aboutsummaryrefslogtreecommitdiffstats
path: root/lib/diameter/test
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2015-03-25 07:21:46 +0100
committerAnders Svensson <[email protected]>2015-03-27 07:21:26 +0100
commit545ff7783cebddc2ca5b2af67a6f13b1a01a4d03 (patch)
treeaa5ea245e6bd77ee5df12e61f682a3f5903e270e /lib/diameter/test
parentaaff5f36b836c65a72fb38a27e31a88d199a3155 (diff)
downloadotp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.gz
otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.bz2
otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.zip
Add service_opt() incoming_maxlen
To bound the length of incoming messages that will be decoded. A message longer than the specified number of bytes is discarded. An incoming_maxlen_exceeded counter is incremented to make note of the occurrence. The motivation is to prevent a sufficiently malicious peer from generating significant load by sending long messages with many AVPs for diameter to decode. The 24-bit message length header accomodates (16#FFFFFF - 20) div 12 = 1398099 Unsigned32 AVPs for example, which the current record-valued decode is too slow with in practice. A bound of 16#FFFF bytes allows for 5461 small AVPs, which is probably more than enough for the majority of applications, but the default is the full 16#FFFFFF.
Diffstat (limited to 'lib/diameter/test')
-rw-r--r--lib/diameter/test/diameter_config_SUITE.erl3
-rw-r--r--lib/diameter/test/diameter_traffic_SUITE.erl9
2 files changed, 12 insertions, 0 deletions
diff --git a/lib/diameter/test/diameter_config_SUITE.erl b/lib/diameter/test/diameter_config_SUITE.erl
index ea77aa3716..bbdf672291 100644
--- a/lib/diameter/test/diameter_config_SUITE.erl
+++ b/lib/diameter/test/diameter_config_SUITE.erl
@@ -85,6 +85,9 @@
{string_decode,
[[true], [false]],
[[0], [x]]},
+ {incoming_maxlen,
+ [[0], [65536], [16#FFFFFF]],
+ [[-1], [1 bsl 24], [infinity], [false]]},
{spawn_opt,
[[[]], [[monitor, link]]],
[[false]]},
diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl
index 10c58ab6e7..7dd9f39f85 100644
--- a/lib/diameter/test/diameter_traffic_SUITE.erl
+++ b/lib/diameter/test/diameter_traffic_SUITE.erl
@@ -59,6 +59,7 @@
send_unexpected_mandatory_decode/1,
send_unexpected_mandatory/1,
send_long/1,
+ send_maxlen/1,
send_nopeer/1,
send_noapp/1,
send_discard/1,
@@ -182,6 +183,7 @@
{'Acct-Application-Id', [?DIAMETER_APP_ID_ACCOUNTING]},
{restrict_connections, false},
{string_decode, Decode},
+ {incoming_maxlen, 1 bsl 21},
{spawn_opt, [{min_heap_size, 5000}]}
| [{application, [{dictionary, D},
{module, ?MODULE},
@@ -317,6 +319,7 @@ tc() ->
send_unexpected_mandatory_decode,
send_unexpected_mandatory,
send_long,
+ send_maxlen,
send_nopeer,
send_noapp,
send_discard,
@@ -635,6 +638,12 @@ send_long(Config) ->
['STA', _SessionId, {'Result-Code', ?SUCCESS} | _]
= call(Config, Req).
+%% Send something longer than the configure incoming_maxlen.
+send_maxlen(Config) ->
+ Req = ['STR', {'Termination-Cause', ?LOGOUT},
+ {'User-Name', [lists:duplicate(1 bsl 21, $X)]}],
+ {timeout, _} = call(Config, Req).
+
%% Send something for which pick_peer finds no suitable peer.
send_nopeer(Config) ->
Req = ['STR', {'Termination-Cause', ?LOGOUT}],