rpc: fix binding brick issue while bind-insecure is enabled
problem: When bind-insecure is turned on (which is the default now), it may happen that brick is not able to bind to port assigned by Glusterd for example 49192-49195... It seems to occur because the rpc_clnt connections are binding to ports in the same range. so brick fails to bind to a port which is already used by someone else solution: fix for now is to make rpc_clnt to get port numbers from 65535 in a descending order, as a result port clash is minimized other fixes: previously rdma binds to port >= 1024 if it cannot find a free port < 1024, even when bind insecure was turned off(ref to commit '0e3fd04e'), this patch add's a check for bind-insecure in gf_rdma_client_bind function This patch also re-enable bind-insecure and allow insecure by default which was reverted (ref: commit cef1720) previously Change-Id: Ia1cfa93c5454e2ae0ff57813689b75de282ebd07 BUG: 1238661 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-on: http://review.gluster.org/11512 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
This commit is contained in:
Prasanna Kumar Kalever
Raghavendra G
parent
e9b86d0b57
commit
9442e7bf80
@ -2789,7 +2789,7 @@ out:
|
||||
}
|
||||
|
||||
int
|
||||
gf_process_reserved_ports (gf_boolean_t *ports)
|
||||
gf_process_reserved_ports (gf_boolean_t *ports, uint32_t ceiling)
|
||||
{
|
||||
int ret = -1;
|
||||
#if defined GF_LINUX_HOST_OS
|
||||
@ -2809,7 +2809,7 @@ gf_process_reserved_ports (gf_boolean_t *ports)
|
||||
blocked_port = strtok_r (ports_info, ",\n",&tmp);
|
||||
|
||||
while (blocked_port) {
|
||||
gf_ports_reserved (blocked_port, ports);
|
||||
gf_ports_reserved (blocked_port, ports, ceiling);
|
||||
blocked_port = strtok_r (NULL, ",\n", &tmp);
|
||||
}
|
||||
|
||||
@ -2822,7 +2822,7 @@ out:
|
||||
}
|
||||
|
||||
gf_boolean_t
|
||||
gf_ports_reserved (char *blocked_port, gf_boolean_t *ports)
|
||||
gf_ports_reserved (char *blocked_port, gf_boolean_t *ports, uint32_t ceiling)
|
||||
{
|
||||
gf_boolean_t result = _gf_false;
|
||||
char *range_port = NULL;
|
||||
@ -2834,7 +2834,7 @@ gf_ports_reserved (char *blocked_port, gf_boolean_t *ports)
|
||||
if (blocked_port[strlen(blocked_port) -1] == '\n')
|
||||
blocked_port[strlen(blocked_port) -1] = '\0';
|
||||
if (gf_string2int16 (blocked_port, &tmp_port1) == 0) {
|
||||
if (tmp_port1 > (GF_CLIENT_PORT_CEILING - 1)
|
||||
if (tmp_port1 > ceiling
|
||||
|| tmp_port1 < 0) {
|
||||
gf_msg ("glusterfs-socket", GF_LOG_WARNING, 0,
|
||||
LG_MSG_INVALID_PORT, "invalid port %d",
|
||||
@ -2860,8 +2860,8 @@ gf_ports_reserved (char *blocked_port, gf_boolean_t *ports)
|
||||
goto out;
|
||||
}
|
||||
if (gf_string2int16 (range_port, &tmp_port1) == 0) {
|
||||
if (tmp_port1 > (GF_CLIENT_PORT_CEILING - 1))
|
||||
tmp_port1 = GF_CLIENT_PORT_CEILING - 1;
|
||||
if (tmp_port1 > ceiling)
|
||||
tmp_port1 = ceiling;
|
||||
if (tmp_port1 < 0)
|
||||
tmp_port1 = 0;
|
||||
}
|
||||
@ -2874,9 +2874,8 @@ gf_ports_reserved (char *blocked_port, gf_boolean_t *ports)
|
||||
if (range_port[strlen(range_port) -1] == '\n')
|
||||
range_port[strlen(range_port) - 1] = '\0';
|
||||
if (gf_string2int16 (range_port, &tmp_port2) == 0) {
|
||||
if (tmp_port2 >
|
||||
(GF_CLIENT_PORT_CEILING - 1))
|
||||
tmp_port2 = GF_CLIENT_PORT_CEILING - 1;
|
||||
if (tmp_port2 > ceiling)
|
||||
tmp_port2 = ceiling;
|
||||
if (tmp_port2 < 0)
|
||||
tmp_port2 = 0;
|
||||
}
|
||||
|
||||
@ -83,6 +83,7 @@ void trap (void);
|
||||
*/
|
||||
#define GF_NFS3_PORT 2049
|
||||
#define GF_CLIENT_PORT_CEILING 1024
|
||||
#define GF_PORT_MAX 65535
|
||||
|
||||
#define GF_MINUTE_IN_SECONDS 60
|
||||
#define GF_HOUR_IN_SECONDS (60*60)
|
||||
@ -697,8 +698,9 @@ int gf_strip_whitespace (char *str, int len);
|
||||
int gf_canonicalize_path (char *path);
|
||||
char *generate_glusterfs_ctx_id (void);
|
||||
char *gf_get_reserved_ports();
|
||||
int gf_process_reserved_ports (gf_boolean_t ports[]);
|
||||
gf_boolean_t gf_ports_reserved (char *blocked_port, gf_boolean_t *ports);
|
||||
int gf_process_reserved_ports (gf_boolean_t ports[], uint32_t ceiling);
|
||||
gf_boolean_t
|
||||
gf_ports_reserved (char *blocked_port, gf_boolean_t *ports, uint32_t ceiling);
|
||||
int gf_get_hostname_from_ip (char *client_ip, char **hostname);
|
||||
gf_boolean_t gf_is_local_addr (char *hostname);
|
||||
gf_boolean_t gf_is_same_address (char *host1, char *host2);
|
||||
|
||||
@ -262,7 +262,8 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name)
|
||||
else
|
||||
trans->bind_insecure = 0;
|
||||
} else {
|
||||
trans->bind_insecure = 0;
|
||||
/* By default allow bind insecure */
|
||||
trans->bind_insecure = 1;
|
||||
}
|
||||
|
||||
ret = dict_get_str (options, "transport-type", &type);
|
||||
|
||||
@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options)
|
||||
else
|
||||
svc->allow_insecure = 0;
|
||||
}
|
||||
} else {
|
||||
/* By default set allow-insecure to true */
|
||||
svc->allow_insecure = 1;
|
||||
|
||||
/* setting in options for the sake of functions that look
|
||||
* configuration params for allow insecure, eg: gf_auth
|
||||
*/
|
||||
ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
|
||||
if (ret < 0)
|
||||
gf_log ("rpc-auth", GF_LOG_DEBUG,
|
||||
"dict_set failed for 'allow-insecure'");
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@ -632,8 +632,10 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
|
||||
"Request received from non-"
|
||||
"privileged port. Failing request for %s.",
|
||||
req->trans->peerinfo.identifier);
|
||||
rpcsvc_request_destroy (req);
|
||||
return -1;
|
||||
req->rpc_status = MSG_DENIED;
|
||||
req->rpc_err = AUTH_ERROR;
|
||||
req->auth_err = RPCSVC_AUTH_REJECT;
|
||||
goto err_reply;
|
||||
}
|
||||
|
||||
/* DRC */
|
||||
|
||||
@ -33,36 +33,41 @@ gf_resolve_ip6 (const char *hostname,
|
||||
void **dnscache,
|
||||
struct addrinfo **addr_info);
|
||||
|
||||
|
||||
static void
|
||||
_assign_port (struct sockaddr *sockaddr, uint16_t port)
|
||||
{
|
||||
switch (sockaddr->sa_family) {
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
|
||||
break;
|
||||
|
||||
case AF_INET_SDP:
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static int32_t
|
||||
af_inet_bind_to_port_lt_ceiling (struct rdma_cm_id *cm_id,
|
||||
struct sockaddr *sockaddr,
|
||||
socklen_t sockaddr_len, int ceiling)
|
||||
socklen_t sockaddr_len, uint32_t ceiling)
|
||||
{
|
||||
int32_t ret = -1;
|
||||
uint16_t port = ceiling - 1;
|
||||
/* by default assume none of the ports are blocked and all are available */
|
||||
gf_boolean_t ports[1024] = {_gf_false,};
|
||||
gf_boolean_t ports[GF_PORT_MAX] = {_gf_false,};
|
||||
int i = 0;
|
||||
|
||||
ret = gf_process_reserved_ports (ports);
|
||||
ret = gf_process_reserved_ports (ports, ceiling);
|
||||
if (ret != 0) {
|
||||
for (i = 0; i < 1024; i++)
|
||||
for (i = 0; i < GF_PORT_MAX; i++)
|
||||
ports[i] = _gf_false;
|
||||
}
|
||||
|
||||
while (port) {
|
||||
switch (sockaddr->sa_family) {
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)sockaddr)->sin6_port
|
||||
= htons (port);
|
||||
break;
|
||||
|
||||
case AF_INET_SDP:
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)sockaddr)->sin_port
|
||||
= htons (port);
|
||||
break;
|
||||
}
|
||||
_assign_port (sockaddr, port);
|
||||
/* ignore the reserved ports */
|
||||
if (ports[port] == _gf_true) {
|
||||
port--;
|
||||
@ -426,22 +431,26 @@ gf_rdma_client_bind (rpc_transport_t *this, struct sockaddr *sockaddr,
|
||||
*sockaddr_len = sizeof (struct sockaddr_in);
|
||||
|
||||
case AF_INET6:
|
||||
ret = af_inet_bind_to_port_lt_ceiling (cm_id, sockaddr,
|
||||
if (!this->bind_insecure) {
|
||||
ret = af_inet_bind_to_port_lt_ceiling (cm_id, sockaddr,
|
||||
*sockaddr_len,
|
||||
GF_CLIENT_PORT_CEILING);
|
||||
if (ret == -1) {
|
||||
gf_msg (this->name, GF_LOG_WARNING, errno,
|
||||
RDMA_MSG_PORT_BIND_FAILED,
|
||||
"cannot bind rdma_cm_id to port "
|
||||
"less than %d", GF_CLIENT_PORT_CEILING);
|
||||
if (sockaddr->sa_family == AF_INET6) {
|
||||
((struct sockaddr_in6 *)sockaddr)->sin6_port
|
||||
= htons (0);
|
||||
} else {
|
||||
((struct sockaddr_in *)sockaddr)->sin_port
|
||||
= htons (0);
|
||||
if (ret == -1) {
|
||||
gf_msg (this->name, GF_LOG_WARNING, errno,
|
||||
RDMA_MSG_PORT_BIND_FAILED,
|
||||
"cannot bind rdma_cm_id to port "
|
||||
"less than %d", GF_CLIENT_PORT_CEILING);
|
||||
}
|
||||
} else {
|
||||
ret = af_inet_bind_to_port_lt_ceiling (cm_id, sockaddr,
|
||||
*sockaddr_len,
|
||||
GF_PORT_MAX);
|
||||
if (ret == -1) {
|
||||
gf_msg (this->name, GF_LOG_WARNING, errno,
|
||||
RDMA_MSG_PORT_BIND_FAILED,
|
||||
"cannot bind rdma_cm_id to port "
|
||||
"less than %d", GF_PORT_MAX);
|
||||
}
|
||||
ret = rdma_bind_addr (cm_id, sockaddr);
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
@ -23,35 +23,40 @@
|
||||
#include "socket.h"
|
||||
#include "common-utils.h"
|
||||
|
||||
static void
|
||||
_assign_port (struct sockaddr *sockaddr, uint16_t port)
|
||||
{
|
||||
switch (sockaddr->sa_family) {
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
|
||||
break;
|
||||
|
||||
case AF_INET_SDP:
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static int32_t
|
||||
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
|
||||
socklen_t sockaddr_len, int ceiling)
|
||||
socklen_t sockaddr_len, uint32_t ceiling)
|
||||
{
|
||||
int32_t ret = -1;
|
||||
uint16_t port = ceiling - 1;
|
||||
// by default assume none of the ports are blocked and all are available
|
||||
gf_boolean_t ports[1024] = {_gf_false,};
|
||||
gf_boolean_t ports[GF_PORT_MAX] = {_gf_false,};
|
||||
int i = 0;
|
||||
|
||||
ret = gf_process_reserved_ports (ports);
|
||||
ret = gf_process_reserved_ports (ports, ceiling);
|
||||
if (ret != 0) {
|
||||
for (i = 0; i < 1024; i++)
|
||||
for (i = 0; i < GF_PORT_MAX; i++)
|
||||
ports[i] = _gf_false;
|
||||
}
|
||||
|
||||
while (port)
|
||||
{
|
||||
switch (sockaddr->sa_family)
|
||||
{
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
|
||||
break;
|
||||
|
||||
case AF_INET_SDP:
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
|
||||
break;
|
||||
}
|
||||
_assign_port (sockaddr, port);
|
||||
// ignore the reserved ports
|
||||
if (ports[port] == _gf_true) {
|
||||
port--;
|
||||
@ -440,12 +445,21 @@ client_bind (rpc_transport_t *this,
|
||||
if (!this->bind_insecure) {
|
||||
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
|
||||
*sockaddr_len, GF_CLIENT_PORT_CEILING);
|
||||
}
|
||||
if (ret == -1) {
|
||||
gf_log (this->name, GF_LOG_DEBUG,
|
||||
"cannot bind inet socket (%d) to port less than %d (%s)",
|
||||
sock, GF_CLIENT_PORT_CEILING, strerror (errno));
|
||||
ret = 0;
|
||||
if (ret == -1) {
|
||||
gf_log (this->name, GF_LOG_DEBUG,
|
||||
"cannot bind inet socket (%d) to port less than %d (%s)",
|
||||
sock, GF_CLIENT_PORT_CEILING, strerror (errno));
|
||||
ret = 0;
|
||||
}
|
||||
} else {
|
||||
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
|
||||
*sockaddr_len, GF_PORT_MAX);
|
||||
if (ret == -1) {
|
||||
gf_log (this->name, GF_LOG_DEBUG,
|
||||
"failed while binding to less than %d (%s)",
|
||||
GF_PORT_MAX, strerror (errno));
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user