diff options
author | Anders Svensson <[email protected]> | 2019-03-04 17:31:13 +0100 |
---|---|---|
committer | Anders Svensson <[email protected]> | 2019-03-06 17:33:02 +0100 |
commit | 734a7daf2e556d684850a3cb278684ba522a29de (patch) | |
tree | 5490451ae3a7d8d36d2b80cfabc82abc3976d1f8 /lib/jinterface | |
parent | d9d918b2e31daca8b3d904ffbd26a9e4207b166f (diff) | |
download | otp-734a7daf2e556d684850a3cb278684ba522a29de.tar.gz otp-734a7daf2e556d684850a3cb278684ba522a29de.tar.bz2 otp-734a7daf2e556d684850a3cb278684ba522a29de.zip |
Add options to diameter_dist:route_session/2 node selection
To be able to restrict how many AVPs will be examined (from the front of
a message) when looking for Session-Id, and to decide what to do with if
the AVP isn't found. Options are specified as a map of the following
form.
#{search => non_neg_integer(),
default => discard | mfa(),
dispatch => list() | mfa()}
The search member says how many AVPs to examine at most, from the front
of the message. If the optional value of a Session-Id is not the name of
a connected node then the default member determines what to do with the
request, handle it locally (the default), discard it, or invoke an MFA
on the Session-Id | false (if none was found) and diameter_packet record
to return a node() | false; if the latter then the request is discarded.
If a node is identified then the dispatch MFA is invoked on the node and
the request MFA (as three arguments), a list Opts being equivalent to
the MFA {erlang, spawn_opt, [Opts]}, and the default being the empty
list.
Integer- or list-valued options are equivalent to the corresponding map
with a single value.
Limiting the search is to avoid searching messages containing many AVPs
for a Session-Id that is known to occur near the header, since section
8.8 of RFC 6733 says this:
When present, the Session-Id SHOULD appear immediately
following the Diameter header (see Section 3).
There's no guarantee, but in practice it may well be known that peers
are respecting the RFC, and in that case limiting the search is a
defense against searching messages from a malicious peer unnecessarily.
The search is unlimited by default.
A default is only used when a search fails to locate a Session-Id, and
can be to discard the message, or have a node() or false be returned
from an MFA applied to the diameter_packet in question. The local node
is chosen by default.
Diffstat (limited to 'lib/jinterface')
0 files changed, 0 insertions, 0 deletions