2018-06-20 20:20:37 +02:00
|
|
|
// Code generated by protoc-gen-go. DO NOT EDIT.
|
2021-01-24 23:31:45 +01:00
|
|
|
// versions:
|
|
|
|
// protoc-gen-go v1.25.0
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
// protoc v3.14.0
|
2018-06-20 20:20:37 +02:00
|
|
|
// source: pdu.proto
|
|
|
|
|
2018-08-16 21:05:21 +02:00
|
|
|
package pdu
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2018-12-11 22:01:50 +01:00
|
|
|
import (
|
2021-01-24 23:31:45 +01:00
|
|
|
proto "github.com/golang/protobuf/proto"
|
|
|
|
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
|
|
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
|
|
reflect "reflect"
|
|
|
|
sync "sync"
|
2018-12-11 22:01:50 +01:00
|
|
|
)
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
const (
|
|
|
|
// Verify that this generated code is sufficiently up-to-date.
|
|
|
|
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
|
|
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
|
|
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
|
|
)
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// This is a compile-time assertion that a sufficiently up-to-date version
|
|
|
|
// of the legacy proto package is being used.
|
|
|
|
const _ = proto.ProtoPackageIsVersion4
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2020-06-27 23:53:33 +02:00
|
|
|
type ReplicationGuaranteeKind int32
|
|
|
|
|
|
|
|
const (
|
|
|
|
ReplicationGuaranteeKind_GuaranteeInvalid ReplicationGuaranteeKind = 0
|
|
|
|
ReplicationGuaranteeKind_GuaranteeResumability ReplicationGuaranteeKind = 1
|
|
|
|
ReplicationGuaranteeKind_GuaranteeIncrementalReplication ReplicationGuaranteeKind = 2
|
|
|
|
ReplicationGuaranteeKind_GuaranteeNothing ReplicationGuaranteeKind = 3
|
|
|
|
)
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Enum value maps for ReplicationGuaranteeKind.
|
|
|
|
var (
|
|
|
|
ReplicationGuaranteeKind_name = map[int32]string{
|
|
|
|
0: "GuaranteeInvalid",
|
|
|
|
1: "GuaranteeResumability",
|
|
|
|
2: "GuaranteeIncrementalReplication",
|
|
|
|
3: "GuaranteeNothing",
|
|
|
|
}
|
|
|
|
ReplicationGuaranteeKind_value = map[string]int32{
|
|
|
|
"GuaranteeInvalid": 0,
|
|
|
|
"GuaranteeResumability": 1,
|
|
|
|
"GuaranteeIncrementalReplication": 2,
|
|
|
|
"GuaranteeNothing": 3,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
func (x ReplicationGuaranteeKind) Enum() *ReplicationGuaranteeKind {
|
|
|
|
p := new(ReplicationGuaranteeKind)
|
|
|
|
*p = x
|
|
|
|
return p
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (x ReplicationGuaranteeKind) String() string {
|
2021-01-24 23:31:45 +01:00
|
|
|
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ReplicationGuaranteeKind) Descriptor() protoreflect.EnumDescriptor {
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
return file_pdu_proto_enumTypes[0].Descriptor()
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (ReplicationGuaranteeKind) Type() protoreflect.EnumType {
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
return &file_pdu_proto_enumTypes[0]
|
2021-01-24 23:31:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (x ReplicationGuaranteeKind) Number() protoreflect.EnumNumber {
|
|
|
|
return protoreflect.EnumNumber(x)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Deprecated: Use ReplicationGuaranteeKind.Descriptor instead.
|
2020-06-27 23:53:33 +02:00
|
|
|
func (ReplicationGuaranteeKind) EnumDescriptor() ([]byte, []int) {
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{0}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
type FilesystemVersion_VersionType int32
|
|
|
|
|
|
|
|
const (
|
|
|
|
FilesystemVersion_Snapshot FilesystemVersion_VersionType = 0
|
|
|
|
FilesystemVersion_Bookmark FilesystemVersion_VersionType = 1
|
|
|
|
)
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Enum value maps for FilesystemVersion_VersionType.
|
|
|
|
var (
|
|
|
|
FilesystemVersion_VersionType_name = map[int32]string{
|
|
|
|
0: "Snapshot",
|
|
|
|
1: "Bookmark",
|
|
|
|
}
|
|
|
|
FilesystemVersion_VersionType_value = map[string]int32{
|
|
|
|
"Snapshot": 0,
|
|
|
|
"Bookmark": 1,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
func (x FilesystemVersion_VersionType) Enum() *FilesystemVersion_VersionType {
|
|
|
|
p := new(FilesystemVersion_VersionType)
|
|
|
|
*p = x
|
|
|
|
return p
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (x FilesystemVersion_VersionType) String() string {
|
2021-01-24 23:31:45 +01:00
|
|
|
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (FilesystemVersion_VersionType) Descriptor() protoreflect.EnumDescriptor {
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
return file_pdu_proto_enumTypes[1].Descriptor()
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (FilesystemVersion_VersionType) Type() protoreflect.EnumType {
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
return &file_pdu_proto_enumTypes[1]
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x FilesystemVersion_VersionType) Number() protoreflect.EnumNumber {
|
|
|
|
return protoreflect.EnumNumber(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
// Deprecated: Use FilesystemVersion_VersionType.Descriptor instead.
|
|
|
|
func (FilesystemVersion_VersionType) EnumDescriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{5, 0}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
type ListFilesystemReq struct {
|
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemReq) Reset() {
|
|
|
|
*x = ListFilesystemReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[0]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*ListFilesystemReq) ProtoMessage() {}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ListFilesystemReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[0]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ListFilesystemReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ListFilesystemReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{0}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
type ListFilesystemRes struct {
|
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
|
|
|
Filesystems []*Filesystem `protobuf:"bytes,1,rep,name=Filesystems,proto3" json:"Filesystems,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemRes) Reset() {
|
|
|
|
*x = ListFilesystemRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[1]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ListFilesystemRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ListFilesystemRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[1]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ListFilesystemRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ListFilesystemRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{1}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ListFilesystemRes) GetFilesystems() []*Filesystem {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystems
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type Filesystem struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
|
|
|
Path string `protobuf:"bytes,1,opt,name=Path,proto3" json:"Path,omitempty"`
|
|
|
|
ResumeToken string `protobuf:"bytes,2,opt,name=ResumeToken,proto3" json:"ResumeToken,omitempty"`
|
|
|
|
IsPlaceholder bool `protobuf:"varint,3,opt,name=IsPlaceholder,proto3" json:"IsPlaceholder,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *Filesystem) Reset() {
|
|
|
|
*x = Filesystem{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[2]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *Filesystem) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*Filesystem) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *Filesystem) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[2]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use Filesystem.ProtoReflect.Descriptor instead.
|
|
|
|
func (*Filesystem) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{2}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *Filesystem) GetPath() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Path
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *Filesystem) GetResumeToken() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.ResumeToken
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *Filesystem) GetIsPlaceholder() bool {
|
|
|
|
if x != nil {
|
|
|
|
return x.IsPlaceholder
|
2019-03-13 18:33:20 +01:00
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
type ListFilesystemVersionsReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-26 14:35:18 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Filesystem string `protobuf:"bytes,1,opt,name=Filesystem,proto3" json:"Filesystem,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsReq) Reset() {
|
|
|
|
*x = ListFilesystemVersionsReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[3]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ListFilesystemVersionsReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[3]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ListFilesystemVersionsReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ListFilesystemVersionsReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{3}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ListFilesystemVersionsReq) GetFilesystem() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystem
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
type ListFilesystemVersionsRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Versions []*FilesystemVersion `protobuf:"bytes,1,rep,name=Versions,proto3" json:"Versions,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsRes) Reset() {
|
|
|
|
*x = ListFilesystemVersionsRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[4]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ListFilesystemVersionsRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ListFilesystemVersionsRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[4]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ListFilesystemVersionsRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ListFilesystemVersionsRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{4}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ListFilesystemVersionsRes) GetVersions() []*FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.Versions
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type FilesystemVersion struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
|
|
|
Type FilesystemVersion_VersionType `protobuf:"varint,1,opt,name=Type,proto3,enum=FilesystemVersion_VersionType" json:"Type,omitempty"`
|
|
|
|
Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"`
|
|
|
|
Guid uint64 `protobuf:"varint,3,opt,name=Guid,proto3" json:"Guid,omitempty"`
|
|
|
|
CreateTXG uint64 `protobuf:"varint,4,opt,name=CreateTXG,proto3" json:"CreateTXG,omitempty"`
|
|
|
|
Creation string `protobuf:"bytes,5,opt,name=Creation,proto3" json:"Creation,omitempty"` // RFC 3339
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *FilesystemVersion) Reset() {
|
|
|
|
*x = FilesystemVersion{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[5]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *FilesystemVersion) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*FilesystemVersion) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *FilesystemVersion) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[5]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use FilesystemVersion.ProtoReflect.Descriptor instead.
|
|
|
|
func (*FilesystemVersion) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{5}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *FilesystemVersion) GetType() FilesystemVersion_VersionType {
|
|
|
|
if x != nil {
|
|
|
|
return x.Type
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return FilesystemVersion_Snapshot
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *FilesystemVersion) GetName() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Name
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *FilesystemVersion) GetGuid() uint64 {
|
|
|
|
if x != nil {
|
|
|
|
return x.Guid
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *FilesystemVersion) GetCreateTXG() uint64 {
|
|
|
|
if x != nil {
|
|
|
|
return x.CreateTXG
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *FilesystemVersion) GetCreation() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Creation
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
type SendReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
2018-08-26 14:35:18 +02:00
|
|
|
Filesystem string `protobuf:"bytes,1,opt,name=Filesystem,proto3" json:"Filesystem,omitempty"`
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
// May be empty / null to request a full transfer of To
|
|
|
|
From *FilesystemVersion `protobuf:"bytes,2,opt,name=From,proto3" json:"From,omitempty"`
|
|
|
|
To *FilesystemVersion `protobuf:"bytes,3,opt,name=To,proto3" json:"To,omitempty"`
|
|
|
|
// If ResumeToken is not empty, the resume token that CAN be used for 'zfs
|
|
|
|
// send' by the sender. The sender MUST indicate use of ResumeToken in the
|
|
|
|
// reply message SendRes.UsedResumeToken If it does not work, the sender
|
|
|
|
// SHOULD clear the resume token on their side and use From and To instead If
|
|
|
|
// ResumeToken is not empty, the GUIDs of From and To MUST correspond to those
|
|
|
|
// encoded in the ResumeToken. Otherwise, the Sender MUST return an error.
|
2021-01-24 23:31:45 +01:00
|
|
|
ResumeToken string `protobuf:"bytes,4,opt,name=ResumeToken,proto3" json:"ResumeToken,omitempty"`
|
2021-08-16 10:11:37 +02:00
|
|
|
ReplicationConfig *ReplicationConfig `protobuf:"bytes,6,opt,name=ReplicationConfig,proto3" json:"ReplicationConfig,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendReq) Reset() {
|
|
|
|
*x = SendReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[6]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*SendReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *SendReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[6]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use SendReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*SendReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{6}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendReq) GetFilesystem() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystem
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendReq) GetFrom() *FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.From
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
return nil
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendReq) GetTo() *FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.To
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
return nil
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendReq) GetResumeToken() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.ResumeToken
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendReq) GetReplicationConfig() *ReplicationConfig {
|
|
|
|
if x != nil {
|
|
|
|
return x.ReplicationConfig
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type ReplicationConfig struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2020-06-27 23:53:33 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Protection *ReplicationConfigProtection `protobuf:"bytes,1,opt,name=protection,proto3" json:"protection,omitempty"`
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationConfig) Reset() {
|
|
|
|
*x = ReplicationConfig{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[7]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationConfig) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ReplicationConfig) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ReplicationConfig) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[7]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReplicationConfig.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReplicationConfig) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{7}
|
|
|
|
}
|
2020-06-27 23:53:33 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationConfig) GetProtection() *ReplicationConfigProtection {
|
|
|
|
if x != nil {
|
|
|
|
return x.Protection
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type ReplicationConfigProtection struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2020-06-27 23:53:33 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Initial ReplicationGuaranteeKind `protobuf:"varint,1,opt,name=Initial,proto3,enum=ReplicationGuaranteeKind" json:"Initial,omitempty"`
|
|
|
|
Incremental ReplicationGuaranteeKind `protobuf:"varint,2,opt,name=Incremental,proto3,enum=ReplicationGuaranteeKind" json:"Incremental,omitempty"`
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationConfigProtection) Reset() {
|
|
|
|
*x = ReplicationConfigProtection{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[8]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationConfigProtection) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ReplicationConfigProtection) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ReplicationConfigProtection) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[8]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReplicationConfigProtection.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReplicationConfigProtection) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{8}
|
|
|
|
}
|
2020-06-27 23:53:33 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationConfigProtection) GetInitial() ReplicationGuaranteeKind {
|
|
|
|
if x != nil {
|
|
|
|
return x.Initial
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
return ReplicationGuaranteeKind_GuaranteeInvalid
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationConfigProtection) GetIncremental() ReplicationGuaranteeKind {
|
|
|
|
if x != nil {
|
|
|
|
return x.Incremental
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
return ReplicationGuaranteeKind_GuaranteeInvalid
|
|
|
|
}
|
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
type Property struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
|
|
|
|
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"Value,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *Property) Reset() {
|
|
|
|
*x = Property{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[9]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *Property) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*Property) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *Property) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[9]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use Property.ProtoReflect.Descriptor instead.
|
|
|
|
func (*Property) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{9}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *Property) GetName() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Name
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *Property) GetValue() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Value
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
type SendRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
// Whether the resume token provided in the request has been used or not.
|
2021-08-16 10:11:37 +02:00
|
|
|
// If the SendReq.ResumeToken == "", this field MUST be false.
|
|
|
|
UsedResumeToken bool `protobuf:"varint,1,opt,name=UsedResumeToken,proto3" json:"UsedResumeToken,omitempty"`
|
2018-09-06 02:41:25 +02:00
|
|
|
// Expected stream size determined by dry run, not exact.
|
|
|
|
// 0 indicates that for the given SendReq, no size estimate could be made.
|
2021-08-16 10:11:37 +02:00
|
|
|
ExpectedSize uint64 `protobuf:"varint,2,opt,name=ExpectedSize,proto3" json:"ExpectedSize,omitempty"`
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendRes) Reset() {
|
|
|
|
*x = SendRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[10]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*SendRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *SendRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[10]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use SendRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*SendRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{10}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendRes) GetUsedResumeToken() bool {
|
|
|
|
if x != nil {
|
|
|
|
return x.UsedResumeToken
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-08-16 10:11:37 +02:00
|
|
|
func (x *SendRes) GetExpectedSize() uint64 {
|
2021-01-24 23:31:45 +01:00
|
|
|
if x != nil {
|
|
|
|
return x.ExpectedSize
|
2018-08-29 23:29:45 +02:00
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
type SendCompletedReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
OriginalReq *SendReq `protobuf:"bytes,2,opt,name=OriginalReq,proto3" json:"OriginalReq,omitempty"`
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendCompletedReq) Reset() {
|
|
|
|
*x = SendCompletedReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[11]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendCompletedReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*SendCompletedReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *SendCompletedReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[11]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use SendCompletedReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*SendCompletedReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{11}
|
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendCompletedReq) GetOriginalReq() *SendReq {
|
|
|
|
if x != nil {
|
|
|
|
return x.OriginalReq
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type SendCompletedRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *SendCompletedRes) Reset() {
|
|
|
|
*x = SendCompletedRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[12]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *SendCompletedRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*SendCompletedRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *SendCompletedRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[12]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use SendCompletedRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*SendCompletedRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{12}
|
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
type ReceiveReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
Filesystem string `protobuf:"bytes,1,opt,name=Filesystem,proto3" json:"Filesystem,omitempty"`
|
|
|
|
To *FilesystemVersion `protobuf:"bytes,2,opt,name=To,proto3" json:"To,omitempty"`
|
endpoint: refactor, fix stale holds on initial replication failure, zfs-abstractions subcmd, more efficient ZFS queries
The motivation for this recatoring are based on two independent issues:
- @JMoVS found that the changes merged as part of #259 slowed his OS X
based installation down significantly.
Analysis of the zfs command logging introduced in #296 showed that
`zfs holds` took most of the execution time, and they pointed out
that not all of those `zfs holds` invocations were actually necessary.
I.e.: zrepl was inefficient about retrieving information from ZFS.
- @InsanePrawn found that failures on initial replication would lead
to step holds accumulating on the sending side, i.e. they would never
be cleaned up in the HintMostRecentCommonAncestor RPC handler.
That was because we only sent that RPC if there was a most recent
common ancestor detected during replication planning.
@InsanePrawn prototyped an implementation of a `zrepl zfs-abstractions release`
command to mitigate the situation.
As part of that development work and back-and-forth with @problame,
it became evident that the abstractions that #259 built on top of
zfs in package endpoint (step holds, replication cursor,
last-received-hold), were not well-represented for re-use in the
`zrepl zfs-abstractions release` subocommand prototype.
This commit refactors package endpoint to address both of these issues:
- endpoint abstractions now share an interface `Abstraction` that, among
other things, provides a uniform `Destroy()` method.
However, that method should not be destroyed directly but instead
the package-level `BatchDestroy` function should be used in order
to allow for a migration to zfs channel programs in the future.
- endpoint now has a query facitilty (`ListAbstractions`) which is
used to find on-disk
- step holds and bookmarks
- replication cursors (v1, v2)
- last-received-holds
By describing the query in a struct, we can centralized the retrieval
of information via the ZFS CLI and only have to be clever once.
We are "clever" in the following ways:
- When asking for hold-based abstractions, we only run `zfs holds` on
snapshot that have `userrefs` > 0
- To support this functionality, add field `UserRefs` to zfs.FilesystemVersion
and retrieve it anywhere we retrieve zfs.FilesystemVersion from ZFS.
- When asking only for bookmark-based abstractions, we only run
`zfs list -t bookmark`, not with snapshots.
- Currently unused (except for CLI) per-filesystem concurrent lookup
- Option to only include abstractions with CreateTXG in a specified range
- refactor `endpoint`'s various ZFS info retrieval methods to use
`ListAbstractions`
- rename the `zrepl holds list` command to `zrepl zfs-abstractions list`
- make `zrepl zfs-abstractions list` consume endpoint.ListAbstractions
- Add a `ListStale` method which, given a query template,
lists stale holds and bookmarks.
- it uses replication cursor has different modes
- the new `zrepl zfs-abstractions release-{all,stale}` commands can be used
to remove abstractions of package endpoint
- Adjust HintMostRecentCommonAncestor RPC for stale-holds cleanup:
- send it also if no most recent common ancestor exists between sender and receiver
- have the sender clean up its abstractions when it receives the RPC
with no most recent common ancestor, using `ListStale`
- Due to changed semantics, bump the protocol version.
- Adjust HintMostRecentCommonAncestor RPC for performance problems
encountered by @JMoVS
- by default, per (job,fs)-combination, only consider cleaning
step holds in the createtxg range
`[last replication cursor,conservatively-estimated-receive-side-version)`
- this behavior ensures resumability at cost proportional to the
time that replication was donw
- however, as explained in a comment, we might leak holds if
the zrepl daemon stops running
- that trade-off is acceptable because in the presumably rare
this might happen the user has two tools at their hand:
- Tool 1: run `zrepl zfs-abstractions release-stale`
- Tool 2: use env var `ZREPL_ENDPOINT_SENDER_HINT_MOST_RECENT_STEP_HOLD_CLEANUP_MODE`
to adjust the lower bound of the createtxg range (search for it in the code).
The env var can also be used to disable hold-cleanup on the
send-side entirely.
supersedes closes #293
supersedes closes #282
fixes #280
fixes #278
Additionaly, we fixed a couple of bugs:
- zfs: fix half-nil error reporting of dataset-does-not-exist for ZFSListChan and ZFSBookmark
- endpoint: Sender's `HintMostRecentCommonAncestor` handler would not
check whether access to the specified filesystem was allowed.
2020-03-26 23:43:17 +01:00
|
|
|
// If true, the receiver should clear the resume token before performing the
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
// zfs recv of the stream in the request
|
2021-01-24 23:31:45 +01:00
|
|
|
ClearResumeToken bool `protobuf:"varint,3,opt,name=ClearResumeToken,proto3" json:"ClearResumeToken,omitempty"`
|
|
|
|
ReplicationConfig *ReplicationConfig `protobuf:"bytes,4,opt,name=ReplicationConfig,proto3" json:"ReplicationConfig,omitempty"`
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveReq) Reset() {
|
|
|
|
*x = ReceiveReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[13]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReceiveReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ReceiveReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ReceiveReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[13]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReceiveReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReceiveReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{13}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveReq) GetFilesystem() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystem
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveReq) GetTo() *FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.To
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveReq) GetClearResumeToken() bool {
|
|
|
|
if x != nil {
|
|
|
|
return x.ClearResumeToken
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveReq) GetReplicationConfig() *ReplicationConfig {
|
|
|
|
if x != nil {
|
|
|
|
return x.ReplicationConfig
|
2020-06-27 23:53:33 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-06-20 20:20:37 +02:00
|
|
|
type ReceiveRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReceiveRes) Reset() {
|
|
|
|
*x = ReceiveRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[14]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReceiveRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-26 14:35:18 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ReceiveRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ReceiveRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[14]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReceiveRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReceiveRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{14}
|
|
|
|
}
|
2018-06-20 20:20:37 +02:00
|
|
|
|
2018-08-30 11:51:47 +02:00
|
|
|
type DestroySnapshotsReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
2018-08-30 11:51:47 +02:00
|
|
|
Filesystem string `protobuf:"bytes,1,opt,name=Filesystem,proto3" json:"Filesystem,omitempty"`
|
|
|
|
// Path to filesystem, snapshot or bookmark to be destroyed
|
2021-01-24 23:31:45 +01:00
|
|
|
Snapshots []*FilesystemVersion `protobuf:"bytes,2,rep,name=Snapshots,proto3" json:"Snapshots,omitempty"`
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotsReq) Reset() {
|
|
|
|
*x = DestroySnapshotsReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[15]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *DestroySnapshotsReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*DestroySnapshotsReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *DestroySnapshotsReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[15]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use DestroySnapshotsReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*DestroySnapshotsReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{15}
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotsReq) GetFilesystem() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystem
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotsReq) GetSnapshots() []*FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.Snapshots
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type DestroySnapshotRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Snapshot *FilesystemVersion `protobuf:"bytes,1,opt,name=Snapshot,proto3" json:"Snapshot,omitempty"`
|
|
|
|
Error string `protobuf:"bytes,2,opt,name=Error,proto3" json:"Error,omitempty"`
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *DestroySnapshotRes) Reset() {
|
|
|
|
*x = DestroySnapshotRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[16]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *DestroySnapshotRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*DestroySnapshotRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *DestroySnapshotRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[16]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use DestroySnapshotRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*DestroySnapshotRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{16}
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotRes) GetSnapshot() *FilesystemVersion {
|
|
|
|
if x != nil {
|
|
|
|
return x.Snapshot
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotRes) GetError() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Error
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
type DestroySnapshotsRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Results []*DestroySnapshotRes `protobuf:"bytes,1,rep,name=Results,proto3" json:"Results,omitempty"`
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *DestroySnapshotsRes) Reset() {
|
|
|
|
*x = DestroySnapshotsRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[17]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *DestroySnapshotsRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*DestroySnapshotsRes) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *DestroySnapshotsRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[17]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use DestroySnapshotsRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*DestroySnapshotsRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{17}
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *DestroySnapshotsRes) GetResults() []*DestroySnapshotRes {
|
|
|
|
if x != nil {
|
|
|
|
return x.Results
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-09-06 03:24:15 +02:00
|
|
|
type ReplicationCursorReq struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Filesystem string `protobuf:"bytes,1,opt,name=Filesystem,proto3" json:"Filesystem,omitempty"`
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationCursorReq) Reset() {
|
|
|
|
*x = ReplicationCursorReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[18]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (x *ReplicationCursorReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
|
|
|
|
func (*ReplicationCursorReq) ProtoMessage() {}
|
|
|
|
|
|
|
|
func (x *ReplicationCursorReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[18]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReplicationCursorReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReplicationCursorReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{18}
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorReq) GetFilesystem() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Filesystem
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2018-09-06 03:24:15 +02:00
|
|
|
type ReplicationCursorRes struct {
|
2021-01-24 23:31:45 +01:00
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
|
|
|
|
|
|
|
// Types that are assignable to Result:
|
2018-09-06 03:24:15 +02:00
|
|
|
// *ReplicationCursorRes_Guid
|
2018-11-16 12:03:38 +01:00
|
|
|
// *ReplicationCursorRes_Notexist
|
2021-01-24 23:31:45 +01:00
|
|
|
Result isReplicationCursorRes_Result `protobuf_oneof:"Result"`
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorRes) Reset() {
|
|
|
|
*x = ReplicationCursorRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[19]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-09-06 03:24:15 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*ReplicationCursorRes) ProtoMessage() {}
|
2018-09-06 03:24:15 +02:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[19]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
|
|
|
}
|
|
|
|
return mi.MessageOf(x)
|
2018-09-06 03:24:15 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use ReplicationCursorRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*ReplicationCursorRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{19}
|
|
|
|
}
|
2018-09-06 03:24:15 +02:00
|
|
|
|
|
|
|
func (m *ReplicationCursorRes) GetResult() isReplicationCursorRes_Result {
|
2018-08-30 11:51:47 +02:00
|
|
|
if m != nil {
|
2018-09-06 03:24:15 +02:00
|
|
|
return m.Result
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
2018-09-06 03:24:15 +02:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorRes) GetGuid() uint64 {
|
|
|
|
if x, ok := x.GetResult().(*ReplicationCursorRes_Guid); ok {
|
2018-09-06 03:24:15 +02:00
|
|
|
return x.Guid
|
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *ReplicationCursorRes) GetNotexist() bool {
|
|
|
|
if x, ok := x.GetResult().(*ReplicationCursorRes_Notexist); ok {
|
2018-11-16 12:03:38 +01:00
|
|
|
return x.Notexist
|
2018-09-06 03:24:15 +02:00
|
|
|
}
|
2018-11-16 12:03:38 +01:00
|
|
|
return false
|
2018-09-06 03:24:15 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
type isReplicationCursorRes_Result interface {
|
|
|
|
isReplicationCursorRes_Result()
|
2018-08-30 11:51:47 +02:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
type ReplicationCursorRes_Guid struct {
|
|
|
|
Guid uint64 `protobuf:"varint,1,opt,name=Guid,proto3,oneof"`
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
type ReplicationCursorRes_Notexist struct {
|
|
|
|
Notexist bool `protobuf:"varint,2,opt,name=Notexist,proto3,oneof"`
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*ReplicationCursorRes_Guid) isReplicationCursorRes_Result() {}
|
2019-03-11 13:46:36 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*ReplicationCursorRes_Notexist) isReplicationCursorRes_Result() {}
|
2019-03-11 13:46:36 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
type PingReq struct {
|
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2019-03-11 13:46:36 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
Message string `protobuf:"bytes,1,opt,name=Message,proto3" json:"Message,omitempty"`
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingReq) Reset() {
|
|
|
|
*x = PingReq{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[20]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingReq) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*PingReq) ProtoMessage() {}
|
2018-12-11 22:01:50 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingReq) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[20]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
return mi.MessageOf(x)
|
2019-03-11 13:46:36 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use PingReq.ProtoReflect.Descriptor instead.
|
|
|
|
func (*PingReq) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{20}
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingReq) GetMessage() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Message
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
return ""
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
type PingRes struct {
|
|
|
|
state protoimpl.MessageState
|
|
|
|
sizeCache protoimpl.SizeCache
|
|
|
|
unknownFields protoimpl.UnknownFields
|
2018-12-11 22:01:50 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Echo must be PingReq.Message
|
|
|
|
Echo string `protobuf:"bytes,1,opt,name=Echo,proto3" json:"Echo,omitempty"`
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingRes) Reset() {
|
|
|
|
*x = PingRes{}
|
|
|
|
if protoimpl.UnsafeEnabled {
|
|
|
|
mi := &file_pdu_proto_msgTypes[21]
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
ms.StoreMessageInfo(mi)
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingRes) String() string {
|
|
|
|
return protoimpl.X.MessageStringOf(x)
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (*PingRes) ProtoMessage() {}
|
2018-12-11 22:01:50 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingRes) ProtoReflect() protoreflect.Message {
|
|
|
|
mi := &file_pdu_proto_msgTypes[21]
|
|
|
|
if protoimpl.UnsafeEnabled && x != nil {
|
|
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
|
|
if ms.LoadMessageInfo() == nil {
|
|
|
|
ms.StoreMessageInfo(mi)
|
|
|
|
}
|
|
|
|
return ms
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
return mi.MessageOf(x)
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
// Deprecated: Use PingRes.ProtoReflect.Descriptor instead.
|
|
|
|
func (*PingRes) Descriptor() ([]byte, []int) {
|
|
|
|
return file_pdu_proto_rawDescGZIP(), []int{21}
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func (x *PingRes) GetEcho() string {
|
|
|
|
if x != nil {
|
|
|
|
return x.Echo
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
return ""
|
2018-12-11 22:01:50 +01:00
|
|
|
}
|
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
var File_pdu_proto protoreflect.FileDescriptor
|
|
|
|
|
|
|
|
var file_pdu_proto_rawDesc = []byte{
|
|
|
|
0x0a, 0x09, 0x70, 0x64, 0x75, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x13, 0x0a, 0x11, 0x4c,
|
|
|
|
0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x65, 0x71,
|
|
|
|
0x22, 0x42, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
|
|
|
|
0x65, 0x6d, 0x52, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
|
|
|
|
0x74, 0x65, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x46, 0x69, 0x6c,
|
|
|
|
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x74, 0x65, 0x6d, 0x73, 0x22, 0x68, 0x0a, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
|
|
|
|
0x65, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
|
|
|
|
0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x65,
|
|
|
|
0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65, 0x73,
|
|
|
|
0x75, 0x6d, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x49, 0x73, 0x50, 0x6c,
|
|
|
|
0x61, 0x63, 0x65, 0x68, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
|
|
|
|
0x0d, 0x49, 0x73, 0x50, 0x6c, 0x61, 0x63, 0x65, 0x68, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x22, 0x3b,
|
2021-01-24 23:31:45 +01:00
|
|
|
0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x46,
|
|
|
|
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
|
|
|
|
0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x22, 0x4b, 0x0a, 0x19, 0x4c,
|
|
|
|
0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72,
|
|
|
|
0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x12, 0x2e, 0x0a, 0x08, 0x56, 0x65, 0x72, 0x73,
|
|
|
|
0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x46, 0x69, 0x6c,
|
|
|
|
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x08,
|
|
|
|
0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x11, 0x46, 0x69, 0x6c,
|
|
|
|
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32,
|
|
|
|
0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x46,
|
2021-01-24 23:31:45 +01:00
|
|
|
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x54, 0x79,
|
|
|
|
0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
|
|
|
|
0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x75, 0x69, 0x64, 0x18, 0x03,
|
|
|
|
0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x47, 0x75, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x43, 0x72,
|
|
|
|
0x65, 0x61, 0x74, 0x65, 0x54, 0x58, 0x47, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x43,
|
|
|
|
0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x58, 0x47, 0x12, 0x1a, 0x0a, 0x08, 0x43, 0x72, 0x65, 0x61,
|
|
|
|
0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x43, 0x72, 0x65, 0x61,
|
|
|
|
0x74, 0x69, 0x6f, 0x6e, 0x22, 0x29, 0x0a, 0x0b, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x54,
|
|
|
|
0x79, 0x70, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x10,
|
|
|
|
0x00, 0x12, 0x0c, 0x0a, 0x08, 0x42, 0x6f, 0x6f, 0x6b, 0x6d, 0x61, 0x72, 0x6b, 0x10, 0x01, 0x22,
|
|
|
|
0xd9, 0x01, 0x0a, 0x07, 0x53, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x46,
|
|
|
|
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
|
|
|
|
0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x26, 0x0a, 0x04, 0x46,
|
|
|
|
0x72, 0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x46, 0x69, 0x6c, 0x65,
|
|
|
|
0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x46,
|
|
|
|
0x72, 0x6f, 0x6d, 0x12, 0x22, 0x0a, 0x02, 0x54, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
|
|
|
|
0x12, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73,
|
|
|
|
0x69, 0x6f, 0x6e, 0x52, 0x02, 0x54, 0x6f, 0x12, 0x20, 0x0a, 0x0b, 0x52, 0x65, 0x73, 0x75, 0x6d,
|
|
|
|
0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x52, 0x65,
|
2021-08-16 10:11:37 +02:00
|
|
|
0x73, 0x75, 0x6d, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x40, 0x0a, 0x11, 0x52, 0x65, 0x70,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06,
|
2021-08-16 10:11:37 +02:00
|
|
|
0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69,
|
|
|
|
0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x51, 0x0a, 0x11, 0x52,
|
|
|
|
0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
|
|
|
|
0x12, 0x3c, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01,
|
|
|
|
0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69,
|
|
|
|
0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
|
|
|
|
0x6f, 0x6e, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8f,
|
|
|
|
0x01, 0x0a, 0x1b, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
|
|
|
|
0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x33,
|
|
|
|
0x0a, 0x07, 0x49, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
|
|
|
|
0x19, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x47, 0x75, 0x61,
|
|
|
|
0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x07, 0x49, 0x6e, 0x69, 0x74,
|
|
|
|
0x69, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x6e, 0x63, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74,
|
|
|
|
0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69,
|
|
|
|
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x47, 0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x4b,
|
|
|
|
0x69, 0x6e, 0x64, 0x52, 0x0b, 0x49, 0x6e, 0x63, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c,
|
|
|
|
0x22, 0x34, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x12, 0x12, 0x0a, 0x04,
|
|
|
|
0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65,
|
|
|
|
0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
|
|
|
|
0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x57, 0x0a, 0x07, 0x53, 0x65, 0x6e, 0x64, 0x52, 0x65,
|
|
|
|
0x73, 0x12, 0x28, 0x0a, 0x0f, 0x55, 0x73, 0x65, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x54,
|
|
|
|
0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x55, 0x73, 0x65, 0x64,
|
|
|
|
0x52, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x45,
|
|
|
|
0x78, 0x70, 0x65, 0x63, 0x74, 0x65, 0x64, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
|
|
|
|
0x04, 0x52, 0x0c, 0x45, 0x78, 0x70, 0x65, 0x63, 0x74, 0x65, 0x64, 0x53, 0x69, 0x7a, 0x65, 0x22,
|
|
|
|
0x3e, 0x0a, 0x10, 0x53, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64,
|
|
|
|
0x52, 0x65, 0x71, 0x12, 0x2a, 0x0a, 0x0b, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x52,
|
|
|
|
0x65, 0x71, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x53, 0x65, 0x6e, 0x64, 0x52,
|
|
|
|
0x65, 0x71, 0x52, 0x0b, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x22,
|
|
|
|
0x12, 0x0a, 0x10, 0x53, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64,
|
|
|
|
0x52, 0x65, 0x73, 0x22, 0xbe, 0x01, 0x0a, 0x0a, 0x52, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x52,
|
|
|
|
0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d,
|
|
|
|
0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
|
|
|
|
0x65, 0x6d, 0x12, 0x22, 0x0a, 0x02, 0x54, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12,
|
|
|
|
0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69,
|
|
|
|
0x6f, 0x6e, 0x52, 0x02, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x65, 0x61, 0x72, 0x52,
|
|
|
|
0x65, 0x73, 0x75, 0x6d, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
|
|
|
|
0x52, 0x10, 0x43, 0x6c, 0x65, 0x61, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x54, 0x6f, 0x6b,
|
|
|
|
0x65, 0x6e, 0x12, 0x40, 0x0a, 0x11, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
|
|
|
|
0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e,
|
|
|
|
0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69,
|
|
|
|
0x67, 0x52, 0x11, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
|
|
|
|
0x6e, 0x66, 0x69, 0x67, 0x22, 0x0c, 0x0a, 0x0a, 0x52, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x52,
|
|
|
|
0x65, 0x73, 0x22, 0x67, 0x0a, 0x13, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x53, 0x6e, 0x61,
|
|
|
|
0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, 0x6c,
|
|
|
|
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x46,
|
|
|
|
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x30, 0x0a, 0x09, 0x53, 0x6e, 0x61,
|
|
|
|
0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x46,
|
|
|
|
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
|
|
|
|
0x52, 0x09, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x22, 0x5a, 0x0a, 0x12, 0x44,
|
|
|
|
0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x52, 0x65,
|
|
|
|
0x73, 0x12, 0x2e, 0x0a, 0x08, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x18, 0x01, 0x20,
|
|
|
|
0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d,
|
|
|
|
0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f,
|
|
|
|
0x74, 0x12, 0x14, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
|
|
|
|
0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x44, 0x0a, 0x13, 0x44, 0x65, 0x73, 0x74, 0x72,
|
|
|
|
0x6f, 0x79, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x73, 0x12, 0x2d,
|
|
|
|
0x0a, 0x07, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
|
|
|
|
0x13, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f,
|
|
|
|
0x74, 0x52, 0x65, 0x73, 0x52, 0x07, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x36, 0x0a,
|
|
|
|
0x14, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x75, 0x72, 0x73,
|
|
|
|
0x6f, 0x72, 0x52, 0x65, 0x71, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
|
|
|
|
0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x73,
|
|
|
|
0x79, 0x73, 0x74, 0x65, 0x6d, 0x22, 0x54, 0x0a, 0x14, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61,
|
|
|
|
0x74, 0x69, 0x6f, 0x6e, 0x43, 0x75, 0x72, 0x73, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x12, 0x14, 0x0a,
|
|
|
|
0x04, 0x47, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x04, 0x47,
|
|
|
|
0x75, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x65, 0x78, 0x69, 0x73, 0x74, 0x18,
|
|
|
|
0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x08, 0x4e, 0x6f, 0x74, 0x65, 0x78, 0x69, 0x73,
|
|
|
|
0x74, 0x42, 0x08, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x22, 0x23, 0x0a, 0x07, 0x50,
|
|
|
|
0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
|
|
|
|
0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
|
|
|
|
0x22, 0x1d, 0x0a, 0x07, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x45,
|
|
|
|
0x63, 0x68, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x45, 0x63, 0x68, 0x6f, 0x2a,
|
|
|
|
0x86, 0x01, 0x0a, 0x18, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x47,
|
|
|
|
0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x14, 0x0a, 0x10,
|
|
|
|
0x47, 0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64,
|
|
|
|
0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x47, 0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x52,
|
|
|
|
0x65, 0x73, 0x75, 0x6d, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x10, 0x01, 0x12, 0x23, 0x0a,
|
|
|
|
0x1f, 0x47, 0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x49, 0x6e, 0x63, 0x72, 0x65, 0x6d,
|
|
|
|
0x65, 0x6e, 0x74, 0x61, 0x6c, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
|
|
|
|
0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x47, 0x75, 0x61, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x4e,
|
|
|
|
0x6f, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x10, 0x03, 0x32, 0x8f, 0x03, 0x0a, 0x0b, 0x52, 0x65, 0x70,
|
|
|
|
0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x04, 0x50, 0x69, 0x6e, 0x67,
|
|
|
|
0x12, 0x08, 0x2e, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x1a, 0x08, 0x2e, 0x50, 0x69, 0x6e,
|
|
|
|
0x67, 0x52, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65,
|
|
|
|
0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x12, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69,
|
|
|
|
0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x65, 0x71, 0x1a, 0x12, 0x2e, 0x4c, 0x69,
|
|
|
|
0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x65, 0x73, 0x12,
|
|
|
|
0x50, 0x0a, 0x16, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65,
|
|
|
|
0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1a, 0x2e, 0x4c, 0x69, 0x73, 0x74,
|
|
|
|
0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
|
|
|
|
0x6e, 0x73, 0x52, 0x65, 0x71, 0x1a, 0x1a, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65,
|
|
|
|
0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
|
|
|
|
0x73, 0x12, 0x3e, 0x0a, 0x10, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x53, 0x6e, 0x61, 0x70,
|
|
|
|
0x73, 0x68, 0x6f, 0x74, 0x73, 0x12, 0x14, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x53,
|
|
|
|
0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x52, 0x65, 0x71, 0x1a, 0x14, 0x2e, 0x44, 0x65,
|
|
|
|
0x73, 0x74, 0x72, 0x6f, 0x79, 0x53, 0x6e, 0x61, 0x70, 0x73, 0x68, 0x6f, 0x74, 0x73, 0x52, 0x65,
|
|
|
|
0x73, 0x12, 0x41, 0x0a, 0x11, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
|
|
|
|
0x43, 0x75, 0x72, 0x73, 0x6f, 0x72, 0x12, 0x15, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61,
|
|
|
|
0x74, 0x69, 0x6f, 0x6e, 0x43, 0x75, 0x72, 0x73, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x1a, 0x15, 0x2e,
|
2021-08-16 10:11:37 +02:00
|
|
|
0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x75, 0x72, 0x73, 0x6f,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
0x72, 0x52, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x07, 0x53, 0x65, 0x6e, 0x64, 0x44, 0x72, 0x79, 0x12,
|
|
|
|
0x08, 0x2e, 0x53, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x71, 0x1a, 0x08, 0x2e, 0x53, 0x65, 0x6e, 0x64,
|
|
|
|
0x52, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x0d, 0x53, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
|
|
|
|
0x65, 0x74, 0x65, 0x64, 0x12, 0x11, 0x2e, 0x53, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
|
|
|
|
0x65, 0x74, 0x65, 0x64, 0x52, 0x65, 0x71, 0x1a, 0x11, 0x2e, 0x53, 0x65, 0x6e, 0x64, 0x43, 0x6f,
|
|
|
|
0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x42, 0x07, 0x5a, 0x05, 0x2e, 0x3b,
|
|
|
|
0x70, 0x64, 0x75, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
2021-01-24 23:31:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
file_pdu_proto_rawDescOnce sync.Once
|
|
|
|
file_pdu_proto_rawDescData = file_pdu_proto_rawDesc
|
|
|
|
)
|
2018-12-11 22:01:50 +01:00
|
|
|
|
2021-01-24 23:31:45 +01:00
|
|
|
func file_pdu_proto_rawDescGZIP() []byte {
|
|
|
|
file_pdu_proto_rawDescOnce.Do(func() {
|
|
|
|
file_pdu_proto_rawDescData = protoimpl.X.CompressGZIP(file_pdu_proto_rawDescData)
|
|
|
|
})
|
|
|
|
return file_pdu_proto_rawDescData
|
|
|
|
}
|
|
|
|
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
var file_pdu_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
|
2021-01-24 23:31:45 +01:00
|
|
|
var file_pdu_proto_msgTypes = make([]protoimpl.MessageInfo, 22)
|
|
|
|
var file_pdu_proto_goTypes = []interface{}{
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
(ReplicationGuaranteeKind)(0), // 0: ReplicationGuaranteeKind
|
|
|
|
(FilesystemVersion_VersionType)(0), // 1: FilesystemVersion.VersionType
|
|
|
|
(*ListFilesystemReq)(nil), // 2: ListFilesystemReq
|
|
|
|
(*ListFilesystemRes)(nil), // 3: ListFilesystemRes
|
|
|
|
(*Filesystem)(nil), // 4: Filesystem
|
|
|
|
(*ListFilesystemVersionsReq)(nil), // 5: ListFilesystemVersionsReq
|
|
|
|
(*ListFilesystemVersionsRes)(nil), // 6: ListFilesystemVersionsRes
|
|
|
|
(*FilesystemVersion)(nil), // 7: FilesystemVersion
|
|
|
|
(*SendReq)(nil), // 8: SendReq
|
|
|
|
(*ReplicationConfig)(nil), // 9: ReplicationConfig
|
|
|
|
(*ReplicationConfigProtection)(nil), // 10: ReplicationConfigProtection
|
|
|
|
(*Property)(nil), // 11: Property
|
|
|
|
(*SendRes)(nil), // 12: SendRes
|
|
|
|
(*SendCompletedReq)(nil), // 13: SendCompletedReq
|
|
|
|
(*SendCompletedRes)(nil), // 14: SendCompletedRes
|
|
|
|
(*ReceiveReq)(nil), // 15: ReceiveReq
|
|
|
|
(*ReceiveRes)(nil), // 16: ReceiveRes
|
|
|
|
(*DestroySnapshotsReq)(nil), // 17: DestroySnapshotsReq
|
|
|
|
(*DestroySnapshotRes)(nil), // 18: DestroySnapshotRes
|
|
|
|
(*DestroySnapshotsRes)(nil), // 19: DestroySnapshotsRes
|
|
|
|
(*ReplicationCursorReq)(nil), // 20: ReplicationCursorReq
|
|
|
|
(*ReplicationCursorRes)(nil), // 21: ReplicationCursorRes
|
|
|
|
(*PingReq)(nil), // 22: PingReq
|
|
|
|
(*PingRes)(nil), // 23: PingRes
|
2021-01-24 23:31:45 +01:00
|
|
|
}
|
|
|
|
var file_pdu_proto_depIdxs = []int32{
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
4, // 0: ListFilesystemRes.Filesystems:type_name -> Filesystem
|
|
|
|
7, // 1: ListFilesystemVersionsRes.Versions:type_name -> FilesystemVersion
|
|
|
|
1, // 2: FilesystemVersion.Type:type_name -> FilesystemVersion.VersionType
|
|
|
|
7, // 3: SendReq.From:type_name -> FilesystemVersion
|
|
|
|
7, // 4: SendReq.To:type_name -> FilesystemVersion
|
|
|
|
9, // 5: SendReq.ReplicationConfig:type_name -> ReplicationConfig
|
|
|
|
10, // 6: ReplicationConfig.protection:type_name -> ReplicationConfigProtection
|
|
|
|
0, // 7: ReplicationConfigProtection.Initial:type_name -> ReplicationGuaranteeKind
|
|
|
|
0, // 8: ReplicationConfigProtection.Incremental:type_name -> ReplicationGuaranteeKind
|
|
|
|
8, // 9: SendCompletedReq.OriginalReq:type_name -> SendReq
|
|
|
|
7, // 10: ReceiveReq.To:type_name -> FilesystemVersion
|
|
|
|
9, // 11: ReceiveReq.ReplicationConfig:type_name -> ReplicationConfig
|
|
|
|
7, // 12: DestroySnapshotsReq.Snapshots:type_name -> FilesystemVersion
|
|
|
|
7, // 13: DestroySnapshotRes.Snapshot:type_name -> FilesystemVersion
|
|
|
|
18, // 14: DestroySnapshotsRes.Results:type_name -> DestroySnapshotRes
|
|
|
|
22, // 15: Replication.Ping:input_type -> PingReq
|
|
|
|
2, // 16: Replication.ListFilesystems:input_type -> ListFilesystemReq
|
|
|
|
5, // 17: Replication.ListFilesystemVersions:input_type -> ListFilesystemVersionsReq
|
|
|
|
17, // 18: Replication.DestroySnapshots:input_type -> DestroySnapshotsReq
|
|
|
|
20, // 19: Replication.ReplicationCursor:input_type -> ReplicationCursorReq
|
|
|
|
8, // 20: Replication.SendDry:input_type -> SendReq
|
|
|
|
13, // 21: Replication.SendCompleted:input_type -> SendCompletedReq
|
|
|
|
23, // 22: Replication.Ping:output_type -> PingRes
|
|
|
|
3, // 23: Replication.ListFilesystems:output_type -> ListFilesystemRes
|
|
|
|
6, // 24: Replication.ListFilesystemVersions:output_type -> ListFilesystemVersionsRes
|
|
|
|
19, // 25: Replication.DestroySnapshots:output_type -> DestroySnapshotsRes
|
|
|
|
21, // 26: Replication.ReplicationCursor:output_type -> ReplicationCursorRes
|
|
|
|
12, // 27: Replication.SendDry:output_type -> SendRes
|
|
|
|
14, // 28: Replication.SendCompleted:output_type -> SendCompletedRes
|
|
|
|
22, // [22:29] is the sub-list for method output_type
|
|
|
|
15, // [15:22] is the sub-list for method input_type
|
|
|
|
15, // [15:15] is the sub-list for extension type_name
|
|
|
|
15, // [15:15] is the sub-list for extension extendee
|
|
|
|
0, // [0:15] is the sub-list for field type_name
|
2021-01-24 23:31:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func init() { file_pdu_proto_init() }
|
|
|
|
func file_pdu_proto_init() {
|
|
|
|
if File_pdu_proto != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !protoimpl.UnsafeEnabled {
|
|
|
|
file_pdu_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ListFilesystemReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ListFilesystemRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*Filesystem); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ListFilesystemVersionsReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ListFilesystemVersionsRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*FilesystemVersion); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*SendReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReplicationConfig); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReplicationConfigProtection); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*Property); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*SendRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*SendCompletedReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*SendCompletedRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReceiveReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReceiveRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*DestroySnapshotsReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*DestroySnapshotRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*DestroySnapshotsRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReplicationCursorReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*ReplicationCursorRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*PingReq); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
file_pdu_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
|
|
|
|
switch v := v.(*PingRes); i {
|
|
|
|
case 0:
|
|
|
|
return &v.state
|
|
|
|
case 1:
|
|
|
|
return &v.sizeCache
|
|
|
|
case 2:
|
|
|
|
return &v.unknownFields
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
file_pdu_proto_msgTypes[19].OneofWrappers = []interface{}{
|
|
|
|
(*ReplicationCursorRes_Guid)(nil),
|
|
|
|
(*ReplicationCursorRes_Notexist)(nil),
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
}
|
2021-01-24 23:31:45 +01:00
|
|
|
type x struct{}
|
|
|
|
out := protoimpl.TypeBuilder{
|
|
|
|
File: protoimpl.DescBuilder{
|
|
|
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
|
|
RawDescriptor: file_pdu_proto_rawDesc,
|
rework resume token validation to allow resuming from raw sends of unencrypted datasets
Before this change, resuming from an unencrypted dataset with
send.raw=true specified wouldn't work with zrepl due to overly
restrictive resume token checking.
An initial PR to fix this was made in https://github.com/zrepl/zrepl/pull/503
but it didn't address the core of the problem.
The core of the problem was that zrepl assumed that if a resume token
contained `rawok=true, compressok=true`, the resulting send would be
encrypted. But if the sender dataset was unencrypted, such a resume would
actually result in an unencrypted send.
Which could be totally legitimate but zrepl failed to recognize that.
BACKGROUND
==========
The following snippets of OpenZFS code are insightful regarding how the
various ${X}ok values in the resume token are handled:
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_send.c#L1947-L2012
- https://github.com/openzfs/zfs/blob/6c3c5fcfbe27d9193cd131753cc7e47ee2784621/module/zfs/dmu_recv.c#L877-L891
- https://github.com/openzfs/zfs/blob/6c3c5fc/lib/libzfs/libzfs_sendrecv.c#L1663-L1672
Basically, some zfs send flags make the DMU send code set some DMU send
stream featureflags, although it's not a pure mapping, i.e, which DMU
send stream flags are used depends somewhat on the dataset (e.g., is it
encrypted or not, or, does it use zstd or not).
Then, the receiver looks at some (but not all) feature flags and maps
them to ${X}ok dataset zap attributes.
These are funnelled back to the sender 1:1 through the resume_token.
And the sender turns them into lzc flags.
As an example, let's look at zfs send --raw.
if the sender requests a raw send on an unencrypted dataset, the send
stream (and hence the resume token) will not have the raw stream
featureflag set, and hence the resume token will not have the rawok
field set. Instead, it will have compressok, embedok, and depending
on whether large blocks are present in the dataset, largeblockok set.
WHAT'S ZREPL'S ROLE IN THIS?
============================
zrepl provides a virtual encrypted sendflag that is like `raw`,
but further ensures that we only send encrypted datasets.
For any other resume token stuff, it shoudn't do any checking,
because it's a futile effort to keep up with ZFS send/recv features
that are orthogonal to encryption.
CHANGES MADE IN THIS COMMIT
===========================
- Rip out a bunch of needless checking that zrepl would do during
planning. These checks were there to give better error messages,
but actually, the error messages created by the endpoint.Sender.Send
RPC upon send args validation failure are good enough.
- Add platformtests to validate all combinations of
(Unencrypted/Encrypted FS) x (send.encrypted = true | false) x (send.raw = true | false)
for cases both non-resuming and resuming send.
Additional manual testing done:
1. With zrepl 0.5, setup with unencrypted dataset, send.raw=true specified, no send.encrypted specified.
2. Observe that regular non-resuming send works, but resuming doesn't work.
3. Upgrade zrepl to this change.
4. Observe that both regular and resuming send works.
closes https://github.com/zrepl/zrepl/pull/613
2022-07-10 14:56:35 +02:00
|
|
|
NumEnums: 2,
|
2021-01-24 23:31:45 +01:00
|
|
|
NumMessages: 22,
|
|
|
|
NumExtensions: 0,
|
|
|
|
NumServices: 1,
|
new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold
- **Resumable Send & Recv Support**
No knobs required, automatically used where supported.
- **Hold-Protected Send & Recv**
Automatic ZFS holds to ensure that we can always resume a replication step.
- **Encrypted Send & Recv Support** for OpenZFS native encryption.
Configurable at the job level, i.e., for all filesystems a job is responsible for.
- **Receive-side hold on last received dataset**
The counterpart to the replication cursor bookmark on the send-side.
Ensures that incremental replication will always be possible between a sender and receiver.
Design Doc
----------
`replication/design.md` doc describes how we use ZFS holds and bookmarks to ensure that a single replication step is always resumable.
The replication algorithm described in the design doc introduces the notion of job IDs (please read the details on this design doc).
We reuse the job names for job IDs and use `JobID` type to ensure that a job name can be embedded into hold tags, bookmark names, etc.
This might BREAK CONFIG on upgrade.
Protocol Version Bump
---------------------
This commit makes backwards-incompatible changes to the replication/pdu protobufs.
Thus, bump the version number used in the protocol handshake.
Replication Cursor Format Change
--------------------------------
The new replication cursor bookmark format is: `#zrepl_CURSOR_G_${this.GUID}_J_${jobid}`
Including the GUID enables transaction-safe moving-forward of the cursor.
Including the job id enables that multiple sending jobs can send the same filesystem without interfering.
The `zrepl migrate replication-cursor:v1-v2` subcommand can be used to safely destroy old-format cursors once zrepl has created new-format cursors.
Changes in This Commit
----------------------
- package zfs
- infrastructure for holds
- infrastructure for resume token decoding
- implement a variant of OpenZFS's `entity_namecheck` and use it for validation in new code
- ZFSSendArgs to specify a ZFS send operation
- validation code protects against malicious resume tokens by checking that the token encodes the same send parameters that the send-side would use if no resume token were available (i.e. same filesystem, `fromguid`, `toguid`)
- RecvOptions support for `recv -s` flag
- convert a bunch of ZFS operations to be idempotent
- achieved through more differentiated error message scraping / additional pre-/post-checks
- package replication/pdu
- add field for encryption to send request messages
- add fields for resume handling to send & recv request messages
- receive requests now contain `FilesystemVersion To` in addition to the filesystem into which the stream should be `recv`d into
- can use `zfs recv $root_fs/$client_id/path/to/dataset@${To.Name}`, which enables additional validation after recv (i.e. whether `To.Guid` matched what we received in the stream)
- used to set `last-received-hold`
- package replication/logic
- introduce `PlannerPolicy` struct, currently only used to configure whether encrypted sends should be requested from the sender
- integrate encryption and resume token support into `Step` struct
- package endpoint
- move the concepts that endpoint builds on top of ZFS to a single file `endpoint/endpoint_zfs.go`
- step-holds + step-bookmarks
- last-received-hold
- new replication cursor + old replication cursor compat code
- adjust `endpoint/endpoint.go` handlers for
- encryption
- resumability
- new replication cursor
- last-received-hold
- client subcommand `zrepl holds list`: list all holds and hold-like bookmarks that zrepl thinks belong to it
- client subcommand `zrepl migrate replication-cursor:v1-v2`
2019-09-11 17:19:17 +02:00
|
|
|
},
|
2021-01-24 23:31:45 +01:00
|
|
|
GoTypes: file_pdu_proto_goTypes,
|
|
|
|
DependencyIndexes: file_pdu_proto_depIdxs,
|
|
|
|
EnumInfos: file_pdu_proto_enumTypes,
|
|
|
|
MessageInfos: file_pdu_proto_msgTypes,
|
|
|
|
}.Build()
|
|
|
|
File_pdu_proto = out.File
|
|
|
|
file_pdu_proto_rawDesc = nil
|
|
|
|
file_pdu_proto_goTypes = nil
|
|
|
|
file_pdu_proto_depIdxs = nil
|
2018-06-20 20:20:37 +02:00
|
|
|
}
|