Commit Graph

26 Commits

Author SHA1 Message Date
Kefu Chai
29d311a54c doc/dev/msgr2: add state machine diagrams
Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-05-18 20:30:05 +08:00
Ilya Dryomov
5eea038b71 doc/dev/msgr2: fix inconsistencies and update for msgr2.1
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2020-06-17 21:56:52 +02:00
Kefu Chai
0cb56e0f13 doc: use plantweb as fallback of sphinx-ditaa
RTD does not support installing system packages, the only ways to install
dependencies are setuptools and pip. while ditaa is a tool written in
Java. so we need to find a native python tool allowing us to render ditaa
images. plantweb is able to the web service for rendering the ditaa
diagram. so let's use it as a fallback if "ditaa" is not around.

also start a new line after the directive, otherwise planweb server will
return 500 at seeing the diagram.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2020-04-10 08:38:06 +08:00
Michael Prokop
d98b3e36a9 doc: fix typos
s/amount of times/number of times/
s/assosciated/associated/
s/availabe/available/
s/Commiting/Committing/
s/Containter/Container/
s/dependant/dependent/
s/developement/development/
s/filesytem/filesystem/
s/guarenteed/guaranteed/
s/hiearchy/hierarchy/
s/intance/instance/
s/Interger/Integer/
s/mutiple/multiple/
s/nubmer/number/
s/occured/occurred/
s/overriden/overridden/
s/reseted/reset/
s/sytem/system/
s/unkown/unknown/

Signed-off-by: Michael Prokop <mika@grml.org>
2019-09-26 09:17:07 +02:00
Sage Weil
937f28e6a6 doc/releases/nautilus: add msgr2 refs
Signed-off-by: Sage Weil <sage@redhat.com>
2019-03-11 10:31:49 -05:00
Ricardo Dias
d5fab790ef
doc/msgr2: session establishment failure scenarios
Signed-off-by: Ricardo Dias <rdias@suse.com>
2019-02-19 12:14:51 +00:00
Sage Weil
bc7f567467 msg/async/ProtocolV2: refuse incoming reconnect attempt intended for someone else
The same scenario that was possible on client_ident is also possible
for reconnect: on the accepting side we recognized the client_addrs
but the client is trying to reach someone else.  Since the cookie is a
random 64-bit value it is unlikely, but still possible, that we will
match an existing session that is not for the client.

Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-11 11:02:28 -06:00
Sage Weil
e399fc7514 msg/async/ProtocolV2: refuse incoming connection intended for someone else
If we get a client_ident frame, and they are trying to talk to someone
else, drop the connection.

This is an inelegant workaround to http://tracker.ceph.com/issues/38247.
A nicer fix would be to restructure the protocol so that the client knows
who they connected to before they try to open a session.  That is a bigger
change that can follow...

Fixes: http://tracker.ceph.com/issues/38247
Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-11 09:29:30 -06:00
Sage Weil
2e9c61de49 doc/dev/msgr2: bring up to date with new HELLO, different RECONNECT
Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-07 17:05:10 -06:00
Sage Weil
86c99bf023 msg/async/ProtocolV2: separate IDENT into {CLIENT,SERVER}_IDENT
This is less ambiguous and easier to document since the frame payloads
are different.

Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-07 17:05:10 -06:00
Sage Weil
c7ee66c3e5 auth,msg/async/ProtocolV2: negotiate connection modes
The modes are:

- crc: crc32c checksums to protect against bit errors.  No secrecy or
  authenticity guarantees, so a MITM could alter traffic in flight.
- secure: cryptographic secrecy and authenticity proection (i.e, encrypted
  and signed).

We do not include a 'signed' mode that provides authenticity without
secrecy because the cryptographic protocols appear to be faster than
SHA-2.

New settings:

- ms_cluster_mode  : mode(s list) for intra-cluster connections
- ms_service_mode  : mode(s list) for daemons to allow
- ms_client_mode   : mode(s list) for clients to allow

Also,

- ms_mon_cluster_mode  : mon <-> mon connections
- ms_mon_service_mode  : mon <-> daemon or client connections

The msgr2 protocol is expanded slightly to negotiate a mode.  Client
shares it's allowed/preferred modes, and server picks one as auth finishes.
Negotiation is independent of the authentication, except that the
authentiction mode may precluse certain choices. Specifically, AUTH_NONE
does not support 'secure', only 'crc'.

Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-07 12:10:33 -06:00
Sage Weil
c1a2d1be52 doc/dev/msgr2: update docs to match implementation for auth frames
Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-07 06:53:03 -06:00
Sage Weil
1c40968bd5 msg/async: separate TAG_AUTH_REQUEST_MORE and TAG_AUTH_REPLY_MORE
Signed-off-by: Sage Weil <sage@redhat.com>
2019-02-07 06:53:03 -06:00
Sage Weil
141c305c12 doc/dev/cephx: document current implementation of cephx
Signed-off-by: Sage Weil <sage@redhat.com>
2019-01-29 12:28:36 -06:00
Sage Weil
9badd953f4 doc/dev/msgr2: checksum frame header (tag + length)
Ensure we catch transport errors early (before we, say, try to allocate
a missized payload buffer).

Signed-off-by: Sage Weil <sage@redhat.com>
2019-01-07 15:01:21 -06:00
Sage Weil
b2240bce41 doc/dev/msgr2: better formatting
Signed-off-by: Sage Weil <sage@redhat.com>
2018-09-07 11:01:33 -05:00
Sage Weil
b24e187b5a doc/dev/msgr2: clarify padding alignment
Signed-off-by: Sage Weil <sage@redhat.com>
2018-09-07 11:01:24 -05:00
Sage Weil
5eb0620f12 doc/dev/msgr2: tweak message flow handshake
- specify entity_name_t in TAG_IDENT instead of every msg
header
- add more notes
- include optional padding before the data segment for a msg

Signed-off-by: Sage Weil <sage@redhat.com>
2018-09-06 17:30:25 -05:00
Sage Weil
4b50277666 doc/dev/msgr2: remove stream concept, streamline auth
- Remove stream concept.  it was incompletely/poorly
specified, and we dno't actually want to implement it now. We
can do it later now that we have a banner that advertises
features more clearly.

- Simplify the auth messages a bit: make a MORE message that
isn't a request (or reply), and a final DONE.  DONE comes from
the server, not the client.  Drop the SET_METHOD which can be
rolled into the REQUEST message.

Signed-off-by: Sage Weil <sage@redhat.com>
2018-09-06 14:29:42 -05:00
Ricardo Dias
39e025b544
doc/dev/msgr2.rst: update of the banner and authentication phases
Signed-off-by: Ricardo Dias <rdias@suse.com>
2018-01-24 10:33:48 +00:00
Sage Weil
73934df3b0 doc/dev/msgr2.rst: a few notes on protocol goals
Signed-off-by: Sage Weil <sage@redhat.com>
2018-01-23 17:40:43 -06:00
Sage Weil
84c2aa4710 doc/dev/msgr2: TAG_COSE
Signed-off-by: Sage Weil <sage@redhat.com>
2016-06-10 17:14:46 -04:00
Sage Weil
c846f06548 doc/dev/msgr2: fix english; drop TAG_START
Signed-off-by: Sage Weil <sage@redhat.com>
2016-06-10 17:11:04 -04:00
Sage Weil
bd47272b93 doc/dev/msgr2: include stream ids
- Add stream ids to the protocol.  This will allow us to
  multiplex multiple entities over the same TCP
  connection.

- Add a frame length.  This lets us pull entire frames
  off the wire without any introspection.  This is
  helpful on the implementation side because each stream
  may have a different cipher and for performance reasons
  because we want to pull large chunks from the network
  at a time.

- Simplify to a single frame format description, with
  only one optional variation (signature or no
  signature).

Signed-off-by: Sage Weil <sage@redhat.com>
2016-06-10 06:57:29 -04:00
Sage Weil
45766fed18 doc/dev/msgr2: drop confounder on *every* message
I don't think this is necessary.  Our signature and cipher state
includes prior messages, so as long as we have a confounded
start (a confounder in MSG_AUTH_DONE, in this case) then we are
in good shape.

Signed-off-by: Sage Weil <sage@redhat.com>
2016-06-03 09:03:48 -04:00
Sage Weil
e4d5d2d1b3 doc/dev/msgr2: document msgr2 protocol
Signed-off-by: Sage Weil <sage@redhat.com>
2016-06-02 14:02:05 -04:00