Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add buffered logging of capability filter authz failures | Tor Brede Vekterli | 2022-07-11 | 1 | -1/+17 |
| | | | | | | Buffering is done using peer spec as token to ensure we don't miss any distinct peer permission failures, but avoid swamping the log since this is triggered per RPC call. | ||||
* | Make GetPeerSpec() public | Tor Brede Vekterli | 2022-07-11 | 1 | -4/+4 |
| | | | | Very useful for getting the remote address of the connection | ||||
* | Refactor Capability(Set) and add more testing | Tor Brede Vekterli | 2022-06-30 | 3 | -5/+5 |
| | | | | | | | Hide all nitty-gritty details of how capabilities map to internal bit set positions by making more of Capability private and only allowing CapabilitySet to see how the sausages are made. Move all bit set functionality to CapabilitySet, where it really belongs. | ||||
* | Clarify why we're setting the return handler prior to filter invocation | Tor Brede Vekterli | 2022-06-29 | 1 | -1/+1 |
| | |||||
* | Support mTLS connection-level capabilities and RPC access filtering in C++ | Tor Brede Vekterli | 2022-06-29 | 13 | -50/+207 |
| | | | | | | | | | | | | | | | | | | | | | | | | Adds the following: * Named capabilities and capability sets that represent (respectively) a single Vespa access API (such as Document API, search API etc) or a concrete subset of individual capabilities that make up a particular Vespa service (such as a content node). * A new `capabilities` array field to the mTLS authorization policies that allows for constraining what requests sent over a particular connection are allowed to actually do. Capabilities are referenced by name and may include any combination of capability sets and individual capabilities. If multiple capabilities/sets are configured, the resulting set of capabilities is the union set of all of them. * An FRT RPC-level access filter that can be set up as part of RPC method definitions. If set, filters are invoked prior to RPC methods. * A new `PERMISSION_DENIED` error code to FRT RPC that is invoked if an access filter denies a request. This also GCs the unused `AssumedRoles` concept which is now deprecated in favor of capabilities. Note: this is **not yet** a public or stable API, and capability names/semantics may change at any time. | ||||
* | fix undefined behavior in unit tests | Håvard Pettersen | 2022-06-09 | 2 | -174/+40 |
| | |||||
* | avoid calling function on nullptr | Håvard Pettersen | 2022-05-23 | 2 | -8/+8 |
| | |||||
* | Merge pull request #22492 from vespa-engine/havardpe/remember-port-number | Henning Baldersheim | 2022-05-06 | 2 | -2/+4 |
|\ | | | | | remember port number | ||||
| * | remember port number | Håvard Pettersen | 2022-05-06 | 2 | -2/+4 |
| | | | | | | | | to avoid race on shutdown | ||||
* | | Avoid nullptr src/dest args to zero-sized memcpy | Tor Brede Vekterli | 2022-05-04 | 1 | -4/+7 |
|/ | |||||
* | remove FastOS_Application | Håvard Pettersen | 2022-04-08 | 10 | -130/+102 |
| | | | | | | | | fixup (per application): - maybe ignore SIGPIPE - wire argc/argv untangle Vespa Test Framework strip down deprecated TestApp | ||||
* | Add missing include statements. Check for atomic wait support. | Tor Egge | 2022-04-05 | 1 | -0/+1 |
| | |||||
* | extra sync needed | Håvard Pettersen | 2022-04-04 | 1 | -0/+1 |
| | |||||
* | more robust supervisor detachment | Håvard Pettersen | 2022-04-04 | 7 | -40/+67 |
| | |||||
* | Remove unused variable in fnet unit test. | Tor Egge | 2022-04-01 | 1 | -1/+0 |
| | |||||
* | enable detaching a supervisor from a running transport | Håvard Pettersen | 2022-03-30 | 17 | -16/+323 |
| | | | | | | | This is done by closing all connectors and connections related to the supervisor (via the server adapter interface). Also; the packet streamer was made a singleton to avoid additional (unneeded) references to the supervisor object. | ||||
* | Avoid strncmp with zero size and nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -1/+1 |
| | |||||
* | Ensure memcpy is never called with nullptr source argument | Tor Brede Vekterli | 2022-03-25 | 2 | -1/+6 |
| | |||||
* | Avoid undefined behavior for zero-sized memcpy with nullptr argument | Tor Brede Vekterli | 2022-03-25 | 1 | -2/+8 |
| | | | | | It's technically undefined behavior if either src or dest to `memcpy` is `nullptr`, even if the size to copy is zero. | ||||
* | remove admin channel concept | Håvard Pettersen | 2022-03-24 | 18 | -429/+13 |
| | |||||
* | Reduce exposure of SymbolTable, Stash and other classes not necessary for ↵ | Henning Baldersheim | 2022-03-10 | 1 | -1/+0 |
| | | | | users of Slime. | ||||
* | gc old process code | Håvard Pettersen | 2022-03-05 | 1 | -129/+120 |
| | | | | also added read_line function to new Process code | ||||
* | Add a simple adjustTimeoutByDetectedHz to compute a suitable timeout/naptime ↵ | Henning Baldersheim | 2022-02-28 | 1 | -1/+1 |
| | | | | | | based on base VESPA_TIMER_HZ to use for random waiting when doing a poll based appraoch. | ||||
* | Remove _methodMismatchHook member | Henning Baldersheim | 2022-02-28 | 1 | -1/+0 |
| | |||||
* | remove connection-based session handling | Håvard Pettersen | 2022-02-28 | 7 | -591/+4 |
| | | | | also remove method mismatch hook | ||||
* | Remove inlining warnings (fnet). | Tor Egge | 2022-02-26 | 2 | -1/+9 |
| | |||||
* | - Use the typesafe vespalib::count_ms() to correcly count ms. | Henning Baldersheim | 2022-02-25 | 3 | -3/+4 |
| | | | | - Choose tick based on VESPA_TIMER_HZ/10. VESPA_TIMER_HZ has a default of 1000hz. | ||||
* | Revert "Revert "- Create the common transport and threadpool in the main loop."" | Henning Baldersheim | 2022-02-24 | 6 | -14/+13 |
| | |||||
* | Revert "- Create the common transport and threadpool in the main loop." | Henning Baldersheim | 2022-02-24 | 6 | -13/+14 |
| | |||||
* | - Create the common transport and threadpool in the main loop. | Henning Baldersheim | 2022-02-24 | 6 | -14/+13 |
| | | | | | - Also use the common transport for config subscriptions. - Put The TransportConfig in the fnet namespace. | ||||
* | In order to properly detach supervisor from the transport, do an async close ↵ | Henning Baldersheim | 2022-02-23 | 2 | -9/+6 |
| | | | | and proper sync of trasnport threads. | ||||
* | Revert "Revert "Use a common FNET_Transport owned by Proton in both ↵ | Henning Baldersheim | 2022-02-21 | 1 | -1/+6 |
| | | | | SceduledExecutor …"" | ||||
* | Revert "Use a common FNET_Transport owned by Proton in both SceduledExecutor ↵ | Henning Baldersheim | 2022-02-21 | 1 | -6/+1 |
| | | | | …" | ||||
* | Merge pull request #21285 from vespa-engine/vekterli/more-threading-fixes | Henning Baldersheim | 2022-02-21 | 5 | -27/+32 |
|\ | | | | | More miscellaneous threading fixes [run-systemtest] | ||||
| * | Make `FNET_Connection::_state` atomic to allow safe polling from outside lock | Tor Brede Vekterli | 2022-02-18 | 2 | -13/+13 |
| | | |||||
| * | Ensure cross-thread visibility in test | Tor Brede Vekterli | 2022-02-18 | 1 | -8/+9 |
| | | |||||
| * | Make finished-polling outside of lock thread safe | Tor Brede Vekterli | 2022-02-18 | 2 | -6/+10 |
| | | |||||
* | | Use a common FNET_Transport owned by Proton in both SceduledExecutor and ↵ | Henning Baldersheim | 2022-02-20 | 1 | -1/+6 |
|/ | | | | | | | | | | TransactionLogServer. This reduces the number of Transport object by 1 per document type and netto 1 in Proton. Each of them contains 2 threads. In addition it uses a common Transport for the RpcFileAcquirer objects used during config fetching. This prevents creating 3 temporary Transport objects on every reconfig. | ||||
* | Make FNET_TransportThread IO components counter atomic | Tor Brede Vekterli | 2022-02-18 | 2 | -6/+10 |
| | | | | | | Only checked by tests, but no obvious existing mutex to synchronize around, so turn accesses into relaxed atomics (internal visibility otherwise guaranteed due to transport thread invocation semantics). | ||||
* | Simplify further | Tor Brede Vekterli | 2022-02-17 | 1 | -2/+1 |
| | |||||
* | Remove early-out check that's no longer needed | Tor Brede Vekterli | 2022-02-17 | 1 | -5/+0 |
| | |||||
* | Check FNET_Scheduler slots inside lock | Tor Brede Vekterli | 2022-02-17 | 1 | -4/+3 |
| | |||||
* | Merge pull request #20990 from vespa-engine/havardpe/ignore-binary | Henning Baldersheim | 2022-01-31 | 1 | -0/+1 |
|\ | | | | | ignore binary | ||||
| * | ignore binary | Håvard Pettersen | 2022-01-31 | 1 | -0/+1 |
| | | |||||
* | | Revert "Avoid using vespamalloc for small utility programs as it has a too ↵ | Henning Baldersheim | 2022-01-31 | 3 | -3/+4 |
|/ | | | | hi… [run-systemtest]" | ||||
* | Avoid using vespamalloc for small utility programs as it has a too high ↵ | Henning Baldersheim | 2022-01-28 | 3 | -4/+3 |
| | | | | initial cost and memory footprint. | ||||
* | Avoid strdup. | Henning Baldersheim | 2021-11-24 | 6 | -58/+40 |
| | |||||
* | Update 2019 Oath copyrights. | gjoranv | 2021-10-27 | 1 | -1/+1 |
| | |||||
* | Update Verizon Media copyright notices. | gjoranv | 2021-10-07 | 4 | -4/+4 |
| | |||||
* | Update 2018 copyright notices. | gjoranv | 2021-10-07 | 1 | -1/+1 |
| |