aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2019-03-04 17:31:13 +0100
committerAnders Svensson <[email protected]>2019-03-06 17:33:02 +0100
commit734a7daf2e556d684850a3cb278684ba522a29de (patch)
tree5490451ae3a7d8d36d2b80cfabc82abc3976d1f8 /lib/crypto
parentd9d918b2e31daca8b3d904ffbd26a9e4207b166f (diff)
downloadotp-734a7daf2e556d684850a3cb278684ba522a29de.tar.gz
otp-734a7daf2e556d684850a3cb278684ba522a29de.tar.bz2
otp-734a7daf2e556d684850a3cb278684ba522a29de.zip
Add options to diameter_dist:route_session/2 node selection
To be able to restrict how many AVPs will be examined (from the front of a message) when looking for Session-Id, and to decide what to do with if the AVP isn't found. Options are specified as a map of the following form. #{search => non_neg_integer(), default => discard | mfa(), dispatch => list() | mfa()} The search member says how many AVPs to examine at most, from the front of the message. If the optional value of a Session-Id is not the name of a connected node then the default member determines what to do with the request, handle it locally (the default), discard it, or invoke an MFA on the Session-Id | false (if none was found) and diameter_packet record to return a node() | false; if the latter then the request is discarded. If a node is identified then the dispatch MFA is invoked on the node and the request MFA (as three arguments), a list Opts being equivalent to the MFA {erlang, spawn_opt, [Opts]}, and the default being the empty list. Integer- or list-valued options are equivalent to the corresponding map with a single value. Limiting the search is to avoid searching messages containing many AVPs for a Session-Id that is known to occur near the header, since section 8.8 of RFC 6733 says this: When present, the Session-Id SHOULD appear immediately following the Diameter header (see Section 3). There's no guarantee, but in practice it may well be known that peers are respecting the RFC, and in that case limiting the search is a defense against searching messages from a malicious peer unnecessarily. The search is unlimited by default. A default is only used when a search fails to locate a Session-Id, and can be to discard the message, or have a node() or false be returned from an MFA applied to the diameter_packet in question. The local node is chosen by default.
Diffstat (limited to 'lib/crypto')
0 files changed, 0 insertions, 0 deletions