summaryrefslogtreecommitdiff
path: root/cpp/src/qpid/cluster/ConnectionCodec.h
Commit message (Collapse)AuthorAgeFilesLines
* QPID-3858: Updated code to include recent refactoring by Gordon (gsim) - see ↵Kim van der Riet2012-08-271-82/+0
| | | | | | QPID-4178. git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/asyncstore@1377715 13f79535-47bb-0310-9956-ffa450edef68
* Cluster + SecurityMichael Goulish2010-05-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ----------------------------------- * initial observation of a problem was a 2% failure rate in perftests of 20,000 messages against a cluster with security enabled. Problem was occasional receit of encrypted frames before the security codec had been enabled. This is fixed with locking in cluster code (no new locks in broker code) and a callback that is fired by broker::ConnectionHandler::Handler to tell the cluster code when the opening handshake has finished. This was never a problem in the non-clustered broker before because everything happened in a single thread. * the brokers that "shadow" the connection must not have null authenticators rather than real ones, so that they go through all the motions but don't do anythig. Only the directly-connected broker can perform the security handshake. * once the directly-connected broker receives the real user ID from its callback, it mcasts that ID to all other brokers. Otherwise the shadowing brokers will al think that the user ID is "anonymous". Check this by doing a substantial perftest, and using qpid-stat -c localhost:PORT to confirm that the brokers all have the same userID for the same connection. * the user ID, negotiated during the Sasl security startup, is communicated from the directly connected broker to all other cluster brokers. * If security is *not* being used, then this code should *not* tell the brokers anything about the userID -- or it will step on the value that is being set by other code pathways. * test program at cpp/src/tests/cluster_authentication_soak is not yet fully automated -- run it with something like "sudo ./cluster_authentication_soak 500" git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@944158 13f79535-47bb-0310-9956-ffa450edef68
* QPID-2412: Support for EXTERNAL mechanism on client-authenticated SSL ↵Gordon Sim2010-03-051-3/+3
| | | | | | | | | | | | connections. On SSL connection where the clients certificate is authenticated (requires the --ssl-require-client-authentication option at present), the clients identity will be taken from that certificate (it will be the CN with any DCs present appended as the domain, e.g. CN=bob,DC=acme,DC=com would result in an identity of bob@acme.com). This will enable the EXTERNAL mechanism when cyrus sasl is in use. The client can still negotiate their desired mechanism. There is a new option on the ssl module (--ssl-sasl-no-dict) that allows the options on ssl connections to be restricted to those that are not vulnerable to dictionary attacks (EXTERNAL being the primary example). git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@919487 13f79535-47bb-0310-9956-ffa450edef68
* QPID-1899: Applied patch from Ken Giusti to tie in SASL enctryption to the ↵Gordon Sim2009-11-091-3/+6
| | | | | | handling of the --require-encrypted option git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@834108 13f79535-47bb-0310-9956-ffa450edef68
* Set protocol versions correctly in cluster code.Alan Conway2009-07-301-1/+2
| | | | | | | | | Cluster code was broken by a recent checkin to validate protocol versions. The cluster was not correctly setting the version on both sides of a connection. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@799401 13f79535-47bb-0310-9956-ffa450edef68
* Replicate connection decoder fragments to new members.Alan Conway2009-03-021-3/+1
| | | | | | | | | | | | Refactoring: - Merge Decoder into ConnectionMap. - Process cluster controls in event queue thread. - Use counter not pointer for connection ID, avoid re-use. - Do all processing in event queue thread to avoid races (temporary pending performance measurements) git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@749473 13f79535-47bb-0310-9956-ffa450edef68
* QPID-1567: More changes to make clustering and federation work togetherGordon Sim2009-01-221-1/+1
| | | | | | | | | | | * replicate outgoing link traffic to all nodes * coordinate amongst nodes so that only one node actually maintains active links with the others able to take over if that node fails git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@736841 13f79535-47bb-0310-9956-ffa450edef68
* Cluster join & brain-dumps working.Alan Conway2008-10-031-0/+1
| | | | | | | | | cluster: improved join protocol, fixed race conditions. client/ConnectionHandler,ConnectionImpl: fixed connection close race causing client hang. src/qpid/sys/PollableQueue.h: fixed incorrect use of startWatch/stopWatch. git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@701532 13f79535-47bb-0310-9956-ffa450edef68
* Cluster replicates session command sequence state and consumers to newcomers.Alan Conway2008-09-241-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@698666 13f79535-47bb-0310-9956-ffa450edef68
* Dump shared state to new cluster members.Alan Conway2008-09-181-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@696788 13f79535-47bb-0310-9956-ffa450edef68
* Moved PollableCondition, PollableQueue and to sys. Fixed cluster shutdown ↵Alan Conway2008-09-111-1/+2
| | | | | | | | | | | | | | issues. sys/PollableCondition: is a generic mechansim to poll for non-IO events in the Poller. sys/PollableQueue: is a thread-safe queue template that can be dispatched from the Poller when there are items on the queue. It uses PollableCondition. git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@694243 13f79535-47bb-0310-9956-ffa450edef68
* Cluster multicasts buffers rather than frames.Alan Conway2008-09-031-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@691489 13f79535-47bb-0310-9956-ffa450edef68
* Refactored cluster to intercept at ConnectionCode, using sys:: interfaces ↵Alan Conway2008-08-291-0/+77
rather than boost functions. Use framing::Operations and Invoker to dispatch cluster methods. git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@690358 13f79535-47bb-0310-9956-ffa450edef68