-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ip ignore as ipag #3
base: master
Are you sure you want to change the base?
Conversation
…nets. An EPICS channel access server will ignore requests from IP addresses that are from one of the IP subnets specified in EPICS_CAS_IGNORE_NET_LIST. The subnet specifications in EPICS_CAS_IGNORE_NET_LIST must be separated with spaces. Three forms of subnet specifications are supported: - CIDR notation, example: 192.168.12.0/24 - Address and mask notation, example: 192.168.12.0:255.255.255.0 - Single IP address, example: 192.168.12.10 Notes for the dependency from EPICS base: This version of PCAS only supports EPICS_CAS_IGNORE_NET_LIST if it is compiled against an EPICS base that supports this feature too. It is however, backwards compatible and can be compiled against older versions of EPICS base. In this case, EPICS_CAS_IGNORE_NET_LIST is not supported. Notes for software that uses PCAS: This patch adds a private element to casDGIntfIO defined in casDGIntfIO.h. It shouldn't be necessary to change the source code of applications that are compiled against PCAS, but they need to be recompiled.
Up to now, channel access security allowed to specify access rules for clients based on user- and host names. This patch adds IP access groups. Now access rules may contain the client's IP address too. The IP access group, "IPAG", can be used together with host access groups, "HAG" or can replace these. Notes for the dependency from EPICS base: This version of PCAS only supports IP access groups if it is compiled against an EPICS base that supports this feature too. It is however, backwards compatible and can be compiled against older versions of EPICS base. In this case, IP access groups are not supported. Notes for software that uses PCAS: This patch changes the API of PCAS. In general, users of the library have to provide the IP address of the client. These are the changes: - In casChannelI.h, casChannelI::setOwner has an additional parameter - In casPVI.h, casPVI::createChannel has an additional parameter - In casStrmClient.h, class casStrmClient has a new private element - In casdef.h, casPV::createChannel has an additional parameter - In casdef.h, casChannelI::setOwner has an additional parameter The changes are active when EPICS_HAS_AS_IPAG is defined, which is the case when the EPICS base also supports IP access groups.
From a quick glance. Where is the macro |
He's adding several |
On 12/6/19 6:00 PM, mdavidsaver wrote:
From a quick glance. Where is the macro |EPICS_HAS_AS_IPAG| defined? Also, why is this needed? imo. having macro conditional arguments is quite
ugly, and likely not acceptable in public/installed headers. With c++, usually default argument values, or an overloaded method are the way to add
arguments while maintaining API compatibility.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#3?email_source=notifications&email_token=ACOEWZBIW2EC43OEJ2LNQDTQXKAJDA5CNFSM4JW4IYTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGEWXQI#issuecomment-562654145>,
or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACOEWZEOX27WC65TNMR7Z33QXKAJDANCNFSM4JW4IYTA>.
Hello Michael,
checking a client's IP address in channel access security required that this address is provided as an
additional parameter to some of it's functions.
Channel access security is implemented in C and this is an incompatible change in the API.
Since I wanted the channel access gateway code to support the old and the new API I introduced
a macro in file epicsVersion.h. This header file is generated from the perl script makeEpicsVersion.pl
in EPICS base.
I agree that macro conditional arguments look a bit ugly. These are currently used by my patches in PCAS and
CA-gateway but not in EPICS base.
Since PCAS and CA-gateway are implemented in C++. it should be possible to use default argument
values. I think I can change this.
Greetings
Goetz
|
Pull Request for 2 features:
EPICS_CAS_IGNORE_NET_LIST
address a client must have
This depends on similar patches to be applied to EPICS base.