metrics: add support for metrics over UNIX socket

[mmuzila]

Previously metrics were available over tcp/http only, this change introduces metrics over UNIX socket.

The format of -M parameter was ADDRESS:PORT, this commit changes its format to [tcp:]ADDRESS:PORT | unix:PATH.

Summary by CodeRabbit

• New Features

  • UNIX domain socket support for metrics via unix:PATH
  • TCP metrics addresses now accept an optional tcp: prefix and continue to serve over HTTP

• Bug Fixes

  • Port validation tightened to 1–65535 with clearer invalid-port messages
  • Metrics now reliably start when a metrics address is provided (including unix:PATH)

• Documentation

  • Updated --metrics help text to show unix:PATH or [tcp:]ADDR:PORT and UNIX socket guidance

[coderabbitai]

📝 Walkthrough

Walkthrough

Metrics address parsing now accepts unix:PATH and optional tcp: prefixes for ADDR:PORT; unix:PATH sets gr_config.metrics_addr with port 0, tcp: is stripped before parsing, and ports must be 1–65535. Help text and new constants (STR_METRICS_TCP, STR_METRICS_UNIX) were added. The metrics thread was refactored to create an event_base and delegate binding/dispatch to metrics_bind_http (TCP/HTTP, using tcp_metrics_handler) or metrics_bind_unix (UNIX domain socket) with separate listener lifecycles and unified cleanup; startup requires a non-NULL metrics_addr.

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@main/metrics.c`:
- Around line 314-319: The end cleanup double-closes fd when evconnlistener_new
was called with LEV_OPT_CLOSE_ON_FREE because the listener owns and will close
fd; modify the end block so you only close fd when the listener was not created
(i.e., if listener == NULL and fd >= 0), keeping evconnlistener_free(listener)
as-is when listener != NULL; reference the symbols listener, fd,
evconnlistener_new, evconnlistener_free and the LEV_OPT_CLOSE_ON_FREE option to
locate the creation/cleanup logic and put the close(fd) inside the else branch
(or guard it with if (listener == NULL)) so ownership isn’t released twice.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Double-close of file descriptor when listener is successfully created.

When evconnlistener_new succeeds with LEV_OPT_CLOSE_ON_FREE, the listener takes ownership of fd and will close it in evconnlistener_free(listener). The subsequent close(fd) on line 318 then double-closes the descriptor, which can corrupt other threads' file descriptors if the number gets reused.

🐛 Proposed fix

 end:
-	if (listener != NULL)
+	if (listener != NULL) {
 		evconnlistener_free(listener);
-	if (fd >= 0)
-		close(fd);
+	} else if (fd >= 0) {
+		close(fd);
+	}
 	return errno;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	end:
	if (listener != NULL)
	evconnlistener_free(listener);
	if (fd >= 0)
	close(fd);
	return errno;
	end:
	if (listener != NULL) {
	evconnlistener_free(listener);
	} else if (fd >= 0) {
	close(fd);
	}
	return errno;

🤖 Prompt for AI Agents

In `@main/metrics.c` around lines 314 - 319, The end cleanup double-closes fd when
evconnlistener_new was called with LEV_OPT_CLOSE_ON_FREE because the listener
owns and will close fd; modify the end block so you only close fd when the
listener was not created (i.e., if listener == NULL and fd >= 0), keeping
evconnlistener_free(listener) as-is when listener != NULL; reference the symbols
listener, fd, evconnlistener_new, evconnlistener_free and the
LEV_OPT_CLOSE_ON_FREE option to locate the creation/cleanup logic and put the
close(fd) inside the else branch (or guard it with if (listener == NULL)) so
ownership isn’t released twice.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@main/metrics.c`:
- Around line 273-276: The code currently uses strncpy to copy
gr_config.metrics_addr into saddr.sun_path which can silently truncate long
paths; before copying, check the length of gr_config.metrics_addr against
sizeof(saddr.sun_path) (referencing saddr, saddr.sun_path, and
gr_config.metrics_addr) and if it is too long return an error/log and abort
binding; if it fits, copy safely and ensure null-termination (or use snprintf
with the buffer size) so the process never binds to a truncated/unintended
socket path.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Silent truncation of UNIX socket path can cause binding to unintended socket.

If gr_config.metrics_addr exceeds 107 characters (Linux sun_path limit is typically 108), strncpy silently truncates the path. The application would then bind to a different socket path than the user specified, which could cause operational failures or security issues.

🐛 Proposed fix: validate path length before use

+	if (strlen(gr_config.metrics_addr) >= sizeof(saddr.sun_path)) {
+		LOG(ERR, "metrics socket path too long: %s", gr_config.metrics_addr);
+		errno = ENAMETOOLONG;
+		goto end;
+	}
+
 	memset(&saddr, 0, sizeof(saddr));
 	saddr.sun_family = AF_UNIX;
 	strncpy(saddr.sun_path, gr_config.metrics_addr, sizeof(saddr.sun_path) - 1);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	memset(&saddr, 0, sizeof(saddr));
	saddr.sun_family = AF_UNIX;
	strncpy(saddr.sun_path, gr_config.metrics_addr, sizeof(saddr.sun_path) - 1);
	if (strlen(gr_config.metrics_addr) >= sizeof(saddr.sun_path)) {
	LOG(ERR, "metrics socket path too long: %s", gr_config.metrics_addr);
	errno = ENAMETOOLONG;
	goto end;
	}
	memset(&saddr, 0, sizeof(saddr));
	saddr.sun_family = AF_UNIX;
	strncpy(saddr.sun_path, gr_config.metrics_addr, sizeof(saddr.sun_path) - 1);

🤖 Prompt for AI Agents

In `@main/metrics.c` around lines 273 - 276, The code currently uses strncpy to
copy gr_config.metrics_addr into saddr.sun_path which can silently truncate long
paths; before copying, check the length of gr_config.metrics_addr against
sizeof(saddr.sun_path) (referencing saddr, saddr.sun_path, and
gr_config.metrics_addr) and if it is too long return an error/log and abort
binding; if it fits, copy safely and ensure null-termination (or use snprintf
with the buffer size) so the process never binds to a truncated/unintended
socket path.

[rjarry]

Could you rework to allow listening to HTTP on the unix socket as well? Not just plain TCP.