OpenAFS CVS Commit: openafs/src/viced by jaltman

cvs@GRAND.CENTRAL.ORG cvs@GRAND.CENTRAL.ORG
Wed, 08 Aug 2007 12:31:25 EDT


Update of /cvs/openafs/src/viced
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-1-5/src/viced

Modified Files:
      Tag: openafs-devel-1_5_x
	callback.c fsprobe.c host.c host.h 
Log Message:
DELTA DEVEL15-viced-hash-20070808
AUTHOR jaltman@secure-endpoints.com

(1) fixes a bug that could cause a 'host' structure to not be removed
from the global host list if the 'host' did not possess an interface
list. This would happen with older AFS clients that do not support the
WhoAreYou family of RPCs. Windows clients older than 1.3.80 and old
Transarc UNIX clients.

(2) fixes a bug which could result in ViceLog being called with an
uninitialized 'hoststr' buffer as a parameter.

(3) ensures that only addresses known to belong to the 'host' are
added to the address hash table.  The list of addresses provided by
the client are stored as alternates and are only used when searching
for a client that is no longer accessible on the primary address.
These addresses are not stored in the address hash table within
initInterfaceAddr_r().

The addresses provided by the client should not be added to the hash
table because they have not been verified as belonging to the 'host'
that provided them.  The contents of the list may in fact be completely
unreliable.  Consider the existing UNIX clients that generate the list
at startup and never alter it even after the client has migrated to a
different network.  If two client's both claim the same address,
lookups by address may fail to find the correct one.

a. The client list might contain private address ranges which
are likely to be re-used by many clients allocated addresses
by a NAT.

b. The client list will not include any public addresses that
are hidden by a NAT.

c. Private address ranges that are exposed to the server will
be obtained from the rx connections that use them.

d. Lists provided by the client are not necessarily truthful.
Many existing clients (UNIX) do not refresh the IP address
list as the actual assigned addresses change. The end result
is that they report the initial address list for the lifetime
of the process. In other words, a client can report addresses
that they are in fact not using. Adding these addresses to
the host interface list without verification is not only
pointless, it is downright dangerous.

e. The reported addresses do not include port numbers and
guessing that the port number is 7001 does not work when
port mapping devices such as NATs or some VPNs are in
use.

(4) improves logging to ensure that all references to a 'host' structure
report both a memory address and the IP address/port. this will avoid
confusion *if* more than one 'host' structure is assigned the same
primary address.

(5) logs the UUID along with the client addresses when initializing the
host's interface list. (level 125)

(6) saves memory by using a smaller structure for the UUID hash table


--- DELTA config for openafs-devel-1_5_x follows ---
DEVEL15-viced-hash-20070808 openafs/src/viced/callback.c 1.77.2.3 1.77.2.4
DEVEL15-viced-hash-20070808 openafs/src/viced/fsprobe.c 1.12 1.12.2.1
DEVEL15-viced-hash-20070808 openafs/src/viced/host.c 1.93.2.17 1.93.2.18
DEVEL15-viced-hash-20070808 openafs/src/viced/host.h 1.21.2.3 1.21.2.4