3380 Commits

Author SHA1 Message Date
Norman Maurer
ef3a31d6ab [maven-release-plugin] prepare for next development iteration 2015-05-08 10:21:13 +02:00
Norman Maurer
4e7c962aa3 [maven-release-plugin] prepare release netty-3.9.7.Final netty-3.9.7.Final 2015-05-08 10:21:08 +02:00
Stephane Landelle
52b80e50de Validate cookie name and value characters
Motivation:

RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

Backport new RFC6265 compliant Cookie parsers in cookie subpackage.
Deprecate old Cookie encoders and decoders that will be dropped in 5.0.

Result:

The problem described in the motivation section is fixed.
2015-05-08 10:14:36 +02:00
Hugues Bruant
1fb6c7e115 Fix overzealous assertion in SslHandler.decode
Motivation:

This AE was seen in the wild at a non-negligible rate among AeroFS
clients (JDK 8, TLS 1.2, mutual auth with RSA certs).

Upon examination of SslHandler's code a few things became apparent:

- the AE is unnecessary given the contract of decode()
- the AE was introduced between 3.8 and 3.9
- the AE is no longer present in in 4.x and master
- branches that do not have the AE skip all the bytes being fed to
  unwrap()

It is not entirely clear what sequence of SSL records can trip the
assert but it seems to happen before the handshake is completed. The
little detailed data we've been able to gather shows the assert being
triggered when

- SSLEngine.unwrap returns NEED_WRAP
- the remaining buffer is a TLS heartbeat record

Likewise, it is not entirely clear if skipping the remaining bytes is
the right thing to do or if they should be fed back to unwrap.

Modifications:

Mirror behavior in newer versions by removing the assert and skipping
bytes fed to unwrap()

Add logging in an effort to get a better understanding of this corner
case.

Result:

Avoid crashes
2015-04-15 15:41:31 +09:00
Trustin Lee
c44c5a0453 [maven-release-plugin] prepare for next development iteration 2014-12-17 13:07:25 +09:00
Trustin Lee
f2fdcc9d4f [maven-release-plugin] prepare release netty-3.9.6.Final netty-3.9.6.Final 2014-12-17 13:07:17 +09:00
luofucong
f0503ffb02 Prevent the potential concurrency hazard of the initialization in AbstractNioBoss(Worker)Pool.
Motivation:
During the reading of the source codes of Netty 3.9.5.Final, I thought there might have a lurking concurrency bug in the AbstractNioBossPool#init method, of which a single volatile variable cannot correctly control the initialization sequence happened exactly only once under concurrency environment. Also I found there's already a much more elegant and concurrency safe way to do the work like this, I decided to make this PR. (Please refer to the discussion in https://github.com/netty/netty/issues/3249.)

Modifications:
Change the type of the variable that control the initialization from "volatile boolean" to "final AtomicBoolean".

Result:
The potential concurrency hazard of the initialization in AbstractNioBoss(Worker)Pool will be eliminated.
2014-12-16 17:46:58 +01:00
Frederic Bregier
ff9a6e0499 Fix AbstractDiskHttpData int conversion from long
Motivations:
The chunkSize might be oversized after comparison (size being > of int capacity) if file size is bigger than an integer.

Modifications:
Changing the type to long fix the issue.

Result:
There is no more int oversized.
2014-12-08 08:06:37 +01:00
Trustin Lee
03a775a71d Use Triple DES in JdkSslContext cipher suite list.
Related:
- d6c3b3063fc367791dbddb76220110d864e5c5f8
- Original author: @grahamedgecombe

Motivation:

JdkSslContext used SSL_RSA_WITH_DES_CBC_SHA in its cipher suite list.
OpenSslServerContext used DES-CBC3-SHA in the same place in its cipher suite
list, which is equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA.

This means the lists were out of sync. Furthermore, using
SSL_RSA_WITH_DES_CBC_SHA is not desirable as it uses DES, a weak cipher. Triple
DES should be used instead.

Modifications:

Replace SSL_RSA_WITH_DES_CBC_SHA with SSL_RSA_WITH_3DES_EDE_CBC_SHA in
JdkSslContext.

Result:

The JdkSslContext and OpenSslServerContext cipher suite lists are now in sync.
Triple DES is used instead of DES, which is stronger.
2014-11-28 15:32:13 +09:00
Trustin Lee
7d9125ed8f Remove or de-prioritize RC4 from default cipher suites
Motivation:

RC4 is not a recommended cipher suite anymore, as the recent research
reveals, such as:

- http://www.isg.rhul.ac.uk/tls/

Modifications:

- Remove most RC4 cipher suites from the default cipher suites
- For backward compatibility, leave RC4-SHA, while de-prioritizing it

Result:

Potentially safer default
2014-11-25 17:24:30 +09:00
Trustin Lee
4772989ddd HTTP Content Encoder allow EmptyLastHttpContent
Related: #3107, origianlly written by @Scottmitch

Motiviation:
The HttpContentEncoder does not account for an EmptyLastHttpContent
being provides as input. This is useful in situations where the client
is unable to determine if the current content chunk is the last content
chunk (i.e. a proxy forwarding content when trnasfer encoding is
chunked)

Modifications:

- HttpContentEncoder should not attempt to compress empty HttpContent
  objects.

Result:

HttpContentEncoder supports a EmptyLastHttpContent to terminate the
response.
2014-11-20 15:25:05 +09:00
Trustin Lee
3451bce17f Backport ZlibTest and fix the bugs revealed
Related: #3107

Motivation:

ZlibEn/Decoder and JdkZlibEncoder in 3.9 do not have any unit tests.
Before applying any patches, we should backport the tests in 4.x so that
we can make sure we do not break anything.

Modification:

- Backport ZlibTest and its subtypes
  - Remove the test for automatic GZIP header detection because the
    ZlibDecoders in 3.9 do not have that feature
- Initialize JdkZlibEncoder.out and crc only when necessary for reduced
  memory footprint
- Fix the bugs in the ZlibEncoders where it fails to compress correctly
  when there are not enough room in the output buffer

Result:

We are more confident when we make changes in ZlibEncoder/Decoder
Bugs have been squashed
2014-11-20 15:19:56 +09:00
Jeff Pinner
e30c4fc70f SPDY: add support for pushed resources in SpdyHttpDecoder
Motivation:

The SPDY/3.1 spec does not adequate describe how to push resources
from the server. This was solidified in the HTTP/2 drafts by dividing
the push into two frames, a PushPromise containing the request,
followed by a Headers frame containing the response.

Modifications:

This commit modifies the SpdyHttpDecoder to support pushed resources
that are divided into multiple frames. The decoder will accept a
pushed SpdySynStreamFrame containing the request headers, followed by
a SpdyHeadersFrame containing the response headers.

Result:

The SpdyHttpDecoder will create an HttpRequest object followed by an
HttpResponse object when receiving pushed resources.
2014-11-17 17:59:47 +01:00
Trustin Lee
1c59157b3e Disable SSLv3 (POODLE)
Related: #3131

Motivation:

To prevent users from accidentally enabling SSLv3 and making their
services vulnerable to POODLE, disable SSLv3 when SSLEngine is
instantiated via SslContext.

Modification:

- Disable SSLv3 for JdkSslContext and OpenSslServerContext

Result:

Saner default set of protocols
2014-11-12 16:06:38 +09:00
Trustin Lee
5f80c48eed Backport the new methods and bug fixes in NetUtil
Related:

- 37a6f5ed5dd56284ec37e14e0554e912f84426a1

Motivation:

Minimize the backport cost by synchronizing NetUtil between 3.9 and 4.x

Modifications:

- Backport the bug fixes in NetUtil
- Backport the new IP address methods in NetUtil

Result:

- New useful methods in NetUtil
- Easier to backport the future bug fixes
2014-11-12 12:24:30 +09:00
Trustin Lee
55c2701120 Work around the Javadoc failure in JDK 8
Motivation:

Since JDK 1.8, javadoc has enabled a new feature called 'doclint', which
fails the build when javadoc has markup problems and more.

Modifications:

Do not fail the build until we fix our API documentation.

Result:

No more build failure because of malformed Javadoc
2014-11-12 01:10:05 +09:00
Trustin Lee
d708a13d67 Rename from 'The Netty project' to 'Netty'
Motivation:

Sonar uses the project name in the pom.xml as the project name. (no pun
intended) 4.x and master uses 'Netty' as the project name, so we should
be consistent.

Modifications:

Rename the project from 'The Netty project' to 'Netty'

Result:

Prettier SonarQube result
2014-11-03 20:12:16 +09:00
Trustin Lee
b644c0096d Remove the unused .travis.yml 2014-11-01 23:04:07 +09:00
Trustin Lee
b804c9c34f [maven-release-plugin] prepare for next development iteration 2014-10-30 19:59:35 +09:00
Trustin Lee
977692b19b [maven-release-plugin] prepare release netty-3.9.5.Final netty-3.9.5.Final 2014-10-30 19:59:19 +09:00
Trustin Lee
d5264ebe85 Remove 'Content-Length' header from a chunked HTTP response
Related: #3076

Motivation:

When a user writes a chunked HTTP response with a Content-Length header,
the HttpContentEncoder should remove the Content-Length header because
the length of the encoded content is supposed to be different from the
original one.

Actually, HttpContentEncoder currently never touches the Content-Length
header when the response is chunked.

Modifications:

- Remove the Content-Length header when an HTTP response being encoded
  is chunked
- Add a test case

Result:

HttpContentEncoder sanitizes the Content-Length header properly.
2014-10-30 19:42:02 +09:00
Trustin Lee
ee168cc97c Fix build issues
Motivation:

When a the surefire plugin launches a new JVM, it does not specify any
limit on its maximum heap size.  In a machine with less RAM, this is a
problem because it often tries to consume too much RAM.

Modifications:

- Specify -Xmx256m option when running a test
- Fix a build failure due to the outdated APIviz

Result:

Higher build stability
2014-10-30 17:59:38 +09:00
Frederic Bregier
bbbcb9a706 V3.9 - Fix "=" character in HttpPostRequestDecoder
Motivation
Issue #3004 shows that "=" character was not supported as it should in
the HttpPostRequestDecoder in form-data boundary.

Modifications:
Add 2 methods in StringUtil

split with maxParm argument: String split with max parts only (to prevent multiple '=' to
be source of extra split while not needed)
substringAfter: String part after delimiter (since first part is not needed)
Use those methods in HttpPostRequestDecoder. Change and the
HttpPostRequestDecoderTest to check using a boundary beginning with "=".

Results:
The fix implies more stability and fix the issue.
2014-10-22 14:07:29 +09:00
Norman Maurer
c46b11f1ad [#2931] Only cancel SelectionKey if connection is not pending
Motivation:

We must only cancel the SelectionKey if the connection is not pending while try to workaround the epoll bug, otherwise we may fail to notify the future later.

Modifications:

Check if the connection is pending before cancel the SelectionKey.

Result:

Only cancel correct SelectionKeys and so also make sure the futures are notified.
2014-10-01 14:16:24 +02:00
kerr
6d3bb59598 Change the operator order of TrafficCounter to calculate the throughput to get the correct result
Motivation:
Currently the last read/write throughput is calculated by first division,this will be 0 if the last read/write bytes < interval,change the order will get the correct result

Modifications:
Change the operator order from first do division to multiplication

Result:
Get the correct result instead of 0 when bytes are smaller than interval
2014-10-01 06:46:37 +02:00
Frederic Bregier
3a3552c40a Fix overriden methos not called
Motivation:
channelConnected was override but super was never called, while it
should. It prevents next handlers to be informed of the connection.
Also add one missing information in the toString method.

Modifications:
Add the super corresponding call, and add checkInterval  to the
toString() method

Result;
Now, if the channelConnected method is correctly passed to the the next
handler.
2014-09-22 11:08:25 +02:00
Norman Maurer
cfa1074285 [#2426] Not cause busy loop when interrupt Thread of AbstractNioSelector
Motivation:
Because Thread.currentThread().interrupt() will unblock Selector.select() we need to take special care when check if we need to rebuild the Selector. If the unblock was caused by the interrupt() we will clear it and move on as this is most likely a bug in a custom ChannelHandler or a library the user makes use of.

Modification:
Clear the interrupt state of the Thread if the Selector was unblock because of an interrupt and the returned keys was 0.

Result:
No more busy loop caused by Thread.currentThread().interrupt()
2014-09-12 07:51:40 +02:00
Trustin Lee
7569aa6404 [maven-release-plugin] prepare for next development iteration 2014-08-26 17:16:17 +09:00
Trustin Lee
79c0e1ee6b [maven-release-plugin] prepare release netty-3.9.4.Final netty-3.9.4.Final 2014-08-26 17:16:10 +09:00
Trustin Lee
534840a696 Fix a bug in CIDR.contains(InetAddress) implementations
Related issue: #2767

Motivation:

CIDR.contains(InetAddress) implementations should always return true
when the CIDR's prefix length is 0.

Modifications:

- Make CIDR.contains(InetAddress) return true if the current cidrMask is
  0
- Add tests

Result:

Fixed the issue #2767
2014-08-26 16:29:54 +09:00
Trustin Lee
907d38e9fe Add io.netty.noJdkZlibEncoder system property
Related issue: #2821

Motivation:

There's no way for a user to change the default ZlibEncoder
implementation.

Modifications:

Add a new system property 'io.netty.noJdkZlibEncoder'.
Use JZlib-based encoder if windowBits or memoryLevel is different from
the JDK default.

Result:

A user can tell HttpContentCompressor not to use JDK ZlibEncoder even if
the current Java version is 7+.
2014-08-26 16:05:25 +09:00
Frédéric Brégier
2a0d8818f1 Minimal fix on waiting time in TrafficShaping test
Motivation:
Possibly due to very small time (< 100ms), the trafficShaping time might be a bit high in rare condition.

Modification:
Remove extra time (only stepms is kept, not minimalms).

Result:
Time shall be ok now.
2014-08-24 11:25:12 +02:00
fredericBregier
0258772deb Fix for issue #2765 relative to unstable trafficshaping test procedure
Motivation:
The test procedure is unstable due to not enough precise timestamping
during the check.

Modifications:
Reducing the test cases and cibling "stable" test ("timestamp-able")
bring more stability to the tests.

Result:
Tests for TrafficShapingHandler seem more stable (whatever using JVM 6,
7 or 8).

Renaming to:
	src/test/java/org/jboss/netty/handler/traffic/TrafficShapingHandlerTest.java
2014-08-16 19:58:48 +02:00
Frédéric Brégier
ad75ee5550 Update TrafficShapingTest.java 2014-08-16 18:28:42 +02:00
Frédéric Brégier
7d4d17b217 Correct name
Motivation:
Wrong name!

Modification:
Change name

Result:
Compile ok
2014-08-16 18:28:17 +02:00
Frédéric Brégier
7ff9a43271 Fix for issue #2765 relative to unstable test
Fix for issue #2765 relative to unstable trafficshaping test procedure

Motivation:
The test procedure is unstable due to not enough precise timestamping during the check.

Modifications:
Reducing the test cases and cibling "stable" test ("timestamp-able") bring more stability to the tests.

Result:
Tests for TrafficShapingHandler seem more stable (whatever using JVM 6, 7 or 8).
Same version as in 4.0, 4.1 and Master.
2014-08-16 18:24:35 +02:00
Frédéric Brégier
f6ce33f9a5 Better fix for TrafficShapingHandlerTest
Motivation:
The test procedure is unstable when testing quick time (factor less or equal to 1). Changing to default 10ms in this case will force time to be correct and time to be checked only when factor is >= 2.

Modifications:
When factor is <= 1, minimalWaitBetween is 10ms

Result:
Hoping this version is finally stable.
2014-08-16 18:13:24 +02:00
fredericBregier
96f008b821 [#2749] Improve Traffic Shaping handler
Motivation:
Currently Traffic Shaping is using 1 timer only and could lead to
"partial" wrong bandwidth computation when "short" time occurs between
adding used bytes and when the TrafficCounter updates itself and finally
when the traffic is computed.
Indeed, the TrafficCounter is updated every x delay and it is at the
same time saved into "lastXxxxBytes" and set to 0. Therefore, when one
request the counter, it first updates the TrafficCounter with the added
used bytes. If this value is set just before the TrafficCounter is
updated, then the bandwidth computation will use the TrafficCounter with
a "0" value (this value being reset once the delay occurs). Therefore,
the traffic shaping computation is wrong in rare cases.

Secondly the traffic shapping should avoid if possible the "Timeout"
effect by not stopping reading or writing more than a maxTime, this
maxTime being less than the TimeOut limit.

Use same algorithm than in V4 and V5.

Modifications:
The TrafficCounter has 2 new methods that compute the time to wait
according to read or write) using in priority the currentXxxxBytes (as
before), but could used (if current is at 0) the lastXxxxxBytes, and
therefore having more chance to take into account the real traffic.

Moreover the Handler could change the default "max time to wait", which
is by default set to half of "standard" Time Out (30s:2 = 15s).

Include a test as in V4 but limited in the example to Nio.

Result:
The Traffic Shaping is better take into account (no 0 value when it
shouldn't) and it tries to not block traffic more than Time Out event.

This version is for V3.9 but could simply be port to V4.X and Master.
2014-08-13 01:49:27 +02:00
Trustin Lee
50c948cce3 [maven-release-plugin] prepare for next development iteration 2014-08-06 11:54:18 -07:00
Trustin Lee
617d376dc0 [maven-release-plugin] prepare release netty-3.9.3.Final netty-3.9.3.Final 2014-08-06 11:54:14 -07:00
Trustin Lee
788d3dea42 Additional fix for lost first WebSocket frame after handshake
Related issue: #2179

Motivation:

Previous fix e71cbb9308bf8788e1e0fb8db99766d89156386d was not enough.

Modifications:

- Add more test cases for WebSocket handshake
- Fix a bug in HttpMessageDecoder where it does not always enter
  UPGRADED state
- Fix incorrect decoder replacement logic in WebSocketClientHandshaker
  implementations
  - Add WebSocketClientHandshaker.replaceDecoder() as a helper

Result:

We never lose the first WebSocket frame for all WebSocket protocol
versions.
2014-08-06 11:10:12 -07:00
Trustin Lee
c5e1ab6403 Checkstyle 2014-08-05 18:11:24 -07:00
Trustin Lee
8321035684 Remove StackTraceSimplifier
Related issue: #2735

Motivation:

When an application is under load and experiencing a lot of failure, the
instantiation of DefaultExceptionEvent spends noticeable amount of time
because of StackTraceSimplifier.

Also, StackTraceSimplifier makes people sometimes confused because it
hides the execution path partially.

Modifications:

Remove the use of StackTraceSimplifier

Result:

JVM spends much less time at Throwable.getStackTrace()
2014-08-05 18:03:15 -07:00
Trustin Lee
2b16d9f670 Fix the dead lock while failing SSL pending writes on a closed channel
Related issue: #2093

Motivation:

When a channel with SslHandler is closed with pending writes (either
unencrypted or encrypted), SslHandler.channelClosed() attempts to
acquire a lock and fail the futures of the pending writes.

If a user added a listener to any of the failed futures and the listener
attempts to write something, it will make SslHandler.handleDownstream()
invoked, which also attempts to acquire the same lock.

Because the lock is non-reentrant, even if these two lock acquisitions
are taking place in the same thread, the second attempt will block for
ever.

Modification:

Do not fail the futures while holding a lock.  Notify them after
releasing the lock.

Result:

One less dead lock
2014-08-05 17:35:11 -07:00
Trustin Lee
2c17b75a99 Fix a bug where SpdySession.getActiveStreams() returns incorrect set
Related issue: #2742

Motivation:

When there are more than one stream with the same priority, the set
returned by SpdySession.getActiveStream() will not include all of them,
because it uses TreeSet and only compares the priority of streams. If
two different streams have the same priority, one of them will be
discarded by TreeSet.

Modification:

- Rename getActiveStreams() to activeStreams()
- Replace PriorityComparator with StreamComparator

Result:

Two different streams with the same priority are compared correctly.
2014-08-05 16:47:39 -07:00
Trustin Lee
386a06dbfa HttpContentCompressor doesn't need to generate anything if Content-Length is 0
Motivation:

When Content-Encoding is deflate or gzip and Content-Length is 0,
there's no need to generate an empty stream (e.g. 20-byte gzip stream).
We can just produce nothing. At least, it works fine with most modern
browsers. Also, we can skip the instantiation of an encoder entirely by
instantiating it lazily.

Modifications:

Backport HttpContentEncoderTest from 4.0
Add similar tests for HttpContentCompressor to ensure the same tests
work with compression.

Result:

Fixes issue #2321
2014-08-05 15:22:24 -07:00
Trustin Lee
9efe48fc3a Do not issue a handshake when an SSLEngine is closing/closed
Motivation:

We sometimes get the following exception:

javax.net.ssl.SSLException: SSLEngine is closing/closed
  at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:692)
  at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:734)
  at org.jboss.netty.handler.ssl.SslHandler.handshake(SslHandler.java:433)
  at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1233)
  at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:668)

.. which is triggered when we attempt to issue a handshake even if the
SSLEngine is closed (or being closed).

We don't really need to initiate handshake if:

- SSLEngine is closed already.
- Connection is closed already

Modifications:

Add a boolean parameter to unwrap() and unwrapNonApp() to suppress the
invocation of handshake() when SSLEngine or connection is closed
already.
2014-08-05 11:44:15 -07:00
Trustin Lee
ba84e44660 Fix a bug where ChannelFuture.setFailure(null) doesn't fail
Motivation:

We forgot to do a null check on the cause parameter of
ChannelFuture.setFailure(cause)

Modifications:

Add a null check

Result:

Fixed issue: #2728
2014-08-05 11:21:11 -07:00
Norman Maurer
6c0429391e [#2732] HttpRequestEncoder may produce invalid uri if uri parameters are included.
Motivation:

If the requests contains uri parameters but not path the HttpRequestEncoder does produce an invalid uri while try to add the missing path.

Modifications:

Correctly handle the case of uri with paramaters but no path.

Result:

HttpRequestEncoder produce correct uri in all cases.
2014-08-05 09:37:22 +02:00
Trustin Lee
9412ace4ee [#2718] Add private key decryption to JdkSslServerContext
Backported: d9cccccbb3344997e016e6a3603126ce65705c4d

Motivation:

Currently it is not possible to load an encrypted private key when
creating a JDK based SSL server context.

Modifications:

- Added static method to JdkSslServerContext which handles key spec
  generation for (encrypted) private keys and make use of it.
- Added tests for creating a SSL server context based on a (encrypted)
  private key.

Result:

It is now possible to create a JDK based SSL server context with an
encrypted (password protected) private key.
2014-08-04 10:43:27 -07:00