feat: add ancillary data (control message) helpers for sendmsg/recvmsg#645
feat: add ancillary data (control message) helpers for sendmsg/recvmsg#645seuros wants to merge 1 commit intorust-lang:masterfrom
Conversation
seuros
force-pushed
the
ancillary-data-cmsg
branch
4 times, most recently
from
c94de0c to
c22b136
Compare
Closes rust-lang#614 Add Unix-only safe wrappers for CMSG_* operations: - `cmsg_space(data_len) -> Option<usize>`: compute control buffer size (returns None when data_len overflows c_uint, fixing a truncation path that would produce an undersized buffer) - `ControlMessage<'a>`: a parsed ancillary data entry (level, type, data) - `ControlMessages<'a>`: iterator over a received control buffer; walks via byte-offset arithmetic and ptr::read_unaligned so no aligned reference to cmsghdr is ever formed (avoids UB on 1-byte-aligned Vec<u8> buffers) - `ControlMessageEncoder<'a>`: builder for outgoing control messages; rejects payloads exceeding c_uint::MAX before calling CMSG_SPACE/CMSG_LEN to prevent buffer overflow from silent truncation Also add a Cross CI job to run tests under QEMU on i686, aarch64, and armv7 Linux — the target families where CMSG_ALIGN factor and cmsg_len width differ from x86_64. Enables SCM_RIGHTS file-descriptor passing without depending on libc directly (tracked by plabayo/rama#781).
seuros
force-pushed
the
ancillary-data-cmsg
branch
from
c22b136 to
dd9b05e
Compare
|
The only remaining CI failure is FreeBSD (Cirrus CI) — this is an infrastructure flake, not a code issue: Cargo tries to update the crates.io index and hits an SSL cert verification failure in the Cirrus FreeBSD 14.3 VM. Unrelated to this PR! Verified manually on FreeBSD 16-Current where |
Thomasdezeeuw
left a comment
Thomasdezeeuw
left a comment
There was a problem hiding this comment.
Can you open an issue to discuss this feature? I don't think the code as-is is a good fit for socket2. Based on the tests we still need to use unsafe & libc types to actually use this.
There was a problem hiding this comment.
Can you drop the CI changes from this pr? Let's focus this pr on one thing.
| - name: Check docs | ||
| run: RUSTDOCFLAGS="-D warnings --cfg docsrs" cargo doc -Z build-std=std,panic_abort --no-deps --all-features --target ${{ matrix.target }} | ||
| Cross: | ||
| name: Cross-test (${{ matrix.target }}) |
There was a problem hiding this comment.
Why do we need this? Isn't cargo check sufficient?
| &cred as *const libc::ucred as *const u8, | ||
| std::mem::size_of::<libc::ucred>(), | ||
| ) | ||
| }; |
There was a problem hiding this comment.
We still need a bunch of unsafe and libc types... wouldn't it be better to have a safe wrapper in the library?
2 participants
Closes #614
Add Unix-only safe wrappers for CMSG_* operations:
cmsg_space(data_len) -> Option<usize>: compute control buffer size (returns None when data_len overflows c_uint, fixing a truncation path that would produce an undersized buffer)ControlMessage<'a>: a parsed ancillary data entry (level, type, data)ControlMessages<'a>: iterator over a received control buffer; walks via byte-offset arithmetic and ptr::read_unaligned so no aligned reference to cmsghdr is ever formed (avoids UB on 1-byte-aligned Vec buffers)ControlMessageEncoder<'a>: builder for outgoing control messages; rejects payloads exceeding c_uint::MAX before calling CMSG_SPACE/CMSG_LEN to prevent buffer overflow from silent truncationAlso add a Cross CI job to run tests under QEMU on i686, aarch64, and armv7 Linux, the target families where CMSG_ALIGN factor and cmsg_len width differ from x86_64.
Enables SCM_RIGHTS file-descriptor passing without depending on libc directly (tracked by plabayo/rama#781).
I can remove the Cross tests if needed.