Trang chủ Khám phá Trợ giúp
Đăng nhập
LBP
/
corosync
mirror of https://github.com/corosync/corosync
4
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

knet: allow corosync to use knet access lists

currently knet acl are only available on master
but they might be backported
to stable1 as they don´t break onwire protocol.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Fabio M. Di Nitto 7 năm trước cách đây
mục cha
3e8b525e32
commit
5c9a2b1c06
4 tập tin đã thay đổi với 27 bổ sung0 xóa
View chưa được định nghĩa Hiển thị tình trạng sai khác
  1. 9 0
      configure.ac
  2. 3 0
      exec/coroparse.c
  3. 10 0
      exec/totemknet.c
  4. 5 0
      man/corosync.conf.5

+ 9 - 0
configure.ac
Xem Tập Tin 

@@ -180,6 +180,15 @@ AC_CHECK_LIB([z], [crc32],
 
     AM_CONDITIONAL([HAVE_CRC32], true),
 
     AM_CONDITIONAL([HAVE_CRC32], true),
 
     AM_CONDITIONAL([HAVE_CRC32], false))
 
     AM_CONDITIONAL([HAVE_CRC32], false))
 
 
 
+# this hack is necessary to check for symbols on out of tree builds
 
+# but it is as horrible as it gets and in theory users should be
 
+# invoking ./configure with proper LIBRARY_PATH set.
 
+OLDLIBS="$LIBS"
 
+LIBS="$knet_LIBS $LIBS"
 
+AC_CHECK_LIB([knet],[knet_handle_enable_access_lists],
 
+	     [AC_DEFINE_UNQUOTED([HAVE_KNET_ACCESS_LIST], 1, [have knet access list])])
 
+LIBS="$OLDLIBS"
 
+
 
 # Checks for library functions.
 
 # Checks for library functions.
 
 AC_FUNC_ALLOCA
 
 AC_FUNC_ALLOCA
 
 AC_FUNC_CLOSEDIR_VOID
 
 AC_FUNC_CLOSEDIR_VOID

+ 3 - 0
exec/coroparse.c
Xem Tập Tin 

@@ -708,6 +708,9 @@ static int main_config_parser_cb(const char *path,
 
 			    (strcmp(path, "totem.miss_count_const") == 0) ||
 
 			    (strcmp(path, "totem.miss_count_const") == 0) ||
 
 			    (strcmp(path, "totem.knet_pmtud_interval") == 0) ||
 
 			    (strcmp(path, "totem.knet_pmtud_interval") == 0) ||
 
 			    (strcmp(path, "totem.knet_compression_threshold") == 0) ||
 
 			    (strcmp(path, "totem.knet_compression_threshold") == 0) ||
 
+#ifdef HAVE_KNET_ACCESS_LIST
 
+			    (strcmp(path, "totem.knet_enable_access_lists") == 0) ||
 
+#endif
 
 			    (strcmp(path, "totem.netmtu") == 0)) {
 
 			    (strcmp(path, "totem.netmtu") == 0)) {
 
 				val_type = ICMAP_VALUETYPE_UINT32;
 
 				val_type = ICMAP_VALUETYPE_UINT32;
 
 				if (safe_atoq(value, &val, val_type) != 0) {
 
 				if (safe_atoq(value, &val, val_type) != 0) {

+ 10 - 0
exec/totemknet.c
Xem Tập Tin 

@@ -764,6 +764,16 @@ static void totemknet_refresh_config(
 
 		return;
 
 		return;
 
 	}
 
 	}
 
 
 
+#ifdef HAVE_KNET_ACCESS_LIST
 
+	if (icmap_get_uint32("totem.knet_enable_access_lists", &value) == CS_OK) {
 
+		knet_log_printf (LOGSYS_LEVEL_DEBUG, "knet_enable access list: %d", value);
 
+		err = knet_handle_enable_access_lists(instance->knet_handle, value);
 
+		if (err) {
 
+			KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_WARNING, "knet_handle_enable_access_lists failed");
 
+		}
 
+	}
 
+#endif
 
+
 
 	if (icmap_get_uint32("totem.knet_pmtud_interval", &value) == CS_OK) {
 
 	if (icmap_get_uint32("totem.knet_pmtud_interval", &value) == CS_OK) {
 
 
 
 		instance->totem_config->knet_pmtud_interval = value;
 
 		instance->totem_config->knet_pmtud_interval = value;

+ 5 - 0
man/corosync.conf.5
Xem Tập Tin 

@@ -566,6 +566,11 @@ knet_pmtud_interval
 
 How often the knet PMTUd runs to look for network MTU changes.
 
 How often the knet PMTUd runs to look for network MTU changes.
 
 Value in seconds, default: 30
 
 Value in seconds, default: 30
 
 
 
+.TP
 
+knet_enable_access_lists
 
+Allow knet to drop packets from IP addresses that are not known to corosync.
 
+Value is 0 (off) and 1 (on). Default: 0.
 
+
 
 .PP
 
 .PP
 
 Within the
 
 Within the
 
 .B logging
 
 .B logging