From 80420620b67216b67e90affc5fe35505207254a3 Mon Sep 17 00:00:00 2001 From: Anders Svensson Date: Wed, 8 Jul 2015 15:07:15 +0200 Subject: Correct inaccurate doc The warning report was removed in commit 00584303. --- lib/diameter/doc/src/diameter.xml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/diameter/doc') diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml index ea175a58b8..cb628f9529 100644 --- a/lib/diameter/doc/src/diameter.xml +++ b/lib/diameter/doc/src/diameter.xml @@ -1231,9 +1231,7 @@ is not the length of the message in question, as received over the transport interface documented in &man_transport;.

-If exit then a warning report is emitted and the parent of the -transport process in question exits, which causes the transport -process itself to exit as described in &man_transport;. +If exit then the transport process in question exits. If handle then the message is processed as usual, a resulting &app_handle_request; or &app_handle_answer; callback (if one takes place) indicating the 5015 error (DIAMETER_INVALID_MESSAGE_LENGTH). -- cgit v1.2.3 From 9ab5d8afedc6d2f56997276e3f016ec1c6dac6a5 Mon Sep 17 00:00:00 2001 From: Anders Svensson Date: Tue, 7 Jul 2015 13:34:57 +0200 Subject: Don't compute AVP list length unnecessarily at AVP decode This has had a hugely negative impact on performance when decoding messages containing many AVP: each decode of an AVP having variable arity computed the length of the list of previously decoded AVPs when checking that the allowed arity was not exceeded, even if the allowed arity was infinite, making for O(n^2) cost. Here are some execution times, for diameter_codec:decode/2 on a representative message with n integer AVPs in the Common application (on the host at hand): Before After ------- --------- n = 1K 5 ms 2 ms n = 10K 500 ms 25 ms n = 100K 75 sec 225 ms n = 1M 2.6 sec Note the nearly linear increase following the change. Remove the dire documentation warning for incoming_maxlen as a consequence. It can still be useful to set, but not doing so won't have the same consequences as previously. --- lib/diameter/doc/src/diameter.xml | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lib/diameter/doc') diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml index cb628f9529..854bc5b432 100644 --- a/lib/diameter/doc/src/diameter.xml +++ b/lib/diameter/doc/src/diameter.xml @@ -794,14 +794,6 @@ Messages larger than the specified number of bytes are discarded.

Defaults to 16777215, the maximum value of the 24-bit Message Length field in a Diameter Header.

- -

-This option should be set to as low a value as is sufficient for the -Diameter applications and peers in question, since decoding incoming -messages from a malicious peer can otherwise generate significant -load.

- - {restrict_connections, false -- cgit v1.2.3 From 030f3cbd61217bcd3eb49ed19de9d05987d1e6b7 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 13 Aug 2015 12:34:10 +0200 Subject: Update release notes --- lib/diameter/doc/src/notes.xml | 126 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) (limited to 'lib/diameter/doc') diff --git a/lib/diameter/doc/src/notes.xml b/lib/diameter/doc/src/notes.xml index c5df63a7f0..7726d761bd 100644 --- a/lib/diameter/doc/src/notes.xml +++ b/lib/diameter/doc/src/notes.xml @@ -42,6 +42,132 @@ first.

+
diameter 1.9.2.1 + +
Fixed Bugs and Malfunctions + + +

+ Don't report 5005 (DIAMETER_AVP_MISSING) errors + unnecessarily.

+

+ An AVP whose decode failed was reported as missing, + despite having been reported with another error as a + consequence of the failure.

+

+ Own Id: OTP-12871

+ + +

+ Fix relay encode of nested, Grouped AVPs.

+

+ A fault in OTP-12475 caused encode to fail if the first + AVP in a Grouped AVP was itself Grouped.

+

+ Own Id: OTP-12879 Aux Id: OTP-12475

+ + +

+ Improve decode performance.

+

+ The time required to decode a message increased + quadratically with the number of AVPs in the worst case, + leading to extremely long execution times.

+

+ Own Id: OTP-12891

+ + +

+ Match acceptable peer addresses case insensitively.

+

+ Regular expressions passed in an 'accept' tuple to + diameter_tcp or diameter_sctp inappropriately matched + case.

+

+ Own Id: OTP-12902

+ + +

+ Improve watchdog and statistics performance.

+

+ Inefficient use of timers contributed to poor performance + at high load, as did ordering of the table statistics are + written to.

+

+ Own Id: OTP-12912

+ + +

+ Fix start order of alternate transports.

+

+ A transport configured with diameter:add_transport/2 can + be passed multiple transport_module/transport_config + tuples in order to specify alternate configuration, + modules being attempted in order until one succeeds. This + is primarily for the connecting case; for example, to + allow a transport to be configured to first attempt + connection over SCTP, and then TCP in case SCTP fails. + Multiple module tuples can be paired with a single config + tuple, but in this case the start order was reversed + relative to the order in which the modules were specifed.

+

+ Own Id: OTP-12929

+ + +

+ Fix decode of Grouped AVPs containing errors.

+

+ RFC 6733 says this of Failed-AVP in 7.5:

+

+

In the case where the offending AVP + is embedded within a Grouped AVP, the Failed-AVP MAY + contain the grouped AVP, which in turn contains the + single offending AVP. The same method MAY be employed if + the grouped AVP itself is embedded in yet another grouped + AVP and so on. In this case, the Failed-AVP MAY contain + the grouped AVP hierarchy up to the single offending AVP. + This enables the recipient to detect the location of the + offending AVP when embedded in a + group.

+

+ It says this of DIAMETER_INVALID_AVP_LENGTH in 7.1.5:

+

+

The request contained an AVP with + an invalid length. A Diameter message indicating this + error MUST include the offending AVPs within a Failed-AVP + AVP. In cases where the erroneous AVP length value + exceeds the message length or is less than the minimum + AVP header length, it is sufficient to include the + offending AVP header and a zero filled payload of the + minimum required length for the payloads data type. If + the AVP is a Grouped AVP, the Grouped AVP header with an + empty payload would be sufficient to indicate the + offending AVP. In the case where the offending AVP header + cannot be fully decoded when the AVP length is less than + the minimum AVP header length, it is sufficient to + include an offending AVP header that is formulated by + padding the incomplete AVP header with zero up to the + minimum AVP header length.

+

+ The AVPs placed in the errors field of a diameter_packet + record are intended to be appropriate for inclusion in a + Failed-AVP, but neither of the above paragraphs has been + followed in the Grouped case: the entire faulty AVP + (non-faulty components and all) has been included. This + made it difficult to identify the actual faulty AVP in + all but simple cases.

+

+ The decode is now adapted to the RFC, and implements the + suggested single faulty AVP, nested in as many Grouped + containers as required.

+

+ Own Id: OTP-12930

+ + +
+ +
+
diameter 1.9.2
Fixed Bugs and Malfunctions -- cgit v1.2.3