#include "totemconfig.h"
#define TOKEN_RETRANSMITS_BEFORE_LOSS_CONST 4
-#define TOKEN_TIMEOUT 1000
+#define TOKEN_TIMEOUT 3000
#define TOKEN_WARNING 75
#define TOKEN_COEFFICIENT 650
#define JOIN_TIMEOUT 50
#define MAX_MESSAGES 17
#define MISS_COUNT_CONST 5
#define BLOCK_UNLISTED_IPS 1
+/* This constant is not used for knet */
+#define UDP_NETMTU 1500
/* Currently all but PONG_COUNT match the defaults in libknet.h */
#define KNET_PING_INTERVAL 1000
}
-static int totem_get_crypto(struct totem_config *totem_config, const char **error_string)
+static int totem_get_crypto(struct totem_config *totem_config, icmap_map_t map, const char **error_string)
{
char *str;
const char *tmp_cipher;
tmp_cipher = "none";
tmp_model = "none";
- if (icmap_get_string("totem.crypto_model", &str) == CS_OK) {
+ if (icmap_get_string_r(map, "totem.crypto_model", &str) == CS_OK) {
if (strcmp(str, "nss") == 0) {
tmp_model = "nss";
}
tmp_model = "nss";
}
- if (icmap_get_string("totem.secauth", &str) == CS_OK) {
+ if (icmap_get_string_r(map, "totem.secauth", &str) == CS_OK) {
if (strcmp(str, "on") == 0) {
tmp_cipher = "aes256";
tmp_hash = "sha256";
free(str);
}
- if (icmap_get_string("totem.crypto_cipher", &str) == CS_OK) {
+ if (icmap_get_string_r(map, "totem.crypto_cipher", &str) == CS_OK) {
if (strcmp(str, "none") == 0) {
tmp_cipher = "none";
}
free(str);
}
- if (icmap_get_string("totem.crypto_hash", &str) == CS_OK) {
+ if (icmap_get_string_r(map, "totem.crypto_hash", &str) == CS_OK) {
if (strcmp(str, "none") == 0) {
tmp_hash = "none";
}
return -1;
}
+ if (strcmp(tmp_cipher, totem_config->crypto_cipher_type) ||
+ strcmp(tmp_hash, totem_config->crypto_hash_type) ||
+ strcmp(tmp_model, totem_config->crypto_model)) {
+ totem_config->crypto_changed = 1;
+ }
+
strncpy(totem_config->crypto_cipher_type, tmp_cipher, CONFIG_STRING_LEN_MAX);
strncpy(totem_config->crypto_hash_type, tmp_hash, CONFIG_STRING_LEN_MAX);
strncpy(totem_config->crypto_model, tmp_model, CONFIG_STRING_LEN_MAX);
autogenerated?"(autogenerated from ":"",
autogenerated?ring0_addr:"",
autogenerated?")":"");
- log_printf (LOGSYS_LEVEL_ERROR, error_string_response);
*error_string = error_string_response;
break;
}
if (res != 3 || strcmp(tmp_key2, "_addr") != 0) {
continue;
}
+ if (linknumber >= INTERFACE_MAX) {
+ snprintf (error_string_response, sizeof(error_string_response),
+ "parse error in config: interface ring number %u is bigger than allowed maximum %u\n",
+ linknumber, INTERFACE_MAX - 1);
+ *error_string = error_string_response;
+
+ icmap_iter_finalize(iter2);
+ icmap_iter_finalize(iter);
+ return (-1);
+ }
if (icmap_get_string_r(map, iter_key2, &node_addr_str) != CS_OK) {
continue;
if (icmap_get_string("totem.transport", &str) == CS_OK) {
if (strcmp (str, "udpu") == 0) {
totem_config->transport_number = TOTEM_TRANSPORT_UDPU;
- }
-
- if (strcmp (str, "udp") == 0) {
+ } else if (strcmp (str, "udp") == 0) {
totem_config->transport_number = TOTEM_TRANSPORT_UDP;
- }
-
- if (strcmp (str, "knet") == 0) {
+ } else if (strcmp (str, "knet") == 0) {
totem_config->transport_number = TOTEM_TRANSPORT_KNET;
+ } else {
+ *error_string = "Invalid transport type. Should be udpu, udp or knet";
+ free(str);
+ return -1;
}
free(str);
icmap_get_uint32("totem.version", (uint32_t *)&totem_config->version);
- if (totem_get_crypto(totem_config, error_string) != 0) {
+ /* initial crypto load */
+ if (totem_get_crypto(totem_config, icmap_get_global_map(), error_string) != 0) {
+ return -1;
+ }
+ if (totem_config_keyread(totem_config, icmap_get_global_map(), error_string) != 0) {
return -1;
}
+ totem_config->crypto_index = 1;
+ totem_config->crypto_changed = 0;
if (icmap_get_string("totem.link_mode", &str) == CS_OK) {
if (strlen(str) >= TOTEM_LINK_MODE_BYTES) {
if ((totem_config->transport_number == TOTEM_TRANSPORT_UDP) &&
memcmp (&totem_config->interfaces[i].mcast_addr, &null_addr,
sizeof (struct totem_ip_address)) == 0) {
- error_reason = "No multicast address specified";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "No multicast address specified for interface %u", i);
goto parse_error;
}
if (totem_config->interfaces[i].ip_port == 0) {
- error_reason = "No multicast port specified";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "No multicast port specified for interface %u", i);
goto parse_error;
}
if (totem_config->interfaces[i].ttl > 255) {
- error_reason = "Invalid TTL (should be 0..255)";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "Invalid TTL (should be 0..255) for interface %u", i);
goto parse_error;
}
if (totem_config->transport_number != TOTEM_TRANSPORT_UDP &&
totem_config->interfaces[i].ttl != 1) {
- error_reason = "Can only set ttl on multicast transport types";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "Can only set ttl on multicast transport types for interface %u", i);
goto parse_error;
}
if (totem_config->interfaces[i].knet_link_priority > 255) {
- error_reason = "Invalid link priority (should be 0..255)";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "Invalid link priority (should be 0..255) for interface %u", i);
goto parse_error;
}
if (totem_config->transport_number != TOTEM_TRANSPORT_KNET &&
totem_config->interfaces[i].knet_link_priority != 1) {
- error_reason = "Can only set link priority on knet transport type";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "Can only set link priority on knet transport type for interface %u", i);
goto parse_error;
}
if (totem_config->interfaces[i].mcast_addr.family == AF_INET6 &&
totem_config->node_id == 0) {
-
- error_reason = "An IPV6 network requires that a node ID be specified.";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "An IPV6 network requires that a node ID be specified for interface %u", i);
goto parse_error;
}
if (totem_config->broadcast_use == 0 && totem_config->transport_number == TOTEM_TRANSPORT_UDP) {
if (totem_config->interfaces[i].mcast_addr.family != totem_config->interfaces[i].bindnet.family) {
- error_reason = "Multicast address family does not match bind address family";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "Multicast address family does not match bind address family for interface %u", i);
goto parse_error;
}
if (totemip_is_mcast (&totem_config->interfaces[i].mcast_addr) != 0) {
- error_reason = "mcastaddr is not a correct multicast address.";
+ snprintf (local_error_reason, sizeof(local_error_reason),
+ "mcastaddr is not a correct multicast address for interface %u", i);
goto parse_error;
}
}
totem_config->net_mtu = KNET_MAX_PACKET_SIZE;
}
else {
- totem_config->net_mtu = 1500;
+ totem_config->net_mtu = UDP_NETMTU;
}
}
int totem_config_keyread (
struct totem_config *totem_config,
+ icmap_map_t map,
const char **error_string)
{
int got_key = 0;
char *key_location = NULL;
int res;
size_t key_len;
+ char old_key[TOTEM_PRIVATE_KEY_LEN_MAX];
+ size_t old_key_len;
+
+ /* Take a copy so we can see if it has changed */
+ memcpy(old_key, totem_config->private_key, sizeof(totem_config->private_key));
+ old_key_len = totem_config->private_key_len;
memset (totem_config->private_key, 0, sizeof(totem_config->private_key));
totem_config->private_key_len = 0;
}
/* cmap may store the location of the key file */
- if (icmap_get_string("totem.keyfile", &key_location) == CS_OK) {
+ if (icmap_get_string_r(map, "totem.keyfile", &key_location) == CS_OK) {
res = read_keyfile(key_location, totem_config, error_string);
free(key_location);
if (res) {
}
got_key = 1;
} else { /* Or the key itself may be in the cmap */
- if (icmap_get("totem.key", NULL, &key_len, NULL) == CS_OK) {
+ if (icmap_get_r(map, "totem.key", NULL, &key_len, NULL) == CS_OK) {
if (key_len > sizeof(totem_config->private_key)) {
sprintf(error_string_response, "key is too long");
goto key_error;
sprintf(error_string_response, "key is too short");
goto key_error;
}
- if (icmap_get("totem.key", totem_config->private_key, &key_len, NULL) == CS_OK) {
+ if (icmap_get_r(map, "totem.key", totem_config->private_key, &key_len, NULL) == CS_OK) {
totem_config->private_key_len = key_len;
got_key = 1;
} else {
goto key_error;
}
+ if (old_key_len != totem_config->private_key_len ||
+ memcmp(old_key, totem_config->private_key, sizeof(totem_config->private_key))) {
+ totem_config->crypto_changed = 1;
+ }
+
return (0);
key_error:
}
+int totem_reread_crypto_config(struct totem_config *totem_config, icmap_map_t map, const char **error_string)
+{
+ if (totem_get_crypto(totem_config, map, error_string) != 0) {
+ return -1;
+ }
+ if (totem_config_keyread(totem_config, map, error_string) != 0) {
+ return -1;
+ }
+ return 0;
+}
+
static void debug_dump_totem_config(const struct totem_config *totem_config)
{
projects / mirror_corosync.git / blobdiff