qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stitcher" <astitc...@apache.org>
Subject Re: Review Request: Allow qpidd configuration options to restrict the interfaces/addresses that are listened to for incoming connections
Date Thu, 15 Nov 2012 17:07:25 GMT


> On Nov. 15, 2012, 4:51 p.m., Alan Conway wrote:
> >

Well because of the way the code is structured it is _possible_ (but admittedly unlikely)
that some other protocol might still be able to run. As a simple example rdma could still
run even if TCP couldn't. In point of fact because of the way the code is currently structured
this case can't actually happen anyway! (It should be possible when refactored though).


- Andrew


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/8076/#review13473
-----------------------------------------------------------


On Nov. 15, 2012, 3:22 p.m., Andrew Stitcher wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/8076/
> -----------------------------------------------------------
> 
> (Updated Nov. 15, 2012, 3:22 p.m.)
> 
> 
> Review request for qpid.
> 
> 
> Description
> -------
> 
> This change introduces a new --interface option to the qpid c++ broker which allows you
to specify either:
> * An interface name
> * A literal IP address - IPv6 literal addresses should be enclosed in '['...']'
> * A resolvable name
> If one (or more) of these options are specified they will restrict what the broker listens
to only be those interfaces/addresses.
> 
> If the option is not specified the current behaviour is unchanged.
> 
> This current change is the first part of the work and only restricts listening to the
existing --port and --ssl-port on the specified interfaces. There is no way to additionally
specify extra ports to listen for, that will come in the next part of the work and requires
some refactoring of the existing code.
> 
> This current patch is designed for minimal impact and no refactoring. Because of this
there is some element of duplicated code which should really be factored into a new file.
This will happen in the next phase of work.
> 
> Limitation of this current change: You can't specify interfaces by name under windows,
although you can specify individual interface addresses.
> 
> [This change also incidentally removes ans unused function call from SystemInfo]
> 
> A broken down version of this change can be found on github: http://github.com/astitcher/qpid/commits/netinterfaces
> 
> 
> This addresses bug qpid-3351.
>     https://issues.apache.org/jira/browse/qpid-3351
> 
> 
> Diffs
> -----
> 
>   /trunk/qpid/cpp/include/qpid/sys/SystemInfo.h 1408983 
>   /trunk/qpid/cpp/src/qpid/broker/Broker.h 1408983 
>   /trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1408983 
>   /trunk/qpid/cpp/src/qpid/broker/windows/SslProtocolFactory.cpp 1408983 
>   /trunk/qpid/cpp/src/qpid/sys/SslPlugin.cpp 1408983 
>   /trunk/qpid/cpp/src/qpid/sys/TCPIOPlugin.cpp 1408983 
>   /trunk/qpid/cpp/src/qpid/sys/posix/SystemInfo.cpp 1408983 
>   /trunk/qpid/cpp/src/qpid/sys/windows/SystemInfo.cpp 1408983 
>   /trunk/qpid/cpp/src/tests/SystemInfo.cpp 1408983 
> 
> Diff: https://reviews.apache.org/r/8076/diff/
> 
> 
> Testing
> -------
> 
> Tested manually by restricting the listening to either loopback, ethernet, or a virtual
bridge in various combinations using regular and SSL connections and seeing that connections
are correctly refused.
> 
> 
> Thanks,
> 
> Andrew Stitcher
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message