Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update expected size of FNET_IOComponent | Henning Baldersheim | 2023-03-07 | 1 | -1/+1 |
| | |||||
* | use ref_counted in fnet | Håvard Pettersen | 2023-03-06 | 34 | -365/+159 |
| | | | | | | also get rid of some cleanup functions on reference counted classes enable specifying low-level parameters to addref/subref (cnt/reserve) | ||||
* | assert that there are no pending resolves when deleting | Håvard Pettersen | 2023-02-23 | 1 | -2/+3 |
| | |||||
* | untangle fnet from fastos | Håvard Pettersen | 2023-02-22 | 13 | -61/+40 |
| | |||||
* | Add metrics tracking failed RPC and status page capability checks | Tor Brede Vekterli | 2023-02-17 | 2 | -0/+12 |
| | |||||
* | stop using fastos thread more places | Håvard Pettersen | 2023-02-14 | 1 | -2/+3 |
| | | | | | | | | | | - also stop using std::jthread - remove Active and Joinable interfaces - remove stop, stopped and slumber - remove currentThread - make start function static - override start for Runnable w/init or custom function - explicit stop/slumber where needed | ||||
* | GC #ifdef __clang__not needed | Henning Baldersheim | 2023-02-14 | 1 | -11/+7 |
| | |||||
* | Deinline destructors in metrics, fnet, jrt_test logd | Henning Baldersheim | 2023-02-01 | 1 | -62/+64 |
| | |||||
* | Use snprintf instead of sprintf. | Tor Egge | 2023-01-31 | 2 | -3/+3 |
| | |||||
* | GC some compiler pragmas not needed. | Henning Baldersheim | 2023-01-30 | 1 | -4/+1 |
| | |||||
* | remove some whitespace at end of lines | Arne Juul | 2023-01-22 | 2 | -3/+3 |
| | |||||
* | Merge pull request #25392 from vespa-engine/havardpe/drop-safe-discard | Tor Egge | 2023-01-05 | 2 | -16/+1 |
|\ | | | | | remove recursive pseudo lock | ||||
| * | remove recursive pseudo lock | Håvard Pettersen | 2023-01-04 | 2 | -16/+1 |
| | | | | | | | | | | this allows dropping events in parallel during/after transport thread shutdown, which should be safe. | ||||
* | | remove xor crypto engine from C++ | Håvard Pettersen | 2023-01-04 | 4 | -19/+1 |
|/ | |||||
* | Merge pull request #25325 from vespa-engine/geirst/typedef-to-using-in-cpp-code | Henning Baldersheim | 2022-12-21 | 3 | -5/+5 |
|\ | | | | | Change from typedef to using in C++ code. | ||||
| * | Change from typedef to using in misc C++ code. | Geir Storli | 2022-12-21 | 3 | -5/+5 |
| | | |||||
* | | Ensure that transport thread is woken up explicit for every FNET_CMD_EXECUTE ↵ | Henning Baldersheim | 2022-12-21 | 2 | -5/+7 |
|/ | | | | command | ||||
* | Remove stacksize from the thread pools and thread executors. | Henning Baldersheim | 2022-12-20 | 9 | -11/+11 |
| | |||||
* | Slow down when getting too far ahead of server. | Tor Egge | 2022-11-03 | 1 | -0/+7 |
| | |||||
* | Merge pull request #23832 from ↵ | Tor Brede Vekterli | 2022-08-29 | 1 | -1/+1 |
|\ | | | | | | | | | vespa-engine/vekterli/capability-filtering-of-content-status-pages Add capability filtering for content layer status pages and metrics [run-systemtest] | ||||
| * | Unify to_string for PeerCredentials to match other types | Tor Brede Vekterli | 2022-08-29 | 1 | -1/+1 |
| | | |||||
* | | remove unused doxygen setup files | Arne Juul | 2022-08-29 | 1 | -939/+0 |
| | | |||||
* | | Avoid out of bounds access to the argv array. | Geir Storli | 2022-08-26 | 1 | -2/+6 |
|/ | | | | | The following would crash the program before: vespa-rpc-invoke -t 1 tcp/localhost:1234 | ||||
* | Explicitly test that requiring an empty capability set is a no-op | Tor Brede Vekterli | 2022-08-25 | 1 | -0/+10 |
| | | | | | | | This should always work (tm), so adding a test that shows that it does. Mostly useful for RPCs that are always configured to use a request filter but where the actual capability set is optionally set and defaults to empty. | ||||
* | Add factory functions for creating capability requirement filters | Tor Brede Vekterli | 2022-08-23 | 3 | -2/+18 |
| | | | | Refactor existing request access filter creation to use these. | ||||
* | Simplify expression | Tor Brede Vekterli | 2022-08-23 | 1 | -1/+1 |
| | |||||
* | Support capability enforcement environment variable in C++ | Tor Brede Vekterli | 2022-08-22 | 4 | -6/+57 |
| | | | | | | | | | | Mirrors Java enforce/log-only/disable semantics, defaulting to enforce. Also fixes an issue where connection auth context and capabilities would not be set if a server socket was running in mixed-mode. This is not a problem in practice since mixed-mode is inherently completely insecure since it must accept plain-text clients, which implicitly have all capabilities granted. | ||||
* | Add buffered logging of capability filter authz failures | Tor Brede Vekterli | 2022-07-11 | 1 | -1/+17 |
| | | | | | | Buffering is done using peer spec as token to ensure we don't miss any distinct peer permission failures, but avoid swamping the log since this is triggered per RPC call. | ||||
* | Make GetPeerSpec() public | Tor Brede Vekterli | 2022-07-11 | 1 | -4/+4 |
| | | | | Very useful for getting the remote address of the connection | ||||
* | Refactor Capability(Set) and add more testing | Tor Brede Vekterli | 2022-06-30 | 3 | -5/+5 |
| | | | | | | | Hide all nitty-gritty details of how capabilities map to internal bit set positions by making more of Capability private and only allowing CapabilitySet to see how the sausages are made. Move all bit set functionality to CapabilitySet, where it really belongs. | ||||
* | Clarify why we're setting the return handler prior to filter invocation | Tor Brede Vekterli | 2022-06-29 | 1 | -1/+1 |
| | |||||
* | Support mTLS connection-level capabilities and RPC access filtering in C++ | Tor Brede Vekterli | 2022-06-29 | 13 | -50/+207 |
| | | | | | | | | | | | | | | | | | | | | | | | | Adds the following: * Named capabilities and capability sets that represent (respectively) a single Vespa access API (such as Document API, search API etc) or a concrete subset of individual capabilities that make up a particular Vespa service (such as a content node). * A new `capabilities` array field to the mTLS authorization policies that allows for constraining what requests sent over a particular connection are allowed to actually do. Capabilities are referenced by name and may include any combination of capability sets and individual capabilities. If multiple capabilities/sets are configured, the resulting set of capabilities is the union set of all of them. * An FRT RPC-level access filter that can be set up as part of RPC method definitions. If set, filters are invoked prior to RPC methods. * A new `PERMISSION_DENIED` error code to FRT RPC that is invoked if an access filter denies a request. This also GCs the unused `AssumedRoles` concept which is now deprecated in favor of capabilities. Note: this is **not yet** a public or stable API, and capability names/semantics may change at any time. | ||||
* | fix undefined behavior in unit tests | Håvard Pettersen | 2022-06-09 | 2 | -174/+40 |
| | |||||
* | avoid calling function on nullptr | Håvard Pettersen | 2022-05-23 | 2 | -8/+8 |
| | |||||
* | Merge pull request #22492 from vespa-engine/havardpe/remember-port-number | Henning Baldersheim | 2022-05-06 | 2 | -2/+4 |
|\ | | | | | remember port number | ||||
| * | remember port number | Håvard Pettersen | 2022-05-06 | 2 | -2/+4 |
| | | | | | | | | to avoid race on shutdown | ||||
* | | Avoid nullptr src/dest args to zero-sized memcpy | Tor Brede Vekterli | 2022-05-04 | 1 | -4/+7 |
|/ | |||||
* | remove FastOS_Application | Håvard Pettersen | 2022-04-08 | 10 | -130/+102 |
| | | | | | | | | fixup (per application): - maybe ignore SIGPIPE - wire argc/argv untangle Vespa Test Framework strip down deprecated TestApp | ||||
* | Add missing include statements. Check for atomic wait support. | Tor Egge | 2022-04-05 | 1 | -0/+1 |
| | |||||
* | extra sync needed | Håvard Pettersen | 2022-04-04 | 1 | -0/+1 |
| | |||||
* | more robust supervisor detachment | Håvard Pettersen | 2022-04-04 | 7 | -40/+67 |
| | |||||
* | Remove unused variable in fnet unit test. | Tor Egge | 2022-04-01 | 1 | -1/+0 |
| | |||||
* | enable detaching a supervisor from a running transport | Håvard Pettersen | 2022-03-30 | 16 | -16/+322 |
| | | | | | | | This is done by closing all connectors and connections related to the supervisor (via the server adapter interface). Also; the packet streamer was made a singleton to avoid additional (unneeded) references to the supervisor object. | ||||
* | Avoid strncmp with zero size and nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -1/+1 |
| | |||||
* | Ensure memcpy is never called with nullptr source argument | Tor Brede Vekterli | 2022-03-25 | 2 | -1/+6 |
| | |||||
* | Avoid undefined behavior for zero-sized memcpy with nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -2/+8 |
| | | | | | It's technically undefined behavior if either src or dest to `memcpy` is `nullptr`, even if the size to copy is zero. | ||||
* | remove admin channel concept | Håvard Pettersen | 2022-03-24 | 17 | -428/+13 |
| | |||||
* | Reduce exposure of SymbolTable, Stash and other classes not necessary for ↵ | Henning Baldersheim | 2022-03-10 | 1 | -1/+0 |
| | | | | users of Slime. | ||||
* | gc old process code | Håvard Pettersen | 2022-03-05 | 1 | -129/+120 |
| | | | | also added read_line function to new Process code | ||||
* | Add a simple adjustTimeoutByDetectedHz to compute a suitable timeout/naptime ↵ | Henning Baldersheim | 2022-02-28 | 1 | -1/+1 |
| | | | | | | based on base VESPA_TIMER_HZ to use for random waiting when doing a poll based appraoch. |