dcache-xroot: send door address to pool as client for proxied transfers

Motivation: https://rb.dcache.org/r/13650/ master@13e497d7b9d9964f58c81dc921c294347d2e555c introduced, in connection with proxied transfers, the specification of an internal address to use in selecting and connecting to the pool. This was an incomplete solution to the problem of directing the proxy connection over a protected network, as demostrated by the GH issue XRootD IPV6 on proxy mode #6875. Modification: Two changes needed to be made. First, in order not to encounter the mover failure, we have to pass the door's address to the pool. This was originally not done because we wanted to maintain the original client for billing purposes, but that information is recoverable by a join between the `doorinfo` and `billinginfo` tables or by finding the door `transaction` corresponding to the billing entry's `initiator`. Second, we need to make sure that the door address matches the internal network mask; this is crucial in the case (such as at BNL) where the internal network is IPv4 only but the door is dual stack. Result: With this patch, BNL has reported success. Target: master Request: 8.2 Patch: https://rb.dcache.org/r/13807/ Requires-notes: yes Closes: #6875 Acked-by: Dmitry
dCache · Dec 2, 2022 · e459914 · e459914
1 parent 07e9772
commit e459914
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 5 deletions.
diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdDoor.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdDoor.java
@@ -24,6 +24,7 @@
 import static org.dcache.namespace.FileAttribute.SIZE;
 import static org.dcache.namespace.FileAttribute.STORAGEINFO;
 import static org.dcache.namespace.FileAttribute.TYPE;
+import static org.dcache.util.NetworkUtils.getProtocolFamily;
 import static org.dcache.util.TransferRetryPolicy.tryOnce;
 import static org.dcache.xrootd.plugins.tls.SSLHandlerFactory.CLIENT_TLS;
 import static org.dcache.xrootd.plugins.tls.SSLHandlerFactory.SERVER_TLS;
@@ -69,6 +70,8 @@
 import java.io.Serializable;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.ProtocolFamily;
+import java.net.SocketException;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -452,7 +455,7 @@ public Optional<InetSocketAddress> publicEndpoint() {
     createTransfer(InetSocketAddress client, FsPath path, Set<String> tried,
           String ioQueue, UUID uuid, InetSocketAddress local, Subject subject,
           Restriction restriction,
-          Map<String, String> opaque) throws ParseException {
+          Map<String, String> opaque) throws ParseException, SocketException {
         XrootdTransfer transfer =
               new XrootdTransfer(_pnfs, subject, restriction, path, opaque) {
                   @Override
@@ -480,8 +483,10 @@ public synchronized void finished(CacheException error) {
         transfer.setBillingStub(_billingStub);
         transfer.setClientAddress(client);
         transfer.setUUID(uuid);
-        transfer.setDoorAddress(local);
-        transfer.setInternalAddress(new InetSocketAddress(_internalAddress, 0));
+        transfer.setDoorAddress(getMatchingLocalAddress(local));
+        if (_internalAddress != null) {
+            transfer.setInternalAddress(new InetSocketAddress(_internalAddress, 0));
+        }
         transfer.setIoQueue(ioQueue == null ? _ioQueue : ioQueue);
         transfer.setFileHandle(_handleCounter.getAndIncrement());
         transfer.setKafkaSender(_kafkaSender);
@@ -490,11 +495,28 @@ public synchronized void finished(CacheException error) {
         return transfer;
     }
 
+    private InetSocketAddress getMatchingLocalAddress(InetSocketAddress local)
+          throws SocketException {
+        _log.info("current local address for {} door: {}.", proxied ? "proxied" : "regular", local);
+
+        if (!proxied) {
+            return local;
+        }
+
+        /* _internalAddress should not be <code>null</code> */
+
+        ProtocolFamily internalFamily = getProtocolFamily(_internalAddress);
+        InetAddress matching = NetworkUtils.getLocalAddress(_internalAddress, internalFamily);
+        local = new InetSocketAddress(matching, local.getPort());
+        _log.info("matching local address for proxied door: {}.", local);
+        return local;
+    }
+
     public XrootdTransfer
     read(InetSocketAddress client, FsPath path, Set<String> tried,
           String ioQueue, UUID uuid, InetSocketAddress local,
           Subject subject, Restriction restriction, Map<String, String> opaque)
-          throws CacheException, InterruptedException, ParseException {
+          throws CacheException, InterruptedException, ParseException, SocketException {
         if (!isReadAllowed(path)) {
             throw new PermissionDeniedCacheException("Read permission denied");
         }
@@ -568,7 +590,7 @@ private FsPath getUploadPath(Subject subject, Restriction restriction,
           InetSocketAddress local, Subject subject, Restriction restriction,
           boolean persistOnSuccessfulClose, FsPath rootPath,
           Serializable delegatedProxy, Map<String, String> opaque)
-          throws CacheException, InterruptedException, ParseException {
+          throws CacheException, InterruptedException, ParseException, SocketException {
 
         if (!isWriteAllowed(path)) {
             throw new PermissionDeniedCacheException("Write permission denied");

diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdTransfer.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdTransfer.java
@@ -93,6 +93,9 @@ protected ProtocolInfo getProtocolInfoForPoolManager() {
     @Override
     protected ProtocolInfo getProtocolInfoForPool() {
         XrootdProtocolInfo info = createXrootdProtocolInfo();
+        if (proxiedTransfer) {
+            info.setSocketAddress(_doorAddress);
+        }
         info.setDelegatedCredential(_delegatedCredential);
         info.setRestriction(restriction);
         /*