diff options
| author | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2016-04-14 19:02:19 +0530 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2016-05-10 00:11:20 -0700 |
| commit | 4c58dd7f03e393b6dd5c01af3e7f4c786ba12e3f (patch) | |
| tree | 3125f4ef60d4f4ad97a3cee2af550aa748d5cde2 /rpc/rpc-transport/socket/src | |
| parent | e2f23de3189672d08a171cedfbd5ccf505d1fb48 (diff) | |
rpc: define client port range
Problem:
when bind-insecure is 'off', all the clients bind to secure ports,
if incase all the secure ports exhaust the client will no more bind
to secure ports and tries gets a random port which is obviously insecure.
we have seen the client obtaining a port number in the range 49152-65535
which are actually reserved as part of glusterd's pmap_registry for bricks,
hence this will lead to port clashes between client and brick processes.
Solution:
If we can define different port ranges for clients incase where secure ports
exhaust, we can avoid the maximum port clashes with in gluster processes.
Still we are prone to have clashes with other non-gluster processes, but
the chances being very low, but that's a different story on its own,
which will be handled in upcoming patches.
Backportof:
> Change-Id: Ib5ce05991aa1290ccb17f6f04ffd65caf411feaf
> BUG: 1322805
> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
> Reviewed-on: http://review.gluster.org/13998
> Smoke: Gluster Build System <jenkins@build.gluster.com>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Change-Id: I2ab9608ddbefcdf5987d817c23dd066010148e19
BUG: 1333711
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/14234
Tested-by: Prasanna Kumar Kalever <pkalever@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket/src')
| -rw-r--r-- | rpc/rpc-transport/socket/src/name.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c index 12887a72ff1..79e1dfde778 100644 --- a/rpc/rpc-transport/socket/src/name.c +++ b/rpc/rpc-transport/socket/src/name.c @@ -45,11 +45,17 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, int32_t ret = -1; uint16_t port = ceiling - 1; gf_boolean_t ports[GF_PORT_MAX]; + int i = 0; +loop: ret = gf_process_reserved_ports (ports, ceiling); - while (port) - { + while (port) { + if (port == GF_CLIENT_PORT_CEILING) { + ret = -1; + break; + } + /* ignore the reserved ports */ if (ports[port] == _gf_true) { port--; @@ -69,6 +75,18 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, port--; } + /* Incase if all the secure ports are exhausted, we are no more + * binding to secure ports, hence instead of getting a random + * port, lets define the range to restrict it from getting from + * ports reserved for bricks i.e from range of 49152 - 65535 + * which further may lead to port clash */ + if (!port) { + ceiling = port = GF_CLNT_INSECURE_PORT_CEILING; + for (i = 0; i <= ceiling; i++) + ports[i] = _gf_false; + goto loop; + } + return ret; } |