Fast-DDS icon indicating copy to clipboard operation
Fast-DDS copied to clipboard

Published 20 hours ago verified publisher icon eProsima

[19778][20296] Add netmask filter transport configuration + interface allowlist and blocklist

Open juanlofer-eprosima opened this issue 1 year ago • 3 comments

Description

This PR adds two new features:

  • Netmask filtering: allows to configure participants, (UDP/TCP) transports and/or specific interfaces (via allowlist) so that no messages are sent from an interface to remote locators from outside its network domain (given by network mask).
  • Blocklist: allows to ignore the interfaces present in this collection. These can be specified by IP or device name, and this list takes precedence over allowlist/whitelist.

Behaviour changes:

  • System's network interfaces are now cached in SystemInfo singleton, in order to reduce the number of system calls performed and promote consistency across separate Fast-DDS code sections.
  • Transformation of received remote locators to local ones is now only attempted when they correspond to (Fast-DDS) entities created in the same host. More specifically, now it is the GUID of the corresponding entity what is used to determine whether the locator is local, rather than by looking for a match in the local interfaces. This avoids the erroneous transformation of a truly remote locator to localhost when there is a coincidence in the IPs assigned to two machines' interfaces (example: docker0 -> 172.17.0.1).

Contributor Checklist

  • [x] Commit messages follow the project guidelines.
  • [x] The code follows the style guidelines of this project.
  • [ ] Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
  • [x] Any new/modified methods have been properly documented using Doxygen.
  • [ ] Changes are ABI compatible.
  • [x] Changes are API compatible.
  • [x] New feature has been added to the versions.md file (if applicable).
  • [x] New feature has been documented/Current behavior is correctly described in the documentation. Related documentation PR: eProsima/Fast-DDS-docs# (PR)
  • [ ] Applicable backports have been included in the description.

Reviewer Checklist

  • [x] The PR has a milestone assigned.
  • [x] The title and description correctly express the PR's purpose.
  • [ ] Check contributor checklist is correct.
  • [ ] Check CI results: changes do not issue any warning.
  • [ ] Check CI results: failing tests are unrelated with the changes.

juanlofer-eprosima avatar Jan 12 '24 12:01 juanlofer-eprosima

@richiprosima please test this

Mario-DL avatar Mar 12 '24 08:03 Mario-DL

@richiprosima please test this

Mario-DL avatar Mar 14 '24 07:03 Mario-DL

@richiprosima please test this

Mario-DL avatar Mar 14 '24 08:03 Mario-DL

@richiprosima please test this

EduPonz avatar Mar 15 '24 17:03 EduPonz

@richiprosima please test windows test mac

EduPonz avatar Mar 16 '24 07:03 EduPonz

@richiprosima please check style

EduPonz avatar Mar 17 '24 07:03 EduPonz