| Age | Commit message (Collapse) | Author |
|---|
|
Spread a server over three nodes, one of which terminates a peer
connection, the other two to handle requests. Terminate transport on one
of the server nodes and ensure that answers come only from the other
two.
|
|
If the Session-Id optional value to node() mapping fails then hash
Session-Id to a node by default, instead of selecting the local node as
in the parent commit. The previous behaviour is configurable by setting
default = local in an options map.
Nodes make themselves part of the pool from which nodes are selected by
calling diameter_dist:attach/1 with the list of service names they are
willing to handle requests for, the local node being selected in the
absence of any attached nodes. The original idea was to base the node
pool on share_peers and/or use_shared_peers configuration, but that
configuration determines where outgoing requests can be sent, while
route_session/2 deals with incoming requests, so it's not obvious that
conflating the two is a good thing. (Also because
share_peers/use_shared_peers can be used in different ways; the former
could have been skipped entirely.)
The hashing effectively places nodes on a circle, a hashed Session-Id
being mapped to the nearest predecessor node (clockwise). Nodes are
rehashed with each Session-Id (with the id as salt) for a more even
distribution, at the cost of performance, although how high the cost or
how even the distribution has yet to be tested. Obviously, the larger
the number of attached nodes, the higher the cost. Adding/removing an
attached node only affects session ids that hash in the interval between
the added/removed node and its successor (hence consistent hashing).
Options are tweaked slightly compared to the parent commit, and it is
now possible to restrict the optional value mapping to specific Diameter
identities, to avoid mapping an id that was generated at the peer when
the peer is also implemented with the diameter application.
Note that diameter_dist is not yet an officially documented interface,
so could change. Documentation is in the module itself.
|
|
To be able to restrict how many AVPs will be examined (from the front of
a message) when looking for Session-Id, and to decide what to do with if
the AVP isn't found. Options are specified as a map of the following
form.
#{search => non_neg_integer(),
default => discard | mfa(),
dispatch => list() | mfa()}
The search member says how many AVPs to examine at most, from the front
of the message. If the optional value of a Session-Id is not the name of
a connected node then the default member determines what to do with the
request, handle it locally (the default), discard it, or invoke an MFA
on the Session-Id | false (if none was found) and diameter_packet record
to return a node() | false; if the latter then the request is discarded.
If a node is identified then the dispatch MFA is invoked on the node and
the request MFA (as three arguments), a list Opts being equivalent to
the MFA {erlang, spawn_opt, [Opts]}, and the default being the empty
list.
Integer- or list-valued options are equivalent to the corresponding map
with a single value.
Limiting the search is to avoid searching messages containing many AVPs
for a Session-Id that is known to occur near the header, since section
8.8 of RFC 6733 says this:
When present, the Session-Id SHOULD appear immediately
following the Diameter header (see Section 3).
There's no guarantee, but in practice it may well be known that peers
are respecting the RFC, and in that case limiting the search is a
defense against searching messages from a malicious peer unnecessarily.
The search is unlimited by default.
A default is only used when a search fails to locate a Session-Id, and
can be to discard the message, or have a node() or false be returned
from an MFA applied to the diameter_packet in question. The local node
is chosen by default.
|
|
That is, of functions that can be configured as spawn_opt MFAs in
transport configuration.
This commits adds the spawn_local described in the parent commit, and a
route_session that assumes that the local node initiates all sessions
with Session-Id returned by diameter:session_id/1, and handles incoming
requests on the node on which the id in question was returned,
diameter:session_id/1 using node() as optional value in the Session-Id
format.
|
|
The possibility of configuring an MFA as spawn_opt was added in commit
fd285079, the callback being passed an arity-0 fun to be applied in an
appropriate handler process. Replace the fun by a tuple to be passed to
diameter_traffic:request/1, to avoid passing funs between nodes when
handler processes are remote.
A list-valued spawn_opt is now equivalent to the following configured as
{spawn_opt, {Mod, spawn_local, [Opts]}}.
spawn_local(ReqT, Opts) ->
spawn_opt(diameter_traffic, request, [ReqT], Opts).
ReqT is passed by diameter and contains information that the callback
may want to decide where to handle the request in question (which wasn't
accessible with a fun), but this information isn't exposed in a
documented way. The intention is instead to add an own callback
implementation to make use of the information.
Note that application lookup now takes place in the watchdog process in
both the list-valued (or no configuration) and mfa-valued cases. Whether
this is good, bad, or (probably) inconsequential remains to be seen.
|
|
This is the {diameter, ack} message from a transport process to its
parent that requests that every Diameter request passed to the parent be
matched by a incoming send message, the atom false replacing a message()
in the case that the request is unanswered, allowing the transport to
keep track of the number of outstanding requests.
These were added in commit ca09cf7b, and are used to implement the
message_cb config in diameter_tcp/sctp, documented in commit cefcaa5c.
This commit documents the interface, to make it available to other
transport implementations.
|
|
|
|
|
|
|
|
* ingela/ftp/tftp/app.src-fix:
ftp, tftp: Version should not be hardcoded in <app>.app.src
|
|
|
|
* hans/crypto/fix_bad_merge:
crypto: Fix accidental merge
|
|
Commit 8c47a7657d03777a03a6838c7ec937b6347d07f8 accidently
reverted the changes in lib/crypto/src/crypto.erl correctly
introduced in e8de0736005e91afd992e49f434e08c940eddfa0
This fix re-introduces the correct changes.
|
|
|
|
* ingela/ssl/openssl-test-interop:
ssl: Improve interop checks
|
|
|
|
* maint-19:
Updated OTP version
Update release notes
Update version numbers
erts: Fix memory leak when sending to terminating port
|
|
* ingela/ERL-622/fix:
ssl: Move link to correct process
|
|
The link should be between the connection process and the tls_sender
process. But the start of the tls_sender process needs to be done
by the process that also starts the connection process in order to
correctly create the opaque #ssl_socket{}.
|
|
|
|
|
|
|
|
maint-19
* sverker/erts/19/memory-leak-terminating-port/OTP-14609:
erts: Fix memory leak when sending to terminating port
|
|
Cherry-picked from 7c5fcd3f2701cbb614930682ac52ff75b9c26e6c.
Error: Leak_DefinitelyLost
erts_alloc:230 (-> 0x52E54D) [erl_alloc.h]
port_task_alloc:154 (-> 0x52F3CA) [erl_port_task.c]
erts_port_task_alloc_p2p_sig_data:212 (-> 0x52F5D3) [erl_port_task.c]
erts_port_output:2147 (-> 0x4F6057) [io.c]
erts_port_command:4126 (-> 0x4FA10E) [io.c]
do_send:2200 (-> 0x4E4C64) [bif.c]
erl_send:2494 (-> 0x4E5E09) [bif.c]
process_main:1730 (-> 0x43ADA5) [beam_emu.c]
|
|
* raimo/receive-TOS-TCLASS/ERIERL-187/OTP-15145:
Elaborate the disclaimer for 'pktoptions'
Improve platform filter
Fix endianness bug for CMSG parsing
|
|
|
|
|
|
|
|
* hans/crypto/cuddle_docs:
crypto: Re-work the 'Description' section
crypto: Add warnings in RefMan and User's Guide for experimental RSA opts
|
|
Links and contents needs update.
|
|
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
Fix include-path regression caused by dd0a39c
|
|
* sverker/erts/robustify-dist-entry-states/OTP-15297:
erts: Refactor port dist_entry & conn_id into PRTSD
Remove ugly fail case macros
Consolidate distribution entry state transitions
erts: Fix bug in undocumented system_flag(scheduling_statistics)
|
|
|
|
spelled out as "port specific data".
|
|
|
|
* Make connection_id part of the distribution handle as {ConnId, DistEntry}
in order for BIFs to verify correct connection.
* Make distribution handle opaque to net_kernel.
* Remove some unsafe lockless reads of DistEntry.flags
* Change state ERTS_DE_STATE_EXITING to be more of an internal state that
prevents erts from enqueue, encode or schedule new data to be sent. Otherwise
it should behave like ERTS_DE_STATE_CONNECTED.
|
|
* siri/cuddle:
[logger] Skip app level test if app cannot be loaded
Terminate nodes after failed test cases in erl_distribution_SUITE
Skip performance test on build types other than 'opt'
|
|
* hasse/stdlib/binary_in_format/OTP-15304:
stdlib: Allow lists with binaries in the Format argument
|
|
ets:new/2 doc update
|
|
* hans/crypto/chacha_poly_into_aead_fns/OTP-15300:
crypto: Fix bad return/exception for unsupported cipher
crypto: Use aead functions for CHACHA20_POLY1305
|
|
Accidently f11391139c4165e8541a52d45cd1525343a83927 merged by
0a218353e4360e36bac304b6a4e0effe78d95615 changed the
return exception 'notsup' to 'badarg' for unsupported chipher names.
This changes that back.
|
|
This previously implemented cipher is a block cipher despite using chacha.
It also uses the EVP_CIPHER_CTX api which now unifies AES_GCM and AES_CCM
into one pair of encrypt and decrypt functions.
By integrating the existing chacha20_poly1305 code into aead_encrypt and
aead_decrypt we could remove two C-functions and simplify both the C-code
and the corresponding Erlang code in the CRYPTO application.
|
|
* hans/crypto/disable_rsa_sslv23_libressl/OTP-15303:
crypto: Disable problematic RSA options in LibreSSL
|
|
|
|
* hans/crypto/revert_bad_tests:
crypto: Disable bad tests They do not test what was intended.
|
|
They do not test what was intended.
|
|
|
|
|
|
* raimo/receive-TOS-TCLASS/ERIERL-187/OTP-15145:
Write testcases for recvtos and friends
Fix term buffer overflow bug
Fix documentation due to feedback
Implement socket option recvtos and friends
|
