Summary

Add Unix-domain (AF_UNIX) socket support to the socket channel and server-socket channel APIs in the java.nio.channels package. Extend the inherited channel mechanism to support Unix-domain socket channels and server socket channels.

Goals

Unix-domain sockets are used for inter-process communication (IPC) on the same host. They are similar to TCP/IP sockets in most respects, except that they are addressed by filesystem path names rather than IP addresses and port numbers. The goal of this JEP is to support all of the features of Unix-domain sockets that are common across the major Unix platforms and Windows. Unix-domain socket channels will behave the same as existing TCP/IP channels in terms of read/write behavior, connection setup, acceptance of incoming connections by servers, multiplexing with other non-blocking selectable channels in a selector, and support of relevant socket options.

Non-Goals

It is not a goal to support features that are not common across the major Unix platforms and Windows. This includes Linux-specific features such as the abstract filesystem-independent namespace. It also includes features that are generally supported on Unix but unsupported on Windows, such as socket pairs. Support for these features can be revisited in the future if needed and, in the case of the missing Windows features, if the Windows platform evolves to support them. An exception to this non-goal may be support for peer-credentials, which could be implemented as a JDK specific socket option on whichever platforms support it. Other socket options may be investigated as follow up work, possibly also as JDK specific options, after this JEP is completed.

Motivation

For local, inter-process communication, Unix-domain sockets are both more secure and more efficient than TCP/IP loopback connections.

Unix-domain sockets are strictly for communication between processes on the same system. Applications that are not intended to accept remote connections can improve security by using Unix-domain sockets.

Unix-domain sockets are further protected by operating-system enforced, filesystem-based access controls.

Unix-domain sockets have faster setup times and higher data throughput than TCP/IP loopback connections.

Unix-domain sockets may be a better solution than TCP/IP sockets for container environments, where communication between containers on the same system is required. This can be achieved using sockets located in shared volumes.

Unix-domain sockets have long been a feature of most Unix platforms, and are now supported in Windows 10 and Windows Server 2019.

Description

To support Unix-domain socket channels we will add the following API elements:

A new socket address type, java.nio.channels.UnixDomainSocketAddress ;

A UNIX constant value in the existing java.net.StandardProtocolFamily enum;

Static open factory methods which take a ProtocolFamily in the SocketChannel and ServerSocketChannel classes, which are useful beyond Unix-domain socket channels; and

New normative text in the SocketChannel and ServerSocketChannel classes that will distinguish Unix-domain socket channels from the existing TCP/IP types.

A prototype of these changes is available in the unixdomainchannels branch of the JDK sandbox repository.

Alternatives

An application could access AF_UNIX address structures and socket system calls directly, either via the Java Native Interface (JNI) or Project Panama. Socket objects of this type would, however, not be compatible with the existing SocketChannel API and therefore could not be multiplexed with other selectable channels.

Testing

Automatic unit tests will exercise the API and implementation. These tests will run on all supported Unix platforms and on multiple versions of Windows, including some that support Unix-domain sockets and some that do not.

Risks and Assumptions