Fully abstract connection and make TLS dynamically loadable

[pizhenwei]

There are many commits in this PR, the detailed changes is described in each commit message.

Main changes in this PR

• Fully abstract connection type, and hide connection type specified methods. Ex, currently TLS class looks like:

static ConnectionType CT_TLS = {
    /* connection type */
    .get_type = connTLSGetType,

    /* connection type initialize & finalize & configure */
    .init = tlsInit,
    .cleanup = tlsCleanup,
    .configure = tlsConfigure,

    /* ae & accept & listen & error & address handler */
    .ae_handler = tlsEventHandler,
    .accept_handler = tlsAcceptHandler,
    .addr = connTLSAddr,
    .listen = connTLSListen,

    /* create/close connection */
    .conn_create = connCreateTLS,
    .conn_create_accepted = connCreateAcceptedTLS,
    .close = connTLSClose,

    /* connect & accept */
    .connect = connTLSConnect,
    .blocking_connect = connTLSBlockingConnect,
    .accept = connTLSAccept,

    /* IO */
    .read = connTLSRead,
    .write = connTLSWrite,
    .writev = connTLSWritev,
    .set_write_handler = connTLSSetWriteHandler,
    .set_read_handler = connTLSSetReadHandler,
    .get_last_error = connTLSGetLastError,
    .sync_write = connTLSSyncWrite,
    .sync_read = connTLSSyncRead,
    .sync_readline = connTLSSyncReadLine,

    /* pending data */
    .has_pending_data = tlsHasPendingData,
    .process_pending_data = tlsProcessPendingData,

    /* TLS specified methods */
    .get_peer_cert = connTLSGetPeerCert,
};

int RedisRegisterConnectionTypeTLS()
{
    return connTypeRegister(&CT_TLS);
}

• Also abstract Unix socket class. Currently, the connection framework becomes like:

                       uplayer
                          |
                   connection layer
                     /    |     \
                   TCP   Unix   TLS
    

• It's possible to build TLS as a shared library (make BUILD_TLS=module). Loading the shared library(redis-tls.so) into Redis by Redis module subsystem, and Redis starts to listen TLS port. Ex:

    ./src/redis-server --tls-port 6379 --port 0 \
        --tls-cert-file ./tests/tls/redis.crt \
        --tls-key-file ./tests/tls/redis.key \
        --tls-ca-cert-file ./tests/tls/ca.crt \
        --loadmodule src/redis-tls.so

• It's possible to support more connection type, ex RDMA:
  Support RDMA as tranport layer protocol #9161

Interface changes

• RM_GetContextFlags supports a new flag: REDISMODULE_CTX_FLAGS_SERVER_STARTUP
• INFO SERVER includes a list of listeners:

listener0:name=tcp,bind=127.0.0.1,port=6380
listener1:name=unix,bind=/run/redis.sock
listener2:name=tls,bind=127.0.0.1,port=6379

Other notes

• Fix wrong signature of RedisModuleDefragFunc, this could break
  compilation of a module, but not the ABI
• Some reordering of initialization order in server.c:
  • Move initialization of listeners to be after loading the modules
  • Config TLS after initialization of listeners
  • Init cluster after initialization of listeners
• Sentinel does not support the TLS module or any connection module since it uses hiredis for outbound connections, so when TLS is built as a module, sentinel lacks TLS support.

[yossigo]

Hello @pizhenwei, this looks like a big chunk of work - thank you! I only quickly looked at the code and plan to do so more in-depth in a few days, but I wanted to ping @redis/core-team about this.

I think we need to agree on the supported use cases and scope here, and the kind of problems that can and cannot be solved by pluggable connection modules. There are many constraints that will make it difficult to support any arbitrary configuration:

• Configuration assumes a single TCP, TLS, Unix socket listener
• Cluster bus protocol assumes a single TCP and TLS listener
• Integration with different channels (Clients, Replication, Cluster Bus, Sentinel)

Based on that, use cases that could reasonably be supported are:

• Single (optional) instance of a TLS module, for all channels (this PR)
• Arbitrary (optional) instances for user-defined connection types, only used to accept client connections. I assume the future RDMA transport could fall here, as well as others.

I think we need to agree that supporting the "all channels" for arbitrary connection types is out of scope for now.

Another issue I noticed with this PR is that it implements a dedicated mechanism for loading the module. I lean towards using the existing modules mechanism, even if this kind of third party modules have a surface area that's much bigger than the Redis Module API. Would be happy to hear other thoughts.

[oranagra]

@yossigo just to be clear, you mean that for client connections we can support multiple plugins, even working side by side, but these won't (at least in this stage) integrate with cluster bus and replication channels.
And on the other hand, the only plugin that integrate with all channels, is specifically a TLS plugin, and also we only allow one at the time, so someone can replace the OpenSSL one with an s2n one, but can't have them both loaded, and can't use that interface (all channels) to implement any other extension (other than for TLS).

Regarding the module loading interface, i actually believe this mechanism should be completely separate from the current Redis Modules one, i don't wanna see module capabilities or limitations get mixed with the capabilities and limitations of this mechanism.

[pizhenwei]

Hello @pizhenwei, this looks like a big chunk of work - thank you! I only quickly looked at the code and plan to do so more in-depth in a few days, but I wanted to ping @redis/core-team about this.

Sure, I'm looking forward to seeing it.

[yossigo]

@pizhenwei I've started reviewing the code and made a few comments. My main input is we need to break down this PR into several phases to make it easier to handle.

I believe the first phase should be about connection API change/cleanup only - fully encapsulate ConnectionType, only use generic connCreate, connAccept, etc. Leave everything in connection.c to avoid big diffs due to code reorganization at this point.

At this point I'd also want to be sure we don't introduce any unexpected performance regressions.

The next stages would be --

• Add tls-module-path and the ability to optionally build TLS support separately (i.e. BUILD_TLS=yes|no|ext). Maybe at this point already consider a more generic load-extension mechanism (the term "module" is used for Redis Modules, we don't want to confuse the two).
• Consider if/how additional arbitrary connection types can be supported.
• Finalize code reorganization.

@oranagra Do you have any other/additional thoughts?

[oranagra]

@yossigo it makes sense to split it into several stages, and review each separately, but then i may be worried that we're not seeing the end goal properly when working on stage one, so i'm also willing to consider splitting to several commits, each with a clear separate purpose. not sure which approach is better in this case, i leave it to you to decide.

[pizhenwei]

Hi, @oranagra @yossigo
Before the next stage, I guess reviewing the abstract part seems also necessary, it changes a lot.
How about reviewing this feature patch by patch in this PR, and merge it until the full job done?

[pizhenwei]

@pizhenwei I've started reviewing the code and made a few comments. My main input is we need to break down this PR into several phases to make it easier to handle.

I believe the first phase should be about connection API change/cleanup only - fully encapsulate ConnectionType, only use generic connCreate, connAccept, etc. Leave everything in connection.c to avoid big diffs due to code reorganization at this point.

At this point I'd also want to be sure we don't introduce any unexpected performance regressions.

The next stages would be --

• Add tls-module-path and the ability to optionally build TLS support separately (i.e. BUILD_TLS=yes|no|ext). Maybe at this point already consider a more generic load-extension mechanism (the term "module" is used for Redis Modules, we don't want to confuse the two).
• Consider if/how additional arbitrary connection types can be supported.
• Finalize code reorganization.

@oranagra Do you have any other/additional thoughts?

Hi, @yossigo , I have fixed several problems as your comments.
fully encapsulate ConnectionType & tls-load-extension are ready to review, and the performance test seems OK.

I'm a little confused about Consider if/how additional arbitrary connection types can be supported:
Currently before using a connection type, we must declare the type(CONN_TYPE_SOCKET and CONN_TYPE_TLS), so an arbitrary connection type can't be loaded without the type define. But it's can be implemented by this mechanism:

• remove type define from connection layer
• introduce type string "socket" & "tls" in each connection type
• connection layer keeps a linked list to store all the types

Should I take the next step to separate connection.c into connection.c(abstract layer) and socket.c?

[pizhenwei]

@yossigo @oranagra
The main part of this job is almost complete.
And base these patches, the RDMA feature(PR) also supports built-in/extension mode, the features of RDMA have been implemented:
- rdma server built-in & extension mode work fine
- replication works fine
- cluster also works fine

Could you take a look at this PR?

[pizhenwei]

Hi, @yossigo @oranagra @yoav-steinberg

I reworked this series, and separated a large patch into 9 small changes:
Implement a complete connection framework, Redis could hide all the connection related functions, uplayer accesses the connection via framework only.
Currently, for both socket and TLS, all the methods of connection type are declared as static functions.

I would appreciate it if you could review this series!

[pizhenwei]

Hi, @yossigo @oranagra @yoav-steinberg

I reworked this series, and separated a large patch into 9 small changes: Implement a complete connection framework, Redis could hide all the connection related functions, uplayer accesses the connection via framework only. Currently, for both socket and TLS, all the methods of connection type are declared as static functions.

I would appreciate it if you could review this series!

PING @yossigo @oranagra @yoav-steinberg

[oranagra]

@pizhenwei i'm really sorry for not responding sooner (wanted to wait till i have a chance to look at the code)
we're still in the vortex of redis 7.0 (trying to quickly fix issues in 7.0.0), i hope one of us will be able to dive into it in the coming weeks and give provide the necessary feedback to push this forward.
we haven't forgot, just still too busy.

[pizhenwei]

@pizhenwei i'm really sorry for not responding sooner (wanted to wait till i have a chance to look at the code) we're still in the vortex of redis 7.0 (trying to quickly fix issues in 7.0.0), i hope one of us will be able to dive into it in the coming weeks and give provide the necessary feedback to push this forward. we haven't forgot, just still too busy.

Some guys contacted me to know more about the test result and the plan of Redis over RDMA, this makes me anxious to do this work. Sorry to let you feel pushy, that was not my intention.

Thanks a lot!

[oranagra]

@pizhenwei thank you for your patience, sorry it takes so long.
i wasn't part of the loop earlier and my review now is just through the peephole of the github diff, so i might be off or missing things.

i did review the commits in the PR one by one, and the refactoring work you did seem pretty solid (gave a few minor comments).

I also looked at a few commits at the top of https://github.com/pizhenwei/redis/commits/feature-rdma-v2 to see how you took it further and how RDMA and possibly other mediums can be integrated with minimal or no changes to redis, hoping for redis to be flexible enough to support various nuances and oddities each one brings.

I do remember you mentioned something about RDMA not being able to deliver a writable event, and i assume we might need to pull portions of ae.c into this extensions mechanism.

A few random notes about changes i see in the commits of that other branch:

refactory related:

• i don't think it's appropriate clientAcceptHandler (protected mode, error replies, module hooks, freeing clients, server stats) is in connection.c (should somehow move back to networking IMHO)
• same for acceptCommonHandler and clusterAcceptHandler
• i'm unsure about connSocketListenToPort. it seems a good fit for connection.c, but maybe we don't have to move it (unnecessary blamelog and review overhead).

general:

• maybe instead of "burning" the medium specific configs into redis, we should either use the new module api config system (#10285) to configure these.
  there are two ways we can do that:
  one is that these extensions can be both an extension, but also a module, and use the module API to register configs.
  the other is that maybe we'll extract the mechanism that allows modules to register configs (which are applied after config file parsing instead of during), in a way that the extensions will be able to use them too.
• maybe instead of the several hard coded ifs in redis that init and setup (listen) the extensions, we can have a loop that handles all the loaded extensions, in which case instead of hard coded indexes to the connection type array, they'll be dynamic. i.e. each entry in the array has a pointer to the callback struct, but we don't know which index has which type (Socket and TLS may be an exception since we due to compatibility of previous state, we may have to refer to them by index).

[oranagra]

@pizhenwei please have a look at my last batch of changes

other than fixing the test failures with old TCL and the test framework race, i also made sure that when redis is built with tls as a module, it will not link against the tls libraries (only redis-cli, redis-benchmark, and the redis-tls.so will, but not redis-server and thereby redis-sentinel, which is the same binary).

new CI run: https://github.com/oranagra/redis/actions/runs/2904590091

[edit] some test fail on MASTER and SLAVE consistency with expire, that's a known issue in unstable

[edit] triggered another CI batch for the ones that failed: https://github.com/oranagra/redis/actions/runs/2911398026

[pizhenwei]

• share

This looks good to me! Thanks!

[oranagra]

WOW... just slightly over a year after the PR was opened, and nearly 1.5 years after the original RDMA PR was submitted, this journey is finally complete (or maybe it's just it's first step?).
@pizhenwei thank you for pushing this through!

[pizhenwei]

Hi @oranagra @yossigo @madolson

Thanks for your suggestions and patience in this journey!