Navigation


Changeset 1396:188c82b6690b in freeDiameter


Ignore:
Timestamp:
Nov 15, 2019, 7:38:30 PM (4 years ago)
Author:
Thomas Klausner <tk@giga.or.at>
Branch:
default
Phase:
public
Message:

Add ProcessingPeersPattern? and ProcessingPeersMinimum? parameters.

If this is configured, the process will accept all connections from
peers matching ProcessingPeersPattern?, but will NOT accept connections
from other peers until ProcessingPeersMinimum? peers of the first
type are connected.

This allows relays to only go online if there are enough worker
peers connected behind them.

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • doc/freediameter.conf.sample

    r1326 r1396  
    8888# Default: 5 unidentified clients in paralel.
    8989#ThreadsPerServer = 5;
     90
     91# If this host is used as relay or proxy, it can be useful to limit
     92# connections from "outside" until enough processing nodes are available.
     93# This parameter defines a regex pattern for recognizing such nodes;
     94# Default: NO DEFAULT
     95#ProcessingPeersPattern = "worker[0-9]*.example.com";
     96
     97# This next parameter defines how many of these processing peers
     98# must be connected before CERs from other hosts are accepted.
     99# If this is set, ProcessingPeersPattern must also be defined.
     100# If unset or less than 1, ProcessingPeersPattern and this variable do nothing.
     101# Default: 0
     102#ProcessingPeersMinimum = 0;
    90103
    91104##############################################################
  • include/freeDiameter/libfdcore.h

    r1329 r1396  
    4545#include <gnutls/gnutls.h>
    4646#include <gnutls/x509.h>
     47#include <regex.h>
    4748
    4849/* GNUTLS version */
     
    133134        struct fd_list   cnf_endpoints; /* the local endpoints to bind the server to. list of struct fd_endpoint. default is empty (bind all). After servers are started, this is the actual list of endpoints including port information. */
    134135        int              cnf_thr_srv;   /* Number of threads per servers handling the connection state machines */
     136        int              cnf_processing_peers_minimum;  /* Number of processing peers that must be connected before other peers may connect */
     137        regex_t          cnf_processing_peers_pattern_regex;    /* Regex pattern for identifying processing peers */
    135138        struct fd_list   cnf_apps;      /* Applications locally supported (except relay, see flags). Use fd_disp_app_support to add one. list of struct fd_app. */
    136139        uint16_t         cnf_dispthr;   /* Number of dispatch threads to create */
  • libfdcore/config.c

    r1326 r1396  
    6060        fd_g_config->cnf_sctp_str = 30;
    6161        fd_g_config->cnf_thr_srv  = 5;
     62        fd_g_config->cnf_processing_peers_minimum = 0;
    6263        fd_g_config->cnf_dispthr  = 4;
    6364        fd_list_init(&fd_g_config->cnf_endpoints, NULL);
     
    102103        CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "  Number of clients thr .. : %d\n", fd_g_config->cnf_thr_srv), return NULL);
    103104        CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "  Number of app threads .. : %hu\n", fd_g_config->cnf_dispthr), return NULL);
     105        CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "  Minimal processing peers : %hu\n", fd_g_config->cnf_processing_peers_minimum), return NULL);
    104106        if (FD_IS_LIST_EMPTY(&fd_g_config->cnf_endpoints)) {
    105107                CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "  Local endpoints ........ : Default (use all available)\n"), return NULL);
  • libfdcore/fdd.l

    r1394 r1396  
    257257(?i:"ListenOn")         { return LISTENON; }
    258258(?i:"ThreadsPerServer") { return THRPERSRV; }
     259(?i:"ProcessingPeersPattern")   { return PROCESSINGPEERSPATTERN; }
     260(?i:"ProcessingPeersMinimum")   { return PROCESSINGPEERSMINIMUM; }
    259261(?i:"TcTimer")          { return TCTIMER; }
    260262(?i:"TwTimer")          { return TWTIMER; }
  • libfdcore/fdd.y

    r1326 r1396  
    110110%token          LISTENON
    111111%token          THRPERSRV
     112%token          PROCESSINGPEERSPATTERN
     113%token          PROCESSINGPEERSMINIMUM
    112114%token          TCTIMER
    113115%token          TWTIMER
     
    142144                        | conffile listenon
    143145                        | conffile thrpersrv
     146                        | conffile processingpeerspattern
     147                        | conffile processingpeersminimum
    144148                        | conffile norelay
    145149                        | conffile appservthreads
     
    250254                                        { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } );
    251255                                conf->cnf_thr_srv = $3;
     256                        }
     257                        ;
     258
     259processingpeerspattern:         PROCESSINGPEERSPATTERN '=' QSTRING ';'
     260                        {
     261                                char *pattern = $3;
     262                                int err;
     263                                CHECK_FCT_DO( err=regcomp(&conf->cnf_processing_peers_pattern_regex, pattern, REG_EXTENDED | REG_NOSUB),
     264                                        {
     265                                                char * buf;
     266                                                size_t bl;
     267
     268                                                /* Error while compiling the regex */
     269                                                TRACE_DEBUG(INFO, "error while compiling the regular expression '%s':", pattern);
     270
     271                                                /* Get the error message size */
     272                                                bl = regerror(err, &conf->cnf_processing_peers_pattern_regex, NULL, 0);
     273
     274                                                /* Alloc the buffer for error message */
     275                                                CHECK_MALLOC( buf = malloc(bl) );
     276
     277                                                /* Get the error message content */
     278                                                regerror(err, &conf->cnf_processing_peers_pattern_regex, buf, bl);
     279                                                TRACE_DEBUG(INFO, "\t%s", buf);
     280
     281                                                /* Free the buffer, return the error */
     282                                                free(buf);
     283
     284                                                yyerror (&yylloc, conf, "Invalid regular expression in ProcessingPeersPattern");
     285                                                YYERROR;
     286                                        } );
     287                        }
     288                        ;
     289
     290processingpeersminimum:         PROCESSINGPEERSMINIMUM '=' INTEGER ';'
     291                        {
     292                                CHECK_PARAMS_DO( ($3 >= 0),
     293                                        { yyerror (&yylloc, conf, "Invalid value"); YYERROR; } );
     294                                conf->cnf_processing_peers_minimum = $3;
    252295                        }
    253296                        ;
  • libfdcore/p_ce.c

    r1281 r1396  
    834834}
    835835
     836/* Check if enough processing peers are connected to allow connections by other peers */
     837static int sufficient_processing_peers(void) {
     838        int processing_peers_count = 0;
     839        struct fd_list * li;
     840
     841        CHECK_FCT( pthread_rwlock_rdlock(&fd_g_activ_peers_rw) );
     842        for (li = fd_g_activ_peers.next; li != &fd_g_activ_peers; li = li->next) {
     843                struct fd_peer * p = (struct fd_peer *)li->o;
     844
     845                TRACE_DEBUG(FULL, "comparing '%s' against processing peers pattern", p->p_hdr.info.pi_diamid);
     846                if (regexec(&fd_g_config->cnf_processing_peers_pattern_regex, p->p_hdr.info.pi_diamid, 0, NULL, 0) == 0) {
     847                        processing_peers_count++;
     848                }
     849        }
     850        CHECK_FCT( pthread_rwlock_unlock(&fd_g_activ_peers_rw) );
     851
     852        TRACE_DEBUG(FULL, "%d processing peers found", processing_peers_count);
     853        return (processing_peers_count >= fd_g_config->cnf_processing_peers_minimum);
     854}
     855
    836856/* Handle the receiver side to go to OPEN or OPEN_NEW state (any election is resolved) */
    837857int fd_p_ce_process_receiver(struct fd_peer * peer)
     
    884904        }
    885905       
     906        /* Check peer type and if enough processing peers are already connected */
     907        if (fd_g_config->cnf_processing_peers_minimum > 0) {
     908                if (regexec(&fd_g_config->cnf_processing_peers_pattern_regex, peer->p_hdr.info.pi_diamid, 0, NULL, 0) != 0) {
     909                        /* peer is not a processing peer */
     910                        if (!sufficient_processing_peers()) {
     911                                pei.pei_errcode = "DIAMETER_TOO_BUSY";
     912                                goto error_abort;
     913                        }
     914                }
     915        }
     916
     917        if (peer->p_flags.pf_responder) {
     918                int res = fd_peer_validate( peer );
     919                if (res < 0) {
     920                        TRACE_DEBUG(INFO, "Rejected CER from peer '%s', validation failed (returning DIAMETER_UNKNOWN_PEER).", peer->p_hdr.info.pi_diamid);
     921                        pei.pei_errcode = "DIAMETER_UNKNOWN_PEER";
     922                        goto error_abort;
     923                }
     924                CHECK_FCT( res );
     925        }
    886926        /* Check if we have common applications */
    887927        if ( fd_g_config->cnf_flags.no_fwd && (! peer->p_hdr.info.runtime.pir_relay) ) {
Note: See TracChangeset for help on using the changeset viewer.