001/ppapi/proxy/udp_socket_resource_base.cc#newcode80 ppapi/proxy/udp_socket_resource_base.cc:80: // successful Bind() call, ...

6 years ago (2014-12-11 05:02:33 UTC) #67

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/690903002/340001

6 years ago (2014-12-11 05:03:25 UTC) #69

commit-bot: I haz the power

6 years ago (2014-12-11 06:02:53 UTC) #71

Message was sent while issue was closed.

Patchset 15 (id:??) landed as
https://crrev.com/fd305c12b3fe8b4d2496f67aed089ff703f19b6d
Cr-Commit-Position: refs/heads/master@{#307867}

Issue 690903002: Remove timing limitation of SetOption invocation for PPAPI sockets. (Closed)

Description

Patch Set 1 #

Patch Set 2 : #

Patch Set 3 : #

Patch Set 4 : #

Patch Set 5 : Rebase #

Patch Set 6 : #

Patch Set 7 : Rebase #

Patch Set 8 : #

Patch Set 9 : Rebase #

Patch Set 10 : #

Patch Set 11 : #

Patch Set 12 : #

Patch Set 13 : Rebase and fixed implementation. #

Patch Set 14 : #

Patch Set 15 : #

Messages