Ip ignore as ipag #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
December 6, 2019 15:49
…nets. An EPICS channel access server will ignore requests from IP addresses that are from one of the IP subnets specified in EPICS_CAS_IGNORE_NET_LIST. The subnet specifications in EPICS_CAS_IGNORE_NET_LIST must be separated with spaces. Three forms of subnet specifications are supported: - CIDR notation, example: 192.168.12.0/24 - Address and mask notation, example: 192.168.12.0:255.255.255.0 - Single IP address, example: 192.168.12.10 Notes for the dependency from EPICS base: This version of PCAS only supports EPICS_CAS_IGNORE_NET_LIST if it is compiled against an EPICS base that supports this feature too. It is however, backwards compatible and can be compiled against older versions of EPICS base. In this case, EPICS_CAS_IGNORE_NET_LIST is not supported. Notes for software that uses PCAS: This patch adds a private element to casDGIntfIO defined in casDGIntfIO.h. It shouldn't be necessary to change the source code of applications that are compiled against PCAS, but they need to be recompiled.
Up to now, channel access security allowed to specify access rules for clients based on user- and host names. This patch adds IP access groups. Now access rules may contain the client's IP address too. The IP access group, "IPAG", can be used together with host access groups, "HAG" or can replace these. Notes for the dependency from EPICS base: This version of PCAS only supports IP access groups if it is compiled against an EPICS base that supports this feature too. It is however, backwards compatible and can be compiled against older versions of EPICS base. In this case, IP access groups are not supported. Notes for software that uses PCAS: This patch changes the API of PCAS. In general, users of the library have to provide the IP address of the client. These are the changes: - In casChannelI.h, casChannelI::setOwner has an additional parameter - In casPVI.h, casPVI::createChannel has an additional parameter - In casStrmClient.h, class casStrmClient has a new private element - In casdef.h, casPV::createChannel has an additional parameter - In casdef.h, casChannelI::setOwner has an additional parameter The changes are active when EPICS_HAS_AS_IPAG is defined, which is the case when the EPICS base also supports IP access groups.
|
From a quick glance. Where is the macro |
|
He's adding several |
|
On 12/6/19 6:00 PM, mdavidsaver wrote:
From a quick glance. Where is the macro |EPICS_HAS_AS_IPAG| defined? Also, why is this needed? imo. having macro conditional arguments is quite
ugly, and likely not acceptable in public/installed headers. With c++, usually default argument values, or an overloaded method are the way to add
arguments while maintaining API compatibility.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#3?email_source=notifications&email_token=ACOEWZBIW2EC43OEJ2LNQDTQXKAJDA5CNFSM4JW4IYTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGEWXQI#issuecomment-562654145>,
or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACOEWZEOX27WC65TNMR7Z33QXKAJDANCNFSM4JW4IYTA>.
Hello Michael,
checking a client's IP address in channel access security required that this address is provided as an
additional parameter to some of it's functions.
Channel access security is implemented in C and this is an incompatible change in the API.
Since I wanted the channel access gateway code to support the old and the new API I introduced
a macro in file epicsVersion.h. This header file is generated from the perl script makeEpicsVersion.pl
in EPICS base.
I agree that macro conditional arguments look a bit ugly. These are currently used by my patches in PCAS and
CA-gateway but not in EPICS base.
Since PCAS and CA-gateway are implemented in C++. it should be possible to use default argument
values. I think I can change this.
Greetings
Goetz
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request for 2 features:
EPICS_CAS_IGNORE_NET_LIST
address a client must have
This depends on similar patches to be applied to EPICS base.