Offending connections with ACL violations should be cleaned up as
early as possible. When active detects ACL violation and sends reject;
it fills up private_data field. Passive checks for private_data
whenever it receives reject; and in case of ACL violation it destroys
connection.
Orabug:
23222944
Signed-off-by: Ajaykumar Hotchandani <ajaykumar.hotchandani@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
acl_ret = rds_ib_match_acl(cm_id, dp->dp_saddr);
if (acl_ret < 0) {
- rdma_reject(cm_id, &acl_ret, sizeof(int));
- rdsdebug("RDS: IB: rds_ib_match_acl failed\n");
+ int reject_reason = RDS_ACL_FAILURE;
+
+ rdma_reject(cm_id, &reject_reason, sizeof(int));
+ rdsdebug("RDS: IB: passive: rds_ib_match_acl failed\n");
goto out;
}
&conn->c_reject_w,
msecs_to_jiffies(10));
}
+ } else if (event->status == RDS_REJ_CONSUMER_DEFINED &&
+ (*err) == RDS_ACL_FAILURE) {
+ /* Rejection due to ACL violation */
+ pr_err("RDS: IB: conn=%p, <%u.%u.%u.%u,%u.%u.%u.%u,%d> destroyed due to ACL violation\n",
+ conn, NIPQUAD(conn->c_laddr),
+ NIPQUAD(conn->c_faddr),
+ conn->c_tos);
+ rds_ib_conn_destroy_init(conn);
} else {
rds_rtd(RDS_RTD_ERR,
"Rejected: *err %d status %d calling rds_conn_drop <%u.%u.%u.%u,%u.%u.%u.%u,%d>\n",
#define RDS_PROTOCOL_MINOR(v) ((v) & 255)
#define RDS_PROTOCOL(maj, min) (((maj) << 8) | min)
+/* Reject reason codes.
+ * 0401 below indicates 4.1 version.
+ * 0020 indicates type of reject.
+ * Reserving earlier ones for version mismatch or other reasons.
+ */
+#define RDS_ACL_FAILURE 0x04010020
+
/*
* XXX randomly chosen, but at least seems to be unused:
* # 18464-18768 Unassigned
projects / users / jedix / linux-maple.git / commitdiff