Swap:Custom Protocol
From Adapt
SWAP has a custom protocol available that is used for management and inter-node communication. This is a persistent socket connection between nodes. This is not run over http due to the small size of most messages and overhead in establishing a connection for each message.
Mina
SWAP uses mina to manage socket communication. Protocol decoding is handled through a set of filters and a final handler to dispatch command.
The SwapProtocolEncoder/Decoder filters translates messages to and from SwapMessages. These SwapMessages are delivered to the registered mina handler. The NetworkIOHandler class provides a simple mechanism for decoding SwapMessages and dispatching multiple calls corresponding to the type of message received.
Wire-level message Structure
Each SWAP command is sent as a list of a single SWAP message. This is done to allow efficient packing of small messages (ie, results of stat, etc)
- Int - size of message (type + reps + content)
- short - message type (See MessageType enum)
- short - repetitions of message
- byte[] - content
Content is the list of packed messages. Each message is composed of a set of primitive segments (long, string, uuid, long[], etc). What segments comprise a message are described in the MessageType enum. Allowable types of segments are defined in MessageSegment.
For example, the GET_PATH_DETAILS request has the following structure:
- UUID - uuid of file group
- STRING[] - list of paths for details w/in that file group.
To request for just one group the message would have the following information:
- size=message size
- type=13,
- reps=1
- UUID of file group
- "path1","path2"
Since we can issue multiple requests of the same message, in one message, we could include a request for files from two different groups. This message would look slightly different:
- size=message size
- type=13
- reps=2
- UUID of group 1
- "path1","path2"
- UUID of group 2
- "path3","path4"
This packing and unpacking is handled by the two mina filters, SwapProtocolEncoder and SwapProtocolDecoder. These two filters encode/decode messages to and from an array of SwapMessage. A SwapMessage is a simple container holding the type of message along w/ the an array of Objects representing the message content. The size of the content is equal to the number of segments in a message * the number of repetitions in a message.
Authentication
Due to how swap authenticates against LDAP, clients must supply a clear-text username and password to the server. To secure this, an ssl tunnel is established during the initial connection to a swap server. As part of authentication a client will instruct the server whether or not it should keep the ssl connection enabled, disable it, or let server decide. The server will respond with an AUTH_RESPONSE indicating success/failure and whether SSL will remain enabled. The server is able to override a clients request to disable or keep ssl enabled.
- Connect to server
- Start SSL Tunnel
- Server: Send SASL_MECHANISMS
- Client: Send SASL_REQUEST
- Server: send SASL_RESPONSE. (repeat req/response)
- On success, client and server toggle SSL state.
- Client requests whatever startup junk it needs
Once a client authenticated, it may not re-authenticate as a different user, a reconnect is required.
The SwapAuthFilter filter intercepts authentication requests and handles enabling/disabling ssl. In addition, it ensures that no authentication information is delivered to the higher level handler, and that no requests are processed until a client has successfully authenticated.
