| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
QPID-4178.
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/asyncstore@1377715 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-----------------------------------
* initial observation of a problem was a 2% failure rate in perftests
of 20,000 messages against a cluster with security enabled.
Problem was occasional receit of encrypted frames before the
security codec had been enabled. This is fixed with locking in
cluster code (no new locks in broker code) and a callback that is
fired by broker::ConnectionHandler::Handler to tell the cluster
code when the opening handshake has finished.
This was never a problem in the non-clustered broker before because
everything happened in a single thread.
* the brokers that "shadow" the connection must not have null
authenticators rather than real ones, so that they go through all
the motions but don't do anythig. Only the directly-connected
broker can perform the security handshake.
* once the directly-connected broker receives the real user ID
from its callback, it mcasts that ID to all other brokers.
Otherwise the shadowing brokers will al think that the user ID
is "anonymous".
Check this by doing a substantial perftest, and using
qpid-stat -c localhost:PORT
to confirm that the brokers all have the same userID for the
same connection.
* the user ID, negotiated during the Sasl security startup, is
communicated from the directly connected broker to all other
cluster brokers.
* If security is *not* being used, then this code should *not* tell
the brokers anything about the userID -- or it will step on the value
that is being set by other code pathways.
* test program at cpp/src/tests/cluster_authentication_soak is not yet
fully automated -- run it with something like
"sudo ./cluster_authentication_soak 500"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@944158 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
connections.
On SSL connection where the clients certificate is authenticated (requires the --ssl-require-client-authentication option at present), the clients identity will be taken from that certificate (it will be the CN with any DCs present appended as the domain, e.g. CN=bob,DC=acme,DC=com would result in an identity of bob@acme.com). This will enable the EXTERNAL mechanism when cyrus sasl is in use.
The client can still negotiate their desired mechanism. There is a new option on the ssl module (--ssl-sasl-no-dict) that allows the options on ssl connections to be restricted to those that are not vulnerable to dictionary attacks (EXTERNAL being the primary example).
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@919487 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
handling of the --require-encrypted option
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@834108 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
Cluster code was broken by a recent checkin to validate protocol
versions. The cluster was not correctly setting the version on both
sides of a connection.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@799401 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refactoring:
- Merge Decoder into ConnectionMap.
- Process cluster controls in event queue thread.
- Use counter not pointer for connection ID, avoid re-use.
- Do all processing in event queue thread to avoid races
(temporary pending performance measurements)
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@749473 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
| |
* replicate outgoing link traffic to all nodes
* coordinate amongst nodes so that only one node actually maintains active links
with the others able to take over if that node fails
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@736841 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
cluster: improved join protocol, fixed race conditions.
client/ConnectionHandler,ConnectionImpl: fixed connection close race causing client hang.
src/qpid/sys/PollableQueue.h: fixed incorrect use of startWatch/stopWatch.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@701532 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@698666 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@696788 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
issues.
sys/PollableCondition: is a generic mechansim to poll for non-IO
events in the Poller.
sys/PollableQueue: is a thread-safe queue template that can be
dispatched from the Poller when there are items on the queue. It uses
PollableCondition.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@694243 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@691489 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
rather than boost functions.
Use framing::Operations and Invoker to dispatch cluster methods.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@690358 13f79535-47bb-0310-9956-ffa450edef68
|
