aboutsummaryrefslogtreecommitdiffstats
path: root/fnet
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #23832 from ↵Tor Brede Vekterli2022-08-291-1/+1
|\ | | | | | | | | vespa-engine/vekterli/capability-filtering-of-content-status-pages Add capability filtering for content layer status pages and metrics [run-systemtest]
| * Unify to_string for PeerCredentials to match other typesTor Brede Vekterli2022-08-291-1/+1
| |
* | remove unused doxygen setup filesArne Juul2022-08-291-939/+0
| |
* | Avoid out of bounds access to the argv array.Geir Storli2022-08-261-2/+6
|/ | | | | The following would crash the program before: vespa-rpc-invoke -t 1 tcp/localhost:1234
* Explicitly test that requiring an empty capability set is a no-opTor Brede Vekterli2022-08-251-0/+10
| | | | | | | This should always work (tm), so adding a test that shows that it does. Mostly useful for RPCs that are always configured to use a request filter but where the actual capability set is optionally set and defaults to empty.
* Add factory functions for creating capability requirement filtersTor Brede Vekterli2022-08-233-2/+18
| | | | Refactor existing request access filter creation to use these.
* Simplify expressionTor Brede Vekterli2022-08-231-1/+1
|
* Support capability enforcement environment variable in C++Tor Brede Vekterli2022-08-224-6/+57
| | | | | | | | | | Mirrors Java enforce/log-only/disable semantics, defaulting to enforce. Also fixes an issue where connection auth context and capabilities would not be set if a server socket was running in mixed-mode. This is not a problem in practice since mixed-mode is inherently completely insecure since it must accept plain-text clients, which implicitly have all capabilities granted.
* Add buffered logging of capability filter authz failuresTor Brede Vekterli2022-07-111-1/+17
| | | | | | Buffering is done using peer spec as token to ensure we don't miss any distinct peer permission failures, but avoid swamping the log since this is triggered per RPC call.
* Make GetPeerSpec() publicTor Brede Vekterli2022-07-111-4/+4
| | | | Very useful for getting the remote address of the connection
* Refactor Capability(Set) and add more testingTor Brede Vekterli2022-06-303-5/+5
| | | | | | | Hide all nitty-gritty details of how capabilities map to internal bit set positions by making more of Capability private and only allowing CapabilitySet to see how the sausages are made. Move all bit set functionality to CapabilitySet, where it really belongs.
* Clarify why we're setting the return handler prior to filter invocationTor Brede Vekterli2022-06-291-1/+1
|
* Support mTLS connection-level capabilities and RPC access filtering in C++Tor Brede Vekterli2022-06-2913-50/+207
| | | | | | | | | | | | | | | | | | | | | | | | Adds the following: * Named capabilities and capability sets that represent (respectively) a single Vespa access API (such as Document API, search API etc) or a concrete subset of individual capabilities that make up a particular Vespa service (such as a content node). * A new `capabilities` array field to the mTLS authorization policies that allows for constraining what requests sent over a particular connection are allowed to actually do. Capabilities are referenced by name and may include any combination of capability sets and individual capabilities. If multiple capabilities/sets are configured, the resulting set of capabilities is the union set of all of them. * An FRT RPC-level access filter that can be set up as part of RPC method definitions. If set, filters are invoked prior to RPC methods. * A new `PERMISSION_DENIED` error code to FRT RPC that is invoked if an access filter denies a request. This also GCs the unused `AssumedRoles` concept which is now deprecated in favor of capabilities. Note: this is **not yet** a public or stable API, and capability names/semantics may change at any time.
* fix undefined behavior in unit testsHåvard Pettersen2022-06-092-174/+40
|
* avoid calling function on nullptrHåvard Pettersen2022-05-232-8/+8
|
* Merge pull request #22492 from vespa-engine/havardpe/remember-port-numberHenning Baldersheim2022-05-062-2/+4
|\ | | | | remember port number
| * remember port numberHåvard Pettersen2022-05-062-2/+4
| | | | | | | | to avoid race on shutdown
* | Avoid nullptr src/dest args to zero-sized memcpyTor Brede Vekterli2022-05-041-4/+7
|/
* remove FastOS_ApplicationHåvard Pettersen2022-04-0810-130/+102
| | | | | | | | fixup (per application): - maybe ignore SIGPIPE - wire argc/argv untangle Vespa Test Framework strip down deprecated TestApp
* Add missing include statements. Check for atomic wait support.Tor Egge2022-04-051-0/+1
|
* extra sync neededHåvard Pettersen2022-04-041-0/+1
|
* more robust supervisor detachmentHåvard Pettersen2022-04-047-40/+67
|
* Remove unused variable in fnet unit test.Tor Egge2022-04-011-1/+0
|
* enable detaching a supervisor from a running transportHåvard Pettersen2022-03-3017-16/+323
| | | | | | | This is done by closing all connectors and connections related to the supervisor (via the server adapter interface). Also; the packet streamer was made a singleton to avoid additional (unneeded) references to the supervisor object.
* Avoid strncmp with zero size and nullptr argumentTor Brede Vekterli2022-03-251-1/+1
|
* Ensure memcpy is never called with nullptr source argumentTor Brede Vekterli2022-03-252-1/+6
|
* Avoid undefined behavior for zero-sized memcpy with nullptr argumentTor Brede Vekterli2022-03-251-2/+8
| | | | | It's technically undefined behavior if either src or dest to `memcpy` is `nullptr`, even if the size to copy is zero.
* remove admin channel conceptHåvard Pettersen2022-03-2418-429/+13
|
* Reduce exposure of SymbolTable, Stash and other classes not necessary for ↵Henning Baldersheim2022-03-101-1/+0
| | | | users of Slime.
* gc old process codeHåvard Pettersen2022-03-051-129/+120
| | | | also added read_line function to new Process code
* Add a simple adjustTimeoutByDetectedHz to compute a suitable timeout/naptime ↵Henning Baldersheim2022-02-281-1/+1
| | | | | | based on base VESPA_TIMER_HZ to use for random waiting when doing a poll based appraoch.
* Remove _methodMismatchHook memberHenning Baldersheim2022-02-281-1/+0
|
* remove connection-based session handlingHåvard Pettersen2022-02-287-591/+4
| | | | also remove method mismatch hook
* Remove inlining warnings (fnet).Tor Egge2022-02-262-1/+9
|
* - Use the typesafe vespalib::count_ms() to correcly count ms.Henning Baldersheim2022-02-253-3/+4
| | | | - Choose tick based on VESPA_TIMER_HZ/10. VESPA_TIMER_HZ has a default of 1000hz.
* Revert "Revert "- Create the common transport and threadpool in the main loop.""Henning Baldersheim2022-02-246-14/+13
|
* Revert "- Create the common transport and threadpool in the main loop."Henning Baldersheim2022-02-246-13/+14
|
* - Create the common transport and threadpool in the main loop.Henning Baldersheim2022-02-246-14/+13
| | | | | - Also use the common transport for config subscriptions. - Put The TransportConfig in the fnet namespace.
* In order to properly detach supervisor from the transport, do an async close ↵Henning Baldersheim2022-02-232-9/+6
| | | | and proper sync of trasnport threads.
* Revert "Revert "Use a common FNET_Transport owned by Proton in both ↵Henning Baldersheim2022-02-211-1/+6
| | | | SceduledExecutor …""
* Revert "Use a common FNET_Transport owned by Proton in both SceduledExecutor ↵Henning Baldersheim2022-02-211-6/+1
| | | | …"
* Merge pull request #21285 from vespa-engine/vekterli/more-threading-fixesHenning Baldersheim2022-02-215-27/+32
|\ | | | | More miscellaneous threading fixes [run-systemtest]
| * Make `FNET_Connection::_state` atomic to allow safe polling from outside lockTor Brede Vekterli2022-02-182-13/+13
| |
| * Ensure cross-thread visibility in testTor Brede Vekterli2022-02-181-8/+9
| |
| * Make finished-polling outside of lock thread safeTor Brede Vekterli2022-02-182-6/+10
| |
* | Use a common FNET_Transport owned by Proton in both SceduledExecutor and ↵Henning Baldersheim2022-02-201-1/+6
|/ | | | | | | | | | TransactionLogServer. This reduces the number of Transport object by 1 per document type and netto 1 in Proton. Each of them contains 2 threads. In addition it uses a common Transport for the RpcFileAcquirer objects used during config fetching. This prevents creating 3 temporary Transport objects on every reconfig.
* Make FNET_TransportThread IO components counter atomicTor Brede Vekterli2022-02-182-6/+10
| | | | | | Only checked by tests, but no obvious existing mutex to synchronize around, so turn accesses into relaxed atomics (internal visibility otherwise guaranteed due to transport thread invocation semantics).
* Simplify furtherTor Brede Vekterli2022-02-171-2/+1
|
* Remove early-out check that's no longer neededTor Brede Vekterli2022-02-171-5/+0
|
* Check FNET_Scheduler slots inside lockTor Brede Vekterli2022-02-171-4/+3
|