Skip to main content

Module spawn

cellos_supervisor::dns_proxy

Module spawn 

Source
Expand description

SEAM-1 Phase 2b — supervisor → cell-netns DNS proxy spawn.

This module owns the placement of super::run_one_shot inside the cell’s network namespace. The proxy module itself ([super::mod]) is platform-neutral and contains no setns / nsenter calls; the supervisor pre-binds sockets and hands them to run_one_shot. Phase 2b’s job is to make those sockets exist in /proc/<child_pid>/ns/net rather than the host netns.

§Why a dedicated OS thread

setns(2) changes the calling thread’s namespace association. A tokio::task::spawn_blocking task does not give us a stable thread — tokio’s blocking pool may reuse the worker for other tasks once we return. Even if the proxy ran sync inside spawn_blocking, polluting that worker’s netns with the cell’s namespace would corrupt every subsequent task that landed on the same worker. We therefore allocate a fresh std::thread, do the setns there, run the loop to completion, and let the OS reclaim the thread on exit. The thread never returns to a tokio worker.

§Bridging the sync emitter to async [EventSink]

The proxy’s super::DnsQueryEmitter is synchronous (it must not block the recv loop). The supervisor’s cellos_core::ports::EventSink is async. EventSinkEmitter captures a tokio::runtime::Handle before the OS thread starts and uses Handle::spawn to fire-and-forget every event onto the runtime. This preserves the per-query event audit trail without blocking the recv loop on emit completion.

§Shutdown coordination

run_one_shot already checks an AtomicBool between iterations and the listener has a short read_timeout. The teardown helper signal_proxy_shutdown sets the flag and sends a 0-byte UDP packet to the listen address — the recv loop wakes immediately, observes the flag, and returns. Without the wake packet, the loop would sit in recv_from for up to read_timeout after teardown requested shutdown.

Structs§

DnsProxyHandle
Shutdown coordination handle returned by spawn_proxy_in_netns (Linux) — held by the supervisor and signalled at cell destroy time.
EventSinkEmitter
Adapter from the proxy’s synchronous DnsQueryEmitter trait to the supervisor’s async cellos_core::ports::EventSink pipeline.

Functions§

signal_proxy_shutdown
Send a 0-byte UDP packet to listen_addr to wake a blocked recv_from.
spawn_proxy_in_netns
Linux-only: spawn the proxy on a dedicated OS thread, setns(2) into /proc/<child_pid>/ns/net, bind UDP listener + upstream sockets in that netns, and run super::run_one_shot until shutdown is set.