[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-219616568
  
@swill alright, I'll squash them and open a new PR that could be reviewed 
merged later


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-219555128
  
@rhtyd I reverted this in master to hopefully unblock my CI environments 
from failing as I am basically at my freeze date.  Would you mind putting the 
above commits together in a single PR and reopen it?  We know what we are 
looking for when we test it on its own again.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-219551825
  
I think I am going to have to revert this PR because it seems to be 
responsible for the `addHost` issue I am having in all my CI environments while 
doing DeployDC.  On completely new deployments, I got the `addHost` error on 
all 6 of my CI environments with #1493 included.  I have noticed this as an 
intermittent issue for the last while, but could not isolate it.

I have reverted #1493 (and it's descendants) locally and I have not had the 
error in my first 3 tests after reverting it.  I only started seeing the 
problem after #1493. 

With the freeze basically here, I need my CI environments in action cause I 
have a few PRs that I really want to run before I merge and freeze...

This is what I plan to run to revert (brackets are for reference, not to be 
run):
```
git revert 540d9572fd491db3ce182d26636fc74ada4e171c   (1543)
git revert f88cb880974fa56866492c437af291e40bd1a4f6 -m 1  (1538)
git revert 9f970f28b18534dffe33196ead60ea861f501fa9 -m 1  (1534)
git revert 7ce0e10fbcd949375e43535aae168421ecdaa562 -m 1  (1493)
```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218943901
  
PR that aims to fix CPU issue - 
https://github.com/apache/cloudstack/pull/1543


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218943044
  
@rhtyd Sounds good. Thanks for taking a look.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218942524
  
@kiwiflyer thanks, I think I've found two issues -- I'll tag you on another 
PR, please test that in your lab and share if that fixes your CPU issue. /cc 
@swill let's get the other PR tested/merged, if @kiwiflyer still has the issue, 
let's revert the NioConnect commits so 4.9.0 does not ship with a genuine issue


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218776521
  
@rhtyd With the agent in trace mode, I see this scrolling through very 
rapidly:

2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Processing: 0
2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] 
(pool-1-thread-1:null) (logid:) Keys Done Processing.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218774260
  
@rhtyd I have had a couple independant reports of CPU going to 100% with 
this patch and the problem not existing if they revert this PR (along with 
#1534).

Due to the upcoming freeze, I am considering reverting this PR (and #1534) 
until we can isolate the problem and get it tested again and verify the problem 
is resolved.  I won't revert it today to give you, @kiwiflyer and others a 
chance to try to isolate the problem and test a fix.  If we have not been able 
to resolve this by tomorrow, I will revert it and we can continue testing in a 
new PR.

Thanks for the work on this guys...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218763389
  
@rhtyd I'll work on pulling some trace logs and a debugger on the agent if 
the trace logs don't show anything. 
For reference, These patches were on our QA 4.8 build. I believe I had all 
of our patches applied (including 1534). Please take a look at 
https://github.com/myENA/cloudstack/commits/ENA-4.8. The two reverts at the top 
cover the patches I believe.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218656836
  
@kiwiflyer along with this patch, have you also applied the optimization 
patch #1534 (make sure to apply the patch on both mgmt server and KVM agent) ? 
We can debug your issue to see if it's caused by NioConnection by changing 
log4j settings to `TRACE`. Edit `/etc/cloudstack/agent/log4j-cloud.xml`, and 
add a category with name="com.cloud.utils.nio" and priority value="TRACE" and 
watch out for issues in the logs. Alternatively, you have enable DEBUG/TRACE on 
com.cloud and org.apache.cloudstack categories to see what's happening. 
Finally, if you've an IDE or jdb you can attach a debugger to the agent with 
JAVA_OPTS settings `-Xdebug 
-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n` and connect on 
remote port 8787 (or any other custom port). Let me know if that helps, or you 
need more help in finding out the issue.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218522071
  
No worries.  👍   I am really short on sleep, but I was pretty confident. 
 :P


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[nvazquez]

Github user nvazquez commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218520703
  
Sorry, I confused PRs. Please ignore my last comment.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218519246
  
@nvazquez I don't think #1539 is related to this PR.  I think this one has 
completely separate issues...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[nvazquez]

Github user nvazquez commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218514854
  
@rhtyd @kiwiflyer @swill a PR for fixing the problem #1539 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218473922
  

![image](https://cloud.githubusercontent.com/assets/17278194/15184123/94553146-1759-11e6-8dec-c4e0bb0c1795.png)



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-218473890
  
@rhtyd We're still seeing some odd behaviour related to the agent with this 
PR (and PR1534) applied to 2 of our hardware labs. What we're seeing is 100% 
cpu on the agent (KVM). There's nothing obvious in the debug logs indicating a 
problem. I've tried it both behind haproxy and directly to the management 
server and we see the same symptoms. Let me know what we can provide to help in 
terms of debugging.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217286830
  
@swill the NioTest is a unit test and will only run during compilation. If 
you hit any issues, feel free to revert the commit with some details on how I 
may be able to reproduce your issues and fix them. Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217272766
  
I confirmed that reverting this PR locally does fix my DeployDatacenter 
issues.

I did an initial test with #1534 and it did get past the DeployDatacenter 
phase and started testing, but it did not run the Nio tests (apparently it only 
runs that test sometimes?).  I stopped that run and cleaned everything up and 
am running the CI against #1534 again to see if I can get it to run the tests 
(and pass) and also come back with a clean CI run.  I will update that PR with 
the status later tonight.

Thanks for looking into this quickly to unblock our ability to do CI.  👍 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217270975
  
@swill sure thanks, please try with PR #1534 and if you still hit the 
issue, please revert the commit locally first; run against your environment and 
confirm that your environment works without the Nio fix (make sure both mgmt 
server and KVM agent have the both the PR fixes, or in case you revert make 
sure to rebuild mgmt server and kvm agent with reverted commits) in which case 
I'll try to reproduce and fix the addHost error. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217252920
  
@rhtyd I have some bad news on this PR.  I have been having issues in CI 
ever since this got merged into master.  When the tests don't run (and fail 
which causes the CI run to fail), then the DeployDatacenter script will fail.  
It looks like this code is treating the hosts as a malicious client.  We get a 
handshake and then things fail.  We basically get a `Failed to add host` error.

I can get you more details if you need.  

I will test the #1534 PR to see if that fixes things, but I am a bit 
concerned about this PR right now...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217227342
  
Thanks, will review...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217225573
  
@swill I'm pushing a fix for you.
The initial value is 0, as clients send data it's incremented by 1. At the 
end it's expected that total number of data sent matches data received by 
server. If test count is 5, then completed test count is also 5; as the loop 
runs 5 clients with indexes/ids - 0, 1, 2, 3, 4 <- count no. of clients created.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217227191
  
In my lasts run, not a single test passed in the time frame something is 
wrong.  Previously it was failing on 4/5, but this time it timed out without a 
single test passing of the 5...

```
2016-05-05 19:46:17,659 DEBUG [utils.testcase.NioTest] (Time-limited test:) 
0/5 tests done. Waiting for completion
2016-05-05 19:46:18,660 DEBUG [utils.testcase.NioTest] (Time-limited test:) 
0/5 tests done. Waiting for completion
2016-05-05 19:46:19,660 DEBUG [utils.testcase.NioTest] (Time-limited test:) 
0/5 tests done. Waiting for completion
2016-05-05 19:46:20,367 INFO  [utils.testcase.NioTest] (main:) Clients 
stopped.
2016-05-05 19:46:20,367 INFO  [utils.testcase.NioTest] (main:) Server 
stopped.
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 300.095 sec 
<<< FAILURE! - in com.cloud.utils.testcase.NioTest
testConnection(com.cloud.utils.testcase.NioTest)  Time elapsed: 300.095 sec 
 <<< ERROR!
org.junit.runners.model.TestTimedOutException: test timed out after 30 
milliseconds
at java.lang.Thread.sleep(Native Method)
at com.cloud.utils.testcase.NioTest.testConnection(NioTest.java:146)
```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217226167
  
@swill I've ran my tests, please review and merge this -- 
https://github.com/apache/cloudstack/pull/1534



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217220334
  
@rhtyd but `totalTestCount = 5` and I don't think that `completedTestCount` 
will ever be larger than `4`, so I don't know how that check could be right...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r62219725
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,208 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
 
 /**
- *
- *
- *
- *
+ * NioTest demonstrates that NioServer can function without getting its 
main IO
+ * loop blocked when an aggressive or malicious client connects to the 
server but
+ * fail to participate in SSL handshake. In this test, we run bunch of 
clients
+ * that send a known payload to the server, to which multiple malicious 
clients
+ * also try to connect and hang.
+ * A malicious client could cause denial-of-service if the server's main 
IO loop
+ * along with SSL handshake was blocking. A passing tests shows that 
NioServer
+ * can still function in case of connection load and that the main IO loop 
along
+ * with SSL handshake is non-blocking with some internal timeout mechanism.
  */
 
-public class NioTest extends TestCase {
+public class NioTest {
+
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
+
+// Test should fail in due time instead of looping forever
+private static final int TESTTIMEOUT = 30;
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 5;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
--- End diff --

@swill I'll try to reproduce and fix with a patch to reduce the numbers. 
Test count 0 to len -1 is still a total `len` counts so this is correct. 
Consider then, 0 to 4 is `0, 1, 2, 3 , 4` --> they are 5 runs/rounds/counts


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r62207167
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,208 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
 
 /**
- *
- *
- *
- *
+ * NioTest demonstrates that NioServer can function without getting its 
main IO
+ * loop blocked when an aggressive or malicious client connects to the 
server but
+ * fail to participate in SSL handshake. In this test, we run bunch of 
clients
+ * that send a known payload to the server, to which multiple malicious 
clients
+ * also try to connect and hang.
+ * A malicious client could cause denial-of-service if the server's main 
IO loop
+ * along with SSL handshake was blocking. A passing tests shows that 
NioServer
+ * can still function in case of connection load and that the main IO loop 
along
+ * with SSL handshake is non-blocking with some internal timeout mechanism.
  */
 
-public class NioTest extends TestCase {
+public class NioTest {
+
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
+
+// Test should fail in due time instead of looping forever
+private static final int TESTTIMEOUT = 30;
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 5;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
--- End diff --

Isn't this wrong?  

Shouldn't it be: 
```
result = (totalTestCount -1) == completedTestCount;
```

You are are only launching `totalTestCount` tests `0 to totalTestCount-1`.  
`completedTestCount` is also `0` based, so when they all complete it should max 
out at `totalTestCount-1`.

Can you clarify?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r62207228
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,208 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
 
 /**
- *
- *
- *
- *
+ * NioTest demonstrates that NioServer can function without getting its 
main IO
+ * loop blocked when an aggressive or malicious client connects to the 
server but
+ * fail to participate in SSL handshake. In this test, we run bunch of 
clients
+ * that send a known payload to the server, to which multiple malicious 
clients
+ * also try to connect and hang.
+ * A malicious client could cause denial-of-service if the server's main 
IO loop
+ * along with SSL handshake was blocking. A passing tests shows that 
NioServer
+ * can still function in case of connection load and that the main IO loop 
along
+ * with SSL handshake is non-blocking with some internal timeout mechanism.
  */
 
-public class NioTest extends TestCase {
+public class NioTest {
+
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
+
+// Test should fail in due time instead of looping forever
+private static final int TESTTIMEOUT = 30;
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 5;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
--- End diff --

@rhtyd ^


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217188135
  
@rhtyd I am still having problems with the tests in this PR, but now it is 
in master.

This is causing builds to fail...

```
testConnection(com.cloud.utils.testcase.NioTest)  Time elapsed: 300.073 sec 
 <<< ERROR!
org.junit.runners.model.TestTimedOutException: test timed out after 30 
milliseconds
at java.lang.Thread.sleep(Native Method)
at com.cloud.utils.testcase.NioTest.testConnection(NioTest.java:146)
```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-217188537
  
Is there  a reason we need to spend 5 minutes waiting for this test every 
build?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/1493


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216581383
  
Perfect, this one is queued up to be merged...  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216489209
  
@swill all green now


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216421909
  
@swill forced pushed; the Jenkins server is not reliable -- as long as 
Travis is green we are alright; the only additional check Jenkins does is the 
rat check, which I think Travis can do as well

Thanks @serverchief for sharing your experience with this fix

tag:mergeready


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[serverchief]

Github user serverchief commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216382896
  
@kiwiflyer, 

My testing with this patch -  if you have at least several hundred KVM 
nodes connected to 2 MS via VIP and take 1 MS down, you will notice that KVM 
agents will shift to second MS in mater of seconds - with no noise.

Without this patch, depending on the scale - it may take upto 10 minutes to 
reconnect all hosts and also lots of noise about hosts being down!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216378613
  
Thank you @kiwiflyer.  👍 

@rhtyd can you force push this PR again to try to get Jenkins green?  
Thanks...  Otherwise this one is ready...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216375175
  
I pulled this into a hardware lab on 4.8.1.  I setup a number of fake 
clients and hammered 8250. Prior to the patch the agents end up in a 
disconnected state after a few minutes.

I applied the patch and my little DOS test is unable to affect the 
connectivity between the management server and the agents.

I also tested some provisioning activities and made sure the agent survived 
taking the management server down and then bringing it back up.

LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216298669
  
No worries.  Thanks...  I also am a bit behind.  I apparently have to just 
assume I won't get any work done on mondays.  :P


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216296997
  
@swill  I'm a bit behind. I'm building this now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216289074
  
@kiwiflyer do you have test results on this one?  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-216228508
  
This PR is ready for merge, /cc @swill 

tag:mergeready


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[jburwell]

Github user jburwell commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215818023
  
LGTM for code review


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215815079
  
thanks @kiwiflyer 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[kiwiflyer]

Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215741459
  
@rhtyd - We'll pull this in for functional testing.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215675646
  
@swill can you try again with your CI?

@agneya2001 @jburwell @wido @kiwiflyer @nvazquez @DaanHoogland and others - 
please review and share your LGTM, thanks


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215350128
  
@swill there are in total 25 malicious clients that can block for 60s for 
all 5 (max.) server worker threads; so worst case we should have waited for at 
least 25*60/5 (300 seconds); I've fixed the test with max. possible timeout 
value, previously the value was chosen for an average case


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215310531
  
BTW, I built with `-T 2C`, if that is relevant to help you understand why 
it failed...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-215309861
  
Failed to build.
```
---
 T E S T S
---
Running com.cloud.utils.testcase.NioTest
2016-04-28 06:23:24,581 INFO  [utils.testcase.NioTest] (main:) Setting up 
Benchmark Test
2016-04-28 06:23:24,879 INFO  [utils.nio.NioServer] (main:) NioConnection 
started and listening on /0:0:0:0:0:0:0:0:58798
2016-04-28 06:23:24,886 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-1:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,886 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-2:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,887 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-4:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,890 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-5:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,891 INFO  [utils.nio.NioClient] (NioClientHandler-1:) 
Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,892 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-6:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,892 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-3:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,893 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-7:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,894 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-8:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,895 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-10:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,924 DEBUG [utils.crypt.EncryptionSecretKeyChecker] 
(pool-1-thread-1:) Encryption Type: null
2016-04-28 06:23:24,928 INFO  [utils.nio.NioClient] (NioClientHandler-2:) 
Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,933 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-11:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,933 WARN  [utils.nio.Link] (pool-1-thread-1:) SSL: Fail 
to find the generated keystore. Loading fail-safe one to continue.
2016-04-28 06:23:24,939 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-13:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,941 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-14:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,944 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-12:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,944 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-15:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,944 INFO  [utils.nio.NioClient] (NioClientHandler-3:) 
Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,945 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-16:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,946 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-9:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,946 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-17:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,946 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-18:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,947 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-19:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,947 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-20:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,948 INFO  [utils.nio.NioClient] (NioClientHandler-4:) 
Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,949 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-21:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,949 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-22:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,949 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-23:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,977 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-25:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,977 INFO  [utils.testcase.NioTest] 
(MaliciousNioClientHandler-24:) Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,981 INFO  [utils.nio.NioClient] (NioClientHandler-5:) 
Connecting to 127.0.0.1:58798
2016-04-28 06:23:24,996 DEBUG [utils.testcase.NioTest] (Thread-0:) 0/5 
tests done. Waiting for completion
2016-04-28 06:23:25,103 WARN  [utils.nio.Link] (pool-1-thread-1:) SSL: Fail 
to find the generated keystore. Loading fail-safe one to continue.
2016-04-28 06:23:25,161 WARN  [utils.nio.Link] (pool-1-thread-1:) SSL: Fail 
to find the generated keystore. Loading fail-safe one to continue.
2016-04-28 06:23:25,211 WARN  [utils.nio.Link] (pool-1-thread-1:) SSL: Fail 
to find the generated keystore. Loading fail-safe one to continue.
2016-04-28 06:23:25,282 WARN  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-214432357
  
@swill done, though as I mentioned in the comments above the test that 
failed in last travis run is a component test and fails on master too (i.e. not 
related to this PR). When Travis runs, the component tests are not run every 
time (it's random, if Travis allows to run additional jobs see tools/travis for 
details).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-214412952
  
I will run CI on this today.  @rhtyd can you force push again to see if we 
can get all green lights.  @jburwell I see you have been active on this PR, 
does it have your LGTM?  I need another LGTM as well.  Thx...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rhtyd]

Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-214252922
  
All tests passes, except for a test that runs only on simulator that 
sometimes passes, sometimes fails. This issue is due to master and not specific 
to this PR:
=== TestName: 
test_listVolume_by_id_as_user_volumefromsamedomaindifferentaccount | Status : 
EXCEPTION ===

cc @swill 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-213327217
  
@jburwell @GabrielBrascher @rafaelweingartner @swill if you're done with 
review, LGTM please or share what else should be fixed. Thanks.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-212284556
  
@jburwell fixed use of test timeout within \@Test annotation


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-211261793
  
@swill I've fixed the outstanding issues, can you run your CI on this and 
help merge? thanks


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59920010
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59918834
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,215 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/* NioTest
--- End diff --

If you are going to use some kind of documenting, I believe the java doc 
style would be more appropriate.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-210576373
  
Thanks all for the review, I've update the commits; please re-review and 
advise other outstanding issue. Thanks again.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59917981
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+ 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59915385
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59915315
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59915248
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59915144
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+ 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59914101
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59913697
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59913436
  
--- Diff: 
utils/src/test/java/com/cloud/utils/backoff/impl/ConstantTimeBackoffTest.java 
---
@@ -94,7 +94,7 @@ public void wakeupNotExisting() {
 @Test
 public void wakeupExisting() throws InterruptedException {
 final ConstantTimeBackoff backoff = new ConstantTimeBackoff();
-backoff.setTimeToWait(10);
+backoff.setTimeToWait(1000);
--- End diff --

I was trying to diagnose why this test was failing on Travis, so added a 
large value. Removed now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59913672
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+ 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[jburwell]

Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59913051
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59913073
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59912710
  
--- Diff: 
utils/src/test/java/com/cloud/utils/backoff/impl/ConstantTimeBackoffTest.java 
---
@@ -94,7 +94,7 @@ public void wakeupNotExisting() {
 @Test
 public void wakeupExisting() throws InterruptedException {
 final ConstantTimeBackoff backoff = new ConstantTimeBackoff();
-backoff.setTimeToWait(10);
+backoff.setTimeToWait(1000);
--- End diff --

is it 1000 seconds or miliseconds?
Does it need to be that high?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[rafaelweingartner]

Github user rafaelweingartner commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59912439
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[jburwell]

Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59900221
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[jburwell]

Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59900296
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[jburwell]

Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59900210
  
--- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java ---
@@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean 
isClient) throws GeneralSecurity
 return sslContext;
 }
 
-public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, 
boolean isClient) throws IOException {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: begin Handshake, isClient: " + isClient);
+public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int 
sessionProposedCapacity) {
+if (buffer == null || sessionProposedCapacity < 0) {
+return buffer;
 }
-
-SSLEngineResult engResult;
-SSLSession sslSession = sslEngine.getSession();
-HandshakeStatus hsStatus;
-ByteBuffer in_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer in_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-ByteBuffer out_pkgBuf = 
ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
-ByteBuffer out_appBuf = 
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
-int count;
-ch.socket().setSoTimeout(60 * 1000);
-InputStream inStream = ch.socket().getInputStream();
-// Use readCh to make sure the timeout on reading is working
-ReadableByteChannel readCh = Channels.newChannel(inStream);
-
-if (isClient) {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
+if (sessionProposedCapacity > buffer.capacity()) {
+buffer = ByteBuffer.allocate(sessionProposedCapacity);
 } else {
-hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+buffer = ByteBuffer.allocate(buffer.capacity() * 2);
 }
+return buffer;
+}
 
-while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("SSL: Handshake status " + hsStatus);
+public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, 
ByteBuffer buffer) {
+if (engine == null || buffer == null) {
+return buffer;
+}
+if (buffer.position() < buffer.limit()) {
+return buffer;
+}
+ByteBuffer replaceBuffer = enlargeBuffer(buffer, 
engine.getSession().getPacketBufferSize());
+buffer.flip();
+replaceBuffer.put(buffer);
+return replaceBuffer;
+}
+
+private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+ ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
+if (socketChannel == null || sslEngine == null || peerAppData == 
null || peerNetData == null || appBufferSize < 0) {
+return false;
+}
+if (socketChannel.read(peerNetData) < 0) {
+if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
+return false;
 }
-engResult = null;
-if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
-out_pkgBuf.clear();
-out_appBuf.clear();
-out_appBuf.put("Hello".getBytes());
-engResult = sslEngine.wrap(out_appBuf, out_pkgBuf);
-out_pkgBuf.flip();
-int remain = out_pkgBuf.limit();
-while (remain != 0) {
-remain -= ch.write(out_pkgBuf);
-if (remain < 0) {
-throw new IOException("Too much bytes sent?");
-}
-}
-} else if (hsStatus == 
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
-in_appBuf.clear();
-// One packet may contained multiply operation
-if (in_pkgBuf.position() == 0 || 
!in_pkgBuf.hasRemaining()) {
-in_pkgBuf.clear();
-count = 0;
-try {
-count = readCh.read(in_pkgBuf);
-} catch (SocketTimeoutException ex) {
-if (s_logger.isTraceEnabled()) {
-s_logger.trace("Handshake reading time out! 
Cut the connection");
-}
-count = -1;
-}
-if (count == -1) {
-  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[GabrielBrascher]

Github user GabrielBrascher commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59894203
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[GabrielBrascher]

Github user GabrielBrascher commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59892756
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", 0, 1, new NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", 
server.getPort(), 1, new NioMaliciousTestClient());
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59799743
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59795416
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+ 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[swill]

Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59792529
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59791280
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+ 

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[GabrielBrascher]

Github user GabrielBrascher commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1493#discussion_r59790778
  
--- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
@@ -19,146 +19,198 @@
 
 package com.cloud.utils.testcase;
 
-import java.nio.channels.ClosedChannelException;
-import java.util.Random;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-import org.junit.Assert;
-
+import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.exception.NioConnectionException;
 import com.cloud.utils.nio.HandlerFactory;
 import com.cloud.utils.nio.Link;
 import com.cloud.utils.nio.NioClient;
 import com.cloud.utils.nio.NioServer;
 import com.cloud.utils.nio.Task;
 import com.cloud.utils.nio.Task.Type;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-/**
- *
- *
- *
- *
- */
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class NioTest {
 
-public class NioTest extends TestCase {
+private static final Logger LOGGER = Logger.getLogger(NioTest.class);
 
-private static final Logger s_logger = Logger.getLogger(NioTest.class);
+final private int totalTestCount = 10;
+private int completedTestCount = 0;
 
-private NioServer _server;
-private NioClient _client;
+private NioServer server;
+private List clients = new ArrayList<>();
+private List maliciousClients = new ArrayList<>();
 
-private Link _clientLink;
+private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
+private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
 
-private int _testCount;
-private int _completedCount;
+private Random randomGenerator = new Random();
+private byte[] testBytes;
 
 private boolean isTestsDone() {
 boolean result;
 synchronized (this) {
-result = _testCount == _completedCount;
+result = totalTestCount == completedTestCount;
 }
 return result;
 }
 
-private void getOneMoreTest() {
-synchronized (this) {
-_testCount++;
-}
-}
-
 private void oneMoreTestDone() {
 synchronized (this) {
-_completedCount++;
+completedTestCount++;
 }
 }
 
-@Override
+@Before
 public void setUp() {
-s_logger.info("Test");
+LOGGER.info("Setting up Benchmark Test");
 
-_testCount = 0;
-_completedCount = 0;
-
-_server = new NioServer("NioTestServer", , 5, new 
NioTestServer());
-try {
-_server.start();
-} catch (final NioConnectionException e) {
-fail(e.getMessage());
-}
+completedTestCount = 0;
+testBytes = new byte[100];
+randomGenerator.nextBytes(testBytes);
 
-_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new 
NioTestClient());
+// Server configured with one worker
+server = new NioServer("NioTestServer", , 1, new 
NioTestServer());
 try {
-_client.start();
+server.start();
 } catch (final NioConnectionException e) {
-fail(e.getMessage());
+Assert.fail(e.getMessage());
 }
 
-while (_clientLink == null) {
-try {
-s_logger.debug("Link is not up! Waiting ...");
-Thread.sleep(1000);
-} catch (final InterruptedException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+// 5 malicious clients per valid client
+for (int i = 0; i < totalTestCount; i++) {
+for (int j = 0; j < 5; j++) {
+final NioClient maliciousClient = new 
NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new 
NioMaliciousTestClient());
+maliciousClients.add(maliciousClient);
+  

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-210103368
  
I've created two commits to show: (1) test to prove denial of service 
behavior due to blocking main IO loop, (2) the fix (as mentioned earlier long 
term fix would require migration to a better framework).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...

[bhaisaab]

Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1493#issuecomment-209896417
  
- Tested against KVM, mgmt server - KVM links and clustered management 
server
- NioTest modified to have multiple clients against a server instance with 
just one worker and 10 malicious clients (they simply do a secure connect to 
the server and don't do anything else) trying to connect server per valid client
- Ran Marvin smoke tests successfully against KVM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---