glusterfs.git/rpc/rpc-transport/socket/src/socket.c, branch v3.4.7beta4 socket: disallow CBC cipher modes 2014-10-29T17:31:40+00:00 Kaleb S. KEITHLEY kkeithle@redhat.com 2014-10-22T14:25:29+00:00 4dc4325a4c643b25fa7b670a30cf253491740d97 This is related to CVE-2014-3566 a.k.a. POODLE. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 POODLE is specific to CBC cipher modes in SSLv3. Because there is no way to prevent SSLv3 fallback on a system with an unpatched version of OpenSSL, users of such systems can only be protected by disallowing CBC modes. The default cipher-mode specification in our code has been changed accordingly. cherry picked from http://review.gluster.org/#/c/8962/ BZ 1155328 Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb BUG: 1155630 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/8967 Reviewed-by: Jeff Darcy <jdarcy@redhat.com> 
This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.

cherry picked from http://review.gluster.org/#/c/8962/
BZ 1155328

Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb
BUG: 1155630
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/8967
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
socket: Fixed parsing RPC records containing multi fragments 2014-09-25T10:56:56+00:00 Niels de Vos ndevos@redhat.com 2014-09-25T10:08:47+00:00 ab0547eba39b155246f0d9f09e9a580665c6053f In __socket_proto_state_machine(), when parsing RPC records containing multi fragments, just change the state of parsing process, had not processed the memory to coalesce the multi fragments. Cherry picked from commit fb6702b7f8ba19333b7ba4af543d908e3f5e1923: > Change-Id: I5583e578603bd7290814a5d26885b31759c73115 > BUG: 1139598 > Signed-off-by: Gu Feng <flygoast@126.com> > Reviewed-on: http://review.gluster.org/8662 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Niels de Vos <ndevos@redhat.com> > Reviewed-by: Raghavendra G <rgowdapp@redhat.com> > Tested-by: Raghavendra G <rgowdapp@redhat.com> Change-Id: I5583e578603bd7290814a5d26885b31759c73115 BUG: 1146470 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8849 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
In __socket_proto_state_machine(), when parsing RPC records containing
multi fragments, just change the state of parsing process, had not
processed the memory to coalesce the multi fragments.

Cherry picked from commit fb6702b7f8ba19333b7ba4af543d908e3f5e1923:
> Change-Id: I5583e578603bd7290814a5d26885b31759c73115
> BUG: 1139598
> Signed-off-by: Gu Feng <flygoast@126.com>
> Reviewed-on: http://review.gluster.org/8662
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
> Tested-by: Raghavendra G <rgowdapp@redhat.com>

Change-Id: I5583e578603bd7290814a5d26885b31759c73115
BUG: 1146470
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8849
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
socket: convert socket functions to file scope (static) 2013-06-08T21:53:07+00:00 Anand Avati avati@redhat.com 2013-05-29T10:12:19+00:00 c8611f9a1d5e486333383ba1531757bf8fd49458 The function names used in socket.c conflict with Samba's socket functions (samba.git/source4/lib/socket/socket.h). Convert our functions to file scope as they are anyways not called across files. Change-Id: If98ae557d3e2868f257c021b283ede6a5e92de02 BUG: 953694 Signed-off-by: Anand Avati <avati@redhat.com> Reviewed-on: http://review.gluster.org/5168 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
The function names used in socket.c conflict with Samba's
socket functions (samba.git/source4/lib/socket/socket.h). Convert
our functions to file scope as they are anyways not called across
files.

Change-Id: If98ae557d3e2868f257c021b283ede6a5e92de02
BUG: 953694
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/5168
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Fix spurious brick disconnects 2013-05-01T03:12:52+00:00 Emmanuel Dreyfus manu@netbsd.org 2013-04-30T00:41:09+00:00 bae32a5affd514e5a78ba3af6cc644cd5cd6814a Spurious disconnect were caused by a race condition inside rpc_transport_ref()/rpc_transport_unref() that allowed the refcount to drop to zero while the transport was still in use. The race condition is made possible because of an uninitiaized mutex produced when socket_server_event_handler() copies the transport This is a backport of I34fe097a0ac21b0dbf58f5eed84880e3fd9814f2 BUG: 764655 Change-Id: Ib6a7c736f28ccc67d05be45629cddc18a642c11f Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/4908 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com> 
Spurious disconnect were caused by a race condition inside
rpc_transport_ref()/rpc_transport_unref() that allowed the refcount
to drop to zero while the transport was still in use. The race
condition is made possible because of an uninitiaized mutex
produced when socket_server_event_handler() copies the transport

This is a backport of I34fe097a0ac21b0dbf58f5eed84880e3fd9814f2

BUG: 764655
Change-Id: Ib6a7c736f28ccc67d05be45629cddc18a642c11f
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/4908
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
socket: Make non-ssl sockets perform non-blocking connect() 2013-04-12T07:20:46+00:00 Krishnan Parthasarathi kparthas@redhat.com 2013-03-14T04:18:08+00:00 435c693165a3c7b739c1b71ff179d1507c8d496d Change-Id: Icb60cf7ad3ea7ca0eeb12fd19b95a6b340857bb2 BUG: 920916 Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com> Reviewed-on: http://review.gluster.org/4685 Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
Change-Id: Icb60cf7ad3ea7ca0eeb12fd19b95a6b340857bb2
BUG: 920916
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/4685
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
socket: restructure disconnect/poll-thread interactions 2013-02-03T20:09:54+00:00 Jeff Darcy jdarcy@redhat.com 2013-01-31T19:23:36+00:00 26d9d2bd27dd9e6ed9a77789afea0944032223d8 Change-Id: I792c28f52068e4ed666069b740739662685160bc BUG: 906401 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/4456 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
Change-Id: I792c28f52068e4ed666069b740739662685160bc
BUG: 906401
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/4456
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
socket: null out priv->ssl_ssl on disconnect 2013-01-29T18:01:01+00:00 Jeff Darcy jdarcy@redhat.com 2013-01-29T15:50:01+00:00 fed0752313c37c500d3b88f0651c4923cec4cf9b This prevents problems when a socket transport is reused for a non-SSL connection (e.g. glusterd portmapper) after having been used for an SSL connection (e.g. a brick). In that case, ssl_ssl will still be non-null from the first connection, even though the structure it points to has actually been freed. I'm not sure why/how we would reuse a socket transport in this way (the case of SSL after non-SSL has been common for a long time) but recent glusterd changes seem to have had that effect. Change-Id: I46f1ff3c409c122478bf720a7f02d92abcc32bed BUG: 902684 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/4449 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
This prevents problems when a socket transport is reused for a non-SSL
connection (e.g. glusterd portmapper) after having been used for an SSL
connection (e.g. a brick).  In that case, ssl_ssl will still be non-null from
the first connection, even though the structure it points to has actually been
freed.

I'm not sure why/how we would reuse a socket transport in this way (the case of
SSL after non-SSL has been common for a long time) but recent glusterd changes
seem to have had that effect.

Change-Id: I46f1ff3c409c122478bf720a7f02d92abcc32bed
BUG: 902684
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/4449
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
"gcc -pedantic": made 'inline' functions as 'static inline' functions 2013-01-23T19:12:15+00:00 Amar Tumballi amarts@redhat.com 2012-11-14T06:53:36+00:00 4faeedc99284ce4e6b86bec39309b949fb5423ac for passing the build with -pedantic flag Change-Id: I80fd9528321e4c6ea5bec32bf5cdc54cc4e4f65e BUG: 875913 Signed-off-by: Amar Tumballi <amarts@redhat.com> Reviewed-on: http://review.gluster.org/4186 Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
for passing the build with -pedantic flag

Change-Id: I80fd9528321e4c6ea5bec32bf5cdc54cc4e4f65e
BUG: 875913
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Reviewed-on: http://review.gluster.org/4186
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
nlm: use virtual ip of server to connect to client 2013-01-18T11:50:33+00:00 Rajesh Amaravathi rajesh@redhat.com 2012-12-17T10:59:42+00:00 9036bd1a7bab68351c38d65cd6a1c8af150467bb In cases where the servers use virtual ip's, this commit makes sure we use them and not the physical ip. This change also refactors code around nlm4_establish_callback by sending granted msg only after a connection establishment, and removing the separate thread creation. Change-Id: I087362c547a25aa52ef7fc6653845a3863466ee6 BUG: 888283 Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com> Reviewed-on: http://review.gluster.org/4326 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
In cases where the servers use virtual ip's, this commit
makes sure we use them and not the physical ip.

This change also refactors code around nlm4_establish_callback
by sending granted msg only after a connection establishment,
and removing the separate thread creation.

Change-Id: I087362c547a25aa52ef7fc6653845a3863466ee6
BUG: 888283
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.org/4326
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
socket: Don't log readv failures if read-fail-log is false 2013-01-15T10:25:11+00:00 Krishnan Parthasarathi kparthas@redhat.com 2013-01-11T09:23:50+00:00 a65a482dc2f09de3e1115c593864248522eea29e Change-Id: I6903d62cbc7107eb8498bcd81d07667b36890a02 BUG: 764888 Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com> Reviewed-on: http://review.gluster.org/4377 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Change-Id: I6903d62cbc7107eb8498bcd81d07667b36890a02
BUG: 764888
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/4377
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>