dohertj2/natsdotnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update differences.md sections 7-10 to reflect implemented features

Browse Source
This commit is contained in:
Joseph Doherty
2026-02-23 01:08:34 -05:00
parent 8878301c7f
commit 56de543713
1 changed files with 44 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
differences.md
View File

@@ -40,7 +40,7 @@
|--------|:--:|:----:|-------|
| SIGINT (Ctrl+C) | Y | Y | Both handle graceful shutdown |
| SIGTERM | Y | Y | `PosixSignalRegistration` triggers `ShutdownAsync()` |
| SIGUSR1 (reopen logs) | Y | Stub | Signal registered, handler logs "not yet implemented" |
| SIGUSR1 (reopen logs) | Y | Y | SIGUSR1 handler calls ReOpenLogFile |
| SIGUSR2 (lame duck mode) | Y | Y | Triggers `LameDuckShutdownAsync()` |
| SIGHUP (config reload) | Y | Stub | Signal registered, handler logs "not yet implemented" |
| Windows Service integration | Y | N | |
@@ -78,7 +78,7 @@
| No-responders validation | Y | Y | CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match |
| Slow consumer detection | Y | Y | Pending bytes threshold (64MB) + write deadline timeout (10s) |
| Write deadline / timeout policies | Y | Y | `WriteDeadline` option with `CancellationTokenSource.CancelAfter` on flush |
| RTT measurement | Y | N | Go tracks round-trip time per client |
| RTT measurement | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt |
| Per-client trace mode | Y | N | |
| Detailed close reason tracking | Y | Y | 37-value `ClosedState` enum with CAS-based `MarkClosed()` |
| Connection state flags (16 flags) | Y | Y | 7-flag `ClientFlagHolder` with `Interlocked.Or`/`And` |
@@ -206,7 +206,7 @@ Go implements a sophisticated slow consumer detection system:
| NKeys (Ed25519) | Y | Y | .NET has framework but integration is basic |
| JWT validation | Y | N | |
| Bcrypt password hashing | Y | Y | .NET supports bcrypt (`$2*` prefix) with constant-time fallback |
| TLS certificate mapping | Y | N | Property exists but no implementation |
| TLS certificate mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback |
| Custom auth interface | Y | N | |
| External auth callout | Y | N | |
| Proxy authentication | Y | N | |
@@ -247,7 +247,7 @@ Go implements a sophisticated slow consumer detection system:
| `-n/--name` (ServerName) | Y | Y | |
| `-m/--http_port` (monitoring) | Y | Y | |
| `-c` (config file) | Y | Stub | Flag parsed, stored in `ConfigFile`, no config parser |
| `-D/-V/-DV` (debug/trace) | Y | N | |
| `-D/-V/-DV` (debug/trace) | Y | Y | `-D` for debug, `-V`/`-T` for trace, `-DV` for both |
| `--tlscert/--tlskey/--tlscacert` | Y | Y | |
| `--tlsverify` | Y | Y | |
| `--http_base_path` | Y | Y | |
@@ -262,7 +262,7 @@ Go implements a sophisticated slow consumer detection system:
| ~450 option fields | Y | ~54 | .NET covers core options only |
### Missing Options Categories
- Logging options (file, rotation, syslog, trace levels)
- Logging options: per-subsystem log control (file, rotation, syslog, trace/debug flags are implemented)
- Advanced limits (MaxSubs, MaxSubTokens, MaxPending, WriteDeadline)
- Tags/metadata
- OCSP configuration
@@ -283,7 +283,7 @@ Go implements a sophisticated slow consumer detection system:
| `/routez` | Y | Stub | Returns empty response |
| `/gatewayz` | Y | Stub | Returns empty response |
| `/leafz` | Y | Stub | Returns empty response |
| `/subz` / `/subscriptionsz` | Y | Stub | Returns empty response |
| `/subz` / `/subscriptionsz` | Y | Y | Account filtering, test subject filtering, pagination, and subscription details |
| `/accountz` | Y | Stub | Returns empty response |
| `/accstatz` | Y | Stub | Returns empty response |
| `/jsz` | Y | Stub | Returns empty response |
@@ -308,7 +308,9 @@ Go implements a sophisticated slow consumer detection system:
| Feature | Go | .NET | Notes |
|---------|:--:|:----:|-------|
| Filtering by CID, user, account | Y | Partial | |
| Sorting (11 options) | Y | Y | .NET missing ByStop, ByReason |
| Sorting (11 options) | Y | Y | All options including ByStop, ByReason, ByRtt |
| State filtering (open/closed/all) | Y | Y | `state=open|closed|all` query parameter |
| Closed connection tracking | Y | Y | `ConcurrentQueue<ClosedClient>` capped at 10,000 entries |
| Pagination (offset, limit) | Y | Y | |
| Subscription detail mode | Y | N | |
| TLS peer certificate info | Y | N | |
@@ -337,9 +339,9 @@ Go implements a sophisticated slow consumer detection system:
| Mutual TLS (client certs) | Y | Y | |
| Certificate pinning (SHA256 SPKI) | Y | Y | |
| TLS handshake timeout | Y | Y | |
| TLS rate limiting | Y | Property only | .NET has the option but enforcement is partial |
| TLS rate limiting | Y | Y | Rate enforcement with refill; unit tests cover rate limiting and refill |
| First-byte peeking (0x16 detection) | Y | Y | |
| Cert subject→user mapping | Y | N | `TlsMap` property exists, no implementation |
| Cert subject→user mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback |
| OCSP stapling | Y | N | |
| Min TLS version control | Y | Y | |
@@ -350,14 +352,14 @@ Go implements a sophisticated slow consumer detection system:
| Feature | Go | .NET | Notes |
|---------|:--:|:----:|-------|
| Structured logging | Partial | Y | .NET uses Serilog with ILogger<T> |
| File logging with rotation | Y | N | |
| Syslog (local and remote) | Y | N | |
| Log reopening (SIGUSR1) | Y | N | |
| Trace mode (protocol-level) | Y | N | |
| Debug mode | Y | N | |
| File logging with rotation | Y | Y | Serilog.Sinks.File with rolling file support |
| Syslog (local and remote) | Y | Y | `--syslog` and `--remote_syslog` flags via Serilog.Sinks.SyslogMessages |
| Log reopening (SIGUSR1) | Y | Y | SIGUSR1 handler calls ReOpenLogFile |
| Trace mode (protocol-level) | Y | Y | `-V` or `-T` flag enables trace-level logging |
| Debug mode | Y | Y | `-D` flag enables debug-level logging |
| Per-subsystem log control | Y | N | |
| Color output on TTY | Y | N | |
| Timestamp format control | Y | N | |
| Color output on TTY | Y | Y | Auto-detected via `Console.IsOutputRedirected`, uses `AnsiConsoleTheme.Code` |
| Timestamp format control | Y | Y | `--logtime` and `--logtime_utc` flags |
---
@@ -369,34 +371,36 @@ Go implements a sophisticated slow consumer detection system:
| Configurable interval | Y | Y | PingInterval option |
| Max pings out | Y | Y | MaxPingsOut option |
| Stale connection close | Y | Y | |
| RTT-based first PING delay | Y | N | Go delays first PING based on RTT |
| RTT tracking | Y | N | |
| Stale connection watcher | Y | N | Go has dedicated watcher goroutine |
| RTT-based first PING delay | Y | Y | Skips PING until FirstPongSent or 2s elapsed |
| RTT tracking | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt |
| Stale connection stats | Y | Y | `StaleConnectionStats` model, exposed in `/varz` |
---
## Summary: Critical Gaps for Production Use
### High Priority
1. **Slow consumer detection** — unbounded writes can exhaust memory (stat fields exist but no detection logic)
2. **Write coalescing / batch flush** — performance gap for high-throughput scenarios
### Resolved Since Initial Audit
The following items from the original gap list have been implemented:
- **Slow consumer detection** — pending bytes threshold (64MB) with write deadline enforcement
- **Write coalescing / batch flush** — channel-based write loop drains all items before single flush
- **Verbose mode** — `+OK` responses for CONNECT, SUB, UNSUB, PUB when `verbose:true`
- **No-responders validation** — CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match
- **File logging with rotation** — Serilog.Sinks.File with rolling file support
- **TLS certificate mapping** — X500DistinguishedName with full DN match and CN fallback
- **Protocol tracing** — `-V`/`-T` flag enables trace-level logging; `-D` for debug
### Medium Priority
3. **Verbose mode** — clients expect `+OK` when `verbose: true`
4. **Permission deny enforcement at delivery** — deny lists checked at SUB/PUB time but not during message delivery
5. **Config file parsing** — needed for production deployment (CLI stub exists)
6. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists)
7. **File logging with rotation** — needed for production logging
8. **No-responders validation** — flag parsed but not enforced
### Remaining High Priority
1. **Permission deny enforcement at delivery** — deny lists checked at SUB/PUB time but not during message delivery
2. **Config file parsing** — needed for production deployment (CLI stub exists)
3. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists)
### Lower Priority
9. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections
10. **JWT authentication** — needed for operator mode
11. **TLS certificate mapping** — property exists, not implemented
12. **OCSP support** — certificate revocation checking
13. **Subject mapping** — input→output subject transformation
14. **Protocol tracing** — no trace-level logging
15. **Subscription statistics** — SubList has no stats collection
16. **Per-account limits** — connections, subscriptions per account
17. **Reply subject tracking** — dynamic response permissions
18. **Windows Service integration** — needed for Windows deployment
### Remaining Lower Priority
4. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections
5. **JWT authentication** — needed for operator mode
6. **OCSP support** — certificate revocation checking
7. **Subject mapping** — input→output subject transformation
8. **Subscription statistics** — SubList has no stats collection
9. **Per-account limits** — connections, subscriptions per account
10. **Reply subject tracking** — dynamic response permissions
11. **Windows Service integration** — needed for Windows deployment
12. **Per-subsystem log control** — granular log levels per component