Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #25325 from vespa-engine/geirst/typedef-to-using-in-cpp-code | Henning Baldersheim | 2022-12-21 | 3 | -5/+5 |
|\ | | | | | Change from typedef to using in C++ code. | ||||
| * | Change from typedef to using in misc C++ code. | Geir Storli | 2022-12-21 | 3 | -5/+5 |
| | | |||||
* | | Ensure that transport thread is woken up explicit for every FNET_CMD_EXECUTE ↵ | Henning Baldersheim | 2022-12-21 | 2 | -5/+7 |
|/ | | | | command | ||||
* | Remove stacksize from the thread pools and thread executors. | Henning Baldersheim | 2022-12-20 | 9 | -11/+11 |
| | |||||
* | Slow down when getting too far ahead of server. | Tor Egge | 2022-11-03 | 1 | -0/+7 |
| | |||||
* | Merge pull request #23832 from ↵ | Tor Brede Vekterli | 2022-08-29 | 1 | -1/+1 |
|\ | | | | | | | | | vespa-engine/vekterli/capability-filtering-of-content-status-pages Add capability filtering for content layer status pages and metrics [run-systemtest] | ||||
| * | Unify to_string for PeerCredentials to match other types | Tor Brede Vekterli | 2022-08-29 | 1 | -1/+1 |
| | | |||||
* | | remove unused doxygen setup files | Arne Juul | 2022-08-29 | 1 | -939/+0 |
| | | |||||
* | | Avoid out of bounds access to the argv array. | Geir Storli | 2022-08-26 | 1 | -2/+6 |
|/ | | | | | The following would crash the program before: vespa-rpc-invoke -t 1 tcp/localhost:1234 | ||||
* | Explicitly test that requiring an empty capability set is a no-op | Tor Brede Vekterli | 2022-08-25 | 1 | -0/+10 |
| | | | | | | | This should always work (tm), so adding a test that shows that it does. Mostly useful for RPCs that are always configured to use a request filter but where the actual capability set is optionally set and defaults to empty. | ||||
* | Add factory functions for creating capability requirement filters | Tor Brede Vekterli | 2022-08-23 | 3 | -2/+18 |
| | | | | Refactor existing request access filter creation to use these. | ||||
* | Simplify expression | Tor Brede Vekterli | 2022-08-23 | 1 | -1/+1 |
| | |||||
* | Support capability enforcement environment variable in C++ | Tor Brede Vekterli | 2022-08-22 | 4 | -6/+57 |
| | | | | | | | | | | Mirrors Java enforce/log-only/disable semantics, defaulting to enforce. Also fixes an issue where connection auth context and capabilities would not be set if a server socket was running in mixed-mode. This is not a problem in practice since mixed-mode is inherently completely insecure since it must accept plain-text clients, which implicitly have all capabilities granted. | ||||
* | Add buffered logging of capability filter authz failures | Tor Brede Vekterli | 2022-07-11 | 1 | -1/+17 |
| | | | | | | Buffering is done using peer spec as token to ensure we don't miss any distinct peer permission failures, but avoid swamping the log since this is triggered per RPC call. | ||||
* | Make GetPeerSpec() public | Tor Brede Vekterli | 2022-07-11 | 1 | -4/+4 |
| | | | | Very useful for getting the remote address of the connection | ||||
* | Refactor Capability(Set) and add more testing | Tor Brede Vekterli | 2022-06-30 | 3 | -5/+5 |
| | | | | | | | Hide all nitty-gritty details of how capabilities map to internal bit set positions by making more of Capability private and only allowing CapabilitySet to see how the sausages are made. Move all bit set functionality to CapabilitySet, where it really belongs. | ||||
* | Clarify why we're setting the return handler prior to filter invocation | Tor Brede Vekterli | 2022-06-29 | 1 | -1/+1 |
| | |||||
* | Support mTLS connection-level capabilities and RPC access filtering in C++ | Tor Brede Vekterli | 2022-06-29 | 13 | -50/+207 |
| | | | | | | | | | | | | | | | | | | | | | | | | Adds the following: * Named capabilities and capability sets that represent (respectively) a single Vespa access API (such as Document API, search API etc) or a concrete subset of individual capabilities that make up a particular Vespa service (such as a content node). * A new `capabilities` array field to the mTLS authorization policies that allows for constraining what requests sent over a particular connection are allowed to actually do. Capabilities are referenced by name and may include any combination of capability sets and individual capabilities. If multiple capabilities/sets are configured, the resulting set of capabilities is the union set of all of them. * An FRT RPC-level access filter that can be set up as part of RPC method definitions. If set, filters are invoked prior to RPC methods. * A new `PERMISSION_DENIED` error code to FRT RPC that is invoked if an access filter denies a request. This also GCs the unused `AssumedRoles` concept which is now deprecated in favor of capabilities. Note: this is **not yet** a public or stable API, and capability names/semantics may change at any time. | ||||
* | fix undefined behavior in unit tests | Håvard Pettersen | 2022-06-09 | 2 | -174/+40 |
| | |||||
* | avoid calling function on nullptr | Håvard Pettersen | 2022-05-23 | 2 | -8/+8 |
| | |||||
* | Merge pull request #22492 from vespa-engine/havardpe/remember-port-number | Henning Baldersheim | 2022-05-06 | 2 | -2/+4 |
|\ | | | | | remember port number | ||||
| * | remember port number | Håvard Pettersen | 2022-05-06 | 2 | -2/+4 |
| | | | | | | | | to avoid race on shutdown | ||||
* | | Avoid nullptr src/dest args to zero-sized memcpy | Tor Brede Vekterli | 2022-05-04 | 1 | -4/+7 |
|/ | |||||
* | remove FastOS_Application | Håvard Pettersen | 2022-04-08 | 10 | -130/+102 |
| | | | | | | | | fixup (per application): - maybe ignore SIGPIPE - wire argc/argv untangle Vespa Test Framework strip down deprecated TestApp | ||||
* | Add missing include statements. Check for atomic wait support. | Tor Egge | 2022-04-05 | 1 | -0/+1 |
| | |||||
* | extra sync needed | Håvard Pettersen | 2022-04-04 | 1 | -0/+1 |
| | |||||
* | more robust supervisor detachment | Håvard Pettersen | 2022-04-04 | 7 | -40/+67 |
| | |||||
* | Remove unused variable in fnet unit test. | Tor Egge | 2022-04-01 | 1 | -1/+0 |
| | |||||
* | enable detaching a supervisor from a running transport | Håvard Pettersen | 2022-03-30 | 17 | -16/+323 |
| | | | | | | | This is done by closing all connectors and connections related to the supervisor (via the server adapter interface). Also; the packet streamer was made a singleton to avoid additional (unneeded) references to the supervisor object. | ||||
* | Avoid strncmp with zero size and nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -1/+1 |
| | |||||
* | Ensure memcpy is never called with nullptr source argument | Tor Brede Vekterli | 2022-03-25 | 2 | -1/+6 |
| | |||||
* | Avoid undefined behavior for zero-sized memcpy with nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -2/+8 |
| | | | | | It's technically undefined behavior if either src or dest to `memcpy` is `nullptr`, even if the size to copy is zero. | ||||
* | remove admin channel concept | Håvard Pettersen | 2022-03-24 | 18 | -429/+13 |
| | |||||
* | Reduce exposure of SymbolTable, Stash and other classes not necessary for ↵ | Henning Baldersheim | 2022-03-10 | 1 | -1/+0 |
| | | | | users of Slime. | ||||
* | gc old process code | Håvard Pettersen | 2022-03-05 | 1 | -129/+120 |
| | | | | also added read_line function to new Process code | ||||
* | Add a simple adjustTimeoutByDetectedHz to compute a suitable timeout/naptime ↵ | Henning Baldersheim | 2022-02-28 | 1 | -1/+1 |
| | | | | | | based on base VESPA_TIMER_HZ to use for random waiting when doing a poll based appraoch. | ||||
* | Remove _methodMismatchHook member | Henning Baldersheim | 2022-02-28 | 1 | -1/+0 |
| | |||||
* | remove connection-based session handling | Håvard Pettersen | 2022-02-28 | 7 | -591/+4 |
| | | | | also remove method mismatch hook | ||||
* | Remove inlining warnings (fnet). | Tor Egge | 2022-02-26 | 2 | -1/+9 |
| | |||||
* | - Use the typesafe vespalib::count_ms() to correcly count ms. | Henning Baldersheim | 2022-02-25 | 3 | -3/+4 |
| | | | | - Choose tick based on VESPA_TIMER_HZ/10. VESPA_TIMER_HZ has a default of 1000hz. | ||||
* | Revert "Revert "- Create the common transport and threadpool in the main loop."" | Henning Baldersheim | 2022-02-24 | 6 | -14/+13 |
| | |||||
* | Revert "- Create the common transport and threadpool in the main loop." | Henning Baldersheim | 2022-02-24 | 6 | -13/+14 |
| | |||||
* | - Create the common transport and threadpool in the main loop. | Henning Baldersheim | 2022-02-24 | 6 | -14/+13 |
| | | | | | - Also use the common transport for config subscriptions. - Put The TransportConfig in the fnet namespace. | ||||
* | In order to properly detach supervisor from the transport, do an async close ↵ | Henning Baldersheim | 2022-02-23 | 2 | -9/+6 |
| | | | | and proper sync of trasnport threads. | ||||
* | Revert "Revert "Use a common FNET_Transport owned by Proton in both ↵ | Henning Baldersheim | 2022-02-21 | 1 | -1/+6 |
| | | | | SceduledExecutor …"" | ||||
* | Revert "Use a common FNET_Transport owned by Proton in both SceduledExecutor ↵ | Henning Baldersheim | 2022-02-21 | 1 | -6/+1 |
| | | | | …" | ||||
* | Merge pull request #21285 from vespa-engine/vekterli/more-threading-fixes | Henning Baldersheim | 2022-02-21 | 5 | -27/+32 |
|\ | | | | | More miscellaneous threading fixes [run-systemtest] | ||||
| * | Make `FNET_Connection::_state` atomic to allow safe polling from outside lock | Tor Brede Vekterli | 2022-02-18 | 2 | -13/+13 |
| | | |||||
| * | Ensure cross-thread visibility in test | Tor Brede Vekterli | 2022-02-18 | 1 | -8/+9 |
| | | |||||
| * | Make finished-polling outside of lock thread safe | Tor Brede Vekterli | 2022-02-18 | 2 | -6/+10 |
| | |