Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Verify value of dummy member at object destruction. | Henning Baldersheim | 2023-03-20 | 1 | -11/+16 |
| | |||||
* | use ref_counted in fnet | Håvard Pettersen | 2023-03-06 | 7 | -32/+32 |
| | | | | | | also get rid of some cleanup functions on reference counted classes enable specifying low-level parameters to addref/subref (cnt/reserve) | ||||
* | untangle fnet from fastos | Håvard Pettersen | 2023-02-22 | 2 | -10/+4 |
| | |||||
* | Add metrics tracking failed RPC and status page capability checks | Tor Brede Vekterli | 2023-02-17 | 1 | -0/+10 |
| | |||||
* | GC #ifdef __clang__not needed | Henning Baldersheim | 2023-02-14 | 1 | -11/+7 |
| | |||||
* | Deinline destructors in metrics, fnet, jrt_test logd | Henning Baldersheim | 2023-02-01 | 1 | -62/+64 |
| | |||||
* | remove xor crypto engine from C++ | Håvard Pettersen | 2023-01-04 | 4 | -19/+1 |
| | |||||
* | Remove stacksize from the thread pools and thread executors. | Henning Baldersheim | 2022-12-20 | 2 | -2/+2 |
| | |||||
* | Explicitly test that requiring an empty capability set is a no-op | Tor Brede Vekterli | 2022-08-25 | 1 | -0/+10 |
| | | | | | | | This should always work (tm), so adding a test that shows that it does. Mostly useful for RPCs that are always configured to use a request filter but where the actual capability set is optionally set and defaults to empty. | ||||
* | Add factory functions for creating capability requirement filters | Tor Brede Vekterli | 2022-08-23 | 1 | -2/+2 |
| | | | | Refactor existing request access filter creation to use these. | ||||
* | Support capability enforcement environment variable in C++ | Tor Brede Vekterli | 2022-08-22 | 3 | -3/+46 |
| | | | | | | | | | | Mirrors Java enforce/log-only/disable semantics, defaulting to enforce. Also fixes an issue where connection auth context and capabilities would not be set if a server socket was running in mixed-mode. This is not a problem in practice since mixed-mode is inherently completely insecure since it must accept plain-text clients, which implicitly have all capabilities granted. | ||||
* | Support mTLS connection-level capabilities and RPC access filtering in C++ | Tor Brede Vekterli | 2022-06-29 | 1 | -3/+52 |
| | | | | | | | | | | | | | | | | | | | | | | | | Adds the following: * Named capabilities and capability sets that represent (respectively) a single Vespa access API (such as Document API, search API etc) or a concrete subset of individual capabilities that make up a particular Vespa service (such as a content node). * A new `capabilities` array field to the mTLS authorization policies that allows for constraining what requests sent over a particular connection are allowed to actually do. Capabilities are referenced by name and may include any combination of capability sets and individual capabilities. If multiple capabilities/sets are configured, the resulting set of capabilities is the union set of all of them. * An FRT RPC-level access filter that can be set up as part of RPC method definitions. If set, filters are invoked prior to RPC methods. * A new `PERMISSION_DENIED` error code to FRT RPC that is invoked if an access filter denies a request. This also GCs the unused `AssumedRoles` concept which is now deprecated in favor of capabilities. Note: this is **not yet** a public or stable API, and capability names/semantics may change at any time. | ||||
* | fix undefined behavior in unit tests | Håvard Pettersen | 2022-06-09 | 2 | -174/+40 |
| | |||||
* | avoid calling function on nullptr | Håvard Pettersen | 2022-05-23 | 1 | -7/+7 |
| | |||||
* | Add missing include statements. Check for atomic wait support. | Tor Egge | 2022-04-05 | 1 | -0/+1 |
| | |||||
* | enable detaching a supervisor from a running transport | Håvard Pettersen | 2022-03-30 | 2 | -0/+196 |
| | | | | | | | This is done by closing all connectors and connections related to the supervisor (via the server adapter interface). Also; the packet streamer was made a singleton to avoid additional (unneeded) references to the supervisor object. | ||||
* | remove connection-based session handling | Håvard Pettersen | 2022-02-28 | 2 | -149/+0 |
| | | | | also remove method mismatch hook | ||||
* | Remove inlining warnings (fnet). | Tor Egge | 2022-02-26 | 2 | -1/+9 |
| | |||||
* | Revert "Revert "- Create the common transport and threadpool in the main loop."" | Henning Baldersheim | 2022-02-24 | 1 | -1/+1 |
| | |||||
* | Revert "- Create the common transport and threadpool in the main loop." | Henning Baldersheim | 2022-02-24 | 1 | -1/+1 |
| | |||||
* | - Create the common transport and threadpool in the main loop. | Henning Baldersheim | 2022-02-24 | 1 | -1/+1 |
| | | | | | - Also use the common transport for config subscriptions. - Put The TransportConfig in the fnet namespace. | ||||
* | Ensure cross-thread visibility in test | Tor Brede Vekterli | 2022-02-18 | 1 | -8/+9 |
| | |||||
* | Update 2019 Oath copyrights. | gjoranv | 2021-10-27 | 1 | -1/+1 |
| | |||||
* | Update 2018 copyright notices. | gjoranv | 2021-10-07 | 1 | -1/+1 |
| | |||||
* | Update 2017 copyright notices. | gjoranv | 2021-10-07 | 11 | -11/+11 |
| | |||||
* | drop empty buffers | Håvard Pettersen | 2021-06-01 | 1 | -9/+34 |
| | |||||
* | use size literals in fnet | Arne Juul | 2021-02-15 | 1 | -1/+2 |
| | |||||
* | Use vespalib::duration for timeouts | Henning Baldersheim | 2021-01-31 | 1 | -0/+1 |
| | |||||
* | - Add the cost to expensive tests. | Henning Baldersheim | 2021-01-13 | 1 | -12/+17 |
| | | | | - Use less resources on the fnet_parallel_rpc test bu just using as many threads as you have cores. | ||||
* | provide the config in the constructor only. | Henning Baldersheim | 2020-12-01 | 1 | -1/+1 |
| | |||||
* | Misc cleanup of includes and code health | Henning Baldersheim | 2020-12-01 | 7 | -18/+32 |
| | |||||
* | - Add debug logging. | Henning Baldersheim | 2020-02-23 | 1 | -0/+1 |
| | | | | | - std::make_unique - Reduce code visibility. | ||||
* | FastOS_THread::Sleep -> std::chrono::sleep_for | Henning Baldersheim | 2019-12-04 | 1 | -1/+1 |
| | | | | | Renamed Timer -> ScheduledExecutor. Do not include thread.h when not needed in header files. | ||||
* | Mark fill members unused for clang. | Tor Egge | 2019-08-02 | 1 | -6/+12 |
| | |||||
* | Simplify the supervisor responsibility | Henning Baldersheim | 2019-05-10 | 7 | -45/+41 |
| | |||||
* | async tls handshake work | Håvard Pettersen | 2019-02-21 | 2 | -12/+29 |
| | |||||
* | Remove files used by old unit test runner. | Tor Egge | 2019-02-19 | 5 | -8/+0 |
| | |||||
* | Reset global crypto shared pointer before returning fom main. | Tor Egge | 2019-02-15 | 2 | -0/+2 |
| | |||||
* | TLS time trace experiments | Håvard Pettersen | 2019-02-08 | 3 | -0/+144 |
| | | | | Note that this is without intrusive samples in the code | ||||
* | use generic latch | Håvard Pettersen | 2018-11-30 | 1 | -23/+7 |
| | |||||
* | mixed mode tls support in fnet | Håvard Pettersen | 2018-09-27 | 2 | -0/+14 |
| | |||||
* | improve rpc invocation test | Håvard Pettersen | 2018-09-21 | 1 | -695/+212 |
| | |||||
* | re-enable fnet tls tests | Håvard Pettersen | 2018-09-17 | 2 | -7/+7 |
| | |||||
* | disable fnet tests using tls | Håvard Pettersen | 2018-09-14 | 2 | -7/+7 |
| | |||||
* | run micro-benchmark with various crypto engines (null/xor/tls) | Håvard Pettersen | 2018-09-10 | 1 | -9/+28 |
| | |||||
* | no encryption when encryption is not specified | Håvard Pettersen | 2018-09-10 | 1 | -2/+2 |
| | |||||
* | tls crypto adapter | Håvard Pettersen | 2018-09-07 | 2 | -0/+8 |
| | |||||
* | remove non-instant invocation | Håvard Pettersen | 2018-09-05 | 6 | -34/+23 |
| | |||||
* | make test run faster | Håvard Pettersen | 2018-09-03 | 1 | -9/+3 |
| | |||||
* | also run invoke/session tests with xor crypto engine | Håvard Pettersen | 2018-09-03 | 4 | -5/+40 |
| | | | | bonus: wire crypto engine through supervisor |