Commit Graph

6707 Commits

Author SHA1 Message Date
Norman Maurer
2a0f9377ef [#3784] Support hostname verification when using OpenSSLEngine
Motivation:

At the moment hostname verification is not supported with OpenSSLEngine.

Modifications:

- Allow to create OpenSslEngine with peerHost and peerPort informations.
- Respect endPointIdentificationAlgorithm and algorithmConstraints when set and get SSLParamaters.

Result:

hostname verification is supported now.
2015-05-18 08:17:13 +02:00
Scott Mitchell
2419f0c417 HTTP/2 GOAWAY Reference Count Issue
Motiviation:
The Http2ConnectionHandler is incrementing the reference count in the goAway method for the debugData buffer after it has already been sent and maybe consumed. This may result in an IllegalRefCountException to be thrown. The unit tests also encounter buffer leaks because they have not been updated to invoke the listener which releases the buffer in the goAway method.

Modifications:
- The retain() call should be before the frameWriter().writeGoAway(...) call
- The unit tests which call goAway must also invoke the operationComplete(..) method for the listener.

Result:
No IllegalRefCountException. Less buffer leaks in tests.
2015-05-15 10:49:02 -07:00
Stephane Landelle
25b90927f4 Minor ClientCookieDecoder improvements
Motivation:

* Path attribute should be null, not empty String, if it's passed as "Path=".
* Only extract attribute value when the name is recognized.
* Only extract Expires attribute value String if MaxAge is undefined as it has precedence.

Modification:

Modify ClientCookieDecoder.
Add "testIgnoreEmptyPath" test in ClientCookieDecoderTest.

Result:

More idyomatic Path behavior (like Domain).
Minor performance improvement in some corner cases.
2015-05-12 11:25:49 +02:00
Eric Anderson
507b92e64c Add missing SslContextBuilder.forServer(KeyManagerFactory)
Motivation:

keyManager() is required on server-side, and so there is a forServer()
method for each override of keyManager(). However, one of the
forServer() overrides was missing, which meant that if you wanted to use
a KeyManagerFactory you were forced to provide garbage configuration
just to get past null checks.

Modifications:

Add missing override.

Result:

No hacks to use SslContextBuilder on server-side with KeyManagerFactory.
Resolves #3775
2015-05-11 22:11:03 +02:00
Idel Pivnitskiy
9f8e68b10f Update compression dependencies
Motivation:

New versions of compression libraries, which improve their performance and fix some bugs.

Modifications:

Updated versions of jzlib, compress-lzf, lz4 and commons-compres libraries.

Result:

Better stability and performance of compression codecs.
2015-05-11 21:59:30 +02:00
Frederic Bregier
153a9c39d3 Proposal to fix issue #3768 (3.10)
Motivations:
When using HttpPostRequestEncoder and trying to set an attribute if a
charset is defined, currenlty implicit Charset.toStrng() is used, given
wrong format.
As in Android for UTF-16 = "com.ibm.icu4jni.charset.CharsetICU[UTF-16]".

Modifications:
Each time charset is used to be printed as its name, charset.name() is
used to get the canonical name.

Result:
Now get "UTF-16" instead.
(3.10 version)
2015-05-11 06:37:36 +02:00
Stephane Landelle
fb6eae1591 Validate cookie name and value characters
Motivation:

RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters.
In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters.
Drop old Cookie encoders and decoders that were deprecated in 4.1.

Result:

The problem described in the motivation section is fixed.
2015-05-10 21:05:29 +02:00
nmittler
dca6cea78e Scoring loopback addresses as 0 in DefaultChannelId
Motivation:

As described in #3490, [compareAddresses](https://github.com/netty/netty/blob/master/transport/src/main/java/io/netty/channel/DefaultChannelId.java#L182)  seems to allow loopback addresses to score high, disallowing replacing the loopback address.

Modifications:

Changed [scoreAddress](https://github.com/netty/netty/blob/master/transport/src/main/java/io/netty/channel/DefaultChannelId.java#L283) to score loopback addresses as 0.

Result:

Fixes #3490
2015-05-08 13:14:10 -07:00
Scott Mitchell
c88de88c4d ByteString test failure bug
Motivation:
There is an error in the ByteString test logic which is resulting in test failures.

Modifications:
- Fix the loop iteration to use the loop iteration variable instead of a fixed index.

Result:
Tests are less buggy.
2015-05-08 09:44:19 -07:00
Scott Mitchell
02e94090df ALPN/NPN Examples Not using failure behavior compatible with all SslProviders
Motivation:
Examples that are using ALPN/NPN are using a failure mode which is not supported by the JDK SslProvider. The examples fail to run and throw an exception if the JDK SslProvider is used.

Modifications:
- Use SelectorFailureBehavior.NO_ADVERTISE
- Use SelectedListenerFailureBehavior.ACCEPT

Result:
Examples can be run with both OpenSsl and JDK SslProviders.
2015-05-08 09:39:39 -07:00
Eric Anderson
ec00e37c5f Swap to SslContextBuilder in examples
Motivation:

Using factory methods of SslContext is deprecated. Code should be using
SslContextBuilder instead. This would have been done when the old
methods were deprecated, but memcache and http2 examples didn't exist in
the 4.0 branch which the PR was against.

Modifications:

Swap to the new construction pattern.

Result:

No more deprecated warnings during build of examples. Users are
instructed to use the new pattern.
2015-05-07 16:05:06 -07:00
Norman Maurer
d3c1424e72 Fix compile error introduced by cherry-pick edf1eb10d5 2015-05-07 18:43:12 +02:00
Scott Mitchell
c61e50bf4f [#3724] HTTP/2 Headers END_STREAM results in RST_STREAM
Motivation:
If headers are sent on a stream that does not yet exist and the END_STREAM flag is set we will send a RST_STREAM frame. We should send the HEADERS frame and no RST_STREAM.

Modifications:
DefaultHttp2RemoteFlowController should allow frames to be sent if stream is created in the 'half closed (local)' state.

Result:
We can send HEADERS frame with the END_STREAM flag sent without sending a RST_STREAM frame.
2015-05-07 08:31:38 -07:00
nmittler
94f068c1c9 Addressing a few more comments from #3749.
Motivation:

There were a few outstanding comments that were left unaddressed after committing the changes for #3749.

Modifications:

Changes to Http2ConnectionHandler.goAway():

- Retaining the debugData buffer, rather than always converting it to a string immediately.
- Changing log level for sending a GOAWAY with error to debug.

Result:

Remaining comments from #3749 are addressed.
2015-05-07 07:57:04 -07:00
Norman Maurer
edf1eb10d5 Allow rejection of remote initiated renegotiation
Motivation:

To prevent from DOS attacks it can be useful to disable remote initiated renegotiation.

Modifications:

Add new flag to OpenSslContext that can be used to disable it
Adding a testcase

Result:

Remote initiated renegotion requests can be disabled now.
2015-05-07 14:41:35 +02:00
Alwayswithme
04396acb75 ByteBufUtil use IndexOfProcessor to find occurrence.
Motivation:
The way of firstIndexOf and lastIndexOf iterating the ByteBuf is similar to forEachByte and forEachByteDesc, but have many range checks.
Modifications:
Use forEachByte and a IndexOfProcessor to find occurrence.
Result:
eliminate range checks
2015-05-07 09:36:32 +02:00
JongYoon Lim
a8839cc20d Remove duplicated code in AcceptorChannel classes.
Motivation:

NioUdtByteAcceptorChannel and NioUdtMessageAcceptorChannel have almost same code.
For maintainability, it's better to remove it.

Motification:

- Pulled a member(METADATA) and methods(doReadMessage() and metadata() up.
- Added newConnectorChannel().

Result:

Cleaner code.
2015-05-07 06:32:13 +02:00
nmittler
36061c50b1 Allow override of HTTP/2 graceful connection shutdown.
Motivation:

Currently the graceful shutdown of the HTTP/2 connection waits until there are no active streams. There may be use cases that buffer stream creation (due to limits imposed by MAX_CONCURRENT_STREAMS), in which case they may still want those streams to complete before closing.

Modifications:

Added a isGracefulShutdownComplete method to Http2ConnectionHandler, which can be overridden by a subclass.

Result:

Graceful shutdown logic can be overridden.
2015-05-06 14:41:16 -07:00
Norman Maurer
d9ca3a01f1 [#3740] Add missing parentheses so the fix works as expected. 2015-05-06 23:04:06 +02:00
Norman Maurer
71f2e23633 Fix possible IllegalStateException caused by closeNotifyTimeout when using SslHandler
Motivation:

In the SslHandler we schedule a timeout at which we close the Channel if a timeout was detected during close_notify. Because this can race with notify the flushFuture we can see an IllegalStateException when the Channel is closed.

Modifications:

- Use a trySuccess() and tryFailure(...) to guard against race.

Result:

No more race.
2015-05-06 21:50:32 +02:00
Norman Maurer
0615e538c1 Not trigger channelWritabilityChanged if fail messages before close Channel.
Motivation:

We should not trigger channelWritabilityChanged during failing message when we are about to close the Channel as otherwise the use may try again writing even if the Channel is about to get closed.

Modifications:

Add new boolean param to ChannelOutboundBuffer.failFlushed(...) which allows to specify if we should notify or not.

Result:

channelWritabilityChanged is not triggered anymore if we cloe the Channel because of an IOException during write.
2015-05-06 21:38:39 +02:00
Norman Maurer
0f8cf690cb Do not defer closing of Channel when in flush
Motivation:

Previously, we deferred the closing of the Channel when we were flushing. This is problematic as this means that if the user adds a ChannelFutureListener, that will close the Channel, the closing will not happen until we are done with flushing. This can lead to more data is sent than expected.

Modifications:

- Do not defer closing when in flush

Result:

Correctly respect order of events and closing the Channel ASAP
2015-05-06 21:32:30 +02:00
JongYoon Lim
caac01b0f5 Bugfix in channelUDT().
Motivation:

channelUDT() can't handle NioUdtByteRendezvousChannel and NioUdtMessageRendezvousChannel because those are handled by the checking condition of their parent.

Motification:

Reorder checking conditions.

Result:

Bugfixed.
2015-05-06 18:47:52 +02:00
Norman Maurer
a1dfe48870 Fix regression introduced by 08e4b076be. 2015-05-06 17:57:24 +02:00
Norman Maurer
8e6699bb5c Correct semantic of LocalChannel.doWrite(...) and remove memory copy
Motivation:

The semantic of LocalChannel.doWrite(...) were a bit off as it notified the ChannelFuture before the data was actual moved to the peer buffer.

Modifications:

- Use our MPSC queue as inbound buffer
- Directly copy to data to the inbound buffer of the peer and either success or fail the promise after each copy.

Result:

Correct semantic and less memory copies.
2015-05-06 10:44:42 +02:00
Norman Maurer
623b0145c2 Only run OpenSslEngineTests if OpenSsl is installed. Related to [#3732] 2015-05-06 10:42:10 +02:00
Norman Maurer
e33ef7a80e Add support for mutual auth when using OpenSslEngine.
Motivation:

Currently mutual auth is not supported when using OpenSslEngine.

Modification:

- Add support to OpenSslClientContext
- Correctly throw SSLHandshakeException when an error during handshake is detected

Result:

Mutual auth can be used with OpenSslEngine
2015-05-06 09:14:01 +02:00
yz_liu
0196dfa144 fix a typo in RecyclableArrayList 2015-05-06 09:09:06 +02:00
Norman Maurer
08e4b076be [#3709] Ensure all data is read from socket when EPOLLRDUP is received
Motivation:

When EPOLLRDHUP is received we need to try to read at least one time to ensure
that we read all pending data from the socket. Otherwise we may loose data.

Modifications:

- Ensure we read all data from socket
- Ensure file descriptor is closed on doClose() even if doDeregister() throws an Exception.
- Only handle either EPOLLRDHUP or EPOLLIN as only one is needed to detect connection reset.

Result:

No more data loss on connection reset.
2015-05-06 08:46:04 +02:00
Norman Maurer
b3abd58b05 Proper handling of epoll_ctl errors
Motivation:

When using epoll_ctl we should respect the return value and do the right thing depending on it.

Modifications:

Adjust java and native code to respect epoll_ctl return values.

Result:

Correct and cleaner code.
2015-05-06 08:20:45 +02:00
Scott Mitchell
2ab9d659c7 DefaultChannelPipeline needs to release objects
Motiviation:
If user events or excpetions reach the tail end of the pipeline they are not released. This could result in buffer leaks.

Motivation:
- Use the ReferenceCountUtil.release to release objects for the userEventTriggered and exceptionCaught methods on DefaultChannelPipeline

Result:
2 less areas where buffer leaks can occur.
2015-05-06 06:53:56 +02:00
Norman Maurer
879ad145d3 Fix race-condition in SocketSslEchoTest
Motivation:

Because we tried to grab the SSL renegotation future to early we could see test-failures.

Modifications:

Access the future at the correct time.

Result:

No more test-failures.
2015-05-06 06:25:34 +02:00
Norman Maurer
3642fc4818 [#3675] Fix livelock issue in MpscLinkedQueue
Motivation:

All read operations should be safe to execute from multiple threads which was not the case and so could produce a livelock.

Modifications:

Modify methods so these are safe to be called from multiple threads.

Result:

No more livelock.
2015-05-06 06:21:28 +02:00
nmittler
1a2fc90f0f Allowing inbound HTTP/2 frames after sending GOAWAY
Motivation:

If the client closes, a GOWAY is sent with a lastKnownStream of zero (since the remote side never created a stream). If there is still an exchange in progress, inbound frames for streams created by the client will be ignored because our ignore logic doesn't check to see if the stream was created by the remote endpoint. Frames for streams created by the local endpoint should continue to come through after sending GOAWAY.

Modifications:

Changed the decoder's streamCreatedAfterGoAwaySent logic to properly ensure that the stream was created remotely.

Result:

We now propertly process frames received after sending GOAWAY.
2015-05-05 15:03:28 -07:00
nmittler
76afa0c921 Fixing isDone in SimpleChannelPromiseAggregator
Motivation:

The isDone method is currently broken in the aggregator because the doneAllocatingPromises accidentally calls the overridden version of setSuccess, rather than calling the base class version. This causes the base class's version to never be called since allowNotificationEvent will evaluate to false. This means that setSuccess0 will never be set, resulting in isDone always returning false.

Modifications:

Changed setSuccess() to call the base class when appropriate, regardless of the result of allowNotificationEvent.

Result:

isDone now behaves properly for the promise aggregator.
2015-05-05 12:45:57 -07:00
Louis Ryan
f6e1f4947d Have Http2LocalFlowController.consumeBytes indicate whether a WINDOW_UPDATE was written 2015-05-04 13:21:53 -07:00
Trustin Lee
37dc6a41a6 Add more profiles for newer JDK versions
Modifications:

- Add jetty.npn.version.latest and jetty.alpn.version.latest7/8
- Add npn-alpn-7 profile
- Use the *.latest7/8 version properties in alpn-8 and npn-alpn-7
- Add more profiles for newer JDK versions
- Reorder profiles
2015-05-04 14:30:30 +09:00
Trustin Lee
3064e6dba8 Fix missing ResourceLeak.close() in AbstractDnsMessage
Motivation:

ResourceLeak.close() must be called when a reference-counted resource is
deallocated, but AbstractDnsMessage.deallocate() forgot to call it.

Modifications:

Call ResourceLeak.close() for the tracked AbstractDnsMessage instances

Result:

Fix the false resource leak warnings
2015-05-04 12:07:59 +09:00
Trustin Lee
410aa427be Fix a test failure in DnsQueryTest 2015-05-01 12:04:05 +09:00
Trustin Lee
9d505fd24e Reduce the memory requirement of heap dump compression
Motivation:

The current heap dump compression preset (9) requires way too much
memory (768 MiB at maximum for dictionary), resulting in OOME in many
cases.

Modifications:

- Use the default preset (6) which uses 8 MiB dictionary.
- Do not fail abruptly even when OOME has been raised.

Result:

More stable heap dump acquisition
2015-05-01 11:55:06 +09:00
Trustin Lee
2c05a6ed88 Fix the flaky SocketSslEchoTest
Motivation:

The SSL peer who did not initiate renegotiation sometimes does not get
the notification for renegotition due to an unknown reason.

Modification:

Until the exact cause is understood, relax the assertions of the flaky
tests.

Result:

Build stability
2015-05-01 11:50:11 +09:00
Trustin Lee
c27c487dc9 Revamp DNS codec
Motivation:

There are various known issues in netty-codec-dns:

- Message types are not interfaces, which can make it difficult for a
  user to implement his/her own message implementation.
- Some class names and field names do not match with the terms in the
  RFC.
- The support for decoding a DNS record was limited. A user had to
  encode and decode by him/herself.
- The separation of DnsHeader from DnsMessage was unnecessary, although
  it is fine conceptually.
- Buffer leak caused by DnsMessage was difficult to analyze, because the
  leak detector tracks down the underlying ByteBuf rather than the
  DnsMessage itself.
- DnsMessage assumes DNS-over-UDP.
- To send an EDNS message, a user have to create a new DNS record class
  instance unnecessarily.

Modifications:

- Make all message types interfaces and add default implementations
- Rename some classes, properties, and constants to match the RFCs
  - DnsResource -> DnsRecord
  - DnsType -> DnsRecordType
  - and many more
- Remove DnsClass and use an integer to support EDNS better
- Add DnsRecordEncoder/DnsRecordDecoder and their default
  implementations
  - DnsRecord does not require RDATA to be ByteBuf anymore.
  - Add DnsRawRecord as the catch-all record type
- Merge DnsHeader into DnsMessage
- Make ResourceLeakDetector track AbstractDnsMessage
- Remove DnsMessage.sender/recipient properties
  - Wrap DnsMessage with AddressedEnvelope
  - Add DatagramDnsQuest and DatagramDnsResponse for ease of use
  - Rename DnsQueryEncoder to DatagramDnsQueryEncoder
  - Rename DnsResponseDecoder to DatagramDnsResponseDecoder
- Miscellaneous changes
  - Add StringUtil.TAB

Result:

- Cleaner APi
- Can support DNS-over-TCP more easily in the future
- Reduced memory footprint in the default DnsQuery/Response
  implementations
- Better leak tracking for DnsMessages
- Possibility to introduce new DnsRecord types in the future and provide
  full record encoder/decoder implementation.
- No unnecessary instantiation for an EDNS pseudo resource record
2015-05-01 11:34:52 +09:00
Louis Ryan
b122faea68 Remove explicit flushes from HTTP2 encoders, decoders & flow-controllers
Motivation:

Allow users of HTTP2 to control when flushes occur so they can optimize network writes.

Modifications:

Removed explicit calls to flush in encoder, decoder & flow-controller
Connection handler now calls flush on read-complete to enable batching writes in response to reads

Result:

Much less flushing occurs for normal HTTP2 request and response patterns.
2015-04-30 17:44:53 -07:00
Fabian Lange
ea6ba7071d Upgrade twitter hpack dependency
Motivation:
Right now the used hpack dependency does not contain a valid osgi manifest.

Modifications:
Upgrade hpack from 0.10.1 to 0.11.0.

Result:
hpack dependency works in osgi containers without wrapping.
2015-04-30 17:14:33 -07:00
JongYoon Lim
e92c0ae756 Remove the condition which is always true when reached
Motivation:
Condition 'isNextCharDoubleQuote' is always 'true' when reached.

Motification:
- Removed Condition 'isNextCharDoubleQuote'.
- Additionally fixed typo in javadoc

Result:
Cleaner code.
2015-04-30 16:59:12 -07:00
Norman Maurer
d74f96432f [#3218] Add ChannelPool / ChannelPoolMap abstraction and implementations
Motivation:

Many projects need some kind a Channel/Connection pool implementation. While the protocols are different many things can be shared, so we should provide a generic API and implementation.

Modifications:

Add ChannelPool / ChannelPoolMap API and implementations.

Result:

Reusable / Generic pool implementation that users can use.
2015-04-30 12:26:46 +02:00
Ben Evans
2df9cf65af Add support for SCTP 'unordered' flag.
Motivation:

Some SCTP applications require the SCTP unordered flag.
This flag was not exposed by Netty so applications were unable
to use it.

Modifications:

- Add unordered flag to SctpMessage.
- {Nio,Oio}SctpChannel pass unordered flag to MessageInfo on write.
- SctpOutboundByteStreamHandler may optionally request unordered
  delivery for all outbound messages.
- Added test case to SctpEchoTest using unordered flag.

Result:

Fixes #3698. New constructors and methods added to SctpMessage and
SctpOutboundByteStreamHandler, but changes are backward compatible.
2015-04-30 08:46:34 +02:00
JongYoon Lim
3f9a4fdf5e Remove the unreachable checking code
Motivation:
'length2 == 0' is not reachable because length1 and length2 are same at this point.

Motification:
Removed 'length2 == 0'.

Result:
Cleaner code.
2015-04-30 07:36:26 +02:00
Norman Maurer
ca250c8a4b Add support for splice(...)
Motivation:

Linux supports splice(...) to transfer data from one filedescriptor to another without
pass data through the user-space. This allows to write high-performant proxy code or to stream
stuff from the socket directly the the filesystem.

Modification:

Add AbstractEpollStreamChannel.spliceTo(...) method to support splice(...) system call

Result:

Splice is now supported when using the native linux transport.

Conflicts:

	transport-native-epoll/src/main/java/io/netty/channel/epoll/AbstractEpollStreamChannel.java
2015-04-30 07:29:21 +02:00
Scott Mitchell
694eab76eb HTTP/2 Warnings Cleanup
Motiviation:
There are a few spots in the HTTP/2 codec where warnings were generated and can be avoided.

Modifications:
Clean up the cause of the warnings.

Result:
Less warnings.
2015-04-29 11:45:52 -07:00