Merge branch 'anders/diameter/hardening/OTP-11721' into maint

* anders/diameter/hardening/OTP-11721:
  Simplify example server
  Make example server answer unsupported requests with 3001
  Make example code quiet
  Don't count messages on arbitrary keys
  Replace traffic-related log reports with no-op function calls

1 files changed, 60 insertions, 67 deletions

diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl
index 32e1b91966..31e570ae20 100644
--- a/lib/diameter/src/base/diameter_peer_fsm.erl
+++ b/lib/diameter/src/base/diameter_peer_fsm.erl
@@ -283,7 +283,7 @@ handle_info(T, #state{} = State) ->
         ok ->
             {noreply, State};
         #state{state = X} = S ->
-            ?LOGC(X =/= State#state.state, transition, X),
+            ?LOGC(X /= State#state.state, transition, X),
             {noreply, S};
         {stop, Reason} ->
             ?LOG(stop, Reason),
@@ -293,15 +293,11 @@ handle_info(T, #state{} = State) ->
             {stop, {shutdown, T}, State}
     catch
         exit: {diameter_codec, encode, T} = Reason ->
-            incr_error(send, T),
+            incr_error(send, T, State#state.dictionary),
             ?LOG(stop, Reason),
-            %% diameter_codec:encode/2 emits an error report. Only
-            %% indicate the probable reason here.
-            diameter_lib:info_report(probable_configuration_error,
-                                     insufficient_capabilities),
             {stop, {shutdown, Reason}, State};
         {?MODULE, Tag, Reason}  ->
-            ?LOG(Tag, {Reason, T}),
+            ?LOG(stop, Tag),
             {stop, {shutdown, Reason}, State}
     end.
 %% The form of the throw caught here is historical. It's
@@ -477,12 +473,12 @@ send_CER(#state{state = {'Wait-Conn-Ack', Tmo},
         orelse
         close({already_connected, Remote, LCaps}),
     CER = build_CER(S),
-    ?LOG(send, 'CER'),
     #diameter_packet{header = #diameter_header{end_to_end_id = Eid,
                                                hop_by_hop_id = Hid}}
         = Pkt
         = encode(CER, Dict),
     send(TPid, Pkt),
+    ?LOG(send, 'CER'),
     start_timer(Tmo, S#state{state = {'Wait-CEA', Hid, Eid}}).
 
 %% Register ourselves as connecting to the remote endpoint in
@@ -527,7 +523,6 @@ recv(#diameter_packet{header = #diameter_header{} = Hdr}
      = S) ->
     Name = diameter_codec:msg_name(Dict0, Hdr),
     Pid ! {recv, self(), Name, Pkt},
-    diameter_stats:incr({msg_id(Name, Hdr), recv}), %% count received
     rcv(Name, Pkt, S);
 
 recv(#diameter_packet{header = undefined,
@@ -554,42 +549,30 @@ recv(#diameter_header{length = Len}
 recv(#diameter_header{}
      = H,
      #diameter_packet{bin = Bin},
-     #state{length_errors = E}
-     = S) ->
-    invalid(E,
-            invalid_message_length,
-            recv,
-            [size(Bin), bit_size(Bin) rem 8, H, S]);
+     #state{length_errors = E}) ->
+    T = {size(Bin), bit_size(Bin) rem 8, H},
+    invalid(E, message_length_mismatch, T);
 
-recv(false, Pkt, #state{length_errors = E} = S) ->
-    invalid(E, truncated_header, recv, [Pkt, S]).
+recv(false, #diameter_packet{bin = Bin}, #state{length_errors = E}) ->
+    invalid(E, truncated_header, Bin).
 
 %% Note that counters here only count discarded messages.
-invalid(E, Reason, F, A) ->
+invalid(E, Reason, T) ->
     diameter_stats:incr(Reason),
-    abort(E, Reason, F, A).
-
-abort(exit, Reason, F, A) ->
-    diameter_lib:warning_report(Reason, {?MODULE, F, A}),
-    throw({?MODULE, abort, Reason});
-
-abort(_, _, _, _) ->
+    E == exit andalso close({Reason, T}),
+    ?LOG(Reason, T),
     ok.
 
-msg_id({_,_,_} = T, _) ->
-    T;
-msg_id(_, Hdr) ->
-    {_,_,_} = diameter_codec:msg_id(Hdr).
-
 %% rcv/3
 
 %% Incoming CEA.
-rcv('CEA',
+rcv('CEA' = N,
     #diameter_packet{header = #diameter_header{end_to_end_id = Eid,
                                                hop_by_hop_id = Hid}}
     = Pkt,
     #state{state = {'Wait-CEA', Hid, Eid}}
     = S) ->
+    ?LOG(recv, N),
     handle_CEA(Pkt, S);
 
 %% Incoming CER
@@ -610,29 +593,46 @@ rcv('DPR' = N, Pkt, S) ->
 %% DPA in response to DPR and with the expected identifiers.
 rcv('DPA' = N,
     #diameter_packet{header = #diameter_header{end_to_end_id = Eid,
-                                               hop_by_hop_id = Hid}}
+                                               hop_by_hop_id = Hid}
+                            = H}
     = Pkt,
     #state{dictionary = Dict0,
            transport = TPid,
            dpr = {Hid, Eid}}) ->
-
+    ?LOG(recv, N),
+    incr(recv, H, Dict0),
     incr_rc(recv, diameter_codec:decode(Dict0, Pkt), Dict0),
     diameter_peer:close(TPid),
     {stop, N};
 
 %% Ignore anything else, an unsolicited DPA in particular.
+rcv(N, #diameter_packet{header = H}, _)
+  when N == 'CER';
+       N == 'CEA';
+       N == 'DPR';
+       N == 'DPA' ->
+    ?LOG(ignored, N),
+    %% Note that these aren't counted in the normal recv counter.
+    diameter_stats:incr({diameter_codec:msg_id(H), recv, ignored}),
+    ok;
+
 rcv(_, _, _) ->
     ok.
 
+%% incr/3
+
+incr(Dir, Hdr, Dict0) ->
+    diameter_traffic:incr(Dir, Hdr, self(), Dict0).
+
 %% incr_rc/3
 
 incr_rc(Dir, Pkt, Dict0) ->
     diameter_traffic:incr_rc(Dir, Pkt, self(), Dict0).
 
-%% incr_error/2
+%% incr_error/3
 
-incr_error(Dir, Pkt) ->
-    diameter_traffic:incr_error(Dir, Pkt, self()).
+incr_error(Dir, Pkt, Dict0) ->
+    diameter_traffic:incr_error(Dir, Pkt, self(), Dict0).
 
 %% send/2
 
@@ -640,19 +640,23 @@ incr_error(Dir, Pkt) ->
 %% sending. In particular, the watchdog will send DWR as a binary
 %% while messages coming from clients will be in a #diameter_packet.
 send(Pid, Msg) ->
-    diameter_stats:incr({diameter_codec:msg_id(Msg), send}),
     diameter_peer:send(Pid, Msg).
 
 %% handle_request/3
+%%
+%% Incoming CER or DPR.
 
-handle_request(Type, #diameter_packet{} = Pkt, #state{dictionary = D} = S) ->
-    ?LOG(recv, Type),
-    send_answer(Type, diameter_codec:decode(D, Pkt), S).
+handle_request(Name,
+               #diameter_packet{header = H} = Pkt,
+               #state{dictionary = Dict0} = S) ->
+    ?LOG(recv, Name),
+    incr(recv, H, Dict0),
+    send_answer(Name, diameter_codec:decode(Dict0, Pkt), S).
 
 %% send_answer/3
 
 send_answer(Type, ReqPkt, #state{transport = TPid, dictionary = Dict} = S) ->
-    incr_error(recv, ReqPkt),
+    incr_error(recv, ReqPkt, Dict),
 
     #diameter_packet{header = H,
                      transport_data = TD}
@@ -672,10 +676,15 @@ send_answer(Type, ReqPkt, #state{transport = TPid, dictionary = Dict} = S) ->
 
     AnsPkt = diameter_codec:encode(Dict, Pkt),
 
+    incr(send, AnsPkt, Dict),
     incr_rc(send, AnsPkt, Dict),
     send(TPid, AnsPkt),
+    ?LOG(send, ans(Type)),
     eval(PostF, S).
 
+ans('CER') -> 'CEA';
+ans('DPR') -> 'DPA'.
+
 eval([F|A], S) ->
     apply(F, A ++ [S]);
 eval(T, _) ->
@@ -868,13 +877,12 @@ recv_CER(CER, #state{service = Svc, dictionary = Dict}) ->
 
 %% handle_CEA/2
 
-handle_CEA(#diameter_packet{bin = Bin}
+handle_CEA(#diameter_packet{header = H}
            = Pkt,
            #state{dictionary = Dict0,
                   service = #diameter_service{capabilities = LCaps}}
-           = S)
-  when is_binary(Bin) ->
-    ?LOG(recv, 'CEA'),
+           = S) ->
+    incr(recv, H, Dict0),
 
     #diameter_packet{}
         = DPkt
@@ -895,9 +903,7 @@ handle_CEA(#diameter_packet{bin = Bin}
     %% connection with the peer.
 
     try
-        is_integer(RC)
-            orelse ?THROW(no_result_code),
-        ?IS_SUCCESS(RC)
+        is_integer(RC) andalso ?IS_SUCCESS(RC)
             orelse ?THROW(RC),
         [] == SApps
             andalso ?THROW(no_common_application),
@@ -917,7 +923,7 @@ handle_CEA(#diameter_packet{bin = Bin}
 %% capabilities exchange could send DIAMETER_LIMITED_SUCCESS = 2002,
 %% even if this isn't required by RFC 3588.
 
-result_code({{'Result-Code', N}, _}) ->
+result_code({'Result-Code', N}) ->
     N;
 result_code(_) ->
     undefined.
@@ -1013,19 +1019,13 @@ capz(#diameter_caps{} = L, #diameter_caps{} = R) ->
                                                    tl(tuple_to_list(R)))]).
 
 %% close/1
+%%
+%% A good function to trace on in case of problems with capabilities
+%% exchange.
 
 close(Reason) ->
-    report(Reason),
     throw({?MODULE, close, Reason}).
 
-%% Could possibly log more here.
-report({M, _, _, _, _} = T)
-  when M == 'CER';
-       M == 'CEA' ->
-    diameter_lib:error_report(failure, T);
-report(_) ->
-    ok.
-
 %% dpr/2
 %%
 %% The RFC isn't clear on whether DPR should be send in a non-Open
@@ -1059,7 +1059,7 @@ dpr(_Reason, _S) ->
 %% process and contact it. (eg. diameter:service_info/2)
 
 dpr([CB|Rest], [Reason | _] = Args, S) ->
-    try diameter_lib:eval([CB | Args]) of
+    case diameter_lib:eval([CB | Args]) of
         {dpr, Opts} when is_list(Opts) ->
             send_dpr(Reason, Opts, S);
         dpr ->
@@ -1069,14 +1069,7 @@ dpr([CB|Rest], [Reason | _] = Args, S) ->
         ignore ->
             dpr(Rest, Args, S);
         T ->
-            No = {disconnect_cb, T},
-            diameter_lib:error_report(invalid, No),
-            {stop, No}
-    catch
-        E:R ->
-            No = {disconnect_cb, E, R, ?STACK},
-            diameter_lib:error_report(failure, No),
-            {stop, No}
+            ?ERROR({disconnect_cb, CB, Args, T})
     end;
 
 dpr([], [Reason | _], S) ->