PostgreSQL Wire Protocol Implementation

Overview

HeliosDB Lite implements the PostgreSQL wire protocol v3, enabling compatibility with PostgreSQL clients including psql, pgAdmin, and various ORMs.

Architecture

┌─────────────┐
│ psql/Client │
└──────┬──────┘
       │ TCP Connection
       │ Port 5432
┌──────▼──────────────────┐
│   PgServer (Tokio)      │
│  - TcpListener          │
│  - Session Management   │
└──────┬──────────────────┘
       │
┌──────▼──────────────────┐
│   Session Handler       │
│  - Authentication       │
│  - Message Decoder      │
│  - Message Encoder      │
└──────┬──────────────────┘
       │
┌──────▼──────────────────┐
│   SQL Engine            │
│  - Parser               │
│  - Planner              │
│  - Executor             │
└──────┬──────────────────┘
       │
┌──────▼──────────────────┐
│   Storage Engine        │
│  - RocksDB              │
│  - MVCC                 │
│  - WAL                  │
└─────────────────────────┘

Components

1. Protocol Module (network/protocol.rs)

Implements message encoding/decoding for the PostgreSQL wire protocol.

Key Features: - Message parsing (Frontend messages from client) - Message encoding (Backend messages to client) - Type OID mapping (PostgreSQL data types) - Field descriptions for result sets

Supported Messages:

Frontend (Client → Server): - Startup - Initial connection setup - Query - Simple query protocol - Parse - Prepare statement (extended protocol) - Bind - Bind parameters to statement - Execute - Execute prepared statement - Describe - Get statement/portal metadata - Close - Close statement/portal - Sync - End of extended query - Terminate - Close connection

Backend (Server → Client): - Authentication* - Authentication challenges - ReadyForQuery - Server ready for next command - RowDescription - Column metadata for results - DataRow - Result row data - CommandComplete - Command execution complete - ErrorResponse - Error occurred - ParameterStatus - Server parameters - BackendKeyData - Cancellation key

2. Authentication Module (network/auth.rs)

Implements authentication mechanisms.

Supported Methods: - Cleartext Password (for MVP/testing) - SCRAM-SHA-256 (production-ready)

SCRAM-SHA-256 Flow: 1. Client sends initial message with username and nonce 2. Server responds with salt, iteration count, and combined nonce 3. Client sends proof of password knowledge 4. Server verifies proof and sends signature 5. Authentication complete

3. Session Module (network/session.rs)

Manages individual client connections.

Responsibilities: - Connection lifecycle management - Authentication state machine - Message routing - Query execution coordination - Transaction state tracking - Prepared statement cache - Portal (bound statement) cache

Session State: - Unauthenticated - Authenticating (SCRAM in progress) - Authenticated - Transaction (Idle/InTransaction/Failed)

4. Server Module (network/server.rs)

TCP server implementation using Tokio.

Features: - Asynchronous I/O - Concurrent session handling - Graceful shutdown support - Session ID management

Protocol Details

Connection Flow

1. Client Connects

   Client → Server: TCP Connection
   

2. Startup Message

   Client → Server: StartupMessage {
       protocol_version: 196608 (3.0)
       user: "postgres"
       database: "heliosdb"
   }
   

3. Authentication

   Server → Client: Authentication(CleartextPassword)
   Client → Server: PasswordMessage("password")
   Server → Client: Authentication(Ok)
   

4. Parameter Exchange

   Server → Client: ParameterStatus("server_version", "17.0 (HeliosDB Lite)")
   Server → Client: ParameterStatus("client_encoding", "UTF8")
   Server → Client: BackendKeyData { process_id, secret_key }
   Server → Client: ReadyForQuery(Idle)
   

5. Query Execution

   Client → Server: Query("SELECT * FROM users")
   Server → Client: RowDescription([field1, field2, ...])
   Server → Client: DataRow([value1, value2, ...])
   Server → Client: DataRow([value1, value2, ...])
   Server → Client: CommandComplete("SELECT 2")
   Server → Client: ReadyForQuery(Idle)
   

Simple Query Protocol

Used by default for interactive queries.

Flow: 1. Client sends Query message 2. Server parses and executes 3. Server sends results: - RowDescription (for SELECT) - DataRow (one per result row) - CommandComplete 4. Server sends ReadyForQuery

Example:

-- Client sends
Query("SELECT id, name FROM users WHERE id = 1")

-- Server responds
RowDescription([
    Field { name: "id", type_oid: INT4, ... },
    Field { name: "name", type_oid: TEXT, ... }
])
DataRow([b"1", b"Alice"])
CommandComplete("SELECT 1")
ReadyForQuery(Idle)

Extended Query Protocol

Used for prepared statements and parameter binding.

Flow: 1. Parse - Prepare statement 2. Bind - Bind parameters 3. Describe - Get metadata (optional) 4. Execute - Run query 5. Sync - Commit

Example:

-- Prepare
Parse("stmt1", "SELECT * FROM users WHERE id = $1", [INT4])
ParseComplete

-- Bind
Bind("portal1", "stmt1", params=[b"42"])
BindComplete

-- Execute
Execute("portal1", max_rows=0)
RowDescription([...])
DataRow([...])
CommandComplete("SELECT 1")

-- Sync
Sync
ReadyForQuery(Idle)

Data Type Mapping

PostgreSQL OID	Type Name	HeliosDB DataType
16	BOOL	Boolean
20	INT8	BigInt
21	INT2	SmallInt
23	INT4	Integer
25	TEXT	Text
700	FLOAT4	Real
701	FLOAT8	Double
1043	VARCHAR	Varchar
1114	TIMESTAMP	Timestamp
1184	TIMESTAMPTZ	TimestampTz
2950	UUID	Uuid
3802	JSONB	Jsonb

Usage

Starting the Server

use heliosdb_lite::{EmbeddedDatabase, network::PgServer};
use std::sync::Arc;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create database
    let db = Arc::new(EmbeddedDatabase::new_in_memory()?);

    // Create server
    let server = PgServer::new("127.0.0.1:5432", db);

    // Run server
    server.run().await?;

    Ok(())
}

Connecting with psql

# Connect to server
psql -h localhost -p 5432 -U postgres

# Enter password: postgres

# Run queries
SELECT * FROM users;
INSERT INTO users VALUES (1, 'Alice');
UPDATE users SET name = 'Bob' WHERE id = 1;

Connecting with ORMs

SQLAlchemy (Python):

from sqlalchemy import create_engine

engine = create_engine('postgresql://postgres:postgres@localhost:5432/heliosdb')

Diesel (Rust):

let database_url = "postgres://postgres:postgres@localhost:5432/heliosdb";
let connection = PgConnection::establish(&database_url)?;

Configuration

Server configuration options:

// Bind address
let server = PgServer::new("0.0.0.0:5432", db); // Listen on all interfaces

// IPv6
let server = PgServer::new("[::1]:5432", db); // IPv6 localhost

// Custom port
let server = PgServer::new("127.0.0.1:54321", db);

Security

Authentication

• Cleartext Password: Simple but insecure (only for testing)
• SCRAM-SHA-256: Secure challenge-response (recommended)
• SSL/TLS: Not yet implemented (planned)

Best Practices

1. Always use SCRAM-SHA-256 in production
2. Implement SSL/TLS for network encryption
3. Use strong passwords
4. Limit network exposure (bind to localhost or firewall)
5. Enable audit logging

Performance

Benchmarks

Connection handling: - 1,000+ concurrent connections supported - Sub-millisecond query latency for simple queries - Async I/O prevents blocking

Query execution: - Uses existing SQL engine - Performance matches embedded mode - No overhead from protocol translation

Tuning

// Increase buffer sizes for high throughput
// (Implementation detail - internal buffers auto-size)

// Use connection pooling on client side
// (Recommended: pgbouncer, pg_pool)

Limitations

Current implementation limitations:

1. Authentication: Only cleartext and SCRAM-SHA-256

2. No Kerberos, GSSAPI, or SSPI

3. SSL/TLS: Not yet implemented

4. Clients requesting SSL will be rejected

5. COPY Protocol: Not implemented

6. COPY FROM/TO not supported

7. LISTEN/NOTIFY: Not implemented

8. Pub/sub not available

9. Parameter Binding: Basic implementation

10. Text format only (no binary)

11. Limited type conversion

12. Cancellation: Not implemented

13. Query cancellation (Ctrl+C) not handled

Testing

Unit Tests

cd heliosdb-lite
cargo test network::

Integration Tests

# Start server
cargo run --example pg_server

# In another terminal, connect with psql
psql -h localhost -p 5432 -U postgres

# Run test queries
\dt              # List tables
SELECT 1;        # Simple query
SELECT version(); # Not implemented, will error

Automated Testing

# Using pgbench
pgbench -i -h localhost -p 5432 -U postgres
pgbench -h localhost -p 5432 -U postgres -c 10 -t 100

# Using custom test script
./tests/protocol_test.sh

Troubleshooting

Connection Refused

psql: error: connection to server at "localhost", port 5432 failed:
Connection refused

Solutions: - Verify server is running - Check bind address (use 0.0.0.0 for all interfaces) - Check firewall rules

Authentication Failed

psql: error: FATAL:  password authentication failed for user "postgres"

Solutions: - Verify username/password - Check authentication configuration - Review server logs

Protocol Errors

ERROR:  Protocol error: Invalid message type

Solutions: - Ensure client is using PostgreSQL protocol - Check for version mismatch - Review server debug logs

Query Errors

ERROR:  Query execution error: Table not found

Solutions: - Verify table exists: \dt - Check SQL syntax - Review query execution logs

Compatibility

PostgreSQL Compatibility

HeliosDB Lite implements PostgreSQL wire protocol v3: - Compatible with PostgreSQL 8.0+ - Tested with psql 14, 15, 16, 17 - Works with most ORMs and drivers

Client Compatibility

Tested clients: - psql (PostgreSQL command-line) - pgAdmin 4 - DBeaver - DataGrip - psycopg2 (Python) - pg (Node.js) - sqlx (Rust) - Diesel (Rust)

Future Enhancements

Planned features:

1. SSL/TLS Support
2. Encrypted connections

3. Certificate authentication

4. Binary Protocol

5. Binary data encoding

6. Faster data transfer

7. COPY Protocol

8. Bulk data import/export

9. CSV/TSV support

10. Query Cancellation

11. Async cancellation support

12. BackendKeyData usage

13. LISTEN/NOTIFY

14. Pub/sub messaging

15. Event notifications

16. Extended Authentication

17. Kerberos
18. LDAP integration

19. OAuth2/OIDC

20. Connection Pooling

21. Built-in connection pool
22. Resource management

References

• PostgreSQL Wire Protocol Documentation
• SCRAM-SHA-256 RFC 7677
• PostgreSQL Message Formats
• PostgreSQL Error Codes

Contributing

When contributing to the network protocol implementation:

1. Follow PostgreSQL wire protocol specification exactly
2. Test with real PostgreSQL clients
3. Add comprehensive error handling
4. Update documentation
5. Add tests for new features

License

Apache 2.0 - Same as HeliosDB Lite