The transition to not-alive can occur between registering the lease and
making the proxy writer visible in the GUID hash table, so handling
lease expiry for proxy writer must not depend on it being visible
there.
Signed-off-by: Erik Boasson <eb@ilities.com>
And updated dds_read_instance_mask and dds_take_instance_mask to work with DDS_READ_WITHOUT_LOCK
Signed-off-by: Thijs Sassen <thijs.sassen@adlinktech.com>
This commit contains the implementation of the deadline QoS
for readers and writers. The description of this QoS in
the DDS specification (section 2.2.3.7):
"This policy is useful for cases where a Topic is expected to
have each instance updated periodically. On the publishing side this
setting establishes a contract that the application must meet.
On the subscribing side the setting establishes a minimum
requirement for the remote publishers that are expected to supply
the data values."
On the writer side, the deadline missed event also needs to trigger in
case only local readers exist. The implementation for this inserts
the sample in the writer history cache temporary, so that an instance
is created in the whc. Immediately after inserting the sample, it is
removed again. With the creation of the instance, the deadline missed event
is created, which will take care of triggering the deadline missed
callback if required. In case the instance already existed, the timer
of the event is renewed.
To verify the changes to the writer history cache, add an additional
test to check the write history cache state. This test checks the state
of the whc after writing samples by a writer with specific combinations
of qos settings. The state of the whc is checked for stored
samples (min/max sequence number) and the absence of unacked data, after
writing samples and wait for acks by the local and/or remote
readers (which is also a parameter for this test). This test is
introduced as part of the deadline implementation, but its scope is
wider than only the changes that were made in the whc implementation for
the deadline qos.
This test showed that even before the deadline support was added,
whc_default_remove_acked_messages_full data was not marked as acked in
case of transient-local keep-all. This resulted in data in whc that
never gets in acked state. This has been fixed as well.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
These topics are non-standard and not actually used anywhere in Cyclone,
so it is rather silly to keep them.
Signed-off-by: Erik Boasson <eb@ilities.com>
Security plugin loading with the given configuration has been added.
The configuration can be given by either the Cyclone DDS configuration file or ParticipantQoS during participant creation.
ParticipantQoS is required by DDS Security spec. However, the configuration file is an additional useful feature that helps the user to add security to the DDS application without changing the binary.
If ParticipantQoS has a Property starting with the name "dds.sec", then the configuration file is ignored.
If the participant is the first participant, the security component is initialized. If the participant is the last active participant, then the security component is de-initialized.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
This commit enables specifying a duration for data to be valid when writing
samples. After this duration, samples are dropped from the reader and writer
history cache. See section 2.2.3.16 of the DDS specification for more
details on this QoS.
The expiration of samples in the reader history cache is calculated
based on the reception timestamp of the sample and uses the monotonic
clock. As a result, the current implementation does not rely on clock
synchronisation between reader and writer. There may be reasons to
change this behavior in future and use the source timestamp instead.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Some changes in the xevents code for deleting callback events,
required for the lifespan QoS implementation. With these changes,
there is no longer a possibility of the callback still being
executing or getting invoked after delete_xevent_callback has
returned.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Maintain an index of all entities on (kind, topic, GUID) in addition to
the concurrent hash table on GUID and use that when looking for matching
entities. For endpoint matching, restrict the scan to readers/writers
of the right topic, for regular iterators, restrict it to the range of
the correct entity kind.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Fix array keys on little-endian machines
Signed-off-by: Erik Boasson <eb@ilities.com>
* Test for writing topics with an array as key
Signed-off-by: Erik Boasson <eb@ilities.com>
* DDS Security built-in Cryptographic plugin
This commit adds the built-in Cryptographic plugin that is part of the
DDS Security implementation for Cyclone.
The Cryptographic plugin defines the types and operations necessary
to support encryption, digest, message authentication codes, and key
exchange for DDS DomainParticipants, DataWriters and DDS DataReaders.
Similar to other builtin plugins, the DDS Security cryptographic plugin
is built as a shared library to allow dynamic library loading on runtime.
This enables DDS participants to use specific plugin implementations
with different configurations.
Although I think this initial version is a reasonable starting point to be
merged in the security branch, some parts of the code will need refactoring:
* crypto_key_factory.c: crypto_factory_get_endpoint_relation returns
arbitrary local-remote relation if no specific key for remote is found,
which will not work in Cyclone because participants can have different
security settings
* performance of encoding data can be improved by not copying
plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data
should allow encrypting parts of a message)
* when decoding a message the message is split in several parts (header, body,
footer, etc) and for this memory is allocated which is probably not necessary.
Performance should be improved by removing these allocations and use pointers
to the data instead.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP processing crypto plugin review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP more refactoring based on review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing crypto plugin support for 128 bit key size
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored master key storage to reduce memory usage when using 128 bit keys
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing windows build linker issue
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored crypto key types, avoid returning pointers to released ref-counted object
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed bug in test decode_datareader_submessage.invalid_data
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
- moved de-registration of a lease to a separate function, so that
it is called synchronously when a pwr is deleted, to prevent the
lease from expiring (before this change, the lease was renewed with
t_never, but that does not work because of a check with early out
in lease_renew)
- handle proxypp->owns_lease correctly: when an OpenSplice instance
was running in the same network and participants from OpenSplice were
discovered, the lease-renewal fails in case the proxy participant's
lease was not registered in minl_auto, which happens when the
proxypp depends on its parent (ddsi2) participant.
- increased lease duration in create_delete_writer stress test
to avoid failed tests due to delayed pmd messages
- fixed the indenting in liveliness tests source file
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* String functions required by DDS Security Access Control plugin
The implementation for the DDS Security Access Control plugin
requires two additional string functions. This commit adds the
ddsrt_str_replace function (including tests) and exports the
existing function ddsrt_todigit.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Suppress strcpy warnings in Windows builds for ddsrt_str_replace
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Minor nitpicks on ddsrt_str_replace
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit adds the implementation for the liveliness kind manual-by-topic.
With these changes, the api function dds_assert_liveliness now accepts a
writer as entity. Asserting liveliness on a writer triggers sending a
heartbeat message with the liveliness flag set.
The code for handling reception of a heartbeat message checks for this flag and
if set the lease for the proxy writer is renewed (and the shortest manual-by-participant
lease on the proxy participant as well, because the message also indicates that the
remote participant is alive). Receiving data (handle_regular) also renews the
lease on the proxy writer in case it has the manual-by-topic liveliness kind.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Refactored locking for pwr->alive so that locking order is consistent (locking
pwr->c.proxypp->e.lock while holding pwr->e.lock is the expected order). And
processed other review comments: removed lock for ephash_lookup, added
additional comments, set pwr->lease to null if not initialised.
Because of intermittent timing issues with liveliness expiry test in Travis, I've
increase the time-out and retry limit for this test.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Check that proxy writer is still alive (could be not-alive due to deleting) in code path for proxy writer's lease expiry
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Some additional refactoring in locking for pwr->alive for liveliness qos, moved lease free to gc_delete_pwr, refactored the set pwr alive/not alive functions and some minor changes in liveliness tests
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Fixed building liveliness tests on Windows and some cleaning up in liveliness test code
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Added unit tests for (1) testing the scenario that a proxy writer writes data
after its lease is expired, to check that the status for the pwr is set to alive
again and (2) stress-testing the creation and deletetion of writers with
decreasing lease duration. In addition I've optimized the locking in
unref_proxy_participant a bit and fixed the liveliness changed callback
when a writer with expired lease (not-alive) gets alive again.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit adds support for the liveliness QoS for the liveliness
kinds automatic and manual-by-participant. It also implements the
lease_duration from this QoS, which was ignored until now. In the
api the function dds_assert_liveliness is added to assert liveliness
on a participant, which can be used when using liveliness kind
manual-by-participant.
Liveliness kind manual-by-topic is not yet supported, this will be
added in a later commit.
* Proxy participants now have 2 fibheaps to keep leases: one for leases
of pwrs with automatic liveliness and one for leases of the pwrs with
manual-by-participant liveliness (both protected by the proxypp lock).
The minl_auto and minl_man members represent the shortest lease from
these fibheaps and these leases are renewed when receiving data.
Replacing the minl_ leases is now done by replacing the lease object
(atomic ptr) with delayed deletion of the old lease using the gc.
* Proxy writers are set not-alive when the lease expired, and reset to
alive then data is received. When data is received by a pwr, the other
pwrs in the proxypp might also be set alive. I think the specification
is not clear at this point, and for now I have not implemented this
* I refactored out the counter for man-by-pp proxy writers and improved
locking when updating the min-leases on the proxy participant, so I
think this fixes the race conditions.
Some additional tests are required, e.g. to test the not-alive->alive
transition for pwrs. I will add these in short term, as well as the
implementation of the manual-by-topic liveliness kind.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Signed-off-by: Erik Boasson <eb@ilities.com>
Use static assert instead of run-time assert
Signed-off-by: Erik Boasson <eb@ilities.com>
Use static assertion to verify nn_rmsg offset calc
Signed-off-by: Erik Boasson <eb@ilities.com>
This commits adds support for the DOMAIN_ID and DOMAIN_TAG parameters in
participant discovery, allowing multiple domains to share a port
number (a feature introduced in DDSI 2.3). The tag can be configured
via Discovery/Tag.
This commit also introduces a setting Discovery/ExternalDomainId that
makes it possible to override the domain id on the network, both in what
is advertised in the DOMAIN_ID discovery parameter and in the
calculation of port numbers. This way a single process can create two
independent domains that talk via the network, which is on occassion
useful in writing tests.
Signed-off-by: Erik Boasson <eb@ilities.com>
