Commit Graph

6650 Commits

Author SHA1 Message Date
Norman Maurer
83c2d7c43b [#4235] Ensure OpenSslEngine.unwrap(...) / wrap(...) correctly return HandshakeStatus.FINISHED
Motivation:

OpenSslEngine.unwrap(...) / wrap(...) must return HandhsakeStatus.FINISHED if an unwrap or wrap finishes a handshake to behave like descripted in the SSLEngine docs.

Modifications:

- Ensure we return HandshakeStatus.FINISHED

Result:

Behave correctly.
2015-09-24 14:58:15 +02:00
Peeyush Aggarwal
7852057b5d Use NetUtil.LOCALHOST4 instead of InetAddress.getLocalHost()
Motivation:

On ubuntu, InetAddress.getLocalHost() will return 127.0.1.1 this causes some tests to fail.
NetUtil.LOCALHOST4 is more portable.

Modifications:

Made changes in EpollSocketTcpMd5Test to make test passing on ubuntu.

Result:

EpollSocketTcpMd5Test now also passes on ubuntu.
2015-09-24 08:53:38 +02:00
Scott Mitchell
8bc39643cf SelfSignedCertificate configurable valid dates
Motivation:
Users may want to control the valid dates for SelfSignedCertificate.

Modifications:
- Allow NOT_BEFORE and NOT_AFTER to be controlled via java system properties.

Result:
Fixes https://github.com/netty/netty/issues/3978
2015-09-23 17:04:48 -07:00
Norman Maurer
942c4efa50 Upgrade to new os-maven-plugin
Motivation:

The last os-maven-plugin had a bug that sometimes missed to correctly detect fedora based linux.

Modifications:

Upgrade to 1.4.1

Result:

Correctly detect on all fedora based linux.
2015-09-23 08:41:09 +02:00
Norman Maurer
071bfc3f6a Not use RC4 for renegation as it is not supported in more recent java versions.
Motivation:

RC4 is not supported by default in more recent java versions as RC4 is considered insecure. We should not use it in tests as these test will fail on more recent java version.

Modifications:

Use SSL_RSA_WITH_3DES_EDE_CBC_SHA for test.

Result:

Non failing test on more recent java versions.
2015-09-23 08:39:31 +02:00
nmittler
3670898567 Adding client auth to SslContextBuilder
Motivation:

To simplify the use of client auth, we need to add it to the SslContextBuilder.

Modifications:

Added a ClientAuth enum and plumbed it through the builder, down into the contexts/engines.

Result:

Client auth can be configured when building an SslContext.
2015-09-18 12:20:02 -07:00
nmittler
65d481c24c Update Netty to latest netty-tcnative
Motivation:

The latest netty-tcnative fixes a bug in determining the version of the runtime openssl lib.  It also publishes an artificact with the classifier linux-<arch>-fedora for fedora-based systems.

Modifications:

Modified the build files to use the "-fedora" classifier when appropriate for tcnative. Care is taken, however, to not change the classifier for the native epoll transport.

Result:

Netty is updated the the new shiny netty-tcnative.
2015-09-18 12:09:41 -07:00
Scott Mitchell
428c11ea59 SpdyHttpHeaders are not lowercase
Motivation:
According to the SPDY spec https://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3-1#TOC-3.2.1-Request header names must be lowercase. Our predefined SPDY extension headers are not lowercase.

Modifications
- SpdyHttpHeaders should define header names in lower case

Result:
Compliant with SPDY spec, and header validation code does not detect errors for our own header names.
2015-09-16 11:38:52 -07:00
Norman Maurer
da39e601e0 Ensure close caused by write will happen before write promise is notified
Motiviation:

We need to ensure the actual close to the transport takes place before the promsie of the write is notified that triggered it. This is needed as otherwise Channel.isActive(), isOpen() and isWritable() may return true even if the Channel should be closed already.

Modifications:

- Ensure the close takes place first

Result:

ChannelFutureListener will see the correct state of the Channel.
2015-09-16 20:35:34 +02:00
Norman Maurer
7961138f52 [#4205] Correctly set EPOLLOUT flag whe writeBytes(...) was not able to write everything
Motivation:

writeBytes(...) missed to set EPOLLOUT flag when not all bytes were written. This could lead to have the EpollEventLoop not try to flush the remaining bytes once the socket becomes writable again.

Modifications:

- Move setting EPOLLOUT flag logic to one point so we are sure we always do it.
- Move OP_WRITE flag logic to one point as well.

Result:

Correctly try to write pending data if socket becomes writable again.
2015-09-16 07:28:28 +02:00
Norman Maurer
0915b1b215 Support SSLSession.getLocalCertificates() and getLocalPrincipal() when using OpenSSL
Motivation:

SSLSession.getLocalCertificates() and getLocalPrincipal() was not supported when using OpenSSL, which can produce problems when switch from JDK to OpenSSL impl.

Modifications:

Implement SSLSession.getLocalCertificates() and getLocalPrincipal() for OpenSslEngine.

Result:

More consistent behaving between JDK and OpenSSL based SSLEngine.
2015-09-15 12:21:47 +02:00
Norman Maurer
6ac8a7da39 Correctly throw SSLPeerUnverifiedException if peers identity has not been verified
Motivation:

As stated in the SSLSession javadocs getPeer* methods need to throw a SSLPeerUnverifiedException if peers identity has not be verified.

Modifications:

- Correctly throw SSLPeerUnverifiedException
- Add test for it.

Result:

Correctly behave like descripted in javadocs.
2015-09-15 09:57:32 +02:00
Norman Maurer
c73cd35de0 [#3687] Correctly store WebSocketServerHandshaker in Channel attributes
Motivation:

As we stored the WebSocketServerHandshaker in the ChannelHandlerContext it was always null and so no close frame was send if WebSocketServerProtocolHandler was used.

Modifications:

Store WebSocketServerHAndshaker in the Channel attributes and so make it visibile between different handlers.

Result:

Correctly send close frame.
2015-09-15 09:36:50 +02:00
Norman Maurer
08b4c7d6b5 Upgrade jzlib version
Motivation:

A new version of jzlib was released some time ago.

Modifications:

Upgrade to the newest jzlib version.

Result:

Using latest release.
2015-09-15 08:30:15 +02:00
Peeyush Aggarwal
24860e70cc Add support for RFC7413 on linux for server sockets
Motivation:

TCP Fast Open allows data to be carried in the SYN and SYN-ACK packets and consumed by the receiving end during the initial connection handshake, and saves up to one full round-trip time (RTT) compared to the standard TCP, which requires a three-way handshake (3WHS) to complete before data can be exchanged. This commit enables support for TFO on server sockets.

Modifications:

Added new Integer Option TCP_FASTOPEN in EpollChannelOption.
Added getters/setters in EpollServerChannelConfig for TCP_FASTOPEN.
Added way to check if TCP_FASTOPEN is supported on server in Native.
Added setting on socket opt TCP_FASTOPEN if value is set on channel options in doBind in EpollServerSocketChannel.
Enhanced EpollSocketTestPermutation to contain a permutation for server socket containing fast open.

Result:

Users of native-epoll can set TCP_FASTOPEN on server sockets and thus leverage fast connect features of RFC7413 if client is capable of it.
2015-09-09 06:49:13 +02:00
Michael Bildner
e146873740 Do not bother closing SSL enging inbound if the outbound has already been closed.
Motivation:

Invoking the javax.net.ssl.SSLEngine.closeInbound() method will send a
fatal alert and invalidate the SSL session if a close_notify alert has
not been received.
From the javadoc:
If the application initiated the closing process by calling
closeOutbound(), under some circumstances it is not required that the
initiator wait for the peer's corresponding close message. (See section
7.2.1 of the TLS specification (RFC 2246) for more information on
waiting for closure alerts.) In such cases, this method need not be
called.
Always invoking the closeInbound() method without regard to whether or
not the closeOutbound() method has been invoked could lead to
invalidating perfectly valid SSL sessions.

Modifications:

Added an instance variable to track whether the
SSLEngine.closeOutbound() method has been invoked. When the instance
variable is true, the SSLEngine.closeInbound() method doesn't need to be
invoked.

Result:

SSL sessions will not be invalidated if the outbound side has been
closed but a close_notify alert hasn't been received.
2015-09-06 10:00:18 +02:00
Robert Varga
e29ba29337 Add support for RFC2385 on Linux
Motivation:

There are protocols (BGP, SXP), which are typically deployed with TCP
MD5 authentication to protect sessions from being hijacked/torn down by
third parties. This facility is not available on most operating systems,
but is typically present on Linux.

Modifications:

- add a new EpollChannelOption, which is write-only
- teach Epoll(Server)SocketChannel to track which addresses have keys
  associated
- teach Native how to set the MD5 signature keys for a socket

Result:

Users of the native-epoll transport can set MD5 signature keys and thus
leverage RFC-2385 protection on TCP connections.
2015-09-03 08:41:19 +02:00
Norman Maurer
bd928eaa38 [maven-release-plugin] prepare for next development iteration 2015-09-02 08:58:54 +02:00
Norman Maurer
26bbcc38c2 [maven-release-plugin] prepare release netty-4.0.31.Final 2015-09-02 08:57:57 +02:00
Scott Mitchell
71308376ca LocalChannel write when peer closed leak
Motivation:
If LocalChannel doWrite executes while the peer's state changes from CONNECTED to CLOSED it is possible that some promise's won't be completed and buffers will be leaked.

Modifications:
- Check the peer's state in doWrite to avoid a race condition

Result:
All write operations should release, and the associated promise should be completed.
2015-09-01 13:17:05 -07:00
Matteo Merli
fd70dd658e Added debug logging with effective value for io.netty.leakDetection.acquireAndReleaseOnly property
Motivation:
The configurable property value recently added was not logged like others properties.

Modifications:
Added debug log with effective value applied.

Result:
Consistent with other properties
2015-09-01 09:10:14 +02:00
Norman Maurer
3a329f0a48 Remove extra empty line introduced by 0c83542000 2015-08-31 21:19:06 +02:00
Tomas Olvecky
9e7a5693f3 Add TCP_USER_TIMEOUT
Motivation:

See #4174.

Modifications:

Modify transport-native-epoll to allow setting TCP_USER_TIMEOUT.

Result:

Hanging connections that are written into will get timeouted.
2015-08-31 13:54:04 +02:00
Matteo Merli
2d4a8a75bb Additional configuration for leak detection
Motivation:

Leak detector, when it detects a leak, will print the last 5 stack
traces that touched the ByteBuf. In some cases that might not be enough
to identify the root cause of the leak.
Also, sometimes users might not be interested in tracing all the
operations on the buffer, but just the ones that are affecting the
reference count.

Modifications:

Added command line properties to override default values:
 * Allow to configure max number of stack traces to collect
 * Allow to only record retain/release operation on buffers

Result:
Users can increase the number of stack traces to debug buffer leaks
with lot of retain/release operations.
2015-08-30 20:38:35 +02:00
Norman Maurer
09f8e428c3 [#4171] Fix flacky test introduced by previous commit.
Motivation:

SingleThreadEventExecutorTest was flacky.

Modifications:

Fixed flacky test.

Result:

No more test failures
2015-08-29 12:29:19 +02:00
Norman Maurer
4c758fac12 [#2677] Remove unnessary synchronized in SpdySessionHandler
Motivation:

As all methods in the ChannelHandler are executed by the same thread there is no need to use synchronized.

Modifications:

Remove synchronized keyword.

Result:

No more unnessary synchronized in SpdySessionHandler.
2015-08-28 23:13:56 +02:00
Norman Maurer
7d083ef6d6 Use ChannelException when ChannelConfig operation fails in epoll.
Motivation:

In NIO and OIO we throw a ChannelException if a ChannelConfig operation fails. We should do the same with epoll to be consistent.

Modifications:

Use ChannelException

Result:

Consistent behaviour across different transport implementations.
2015-08-28 21:38:12 +02:00
Norman Maurer
b891fcd39c Revert "Consistent naming style for enum"
This reverts commit 4feafc4a52.
2015-08-28 20:50:30 +02:00
Scott Mitchell
e3f1416478 LocalChannelWrite event sequencing issue
Motivation:
https://github.com/netty/netty/pull/4143 addressed a few ordering issues but an ordering issue still remained if the Promise for a write completes, and a listener of that promise does a write on a peer channel. The ordering was subject to how potentially 2 different executors would run a task, but it should be coordinated such that the first write is read first.

Modifications:
- Keep track of the finishPeerRead task run on the executor if necessary and ensure it completes before current channel read occurs

Result:
Ordering of events for echo type situations is preserved.
2015-08-28 11:28:55 -07:00
Scott Mitchell
37eedb60fe LocalChannel Event Ordering Error
Motivation:
When a LocalChannel write operation occurs, the promise associated with the write operation is marked successful when it is added to the peer's queue, but before the peer has actually received the data. If the promise callback closes the channel then a race condition exists where the close event may occur before the data is delivered. We should preserve ordering of events.

Modifications:
- LocalChannel should track when a write is in progress, and if a close operation happens make sure the peer gets all pending read operations.

Result:
LocalChannel preserves order of operations.
Fixes https://github.com/netty/netty/issues/4118
2015-08-28 09:23:31 -07:00
Scott Mitchell
b629b50cf0 Build fails with java 1.8_u60
Motivation:
The alpn / npn dependency versions are dependent on java version. If a java version 1.8+ is used that is not explicitly listed in the pom file then ALPN tests will fail because the java 1.7 version of alpn will be loaded by out pom file.

Modifications:
- Ensure there is a latest version to fall back up for npn 1.7+
- Ensure there is a latest version to fall back upon from alpn 1.8+

Result:
Build can complete despite having a newer jdk which is not listed in our pom file.
2015-08-28 08:57:10 -07:00
Norman Maurer
63014fe118 Allow to get details of the Thread that powers a SingleThreadEventExecutor.
Motivation:

for debugging and metrics reasons its sometimes useful to be able to get details of the the Thread that powers a SingleThreadEventExecutor.

Modifications:

- Expose ThreadProperties
- Add unit test.

Result:

It's now possible to get details of the Thread that powers a SingleThreadEventExecutor.
2015-08-28 15:33:51 +02:00
Norman Maurer
01c29e5cc7 [#4147] Allow to disable recycling
Motivation:

Sometimes it is useful to disable recycling completely if memory constraints are very tight.

Modifications:

Allow to use -Dio.netty.recycler.maxCapacity.default=0 to disable recycling completely.

Result:

It's possible to disable recycling now.
2015-08-28 14:59:05 +02:00
Norman Maurer
1ba087bc86 Upgrade to netty-tcnative-1.3.33.Fork6
Motivation:

A new netty-tcnative bugfix release was released.

Modifications:

Upgrade version.

Result:

Using latest netty-tcnative version
2015-08-28 14:54:00 +02:00
Norman Maurer
dab20ccdb6 Only try to obtain SO_LINGER on close if fd is still open.
Motivation:

When try to get SO_LINGER from a fd that is closed an Exception is thrown. We should only try to get SO_LINGER if the fd is still open otherwise an Exception is thrown that can be ignored anyway.

Modifications:

First check if the fd is still open before try to obtain SO_LINGER setting when get the closeExecutor. This is also the same that we do in the NIO transport.

Result:

No more exception when calling unsafe.close() on a channel that has a closed file descriptor.
2015-08-28 14:50:00 +02:00
Scott Mitchell
09dff41343 Restore derived buffer index/mark updates
Motivation:
As part of the revert process in https://github.com/netty/netty/pull/4138 some index and mark updates were lost.

Modifications:
- Restore the index / mark updates made in https://github.com/netty/netty/pull/3788

Result:
Slice and Duplicate buffers index / marks are correctly initialized.
2015-08-27 10:24:48 -07:00
Scott Mitchell
1525edfde7 OioSctpChannel iterating over selected keys
Motivation:
OioSctpChannel.doReadMessages is iterating over the selected keys, and ignoring each selected key. It is not known why this is needed and no other channel implementation does this.

Modifications:
- Stop iterating over selected keys, and just read like other channels

Result:
No unnecessary iteration in OioSctpChannel.doReadMessages.
Fixes https://github.com/netty/netty/issues/3884
2015-08-27 10:19:29 -07:00
Christopher Probst
93d2e86ed0 Fix race condition of DefaultChannelGroup by introducing a closed flag.
Motivation:

Doc of ChannelGroup says, that it can be used to manage server and child channels at once.
However, in DefaultChannelGroup, there is a race condition. When a server channel accepts a child, it schedules its
registration on an event loop, which takes some time. If the ChannelGroup, which is supposed
to close server and child channels at once, is closed after the child channel has been scheduled
for registration and before this registration actually happens, this child channel is not closed
and remains connected. This could lead to connection leaks.

Modifications:

To fix this, the DefaultChannelGroup is changed to has a closed flag.
This flag is set to true, just before the close() method is actually closing channels.
The add() method checks after adding a new channel, if this flag has been set to true.
If yes, the new channel is closed. If not, we have the guarantee, that this channel will be
closed by the ChannelGroup, because setting the closed flag to true happens-before closing any channels.

This behaviour can be activated by two new constructors. The old constructors are still there and behave like before.
Therefore, no existing code should be affected directly.

Result:

If activating this feature, the DefaultChannelGroup can be used, for managing server and child channels at once.
But this activating this feature means also, that a ChannelGroup cannot be reused after calling close().
2015-08-27 09:48:56 +02:00
Norman Maurer
b960939ea0 [#4110] Correct javadocs of MpscLinkedQueue
Motivation:

The javadocs are incorrect and so give false impressions of use-pattern.

Modifications:

- Fix javadocs of which operations are allowed from multiple threads concurrently.
- Let isEmpty() work concurrently.

Result:

Correctly document usage-patterns.
2015-08-27 09:09:17 +02:00
Scott Mitchell
ccaec7ed77 UNSAFE.throwException null arg crashes JVM
Motivation:
It has been observed that passing a null argument to Unsafe.throwException can crash the JVM.

Modifications:
- PlatformUnsafe0.throwException should honor http://docs.oracle.com/javase/specs/jls/se8/html/jls-14.html#jls-14.18 and throw a NPE

Result:
No risk of JVM crashing for null argument.
Fixes https://github.com/netty/netty/issues/4131
2015-08-26 23:47:10 -07:00
Norman Maurer
fb0fe111ac [#4127] Correctly set traffic class and so linger.
Motivation:

The method implementions for setSoLinger(...) and setTrafficClass(...) were swapped by mistake.

Modifications:

Use the correct implementation for setSoLinger(...) and setTrafficClass(...)

Result:

Correct behaviour when setSoLinger(...) and setTrafficClass(...) are used with the epoll transport.
2015-08-27 08:27:44 +02:00
Scott Mitchell
33001e84ff Revert "Add PooledSlicedByteBuf and PooledDuplicatedByteBuf"
Motivation:
Currently the "derived" buffer will only ever be recycled if the release call is made on the "derived" object, and the "wrapped" buffer ends up being "fully released" (aka refcount goes to 0). From my experience this is not the common use case and thus the "derived" buffers will not be recycled.

Modifications:
- revert https://github.com/netty/netty/pull/3788

Result:
Less complexity, and less code to create new objects in majority of cases.
2015-08-26 13:23:42 -07:00
Norman Maurer
5b4a96a7ac [#4087] Correctly forward bytes when remove codec and handle channelInactive / channelReadComplete(...)
Motivation:

We missed to correctly implement the handlerRemoved(...) / channelInactive(...) and channelReadComplete(...) method, this leaded to multiple problems:

 - Missed to forward bytes when the codec is removed from the pipeline
 - Missed to call decodeLast(...) once the Channel goes in active
 - No correct handling of channelReadComplete that could lead to grow of cumulation buffer.

Modifications:

- Correctly implement methods and forward to the internal ByteToMessageDecoder
- Add unit test.

Result:

Correct behaviour
2015-08-21 18:26:05 +02:00
Norman Maurer
a0bde17eff Backport ipfilter handler
Motivation:

The ipfilter handler does not exists in 4.0 yet.

Modifications:

Backport the ipfilter from 4.1 to 4.0.

Result:

It's possible to use the ipfilter handler in 4.0 as well.
2015-08-21 08:10:14 +02:00
Norman Maurer
16d136dc55 [#4079] Fix IllegalStateException when HttpContentEncoder is used and 100 Continue response is used.
Motivation:

Whe a 100 Continue response was written an IllegalStateException was produced as soon as the user wrote the following response. This regression was introduced by 41b0080fcc.

Modifications:

- Special handle 100 Continue responses
- Added unit tests

Result:

Fixed regression.
2015-08-21 07:53:45 +02:00
Norman Maurer
9a445206ca [#4095] Correctly handle Upgrade responses with special handling of Hixie 76
Motivation:

Hixie 76 needs special handling compared to other connection upgrade responses. Our detection code of non websocket responses did actually always use the special handling that only should be used for Hixie 76 responses.

Modifications:

Correctly detect connection upgrade responses which are not for websockets.

Result:

Be able to upgrade connections for other protocols then websockets.
2015-08-21 07:21:09 +02:00
fei wong reed
24bcc11095 Correct OSGi manifests in source jars
Related: #3886

Motivation:

We were including OSGi manifests in sources/javadoc JARs, and OSGi
container treats them as correct dependencies when resolving from OBR
repository, which is incorrect. Runtime fails with non-descriptive
ClassNotFoundException as a result.

Modifications:

- Do not include the OSGi manifests in sources/javadoc JARs
- Include Eclipse-related manifest entries in sources/javadoc JARs

Result:

Better OSGi compatibility
2015-08-21 12:59:06 +09:00
Scott Mitchell
89fb9e0a5a HttpUtil class for Http specific utilities
Motivation:
The HTTP specification defines specific request-targets in https://tools.ietf.org/html/rfc7230#section-5.3. Netty does not have a way to distinguish between these differnt types, and there is currently no obvious location where these types of methods would live.

Modifications:
- Add methods to distinguish request-targets as defined in https://tools.ietf.org/html/rfc7230#section-5.3

Result:
Common utitlity methods exist to inpsect request-targets.
2015-08-20 09:57:58 -07:00
Scott Mitchell
0faf217fb3 StringUtil not closing Formatter
Motivation:
The StringUtil class creates a Formatter object, but does not close it. There are also a 2 utility methods which would be generally useful.

Modifications:
- Close the Formatter
- Add length and isNullOrEmpty

Result:
No more resource leaks. Additional utility methods.
2015-08-20 09:47:42 -07:00
Vineet Garg
e078dfb1b5 Fixes infinite loop during handshake in SslHandler in Android devices
Motivation:

On Android devices with version less than Lollipop, HarmonyJSSE is used for SSL. After completion of handshake, handshake status is NOT_HANDSHAKING instead of FINISHED. Also encrypting empty buffer after handshake should cause underflow exception and produce 0 bytes, but here it happily encrypts it causing for loop to never break

Modification:

Since 0 bytes should only be consumed in handshake process. Added a condition to break loop when 0 bytes are consumed and handshake status is NOT_HANDSHAKING

Result:

Sucessful ssl handshake on Android devices, no infinite loop now
2015-08-19 22:12:27 +02:00