aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2015-08-13Merge branch 'anders/diameter/grouped_errors/OTP-12930' into maint-17Erlang/OTP
* anders/diameter/grouped_errors/OTP-12930: Fix decode of Grouped AVPs containing errors Simplify logic Simplify logic
2015-08-13Merge branch 'anders/diameter/transport/OTP-12929' into maint-17Erlang/OTP
* anders/diameter/transport/OTP-12929: Fix start order of alternate transports Log discarded answers
2015-08-13Merge branch 'anders/diameter/lcnt/OTP-12912' into maint-17Erlang/OTP
* anders/diameter/lcnt/OTP-12912: Make ets diameter_stats a set Remove unnecessary sorting in stats suite Set ets {write_concurrency, true} on diameter_stats Don't start watchdog timers unnecessarily Remove unnecessary erlang:monitor/2 qualification Add missing watchdog suite clause
2015-08-13Merge branch 'anders/diameter/caseless/OTP-12902' into maint-17Erlang/OTP
* anders/diameter/caseless/OTP-12902: Match allowable peer addresses case insensitively Replace calls to module inet_parse to equivalents in inet
2015-08-13Merge branch 'anders/diameter/grouped_decode/OTP-12879' into maint-17Erlang/OTP
* anders/diameter/grouped_decode/OTP-12879: Fix relay encode of decoded diameter_avp lists
2015-08-13Merge branch 'anders/diameter/decode/OTP-12891' into maint-17Erlang/OTP
* anders/diameter/decode/OTP-12891: Don't compute AVP list length unnecessarily at AVP decode
2015-08-13Merge branch 'anders/diameter/decode/OTP-12871' into maint-17Erlang/OTP
* anders/diameter/decode/OTP-12871: Don't traverse errors list unnecessarily when detecting missing AVPs Don't flag AVP as missing as a consequence of decode error Correct inaccurate doc Truncate potentially large terms passed to diameter_lib:log/4
2015-08-07Make ets diameter_stats a setAnders Svensson
There's no need for it to be ordered, and the ordering has been seen to have an unexpectedly negative impact on performance in some cases. Order when retrieving statistics instead, so as not to change the presentation in diameter:service_info/2.
2015-08-07Remove unnecessary sorting in stats suiteAnders Svensson
The ordering of (ets) diameter_stats (also unnecessary) ensures the sorting.
2015-08-05Fix start order of alternate transportsAnders Svensson
A transport configured with diameter:add_transport/2 can be passed multiple transport_module/transport_config tuples in order to specify alternate configuration, modules being attempted in order until one succeeds. This is primarily for the connecting case, to allow a transport to be configured to first attempt connection over SCTP, and then TCP in case SCTP fails, with configuration like that documented: {transport_module, diameter_sctp}, {transport_config, [...], 5000}, {transport_module, diameter_tcp}, {transport_config, [...]} If the options are the same in both cases, another possibility would be configuration like this, which attaches the same transport_config to both modules: {transport_module, diameter_sctp}, {transport_module, diameter_tcp}, {transport_config, [...], 5000}, However, in this case the start order was reversed relative to the documented order: first tcp, then sctp. This commit restores the intended order.
2015-08-05Log discarded answersAnders Svensson
To diameter_lib:log/4, which was last motivated in commit 39acfdb0.
2015-08-04Fix relay encode of decoded diameter_avp listsAnders Svensson
Commit c74b593a fixed the problem that a decoded deep diameter_avp list couldn't be encoded, but did so in the wrong way: there's no need to reencode component AVPs since the Grouped AVP itself already contains the encoded binary. The blunder caused diameter_codec:pack_avp/1 to fail if the first element of the AVP list to be encoded was itself a list. Thanks to Andrzej TrawiƄski for reporting the problem.
2015-08-04Match allowable peer addresses case insensitivelyAnders Svensson
Both diameter_tcp and diameter_sctp can be configured with one or more IP addresses from which connections should be accepted (an 'accept' tuple), specified either as a tuple-valued address or as a regular expression. In the latter case, peer addresses are mapped to string using inet:ntoa/1 and the result matched against the regexp. Since (ipv6) addresses are case insensitive, this should also be the case with the match, but was not.
2015-08-04Replace calls to module inet_parse to equivalents in inetAnders Svensson
Commits b563c796 (R16B) and 0fad6449 (R16B02) added parse_address/1 and ntoa/1 to module inet, providing documented alternatives to address/1 and ntoa/1 in the undocumented (save comments in inet(3)) inet_parse.
2015-08-04Don't compute AVP list length unnecessarily at AVP decodeAnders Svensson
This has had a hugely negative impact on performance when decoding messages containing many AVP: each decode of an AVP having variable arity computed the length of the list of previously decoded AVPs when checking that the allowed arity was not exceeded, even if the allowed arity was infinite, making for O(n^2) cost. Here are some execution times, for diameter_codec:decode/2 on a representative message with n integer AVPs in the Common application (on the host at hand): Before After ------- --------- n = 1K 5 ms 2 ms n = 10K 500 ms 25 ms n = 100K 75 sec 225 ms n = 1M 2.6 sec Note the nearly linear increase following the change. Remove the dire documentation warning for incoming_maxlen as a consequence. It can still be useful to set, but not doing so won't have the same consequences as previously.
2015-08-04Don't traverse errors list unnecessarily when detecting missing AVPsAnders Svensson
Since the list can potentially be long.
2015-08-04Don't flag AVP as missing as a consequence of decode errorAnders Svensson
The decode of an incoming Diameter message uses the record representation to determine whether or not an AVP has been received with the expected arity, the number of AVPs in each field following decode being compared with the arity specified in the message grammar. The problem with this is that decode failure isn't reflected in the record representation, so that an AVP can be appended to the errors field of a diameter_packet record despite an entry for the same AVP already existing. This isn't a fault as much as a misleading error indication, but now only append AVPs that aren't already represented.
2015-08-04Correct inaccurate docAnders Svensson
The warning report was removed in commit 00584303.
2015-08-04Truncate potentially large terms passed to diameter_lib:log/4Anders Svensson
Last visited in commit 00584303.
2015-08-04Set ets {write_concurrency, true} on diameter_statsAnders Svensson
lcnt:inspect/1 recently showed this: lock id #tries collisions [%] time [us] ----- --- ------- --------------- ---------- db_tab diameter_stats 932920 92.9326 330332554
2015-07-19Don't start watchdog timers unnecessarilyAnders Svensson
In particular, restart the timer with each incoming Diameter message, only when the previous timer has expired. Doing so has been seen to result in high lock contention at load, as in the example below: (diameter@test)9> lcnt:conflicts([{print, [name, tries, ratio, time]}]). lock #tries collisions [%] time [us] ----- ------- --------------- ---------- bif_timers 7844528 99.4729 1394434884 db_tab 17240988 1.7947 6286664 timeofday 7358692 5.6729 1399624 proc_link 4814938 2.2736 482985 drv_ev_state 2324012 0.5951 98920 run_queue 21768213 0.2091 63516 pollset 1190174 1.7170 42499 pix_lock 1956 2.5562 39770 make_ref 4697067 0.3669 20211 proc_msgq 9475944 0.0295 5200 timer_wheel 5325966 0.0568 2654 proc_main 10005332 2.8190 1079 pollset_rm_list 59768 1.7752 480
2015-07-19Remove unnecessary erlang:monitor/2 qualificationAnders Svensson
The function has been auto-exported since R14B.
2015-07-19Add missing watchdog suite clauseAnders Svensson
The suite pretends to be gen_tcp-ish in configuring itself to diameter_tcp. The function close/1 can be called as a result.
2015-07-06Prepare releaseErlang/OTP
2015-07-06Handle EINTR in trace_file_drvRickard Green
2015-06-18Fix decode of Grouped AVPs containing errorsAnders Svensson
RFC 6733 says this of Failed-AVP in 7.5: In the case where the offending AVP is embedded within a Grouped AVP, the Failed-AVP MAY contain the grouped AVP, which in turn contains the single offending AVP. The same method MAY be employed if the grouped AVP itself is embedded in yet another grouped AVP and so on. In this case, the Failed-AVP MAY contain the grouped AVP hierarchy up to the single offending AVP. This enables the recipient to detect the location of the offending AVP when embedded in a group. It says this of DIAMETER_INVALID_AVP_LENGTH in 7.1.5: The request contained an AVP with an invalid length. A Diameter message indicating this error MUST include the offending AVPs within a Failed-AVP AVP. In cases where the erroneous AVP length value exceeds the message length or is less than the minimum AVP header length, it is sufficient to include the offending AVP header and a zero filled payload of the minimum required length for the payloads data type. If the AVP is a Grouped AVP, the Grouped AVP header with an empty payload would be sufficient to indicate the offending AVP. In the case where the offending AVP header cannot be fully decoded when the AVP length is less than the minimum AVP header length, it is sufficient to include an offending AVP header that is formulated by padding the incomplete AVP header with zero up to the minimum AVP header length. The AVPs placed in the errors field of a diameter_packet record are intended to be appropriate for inclusion in a Failed-AVP, but neither of the above paragraphs has been followed in the Grouped case: the entire faulty AVP (non-faulty components and all) has been included. This made it impossible to identify the actual faulty AVP in all but simple case. This commit adapts the decode to the RFC, and implements the suggested single faulty AVP, nested in as many Grouped containers as required. The best-effort decode of Failed-AVP in answer messages, initially implemented in commit 0f9cdbaf, is also applied.
2015-06-17Simplify logicAnders Svensson
Testing is_failed() is unnecessary since put/2 a second time will return a previously put 'true'.
2015-06-17Simplify logicAnders Svensson
Failed == undefined implies is_failed() == true. This was true even when the code was written, in commit c2c00fdd.
2015-06-01Update release notesErlang/OTP
2015-06-01Merge branch 'hans/ssh/codenomicon_degradation/OTP-12784' into maint-17Erlang/OTP
* hans/ssh/codenomicon_degradation/OTP-12784: ssh: update ssh version ssh: Plain text message returned for invalid version exchange ssh: Implement keyboard_interactive on server side ssh: Check e and f parameters in kexdh ssh: Set max num algoritms in msg_kexinit negotiation
2015-06-01Merge branch 'ia/ssl/crypto-bad-input/OTP-12783' into maint-17Erlang/OTP
* ia/ssl/crypto-bad-input/OTP-12783: ssl: Prepare for release ssl: Correct handling of bad input to premaster_secret calculation
2015-06-01Merge branch 'ia/ssh/recvbuf/OTP-12782' into maint-17Erlang/OTP
* ia/ssh/recvbuf/OTP-12782: ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []}
2015-05-29ssl: Prepare for releaseIngela Anderton Andin
2015-05-29ssl: Correct handling of bad input to premaster_secret calculationIngela Anderton Andin
alert records needs to be thrown from ssl_handshake:premaster_secret/[2/3] so that operations will end up in the catch clause of the invokation of certify_client_key_exchange/3 in ssl_connection.erl, and hence terminate gracefully and not continue to try and calculate the master secret with invalid inputs and crash.
2015-05-29ssh: update ssh versionHans
2015-05-29ssh: Plain text message returned for invalid version exchangeHans
This is how OpenSSH does. The bytes returned will be put on the user's tty, so it is better with text than a ssh_msg_disconnect
2015-05-29ssh: Implement keyboard_interactive on server sideHans
2015-05-29ssh: Check e and f parameters in kexdhHans Nilsson
rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check.
2015-05-29ssh: Set max num algoritms in msg_kexinit negotiationHans
This is to prevent some dos-attac scenarios. The limit is hard-coded.
2015-05-29ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []}Ingela Anderton Andin
If something bad happens and the socket is closed the call inet:getopts(Socket, [recbuf]) may return {ok, []}. We want to treat this as a fatal error and terminate gracefully. The same goes for the case that inet:getopts returns {error, Reason} that was not handled either.
2015-05-29inets: Prepare for releaseIngela Anderton Andin
2015-05-29inets: Add customize optionIngela Anderton Andin
Many HTTP headers are optional, and it could be desirable for the server to filter and maybe even alter them without replacing the mod_* modules that generate/process them. Add new behaviour httpd_custom_api with default implementation in httpd_custom.erl. Add behaviour module in 18 as then we can specify optional callbacks.
2015-05-29Update release notesErlang/OTP
2015-05-29Merge branch 'anders/diameter/test/OTP-12767' into maint-17Erlang/OTP
* anders/diameter/test/OTP-12767: Replace config suite call to erlang:now/0 Fix incorrect suite usage of OTP 18 monotonic time Make tls suite crash more verbosely
2015-05-29Merge branch 'anders/diameter/17.5.5/OTP-12757' into maint-17Erlang/OTP
* anders/diameter/17.5.5/OTP-12757: vsn -> 1.9.2 Update appup for 17.5.5 Fix mangled release note
2015-05-29Merge branch 'anders/diameter/sctp/OTP-12744' into maint-17Erlang/OTP
* anders/diameter/sctp/OTP-12744: Fix diameter_sctp listener race Tweak transport suite failures Run traffic suite over SCTP
2015-05-29Merge branch 'anders/diameter/counters/OTP-12741' into maint-17Erlang/OTP
* anders/diameter/counters/OTP-12741: Fix counting of no_result_code/invalid_error_bit Count relayed answers Rename dictionary-related functions/variables Lift answer send up the call chain Count discarded incoming messages Include R-bit in unknown message counter keys Fix broken relay counters Fix broken result code counters Add counters testcase to relay suite
2015-05-24Fix diameter_sctp listener raceAnders Svensson
Commit 4b691d8d made it possible for accepting transport processes to be started concurrently, and commit 77c1b162 adapted diameter_sctp to this, but missed that the publication of the listener process in diameter_reg has to precede the return of its start function. As a result, concurrent starts could result in multiple listener processes.
2015-05-24Tweak transport suite failuresAnders Svensson
Make anything but a comm_up sctp_assoc_change crash. Make timeouts more reasonable.
2015-05-24Run traffic suite over SCTPAnders Svensson
Previously it was only run over TCP. Configure a pool of accepting processes since simultaneous connections are otherwise prone to rejection, as discussed in commit 4b691d8d. Tweak timeouts to more reasonable values.