diff --git a/differences.md b/differences.md index 8f77056..5792ae7 100644 --- a/differences.md +++ b/differences.md @@ -40,7 +40,7 @@ |--------|:--:|:----:|-------| | SIGINT (Ctrl+C) | Y | Y | Both handle graceful shutdown | | SIGTERM | Y | Y | `PosixSignalRegistration` triggers `ShutdownAsync()` | -| SIGUSR1 (reopen logs) | Y | Stub | Signal registered, handler logs "not yet implemented" | +| SIGUSR1 (reopen logs) | Y | Y | SIGUSR1 handler calls ReOpenLogFile | | SIGUSR2 (lame duck mode) | Y | Y | Triggers `LameDuckShutdownAsync()` | | SIGHUP (config reload) | Y | Stub | Signal registered, handler logs "not yet implemented" | | Windows Service integration | Y | N | | @@ -78,7 +78,7 @@ | No-responders validation | Y | Y | CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match | | Slow consumer detection | Y | Y | Pending bytes threshold (64MB) + write deadline timeout (10s) | | Write deadline / timeout policies | Y | Y | `WriteDeadline` option with `CancellationTokenSource.CancelAfter` on flush | -| RTT measurement | Y | N | Go tracks round-trip time per client | +| RTT measurement | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt | | Per-client trace mode | Y | N | | | Detailed close reason tracking | Y | Y | 37-value `ClosedState` enum with CAS-based `MarkClosed()` | | Connection state flags (16 flags) | Y | Y | 7-flag `ClientFlagHolder` with `Interlocked.Or`/`And` | @@ -206,7 +206,7 @@ Go implements a sophisticated slow consumer detection system: | NKeys (Ed25519) | Y | Y | .NET has framework but integration is basic | | JWT validation | Y | N | | | Bcrypt password hashing | Y | Y | .NET supports bcrypt (`$2*` prefix) with constant-time fallback | -| TLS certificate mapping | Y | N | Property exists but no implementation | +| TLS certificate mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback | | Custom auth interface | Y | N | | | External auth callout | Y | N | | | Proxy authentication | Y | N | | @@ -247,7 +247,7 @@ Go implements a sophisticated slow consumer detection system: | `-n/--name` (ServerName) | Y | Y | | | `-m/--http_port` (monitoring) | Y | Y | | | `-c` (config file) | Y | Stub | Flag parsed, stored in `ConfigFile`, no config parser | -| `-D/-V/-DV` (debug/trace) | Y | N | | +| `-D/-V/-DV` (debug/trace) | Y | Y | `-D` for debug, `-V`/`-T` for trace, `-DV` for both | | `--tlscert/--tlskey/--tlscacert` | Y | Y | | | `--tlsverify` | Y | Y | | | `--http_base_path` | Y | Y | | @@ -262,7 +262,7 @@ Go implements a sophisticated slow consumer detection system: | ~450 option fields | Y | ~54 | .NET covers core options only | ### Missing Options Categories -- Logging options (file, rotation, syslog, trace levels) +- Logging options: per-subsystem log control (file, rotation, syslog, trace/debug flags are implemented) - Advanced limits (MaxSubs, MaxSubTokens, MaxPending, WriteDeadline) - Tags/metadata - OCSP configuration @@ -283,7 +283,7 @@ Go implements a sophisticated slow consumer detection system: | `/routez` | Y | Stub | Returns empty response | | `/gatewayz` | Y | Stub | Returns empty response | | `/leafz` | Y | Stub | Returns empty response | -| `/subz` / `/subscriptionsz` | Y | Stub | Returns empty response | +| `/subz` / `/subscriptionsz` | Y | Y | Account filtering, test subject filtering, pagination, and subscription details | | `/accountz` | Y | Stub | Returns empty response | | `/accstatz` | Y | Stub | Returns empty response | | `/jsz` | Y | Stub | Returns empty response | @@ -308,7 +308,9 @@ Go implements a sophisticated slow consumer detection system: | Feature | Go | .NET | Notes | |---------|:--:|:----:|-------| | Filtering by CID, user, account | Y | Partial | | -| Sorting (11 options) | Y | Y | .NET missing ByStop, ByReason | +| Sorting (11 options) | Y | Y | All options including ByStop, ByReason, ByRtt | +| State filtering (open/closed/all) | Y | Y | `state=open|closed|all` query parameter | +| Closed connection tracking | Y | Y | `ConcurrentQueue` capped at 10,000 entries | | Pagination (offset, limit) | Y | Y | | | Subscription detail mode | Y | N | | | TLS peer certificate info | Y | N | | @@ -337,9 +339,9 @@ Go implements a sophisticated slow consumer detection system: | Mutual TLS (client certs) | Y | Y | | | Certificate pinning (SHA256 SPKI) | Y | Y | | | TLS handshake timeout | Y | Y | | -| TLS rate limiting | Y | Property only | .NET has the option but enforcement is partial | +| TLS rate limiting | Y | Y | Rate enforcement with refill; unit tests cover rate limiting and refill | | First-byte peeking (0x16 detection) | Y | Y | | -| Cert subject→user mapping | Y | N | `TlsMap` property exists, no implementation | +| Cert subject→user mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback | | OCSP stapling | Y | N | | | Min TLS version control | Y | Y | | @@ -350,14 +352,14 @@ Go implements a sophisticated slow consumer detection system: | Feature | Go | .NET | Notes | |---------|:--:|:----:|-------| | Structured logging | Partial | Y | .NET uses Serilog with ILogger | -| File logging with rotation | Y | N | | -| Syslog (local and remote) | Y | N | | -| Log reopening (SIGUSR1) | Y | N | | -| Trace mode (protocol-level) | Y | N | | -| Debug mode | Y | N | | +| File logging with rotation | Y | Y | Serilog.Sinks.File with rolling file support | +| Syslog (local and remote) | Y | Y | `--syslog` and `--remote_syslog` flags via Serilog.Sinks.SyslogMessages | +| Log reopening (SIGUSR1) | Y | Y | SIGUSR1 handler calls ReOpenLogFile | +| Trace mode (protocol-level) | Y | Y | `-V` or `-T` flag enables trace-level logging | +| Debug mode | Y | Y | `-D` flag enables debug-level logging | | Per-subsystem log control | Y | N | | -| Color output on TTY | Y | N | | -| Timestamp format control | Y | N | | +| Color output on TTY | Y | Y | Auto-detected via `Console.IsOutputRedirected`, uses `AnsiConsoleTheme.Code` | +| Timestamp format control | Y | Y | `--logtime` and `--logtime_utc` flags | --- @@ -369,34 +371,36 @@ Go implements a sophisticated slow consumer detection system: | Configurable interval | Y | Y | PingInterval option | | Max pings out | Y | Y | MaxPingsOut option | | Stale connection close | Y | Y | | -| RTT-based first PING delay | Y | N | Go delays first PING based on RTT | -| RTT tracking | Y | N | | -| Stale connection watcher | Y | N | Go has dedicated watcher goroutine | +| RTT-based first PING delay | Y | Y | Skips PING until FirstPongSent or 2s elapsed | +| RTT tracking | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt | +| Stale connection stats | Y | Y | `StaleConnectionStats` model, exposed in `/varz` | --- ## Summary: Critical Gaps for Production Use -### High Priority -1. **Slow consumer detection** — unbounded writes can exhaust memory (stat fields exist but no detection logic) -2. **Write coalescing / batch flush** — performance gap for high-throughput scenarios +### Resolved Since Initial Audit +The following items from the original gap list have been implemented: +- **Slow consumer detection** — pending bytes threshold (64MB) with write deadline enforcement +- **Write coalescing / batch flush** — channel-based write loop drains all items before single flush +- **Verbose mode** — `+OK` responses for CONNECT, SUB, UNSUB, PUB when `verbose:true` +- **No-responders validation** — CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match +- **File logging with rotation** — Serilog.Sinks.File with rolling file support +- **TLS certificate mapping** — X500DistinguishedName with full DN match and CN fallback +- **Protocol tracing** — `-V`/`-T` flag enables trace-level logging; `-D` for debug -### Medium Priority -3. **Verbose mode** — clients expect `+OK` when `verbose: true` -4. **Permission deny enforcement at delivery** — deny lists checked at SUB/PUB time but not during message delivery -5. **Config file parsing** — needed for production deployment (CLI stub exists) -6. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists) -7. **File logging with rotation** — needed for production logging -8. **No-responders validation** — flag parsed but not enforced +### Remaining High Priority +1. **Permission deny enforcement at delivery** — deny lists checked at SUB/PUB time but not during message delivery +2. **Config file parsing** — needed for production deployment (CLI stub exists) +3. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists) -### Lower Priority -9. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections -10. **JWT authentication** — needed for operator mode -11. **TLS certificate mapping** — property exists, not implemented -12. **OCSP support** — certificate revocation checking -13. **Subject mapping** — input→output subject transformation -14. **Protocol tracing** — no trace-level logging -15. **Subscription statistics** — SubList has no stats collection -16. **Per-account limits** — connections, subscriptions per account -17. **Reply subject tracking** — dynamic response permissions -18. **Windows Service integration** — needed for Windows deployment +### Remaining Lower Priority +4. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections +5. **JWT authentication** — needed for operator mode +6. **OCSP support** — certificate revocation checking +7. **Subject mapping** — input→output subject transformation +8. **Subscription statistics** — SubList has no stats collection +9. **Per-account limits** — connections, subscriptions per account +10. **Reply subject tracking** — dynamic response permissions +11. **Windows Service integration** — needed for Windows deployment +12. **Per-subsystem log control** — granular log levels per component