diff options
| author | Anders Svensson <[email protected]> | 2015-03-25 07:21:46 +0100 |
|---|---|---|
| committer | Anders Svensson <[email protected]> | 2015-03-27 07:21:26 +0100 |
| commit | 545ff7783cebddc2ca5b2af67a6f13b1a01a4d03 (patch) | |
| tree | aa5ea245e6bd77ee5df12e61f682a3f5903e270e /lib/diameter/test | |
| parent | aaff5f36b836c65a72fb38a27e31a88d199a3155 (diff) | |
| download | otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.gz otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.bz2 otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.zip | |
Add service_opt() incoming_maxlen
To bound the length of incoming messages that will be decoded. A message
longer than the specified number of bytes is discarded. An
incoming_maxlen_exceeded counter is incremented to make note of the
occurrence.
The motivation is to prevent a sufficiently malicious peer from
generating significant load by sending long messages with many AVPs for
diameter to decode. The 24-bit message length header accomodates
(16#FFFFFF - 20) div 12 = 1398099
Unsigned32 AVPs for example, which the current record-valued decode is
too slow with in practice. A bound of 16#FFFF bytes allows for 5461
small AVPs, which is probably more than enough for the majority of
applications, but the default is the full 16#FFFFFF.
Diffstat (limited to 'lib/diameter/test')
| -rw-r--r-- | lib/diameter/test/diameter_config_SUITE.erl | 3 | ||||
| -rw-r--r-- | lib/diameter/test/diameter_traffic_SUITE.erl | 9 |
2 files changed, 12 insertions, 0 deletions
diff --git a/lib/diameter/test/diameter_config_SUITE.erl b/lib/diameter/test/diameter_config_SUITE.erl index ea77aa3716..bbdf672291 100644 --- a/lib/diameter/test/diameter_config_SUITE.erl +++ b/lib/diameter/test/diameter_config_SUITE.erl @@ -85,6 +85,9 @@ {string_decode, [[true], [false]], [[0], [x]]}, + {incoming_maxlen, + [[0], [65536], [16#FFFFFF]], + [[-1], [1 bsl 24], [infinity], [false]]}, {spawn_opt, [[[]], [[monitor, link]]], [[false]]}, diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl index 10c58ab6e7..7dd9f39f85 100644 --- a/lib/diameter/test/diameter_traffic_SUITE.erl +++ b/lib/diameter/test/diameter_traffic_SUITE.erl @@ -59,6 +59,7 @@ send_unexpected_mandatory_decode/1, send_unexpected_mandatory/1, send_long/1, + send_maxlen/1, send_nopeer/1, send_noapp/1, send_discard/1, @@ -182,6 +183,7 @@ {'Acct-Application-Id', [?DIAMETER_APP_ID_ACCOUNTING]}, {restrict_connections, false}, {string_decode, Decode}, + {incoming_maxlen, 1 bsl 21}, {spawn_opt, [{min_heap_size, 5000}]} | [{application, [{dictionary, D}, {module, ?MODULE}, @@ -317,6 +319,7 @@ tc() -> send_unexpected_mandatory_decode, send_unexpected_mandatory, send_long, + send_maxlen, send_nopeer, send_noapp, send_discard, @@ -635,6 +638,12 @@ send_long(Config) -> ['STA', _SessionId, {'Result-Code', ?SUCCESS} | _] = call(Config, Req). +%% Send something longer than the configure incoming_maxlen. +send_maxlen(Config) -> + Req = ['STR', {'Termination-Cause', ?LOGOUT}, + {'User-Name', [lists:duplicate(1 bsl 21, $X)]}], + {timeout, _} = call(Config, Req). + %% Send something for which pick_peer finds no suitable peer. send_nopeer(Config) -> Req = ['STR', {'Termination-Cause', ?LOGOUT}], |