* access-control check_remote_datareader has "relay_only" as an out
parameter, so should pass in an address instead of "false";
* value of "relay_only" returned by check_remote_datareader must be
passed to crypto register_matched_remote_datareader
Signed-off-by: Erik Boasson <eb@ilities.com>
Security plugins are built but not installed. Add target to CMakeLists.txt
for three security plugins.
Signed-off-by: Sid Faber <sid.faber@canonical.com>
Isolate domains by using unique tags when running tests that are using security handshake.
And updated coding style and some minor refactoring in fsm and timed_cb tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Trusted CA dir in security configuration is optional, but participant
creation currently fails if no or empty dir is provided. This commit
fixes this issue and adds some tests for various trusted_ca_dir values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
updated plugin loading tests to use these instead of specific wrappers per test. Added
test for securing communication ad handshake fail (using different identity CAs)
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
An update for the security documentation that is part of the CycloneDDS
manual:
- added openssl commands for creating a set of CA and identity certificates
- code fragment for setting security by qos and example of xml security config
- commands for signing governance and permissions documents using openssl
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
ddsrt_asprintf did not copy non-English interface names. To fix this memory is
allocated with ddsrt_malloc and UTF-16 encoded interface names are converted to
UTF-8.
Signed-off-by: Jeroen Koekkoek <jeroen@koekkoek.nl>
This adds options to check for "unreasonable" RSS growth, receipt of a
minimum number of samples and having run a minimum number of roundtrips.
Signed-off-by: Erik Boasson <eb@ilities.com>
A keep-last volatile WHC retained data already overwritten by the writer
in the absence of ACKs, introduced by 231cb8c9.
Signed-off-by: Erik Boasson <eb@ilities.com>
The status mask on some readers got reduced to just "data available"
when used in conjunction with a waitset, but the consequence is that the
"subscription matched" listener would be suppressed.
Signed-off-by: Erik Boasson <eb@ilities.com>
This already was leaking out in the interface, so this name change was
needed too. The relationship between plist and xqos being so intimate,
doing the one but not the other made no sense.
Signed-off-by: Erik Boasson <eb@ilities.com>
The name (not its definition) now leaks out in ddsi_sertopic, and the
messy old names really shouldn't pollute the interface any more than
necessary.
Signed-off-by: Erik Boasson <eb@ilities.com>
This also removes the code duplication for the handling delivery from
local vs remote writers. (And it adds a test.)
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit changes the implementation of topics so that multiple topic
entities can exist in a single participant for the same topic.
Different entities may refer to different topic implementations
(sertopics, akin to a type support in the DDS specification). All
entities (for the same participant) always have the same QoS, via the
new "ktopic" table in the participant.
Readers and writers are bound to a topic entity and inherit its
properties. If a topic comes in two definitions, say one for C and one
for C++, one can have a single participant with a reader delivering the
data in C representation and another reader delivering it in C++
representation.
This changes the behaviour of create_topic and find_topic: these now (on
successful return) always return a new entity (and thus with a unique
handle), where previously these would simply return a existing one when
possible.
This also requires some small additions to the sertopic/serdata
interface.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Use the parameter tables to pretty-print QoS and plist, rather than a
hard-coded function supporting only the QoS.
* Support diffing two plists: a single table-driven function can handle
both nn_plist_t and ddsi_qos_t, and it removes the discrepancy between
the two types.
* Log content of discovery samples in trace rather than merely printing
"(plist)"
Signed-off-by: Erik Boasson <eb@ilities.com>
