summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-lib
diff options
context:
space:
mode:
authorPrasanna Kumar Kalever <prasanna.kalever@redhat.com>2015-06-24 12:21:02 +0530
committerRaghavendra G <rgowdapp@redhat.com>2015-07-26 21:31:39 -0700
commit9442e7bf80f5c2189140918bb5588868204521ed (patch)
tree8a480391111ac4c86b0ba7da96146befa3ac1bd6 /rpc/rpc-lib
parente9b86d0b575e8e59f0910874341a4a05574124cf (diff)
rpc: fix binding brick issue while bind-insecure is enabled
problem: When bind-insecure is turned on (which is the default now), it may happen that brick is not able to bind to port assigned by Glusterd for example 49192-49195... It seems to occur because the rpc_clnt connections are binding to ports in the same range. so brick fails to bind to a port which is already used by someone else solution: fix for now is to make rpc_clnt to get port numbers from 65535 in a descending order, as a result port clash is minimized other fixes: previously rdma binds to port >= 1024 if it cannot find a free port < 1024, even when bind insecure was turned off(ref to commit '0e3fd04e'), this patch add's a check for bind-insecure in gf_rdma_client_bind function This patch also re-enable bind-insecure and allow insecure by default which was reverted (ref: commit cef1720) previously Change-Id: Ia1cfa93c5454e2ae0ff57813689b75de282ebd07 BUG: 1238661 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-on: http://review.gluster.org/11512 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc/rpc-lib')
-rw-r--r--rpc/rpc-lib/src/rpc-transport.c3
-rw-r--r--rpc/rpc-lib/src/rpcsvc-auth.c13
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c6
3 files changed, 18 insertions, 4 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c
index 149a831951d..4ade6b7d0b3 100644
--- a/rpc/rpc-lib/src/rpc-transport.c
+++ b/rpc/rpc-lib/src/rpc-transport.c
@@ -262,7 +262,8 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name)
else
trans->bind_insecure = 0;
} else {
- trans->bind_insecure = 0;
+ /* By default allow bind insecure */
+ trans->bind_insecure = 1;
}
ret = dict_get_str (options, "transport-type", &type);
diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c
index 6b4c7937437..b7d6c2216ef 100644
--- a/rpc/rpc-lib/src/rpcsvc-auth.c
+++ b/rpc/rpc-lib/src/rpcsvc-auth.c
@@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options)
else
svc->allow_insecure = 0;
}
+ } else {
+ /* By default set allow-insecure to true */
+ svc->allow_insecure = 1;
+
+ /* setting in options for the sake of functions that look
+ * configuration params for allow insecure, eg: gf_auth
+ */
+ ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+ if (ret < 0)
+ gf_log ("rpc-auth", GF_LOG_DEBUG,
+ "dict_set failed for 'allow-insecure'");
}
- return 0;
+ return ret;
}
int
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index c01836ef6f5..5fbdf96d000 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -632,8 +632,10 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
"Request received from non-"
"privileged port. Failing request for %s.",
req->trans->peerinfo.identifier);
- rpcsvc_request_destroy (req);
- return -1;
+ req->rpc_status = MSG_DENIED;
+ req->rpc_err = AUTH_ERROR;
+ req->auth_err = RPCSVC_AUTH_REJECT;
+ goto err_reply;
}
/* DRC */