The magic ports seem a bit unclear and hard to discover to me, otoh we have too many settings already but I think a documented setting might be better.

Hm, ultimately it doesn't appear as if the ReadyForConnections solution works, I guess because none of the chk cases fire in a simple setup and therefore we return after the first 25ms pause, regardless of whether NATS is set up or not by that point.

It might make sense to re-add the startupComplete channel, close it right before the AcceptLoop would start and then wait for that in ReadyForConnections before checking the sockets.

I've gone ahead and done that. There's no new API surface this time — readyForConnections will instead wait for the startup channel to close, which will happen right before AcceptLoop will be called. I hope that's OK — it fixes the problem in my tests.

It appears that it results in internal pipe write timeout, which is not that good. For instance, I tried to connect with wrong user/password and the server would report a WriteDeadline exceeded (when trying to write the authorization violation error).

Looking at the source for net.Pipe, the only way it can return a os.ErrDeadlineExceeded is if a deadline has been set and not cleared or re-set afterwards. Otherwise it should return an io.ErrClosedPipe.

https://github.com/golang/go/blob/d8f348a589b3df4bb48636023be4ccf9ac96d307/src/net/pipe.go#L183-L188

I haven't made any changes to deadlines anywhere so wondering if there is some existing deadline being set elsewhere?

If you could have some tests and figure out what the issue is with those time outs, then we could reconsider.

Have you got an example or a specific test that I can look at? We've been experimenting with in-process conns using these commits in our codebase for the last couple of days and we have yet to see this. We'll ultimately need to abandon NATS if we can't figure out a way to perform in-process connections which would be a shame, as it's looking to be a good fit so far.

Have you got an example or a specific test that I can look at?

I was trying to connect with wrong username/password, so what I see is that the server blocks on flushOutbound() writing -ERR 'Authorization Violation'\r\n message (up to write deadline which default is 10 seconds) and the client blocks in writing the CONNECT + PING protocols in nats.go sendConnect() at this place: if err := nc.bw.writeDirect(cProto, pingProto); err != nil {.

So the server reads the CONNECT (not the PING yet), fails the client by trying to write -ERR .. to it and that blocks because the client is not reading. The connect process in the client is synchronous, that is, there is no read loop started yet.

So if I have the client sends only CONNECT and then PING later, the issue is the same, this time the client blocks writing PING because the server is also blocked writing -ERR (since client is not reading). Having buffered pipes may help, but to the point where buffer will be full. At least that may help pass the phase of CONNECT...

Lack of buffering is probably the crux of the issue here — net.Pipe doesn't buffer. As per the godoc:

Reads on one end are matched with writes on the other, copying data directly between the two; there is no internal buffering.

I suppose a custom implementation could be made which wraps net.Pipe with buffered readers/writers, but I suspect that probably only masks the issue and makes for an even more confusing implementation. Not entirely sure what the best answer here is really and we won't have seen it because we don't use the user/password authentication (there's really no point when we know that the connection is coming from within the process).

Hm, ultimately it doesn't appear as if the ReadyForConnections solution works

Just curious, what is failing? Is there a test that consistently fails? Sometimes tests can be flaky, so you may need to rerun them a few times.

For example, I did this 537a5bc
and got green tests https://github.com/nats-io/nats-server/actions/runs/1031222424

@variadico No, it was just that in the case of "DontListen" (part of this PR), ReadyForConnections() should ignore the client port, so I asked to add ok: s.listener != nil || opts.DontListen, but the issue was that user calling ReadyForConnections() in that case would return immediately with "ok", while the user wanted at least all of Server.Start() (minus AcceptLoop) to be done, hence the use of the startupComplete channel that is just closed prior to starting the AcceptLoop() (which is blocking).

@neilalexander We will discuss this PR internally and come up with a decision maybe later next week. Thanks again!

Thanks @kozlovic, will wait to hear back on a way forward. Hoping we can come up with something suitable — NATS is shaping up very well for us so far, we just need to be able to get it to work in obscure places like WASM as well as cross-process!

Is there any update on whether this was discussed further? We're optimistically hoping for good news. 😄

@kozlovic and I plan to discuss this week IIRC.

Actually beginning of next since a member of the team is on vacation this week and we wanted his inputs.

@neilalexander Sorry for the delay. We just had a discussion today about this, and we feel it is important and part of future kind of deployments, but we would need a bit more information. The wasm limitation may be temporary, are you following wasi developments?
What wasm environment are you planning on deploying this?

Finally, would you have 15/20 minutes to speak with @derekcollison? He would like to have a short discussion with you. Thanks!

We are starting to see more interest in this and we ourselves are very interested in the WASM/WASI ecosystem. Possible to get 20 minutes of your time to chat live via Zoom or GH?

Hey @kozlovic, @derekcollison — more than happy to have a chat. I'm in GMT but please feel free to drop me a mail at neilalexander at matrix.org (or, if you are Matrix natives, the same MXID) to arrange a time.

At a high level, our project is Dendrite, which is a Matrix homeserver implementation. We basically need to be able to run everywhere — within the web browser, on mobile devices and on servers alike. We see the in-process connections as a way of getting around the limitations with not being able to open arbitrary sockets with WASM (and this probably still holds true in WASI as of today, not sure?) and also not opening unnecessary sockets on mobile devices either. I can explain more certainly about what we're hoping to do on the call.

Neil,

Have not forgotten about you, promise.

Hey Derek,

Is there any update? Cheers!

Still very much on our list, just prioritizing KV and ObjectStore abstractions atm.

Hi all, is there any update on this?

Unfortunately nothing has changed atm.

Still a nice to have I think for us but not a high priority.

@neilalexander if you want to update this to the main branch (rebase etc). We can see if we can get this one in..

@derekcollison Have rebased against main!

Thanks! We still have the hang issues that were mentioned yes?

I’m not entirely sure what issues it might introduce, but we’ve been using this in Dendrite for months without any particular issues. Admittedly we don’t ever stop NATS or close the connection until the point that the entire process shuts down. We’ve also seen one or two cases of slow consumer but I suspect that’s more to do with our message sizes as we’ve also seen it when running NATS in a separate process via TCP.

With an “experimental” label attached it’s usable as-is, but you’d probably be better qualified to figure out if there’s anything I’m missing.

I think Ivan had mentioned some tests he was doing that could block on failed auth or something.

Have rebased again.