proposal: net: change Dial to accept host+":"+port #44955
Comments
|
This sounds great. One downside is that the failure mode is worse. Before you get an error, which (I hope) the code handles, and which vet can flag. After you dial an unexpected server, which could (in theory) be a security problem. |
|
Thanks for filing this. Because I can’t see it 100% clearly spelled out, let me ask directly: the proposal is to make not only The upside of fixing existing code is great, but I’m wondering if making Go programs accept address formats that are not accepted in other programs is a good idea? Addresses are frequently accepted via flags, so end users (not even programmers) come into contact with them. |
|
@stapelberg, yes Dial would take both forms. I'm not sure I understand the downside of fixing shell scripts that use |
Fixing shell scripts as well is fine. What I was trying to get at is that introducing a new accepted form of addresses means that people might start using them and later on end up confused when the address form they learnt with Perhaps other languages/libraries will follow suit, but likely many won’t. I’m not saying this is a reason for not doing it, but we should be aware that we’re introducing a Go-ism here. Probably not a big deal given the rarity of IPv6 literal addresses. |
|
I am very much in favour of the original solution, issue 28308. Not only will the proposal in the OP increase the complexity and error-prone-ness of |
|
The overall reaction here is not positive enough to seem like we should move forward. Retracting. |
|
No change in consensus, so declined. |
#28308 suggests having vet report mistakes of the forms:
The mistake being that if host is an IPv6 address then the address will be malformed.
The argument is supposed to be "[" + ipv6 + "]:" + port in that case,
and you should use
instead.
SplitHostPort and JoinHostPort are important to use for URLs:
http://::1:80/andhttp://::1/are invalid, whilehttp://[::1]:80/andhttp://[::1]/are fine.(SplitHostPort and JoinHostPort only deal with the first of each pair.)
If you don't know whether a port is present, then the brackets resolve the ambiguity:
::1:80 is an IPv6 address, and [::1]:80 is an IPv6 address followed by a port.
But Dial with network "tcp" and "udp" does not have that "is the port present?" ambiguity: the port is required.
The port also never contains a colon.
So the final colon in the string is unambiguously the separator between host and port.
I wonder if we should make Dial with network "tcp" and "udp" accept host+":"+port.
Then all the things we're talking about flagging in #28308 would become correct instead.
The only downside is that if you mistakenly did
(oops you forgot the port), then under certain rare circumstances that might not turn into a "invalid address error".
The vast majority of cases would behave as before:
The only case that changes is when the IPv6 address ends in two or more non-wildcard chunks and the final chunk is entirely decimal digits. For the typical 16-bit chunks, that's only 15% of such addresses.
And of course if you do write this code, you're very likely to hit one of the error cases, and as soon as you do, you notice and fix the code.
On the other hand, consider
This works for domain names and IPv4 addresses and then breaks as soon as someone tries an IPv6 host.
We can make this work 100% of the time instead.
Overall, the cost of redefining that fairly unlikely mistake to be a different failure seems a small price to pay for fixing all the code that is using strings to put together Dial arguments and will fall over at the first IPv6 address literal.
Should we just fix all this code?
The text was updated successfully, but these errors were encountered: