Document behaviour if rule matches more than one socket

nixcloud / ip2unix

Turn IP sockets into Unix domain sockets

GNU Lesser General Public License v3.0

357 stars 10 forks source link

Document behaviour if rule matches more than one socket #17

Closed aszlig closed 4 years ago

aszlig commented 4 years ago

Or alternatively check whether the current behaviour (which is to blackhole subsequent sockets) is sensible to do and whether we can improve this, like eg. matching the next rule.

Reported-by: @Profpatsch

aszlig commented 4 years ago

More about why I chose the current behaviour: This is optimised for maximum laziness in common cases where a service binds to IPv4 and IPv6 and you just want to match with a rule like port=1234,path=/foo/bar.

If we'd fall through the next rule, we'd need to use two rules: port=1234,path=/foo/bar and blackhole.

aszlig commented 4 years ago

Continuing on this example, if we want to avoid that port 1234 ever binds to an IP socket but still leave other sockets intact (which the rule that just says blackhole does not), we'd need to specify the following two rules:

port=1234,path=/foo/bar port=1234,blackhole