Merge branch 'feature/sections-7-10-gaps' into main
This commit is contained in:
Joseph Doherty
@@ -40,7 +40,7 @@
|
||||
|--------|:--:|:----:|-------|
|
||||
| SIGINT (Ctrl+C) | Y | Y | Both handle graceful shutdown |
|
||||
| SIGTERM | Y | Y | `PosixSignalRegistration` triggers `ShutdownAsync()` |
|
||||
| SIGUSR1 (reopen logs) | Y | Stub | Signal registered, handler logs "not yet implemented" |
|
||||
| SIGUSR1 (reopen logs) | Y | Y | SIGUSR1 handler calls ReOpenLogFile |
|
||||
| SIGUSR2 (lame duck mode) | Y | Y | Triggers `LameDuckShutdownAsync()` |
|
||||
| SIGHUP (config reload) | Y | Stub | Signal registered, handler logs "not yet implemented" |
|
||||
| Windows Service integration | Y | N | |
|
||||
@@ -78,7 +78,7 @@
|
||||
| No-responders validation | Y | Y | CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match |
|
||||
| Slow consumer detection | Y | Y | Pending bytes threshold (64MB) + write deadline timeout (10s) |
|
||||
| Write deadline / timeout policies | Y | Y | `WriteDeadline` option with `CancellationTokenSource.CancelAfter` on flush |
|
||||
| RTT measurement | Y | N | Go tracks round-trip time per client |
|
||||
| RTT measurement | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt |
|
||||
| Per-client trace mode | Y | N | |
|
||||
| Detailed close reason tracking | Y | Y | 37-value `ClosedState` enum with CAS-based `MarkClosed()` |
|
||||
| Connection state flags (16 flags) | Y | Y | 7-flag `ClientFlagHolder` with `Interlocked.Or`/`And` |
|
||||
@@ -206,7 +206,7 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| NKeys (Ed25519) | Y | Y | .NET has framework but integration is basic |
|
||||
| JWT validation | Y | N | |
|
||||
| Bcrypt password hashing | Y | Y | .NET supports bcrypt (`$2*` prefix) with constant-time fallback |
|
||||
| TLS certificate mapping | Y | N | Property exists but no implementation |
|
||||
| TLS certificate mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback |
|
||||
| Custom auth interface | Y | N | |
|
||||
| External auth callout | Y | N | |
|
||||
| Proxy authentication | Y | N | |
|
||||
@@ -248,7 +248,7 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| `-n/--name` (ServerName) | Y | Y | |
|
||||
| `-m/--http_port` (monitoring) | Y | Y | |
|
||||
| `-c` (config file) | Y | Stub | Flag parsed, stored in `ConfigFile`, no config parser |
|
||||
| `-D/-V/-DV` (debug/trace) | Y | Y | Sets `Debug`/`Trace` on `NatsOptions`, adjusts Serilog minimum level |
|
||||
| `-D/-V/-DV` (debug/trace) | Y | Y | `-D`/`--debug` for debug, `-V`/`-T`/`--trace` for trace, `-DV` for both |
|
||||
| `--tlscert/--tlskey/--tlscacert` | Y | Y | |
|
||||
| `--tlsverify` | Y | Y | |
|
||||
| `--http_base_path` | Y | Y | |
|
||||
@@ -263,7 +263,7 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| ~450 option fields | Y | ~62 | .NET covers core + debug/trace/logging/limits/tags options |
|
||||
|
||||
### Missing Options Categories
|
||||
- ~~Logging options (file, rotation, syslog, trace levels)~~ — File logging (`-l`), `LogSizeLimit`, Debug/Trace implemented; syslog/color/timestamp not yet
|
||||
- ~~Logging options~~ — file logging, rotation, syslog, debug/trace, color, timestamps all implemented; only per-subsystem log control remains
|
||||
- ~~Advanced limits (MaxSubs, MaxSubTokens, MaxPending, WriteDeadline)~~ — `MaxSubs`, `MaxSubTokens` implemented; MaxPending/WriteDeadline already existed
|
||||
- ~~Tags/metadata~~ — `Tags` dictionary implemented in `NatsOptions`
|
||||
- OCSP configuration
|
||||
@@ -284,7 +284,7 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| `/routez` | Y | Stub | Returns empty response |
|
||||
| `/gatewayz` | Y | Stub | Returns empty response |
|
||||
| `/leafz` | Y | Stub | Returns empty response |
|
||||
| `/subz` / `/subscriptionsz` | Y | Stub | Returns empty response |
|
||||
| `/subz` / `/subscriptionsz` | Y | Y | Account filtering, test subject filtering, pagination, and subscription details |
|
||||
| `/accountz` | Y | Stub | Returns empty response |
|
||||
| `/accstatz` | Y | Stub | Returns empty response |
|
||||
| `/jsz` | Y | Stub | Returns empty response |
|
||||
@@ -309,7 +309,9 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| Feature | Go | .NET | Notes |
|
||||
|---------|:--:|:----:|-------|
|
||||
| Filtering by CID, user, account | Y | Partial | |
|
||||
| Sorting (11 options) | Y | Y | .NET missing ByStop, ByReason |
|
||||
| Sorting (11 options) | Y | Y | All options including ByStop, ByReason, ByRtt |
|
||||
| State filtering (open/closed/all) | Y | Y | `state=open|closed|all` query parameter |
|
||||
| Closed connection tracking | Y | Y | `ConcurrentQueue<ClosedClient>` capped at 10,000 entries |
|
||||
| Pagination (offset, limit) | Y | Y | |
|
||||
| Subscription detail mode | Y | N | |
|
||||
| TLS peer certificate info | Y | N | |
|
||||
@@ -338,9 +340,9 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| Mutual TLS (client certs) | Y | Y | |
|
||||
| Certificate pinning (SHA256 SPKI) | Y | Y | |
|
||||
| TLS handshake timeout | Y | Y | |
|
||||
| TLS rate limiting | Y | Property only | .NET has the option but enforcement is partial |
|
||||
| TLS rate limiting | Y | Y | Rate enforcement with refill; unit tests cover rate limiting and refill |
|
||||
| First-byte peeking (0x16 detection) | Y | Y | |
|
||||
| Cert subject→user mapping | Y | N | `TlsMap` property exists, no implementation |
|
||||
| Cert subject→user mapping | Y | Y | X500DistinguishedName with full DN match and CN fallback |
|
||||
| OCSP stapling | Y | N | |
|
||||
| Min TLS version control | Y | Y | |
|
||||
|
||||
@@ -351,14 +353,14 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| Feature | Go | .NET | Notes |
|
||||
|---------|:--:|:----:|-------|
|
||||
| Structured logging | Partial | Y | .NET uses Serilog with ILogger<T> |
|
||||
| File logging with rotation | Y | Y | `-l` flag + `LogSizeLimit` option via Serilog.Sinks.File with `fileSizeLimitBytes` |
|
||||
| Syslog (local and remote) | Y | N | |
|
||||
| Log reopening (SIGUSR1) | Y | N | |
|
||||
| Trace mode (protocol-level) | Y | Y | `-V`/`-DV` flags; parser `TraceInOp()` logs `<<- OP arg` at Trace level |
|
||||
| Debug mode | Y | Y | `-D`/`-DV` flags lower Serilog minimum to Debug/Verbose |
|
||||
| File logging with rotation | Y | Y | `-l`/`--log_file` flag + `LogSizeLimit`/`LogMaxFiles` via Serilog.Sinks.File |
|
||||
| Syslog (local and remote) | Y | Y | `--syslog` and `--remote_syslog` flags via Serilog.Sinks.SyslogMessages |
|
||||
| Log reopening (SIGUSR1) | Y | Y | SIGUSR1 handler calls ReOpenLogFile callback |
|
||||
| Trace mode (protocol-level) | Y | Y | `-V`/`-T`/`--trace` flags; parser `TraceInOp()` logs at Trace level |
|
||||
| Debug mode | Y | Y | `-D`/`--debug` flag lowers Serilog minimum to Debug |
|
||||
| Per-subsystem log control | Y | N | |
|
||||
| Color output on TTY | Y | N | |
|
||||
| Timestamp format control | Y | N | |
|
||||
| Color output on TTY | Y | Y | Auto-detected via `Console.IsOutputRedirected`, uses `AnsiConsoleTheme.Code` |
|
||||
| Timestamp format control | Y | Y | `--logtime` and `--logtime_utc` flags |
|
||||
|
||||
---
|
||||
|
||||
@@ -370,34 +372,36 @@ Go implements a sophisticated slow consumer detection system:
|
||||
| Configurable interval | Y | Y | PingInterval option |
|
||||
| Max pings out | Y | Y | MaxPingsOut option |
|
||||
| Stale connection close | Y | Y | |
|
||||
| RTT-based first PING delay | Y | N | Go delays first PING based on RTT |
|
||||
| RTT tracking | Y | N | |
|
||||
| Stale connection watcher | Y | N | Go has dedicated watcher goroutine |
|
||||
| RTT-based first PING delay | Y | Y | Skips PING until FirstPongSent or 2s elapsed |
|
||||
| RTT tracking | Y | Y | `_rttStartTicks`/`Rtt` property, computed on PONG receipt |
|
||||
| Stale connection stats | Y | Y | `StaleConnectionStats` model, exposed in `/varz` |
|
||||
|
||||
---
|
||||
|
||||
## Summary: Critical Gaps for Production Use
|
||||
|
||||
### High Priority
|
||||
1. ~~**Slow consumer detection**~~ — implemented (pending bytes threshold + write deadline)
|
||||
2. ~~**Write coalescing / batch flush**~~ — implemented (channel-based write loop)
|
||||
### Resolved Since Initial Audit
|
||||
The following items from the original gap list have been implemented:
|
||||
- **Slow consumer detection** — pending bytes threshold (64MB) with write deadline enforcement
|
||||
- **Write coalescing / batch flush** — channel-based write loop drains all items before single flush
|
||||
- **Verbose mode** — `+OK` responses for CONNECT, SUB, UNSUB, PUB when `verbose:true`
|
||||
- **Permission deny enforcement at delivery** — `IsDeliveryAllowed` + auto-unsub cleanup
|
||||
- **No-responders validation** — CONNECT rejects `no_responders` without `headers`; 503 HMSG on no match
|
||||
- **File logging with rotation** — Serilog.Sinks.File with rolling file support
|
||||
- **TLS certificate mapping** — X500DistinguishedName with full DN match and CN fallback
|
||||
- **Protocol tracing** — `-V`/`-T` flag enables trace-level logging; `-D` for debug
|
||||
- **Subscription statistics** — `Stats()`, `HasInterest()`, `NumInterest()`, etc.
|
||||
- **Per-account limits** — connection + subscription limits via `AccountConfig`
|
||||
- **Reply subject tracking** — `ResponseTracker` with TTL + max messages
|
||||
|
||||
### Medium Priority
|
||||
3. ~~**Verbose mode**~~ — implemented (`+OK` on CONNECT/SUB/UNSUB/PUB)
|
||||
4. ~~**Permission deny enforcement at delivery**~~ — implemented (`IsDeliveryAllowed` + auto-unsub cleanup)
|
||||
5. **Config file parsing** — needed for production deployment (CLI stub exists)
|
||||
6. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists)
|
||||
7. ~~**File logging with rotation**~~ — implemented (Serilog.Sinks.File with `-l` flag)
|
||||
8. ~~**No-responders validation**~~ — implemented (CONNECT validation + 503 HMSG)
|
||||
### Remaining High Priority
|
||||
1. **Config file parsing** — needed for production deployment (CLI stub exists)
|
||||
2. **Hot reload** — needed for zero-downtime config changes (SIGHUP stub exists)
|
||||
|
||||
### Lower Priority
|
||||
9. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections
|
||||
10. **JWT authentication** — needed for operator mode
|
||||
11. **TLS certificate mapping** — property exists, not implemented
|
||||
12. **OCSP support** — certificate revocation checking
|
||||
13. **Subject mapping** — input→output subject transformation
|
||||
14. ~~**Protocol tracing**~~ — implemented (`TraceInOp` at `LogLevel.Trace`)
|
||||
15. ~~**Subscription statistics**~~ — implemented (`Stats()`, `HasInterest()`, `NumInterest()`, etc.)
|
||||
16. ~~**Per-account limits**~~ — implemented (connection + subscription limits via `AccountConfig`)
|
||||
17. ~~**Reply subject tracking**~~ — implemented (`ResponseTracker` with TTL + max messages)
|
||||
18. **Windows Service integration** — needed for Windows deployment
|
||||
### Remaining Lower Priority
|
||||
3. **Dynamic buffer sizing** — delegated to Pipe, less optimized for long-lived connections
|
||||
4. **JWT authentication** — needed for operator mode
|
||||
5. **OCSP support** — certificate revocation checking
|
||||
6. **Subject mapping** — input→output subject transformation
|
||||
7. **Windows Service integration** — needed for Windows deployment
|
||||
8. **Per-subsystem log control** — granular log levels per component
|
||||
|
||||
Reference in New Issue
Block a user