Age | Commit message (Collapse) | Author |
|
* peppe/common_test/timetrap_line.maint:
Fix problem with line number not always showing in log
|
|
* peppe/common_test/modify_vts.maint:
Get the VTS mode working with private CT version of webtool
Change order of ct_run help sections
Prepare for webtool integration with CT
|
|
* peppe/common_test/longname_problem.maint:
Fix error in ct_logs, not handling long names correctly
|
|
* peppe/test_tools_vsn.maint:
Bump version numbers
|
|
* dgud/common_test/netconf/OTP-12698:
common_test: Recurse when there is more data in netconf
|
|
* raimo/snmp/net_if-port-0-with-fd-option/OTP-12669:
Improve agent fix as in manager
Use port 0 with {fd,Fd}, use snmpm_fd in manager
|
|
|
|
When several packets where receive in one packet ct_netconf
failed to deliver them to the user.
For example several subscritiption message could be in the buffer
but only the first was sent to the user.
Error handling could be improved, maybe the connection should
be closed when unparseable packet arrives or timeout occurs.
|
|
|
|
OTP-12697
|
|
OTP-12704
|
|
OTP-12704
|
|
OTP-12704
|
|
|
|
|
|
|
|
* hans/ssh/banner_grabbing/OTP-12659:
ssh: added id_string option for server and client
|
|
When the Server header has empty info (or 'none' in config), it is not generated. This is for limiting Banner Grabbing attempts.
|
|
For limiting Banner Grabbing attempts.
|
|
|
|
|
|
|
|
|
|
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping.
The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.
|
|
|
|
The ssh acceptor process listens for connections and
spawns a process to handle each new connection that it accepts.
The ownership of the accepted socket will be transfered to the new process
that will handle the incomming messages. Before the ownership is
transfered the socket should be in {active, false} or the acceptor
process may receive data aimed for the connection. As the accept socket
inherits the listen options we set {active, false} there.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
|
|
* dgud/observer/fix-atom-tostr/OTP-12634:
observer: Fix crash in process_window
|
|
Links can be to named processes, convert atom to list
|
|
* anders/diameter/hardening/OTP-12628:
Remove potentially large error reason in call to diameter_lib:log/4
Limit FQDN in DiameterURI to 255 octets
Limit DiameterURI ports to 0-65535 digits on decode
Add service_opt() incoming_maxlen
Add guard to reject {spawn_opt, false} as transport/service_opt()
|
|
The function is intended to be traced on, to see abnormalities (mostly)
without producing excessive output. In the case of decode failure, the
error reason can be things like {badmatch, HugeBinary}.
Missed in commit 0058430.
|
|
As for the port number in the parent commit, a FQDN can't be arbitrarily
long, at most 255 octets. Make decode fail if it's more.
|
|
A port number is a 16-bit integer, but the regexp used to parse it in
commit 1590920 slavishly followed the RFC 6733 grammar in matching an
arbitrary number of digits. Make decode fail if it's anything more than
5, to avoid doing erlang:list_to_integer/1 on arbitrarily large lists.
Also make it fail if the resulting integer is outside of the expected
range.
|
|
To bound the length of incoming messages that will be decoded. A message
longer than the specified number of bytes is discarded. An
incoming_maxlen_exceeded counter is incremented to make note of the
occurrence.
The motivation is to prevent a sufficiently malicious peer from
generating significant load by sending long messages with many AVPs for
diameter to decode. The 24-bit message length header accomodates
(16#FFFFFF - 20) div 12 = 1398099
Unsigned32 AVPs for example, which the current record-valued decode is
too slow with in practice. A bound of 16#FFFF bytes allows for 5461
small AVPs, which is probably more than enough for the majority of
applications, but the default is the full 16#FFFFFF.
|
|
|
|
It was possible to configure the option, but doing so caused the service
to fail when starting a watchdog process:
{function_clause,
[{diameter_service,'-spawn_opts/1-lc$^0/1-0-',
[false],
[{file,"base/diameter_service.erl"},{line,846}]},
{diameter_service,start,5,
[{file,"base/diameter_service.erl"},{line,820}]},
{diameter_service,start,3,
[{file,"base/diameter_service.erl"},{line,782}]},
{diameter_service,handle_call,3,
[{file,"base/diameter_service.erl"},{line,385}]},
{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,607}]},
{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,639}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
Tests for the option in the config suite were also missing.
Bungled in commit 78b3dc6.
|
|
* peppe/common_test/failing_telnet_tests:
Add documentation and make get_data behaviour backwards compatible
Introduce polling feature in ct_telnet
Fix problem with invalid timeouts because of truncated floats
OTP-12627
|
|
|
|
|
|
|
|
Required load order by ticket.
- OTP-11492, answer messages discarded
- OTP-12415, retransmission failure
- OTP-12475, grouped AVP decode
- OTP-12543, no requests after DPR
none
- OTP-12412, shutdown issues
diameter_lib
diameter_service
- OTP-12428, transport_opt() pool_size
diameter_lib
diameter_service
diameter, diameter_config
diameter_{tcp,sctp}
diameter, diameter_config
- OTP-12439, new time api in Erlang/OTP 18
diameter_lib
diameter_{config,peer,reg,service,session,stats,sync,watchdog,sctp}
- OTP-11952, service_opt() decode_string
- OTP-12589, DiameterURI encode/decode
diameter_{capx,codec,peer}
diameter_types
diameter_traffic
diameter_{service,peer_fsm}
diameter_watchdog
diameter, diameter_config
- OTP-12542, DPR with diameter:call/4
diameter_{peer_fsm,watchdog}
diameter, diameter_config
- OTP-12609, transport_opt() dpr_timeout
diameter_peer_fsm
diameter, diameter_config
|
|
|
|
* anders/diameter/dpr/OTP-12609:
Discard incoming/outgoing requests after incoming DPR
Add transport_opt() dpr_timeout
Be lenient with errors in incoming DPR
|
|
Despite claims of full backwards compatibility, the text of RFC 6733
changes the interpretation of unspecified values in a DiameterURI. In
particular, 3588 says that the default port and transport are 3868 and
sctp respectively, while 6733 says it's either 3868/tcp (aaa) or
5658/tcp (aaas). The 3588 defaults were used regardless, but now use
them only if the common dictionary is diameter_gen_base_rfc3588. The
6733 defaults are used otherwise.
This kind of change in the standard can lead to interop problems, since
a node has to know which RFC its peer is following to know that it will
properly interpret missing URI components. Encode of a URI includes all
components to avoid such confusion.
That said, note that the defaults in the diameter_uri record have *not*
been changed. This avoids breaking code that depends on them, but the
risk is that such code sends inappropriate values. The record defaults
may be changed in a future release, to force values to be explicitly
specified.
|
|
Both RFC 3588 and 6733 disallow the combination. Make its encode fail.
|
|
* anders/diameter/string_decode/OTP-11952:
Let examples override default service options
Set {restrict_connections, false} in example server
Set {string_decode, false} in examples
Test {string_decode, false} in traffic suite
Add service_opt() string_decode
Strip potentially large terms when sending outgoing Diameter messages
Improve language consistency in diameter(1)
|
|
* anders/diameter/route_record/OTP-12551:
Fix ordering of AVPs in relayed messages
|
|
To make them a bit more flexible. Can now do things like this:
server:start([{'Product-Name', "Bob"}]),
server:listen({tcp, [{capx_timeout, 2000}]})
Beware that the latter is completely different from this:
server:listen(tcp, [{capx_timeout, 2000}])
|