From 41a6728780faf35b6b559fe8593925a2f2ef53b8 Mon Sep 17 00:00:00 2001 From: elianalf <62831776+elianalf@users.noreply.github.com> Date: Tue, 5 Dec 2023 14:36:23 +0100 Subject: [PATCH] Add interface whitelist by name (#591) * Refs #19780: Update whitelist doc to allow using interface names Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Fix problem with failed test Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Change 'warning' into 'important' Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Apply suggestion Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Fix problem with failed test Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Update docs/fastdds/transport/whitelist.rst Co-authored-by: juanlofer-eprosima <88179026+juanlofer-eprosima@users.noreply.github.com> Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Fix changes Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: Apply suggestions Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> * Refs #19780: fix line too long Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> --------- Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> Co-authored-by: juanlofer-eprosima <88179026+juanlofer-eprosima@users.noreply.github.com> --- code/DDSCodeTester.cpp | 20 ++++++++- code/XMLTester.xml | 31 ++++++++++++-- docs/fastdds/transport/whitelist.rst | 63 ++++++++++++++++++++-------- 3 files changed, 93 insertions(+), 21 deletions(-) diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp index 6f3846e90..873a35cf8 100644 --- a/code/DDSCodeTester.cpp +++ b/code/DDSCodeTester.cpp @@ -4746,7 +4746,7 @@ void dds_transport_examples () // Create a descriptor for the new transport. auto tcp_transport = std::make_shared(); - // Add loopback to the whitelist + // Add loopback to the whitelist by IP address tcp_transport->interfaceWhiteList.emplace_back("127.0.0.1"); // Link the Transport Layer to the Participant. @@ -4757,6 +4757,24 @@ void dds_transport_examples () //!-- } + { + //WHITELIST-NAME + DomainParticipantQos qos; + + // Create a descriptor for the new transport. + auto tcp_transport = std::make_shared(); + + // Add loopback to the whitelist by interface name + tcp_transport->interfaceWhiteList.emplace_back("lo"); + + // Link the Transport Layer to the Participant. + qos.transport().user_transports.push_back(tcp_transport); + + // Avoid using the builtin transports + qos.transport().use_builtin_transports = false; + //!-- + } + { //CONF-DISABLE-MULTICAST DomainParticipantQos qos; diff --git a/code/XMLTester.xml b/code/XMLTester.xml index 68356c337..4aaf3fd6c 100644 --- a/code/XMLTester.xml +++ b/code/XMLTester.xml @@ -802,7 +802,7 @@ --> - CustomTcpTransport + CustomTcpTransportWhitelistAddress TCPv4
127.0.0.1
@@ -810,11 +810,36 @@ - + false - CustomTcpTransport + CustomTcpTransportWhitelistAddress + + + +<--> + +WHITELIST-NAME<--> + + + + CustomTcpTransportWhitelistName + TCPv4 + + lo + + + + + + + false + + CustomTcpTransportWhitelistName diff --git a/docs/fastdds/transport/whitelist.rst b/docs/fastdds/transport/whitelist.rst index b4ea3b97c..206db5432 100644 --- a/docs/fastdds/transport/whitelist.rst +++ b/docs/fastdds/transport/whitelist.rst @@ -9,32 +9,61 @@ Interface Whitelist Using *Fast DDS*, it is possible to limit the network interfaces used by :ref:`transport_tcp_tcp` and :ref:`transport_udp_udp`. -This is achieved by adding the interfaces' IP addresses to the |SocketTransportDescriptor::interfaceWhiteList-api| +This is achieved by adding the interfaces to the |SocketTransportDescriptor::interfaceWhiteList-api| field in the :ref:`transport_tcp_transportDescriptor` or :ref:`transport_udp_transportDescriptor`. Thus, the communication interfaces used by the |DomainParticipants| whose |TransportDescriptorInterface-api| defines an -|SocketTransportDescriptor::interfaceWhiteList-api| is limited to the interfaces' IP addresses defined in that list, +|SocketTransportDescriptor::interfaceWhiteList-api| is limited to the interfaces' addresses defined in that list, therefore avoiding the use of the rest of the network interfaces available in the system. -The values on this list should match the IPs of your machine in that networks. +The interfaces in |SocketTransportDescriptor::interfaceWhiteList-api| can be specified both by IP address or interface +name. For example: -.. tabs:: +* Interface whitelist filled with IP address: - .. tab:: C++ + .. tabs:: - .. literalinclude:: /../code/DDSCodeTester.cpp - :language: c++ - :start-after: //TRANSPORT-DESCRIPTORS - :end-before: //!-- - :dedent: 8 + .. tab:: C++ - .. tab:: XML + .. literalinclude:: /../code/DDSCodeTester.cpp + :language: c++ + :start-after: //TRANSPORT-DESCRIPTORS + :end-before: //!-- + :dedent: 8 - .. literalinclude:: /../code/XMLTester.xml - :language: xml - :start-after: TRANSPORT-DESCRIPTORS - :end-before: <--> - :lines: 2-3,5- - :append: + .. tab:: XML + + .. literalinclude:: /../code/XMLTester.xml + :language: xml + :start-after: TRANSPORT-DESCRIPTORS + :end-before: <--> + :lines: 2-3,5- + :append: + +* Interface whitelist filled with interface names: + + .. tabs:: + + .. tab:: C++ + + .. literalinclude:: /../code/DDSCodeTester.cpp + :language: c++ + :start-after: //WHITELIST-NAME + :end-before: //!-- + :dedent: 8 + + .. tab:: XML + + .. literalinclude:: /../code/XMLTester.xml + :language: xml + :start-after: WHITELIST-NAME + :end-before: <--> + :lines: 2-3,5- + :append: + +.. important:: + + If none of the values in the transport descriptor's whitelist match the interfaces on the host, + then all the interfaces in the whitelist are filtered out and therefore no communication will be established through that transport. .. warning::