[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-219616568 @swill alright, I'll squash them and open a new PR that could be reviewed merged later --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-219555128 @rhtyd I reverted this in master to hopefully unblock my CI environments from failing as I am basically at my freeze date. Would you mind putting the above commits together in a single PR and reopen it? We know what we are looking for when we test it on its own again. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-219551825 I think I am going to have to revert this PR because it seems to be responsible for the `addHost` issue I am having in all my CI environments while doing DeployDC. On completely new deployments, I got the `addHost` error on all 6 of my CI environments with #1493 included. I have noticed this as an intermittent issue for the last while, but could not isolate it. I have reverted #1493 (and it's descendants) locally and I have not had the error in my first 3 tests after reverting it. I only started seeing the problem after #1493. With the freeze basically here, I need my CI environments in action cause I have a few PRs that I really want to run before I merge and freeze... This is what I plan to run to revert (brackets are for reference, not to be run): ``` git revert 540d9572fd491db3ce182d26636fc74ada4e171c (1543) git revert f88cb880974fa56866492c437af291e40bd1a4f6 -m 1 (1538) git revert 9f970f28b18534dffe33196ead60ea861f501fa9 -m 1 (1534) git revert 7ce0e10fbcd949375e43535aae168421ecdaa562 -m 1 (1493) ``` --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218943901 PR that aims to fix CPU issue - https://github.com/apache/cloudstack/pull/1543 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218943044 @rhtyd Sounds good. Thanks for taking a look. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218942524 @kiwiflyer thanks, I think I've found two issues -- I'll tag you on another PR, please test that in your lab and share if that fixes your CPU issue. /cc @swill let's get the other PR tested/merged, if @kiwiflyer still has the issue, let's revert the NioConnect commits so 4.9.0 does not ship with a genuine issue --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218776521 @rhtyd With the agent in trace mode, I see this scrolling through very rapidly: 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Processing: 0 2016-05-12 09:36:01,707 TRACE [utils.nio.NioConnection] (pool-1-thread-1:null) (logid:) Keys Done Processing. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218774260 @rhtyd I have had a couple independant reports of CPU going to 100% with this patch and the problem not existing if they revert this PR (along with #1534). Due to the upcoming freeze, I am considering reverting this PR (and #1534) until we can isolate the problem and get it tested again and verify the problem is resolved. I won't revert it today to give you, @kiwiflyer and others a chance to try to isolate the problem and test a fix. If we have not been able to resolve this by tomorrow, I will revert it and we can continue testing in a new PR. Thanks for the work on this guys... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218763389 @rhtyd I'll work on pulling some trace logs and a debugger on the agent if the trace logs don't show anything. For reference, These patches were on our QA 4.8 build. I believe I had all of our patches applied (including 1534). Please take a look at https://github.com/myENA/cloudstack/commits/ENA-4.8. The two reverts at the top cover the patches I believe. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218656836 @kiwiflyer along with this patch, have you also applied the optimization patch #1534 (make sure to apply the patch on both mgmt server and KVM agent) ? We can debug your issue to see if it's caused by NioConnection by changing log4j settings to `TRACE`. Edit `/etc/cloudstack/agent/log4j-cloud.xml`, and add a category with name="com.cloud.utils.nio" and priority value="TRACE" and watch out for issues in the logs. Alternatively, you have enable DEBUG/TRACE on com.cloud and org.apache.cloudstack categories to see what's happening. Finally, if you've an IDE or jdb you can attach a debugger to the agent with JAVA_OPTS settings `-Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n` and connect on remote port 8787 (or any other custom port). Let me know if that helps, or you need more help in finding out the issue. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218522071 No worries. ð I am really short on sleep, but I was pretty confident. :P --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user nvazquez commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218520703 Sorry, I confused PRs. Please ignore my last comment. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218519246 @nvazquez I don't think #1539 is related to this PR. I think this one has completely separate issues... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user nvazquez commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218514854 @rhtyd @kiwiflyer @swill a PR for fixing the problem #1539 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218473922 ![image](https://cloud.githubusercontent.com/assets/17278194/15184123/94553146-1759-11e6-8dec-c4e0bb0c1795.png) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-218473890 @rhtyd We're still seeing some odd behaviour related to the agent with this PR (and PR1534) applied to 2 of our hardware labs. What we're seeing is 100% cpu on the agent (KVM). There's nothing obvious in the debug logs indicating a problem. I've tried it both behind haproxy and directly to the management server and we see the same symptoms. Let me know what we can provide to help in terms of debugging. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217286830 @swill the NioTest is a unit test and will only run during compilation. If you hit any issues, feel free to revert the commit with some details on how I may be able to reproduce your issues and fix them. Thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217272766 I confirmed that reverting this PR locally does fix my DeployDatacenter issues. I did an initial test with #1534 and it did get past the DeployDatacenter phase and started testing, but it did not run the Nio tests (apparently it only runs that test sometimes?). I stopped that run and cleaned everything up and am running the CI against #1534 again to see if I can get it to run the tests (and pass) and also come back with a clean CI run. I will update that PR with the status later tonight. Thanks for looking into this quickly to unblock our ability to do CI. ð --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217270975 @swill sure thanks, please try with PR #1534 and if you still hit the issue, please revert the commit locally first; run against your environment and confirm that your environment works without the Nio fix (make sure both mgmt server and KVM agent have the both the PR fixes, or in case you revert make sure to rebuild mgmt server and kvm agent with reverted commits) in which case I'll try to reproduce and fix the addHost error. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217252920 @rhtyd I have some bad news on this PR. I have been having issues in CI ever since this got merged into master. When the tests don't run (and fail which causes the CI run to fail), then the DeployDatacenter script will fail. It looks like this code is treating the hosts as a malicious client. We get a handshake and then things fail. We basically get a `Failed to add host` error. I can get you more details if you need. I will test the #1534 PR to see if that fixes things, but I am a bit concerned about this PR right now... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217227342 Thanks, will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217225573 @swill I'm pushing a fix for you. The initial value is 0, as clients send data it's incremented by 1. At the end it's expected that total number of data sent matches data received by server. If test count is 5, then completed test count is also 5; as the loop runs 5 clients with indexes/ids - 0, 1, 2, 3, 4 <- count no. of clients created. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217227191 In my lasts run, not a single test passed in the time frame something is wrong. Previously it was failing on 4/5, but this time it timed out without a single test passing of the 5... ``` 2016-05-05 19:46:17,659 DEBUG [utils.testcase.NioTest] (Time-limited test:) 0/5 tests done. Waiting for completion 2016-05-05 19:46:18,660 DEBUG [utils.testcase.NioTest] (Time-limited test:) 0/5 tests done. Waiting for completion 2016-05-05 19:46:19,660 DEBUG [utils.testcase.NioTest] (Time-limited test:) 0/5 tests done. Waiting for completion 2016-05-05 19:46:20,367 INFO [utils.testcase.NioTest] (main:) Clients stopped. 2016-05-05 19:46:20,367 INFO [utils.testcase.NioTest] (main:) Server stopped. Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 300.095 sec <<< FAILURE! - in com.cloud.utils.testcase.NioTest testConnection(com.cloud.utils.testcase.NioTest) Time elapsed: 300.095 sec <<< ERROR! org.junit.runners.model.TestTimedOutException: test timed out after 30 milliseconds at java.lang.Thread.sleep(Native Method) at com.cloud.utils.testcase.NioTest.testConnection(NioTest.java:146) ``` --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217226167 @swill I've ran my tests, please review and merge this -- https://github.com/apache/cloudstack/pull/1534 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217220334 @rhtyd but `totalTestCount = 5` and I don't think that `completedTestCount` will ever be larger than `4`, so I don't know how that check could be right... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r62219725 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,208 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; /** - * - * - * - * + * NioTest demonstrates that NioServer can function without getting its main IO + * loop blocked when an aggressive or malicious client connects to the server but + * fail to participate in SSL handshake. In this test, we run bunch of clients + * that send a known payload to the server, to which multiple malicious clients + * also try to connect and hang. + * A malicious client could cause denial-of-service if the server's main IO loop + * along with SSL handshake was blocking. A passing tests shows that NioServer + * can still function in case of connection load and that the main IO loop along + * with SSL handshake is non-blocking with some internal timeout mechanism. */ -public class NioTest extends TestCase { +public class NioTest { + +private static final Logger LOGGER = Logger.getLogger(NioTest.class); + +// Test should fail in due time instead of looping forever +private static final int TESTTIMEOUT = 30; -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 5; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; --- End diff -- @swill I'll try to reproduce and fix with a patch to reduce the numbers. Test count 0 to len -1 is still a total `len` counts so this is correct. Consider then, 0 to 4 is `0, 1, 2, 3 , 4` --> they are 5 runs/rounds/counts --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r62207167 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,208 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; /** - * - * - * - * + * NioTest demonstrates that NioServer can function without getting its main IO + * loop blocked when an aggressive or malicious client connects to the server but + * fail to participate in SSL handshake. In this test, we run bunch of clients + * that send a known payload to the server, to which multiple malicious clients + * also try to connect and hang. + * A malicious client could cause denial-of-service if the server's main IO loop + * along with SSL handshake was blocking. A passing tests shows that NioServer + * can still function in case of connection load and that the main IO loop along + * with SSL handshake is non-blocking with some internal timeout mechanism. */ -public class NioTest extends TestCase { +public class NioTest { + +private static final Logger LOGGER = Logger.getLogger(NioTest.class); + +// Test should fail in due time instead of looping forever +private static final int TESTTIMEOUT = 30; -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 5; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; --- End diff -- Isn't this wrong? Shouldn't it be: ``` result = (totalTestCount -1) == completedTestCount; ``` You are are only launching `totalTestCount` tests `0 to totalTestCount-1`. `completedTestCount` is also `0` based, so when they all complete it should max out at `totalTestCount-1`. Can you clarify? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r62207228 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,208 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; /** - * - * - * - * + * NioTest demonstrates that NioServer can function without getting its main IO + * loop blocked when an aggressive or malicious client connects to the server but + * fail to participate in SSL handshake. In this test, we run bunch of clients + * that send a known payload to the server, to which multiple malicious clients + * also try to connect and hang. + * A malicious client could cause denial-of-service if the server's main IO loop + * along with SSL handshake was blocking. A passing tests shows that NioServer + * can still function in case of connection load and that the main IO loop along + * with SSL handshake is non-blocking with some internal timeout mechanism. */ -public class NioTest extends TestCase { +public class NioTest { + +private static final Logger LOGGER = Logger.getLogger(NioTest.class); + +// Test should fail in due time instead of looping forever +private static final int TESTTIMEOUT = 30; -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 5; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; --- End diff -- @rhtyd ^ --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217188135 @rhtyd I am still having problems with the tests in this PR, but now it is in master. This is causing builds to fail... ``` testConnection(com.cloud.utils.testcase.NioTest) Time elapsed: 300.073 sec <<< ERROR! org.junit.runners.model.TestTimedOutException: test timed out after 30 milliseconds at java.lang.Thread.sleep(Native Method) at com.cloud.utils.testcase.NioTest.testConnection(NioTest.java:146) ``` --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-217188537 Is there a reason we need to spend 5 minutes waiting for this test every build? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user asfgit closed the pull request at: https://github.com/apache/cloudstack/pull/1493 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216581383 Perfect, this one is queued up to be merged... Thanks... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216489209 @swill all green now --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216421909 @swill forced pushed; the Jenkins server is not reliable -- as long as Travis is green we are alright; the only additional check Jenkins does is the rat check, which I think Travis can do as well Thanks @serverchief for sharing your experience with this fix tag:mergeready --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user serverchief commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216382896 @kiwiflyer, My testing with this patch - if you have at least several hundred KVM nodes connected to 2 MS via VIP and take 1 MS down, you will notice that KVM agents will shift to second MS in mater of seconds - with no noise. Without this patch, depending on the scale - it may take upto 10 minutes to reconnect all hosts and also lots of noise about hosts being down! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216378613 Thank you @kiwiflyer. ð @rhtyd can you force push this PR again to try to get Jenkins green? Thanks... Otherwise this one is ready... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216375175 I pulled this into a hardware lab on 4.8.1. I setup a number of fake clients and hammered 8250. Prior to the patch the agents end up in a disconnected state after a few minutes. I applied the patch and my little DOS test is unable to affect the connectivity between the management server and the agents. I also tested some provisioning activities and made sure the agent survived taking the management server down and then bringing it back up. LGTM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216298669 No worries. Thanks... I also am a bit behind. I apparently have to just assume I won't get any work done on mondays. :P --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216296997 @swill I'm a bit behind. I'm building this now. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216289074 @kiwiflyer do you have test results on this one? Thanks... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-216228508 This PR is ready for merge, /cc @swill tag:mergeready --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user jburwell commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215818023 LGTM for code review --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215815079 thanks @kiwiflyer --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user kiwiflyer commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215741459 @rhtyd - We'll pull this in for functional testing. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215675646 @swill can you try again with your CI? @agneya2001 @jburwell @wido @kiwiflyer @nvazquez @DaanHoogland and others - please review and share your LGTM, thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215350128 @swill there are in total 25 malicious clients that can block for 60s for all 5 (max.) server worker threads; so worst case we should have waited for at least 25*60/5 (300 seconds); I've fixed the test with max. possible timeout value, previously the value was chosen for an average case --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215310531 BTW, I built with `-T 2C`, if that is relevant to help you understand why it failed... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-215309861 Failed to build. ``` --- T E S T S --- Running com.cloud.utils.testcase.NioTest 2016-04-28 06:23:24,581 INFO [utils.testcase.NioTest] (main:) Setting up Benchmark Test 2016-04-28 06:23:24,879 INFO [utils.nio.NioServer] (main:) NioConnection started and listening on /0:0:0:0:0:0:0:0:58798 2016-04-28 06:23:24,886 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-1:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,886 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-2:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,887 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-4:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,890 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-5:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,891 INFO [utils.nio.NioClient] (NioClientHandler-1:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,892 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-6:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,892 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-3:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,893 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-7:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,894 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-8:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,895 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-10:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,924 DEBUG [utils.crypt.EncryptionSecretKeyChecker] (pool-1-thread-1:) Encryption Type: null 2016-04-28 06:23:24,928 INFO [utils.nio.NioClient] (NioClientHandler-2:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,933 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-11:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,933 WARN [utils.nio.Link] (pool-1-thread-1:) SSL: Fail to find the generated keystore. Loading fail-safe one to continue. 2016-04-28 06:23:24,939 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-13:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,941 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-14:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,944 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-12:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,944 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-15:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,944 INFO [utils.nio.NioClient] (NioClientHandler-3:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,945 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-16:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,946 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-9:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,946 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-17:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,946 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-18:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,947 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-19:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,947 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-20:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,948 INFO [utils.nio.NioClient] (NioClientHandler-4:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,949 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-21:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,949 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-22:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,949 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-23:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,977 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-25:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,977 INFO [utils.testcase.NioTest] (MaliciousNioClientHandler-24:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,981 INFO [utils.nio.NioClient] (NioClientHandler-5:) Connecting to 127.0.0.1:58798 2016-04-28 06:23:24,996 DEBUG [utils.testcase.NioTest] (Thread-0:) 0/5 tests done. Waiting for completion 2016-04-28 06:23:25,103 WARN [utils.nio.Link] (pool-1-thread-1:) SSL: Fail to find the generated keystore. Loading fail-safe one to continue. 2016-04-28 06:23:25,161 WARN [utils.nio.Link] (pool-1-thread-1:) SSL: Fail to find the generated keystore. Loading fail-safe one to continue. 2016-04-28 06:23:25,211 WARN [utils.nio.Link] (pool-1-thread-1:) SSL: Fail to find the generated keystore. Loading fail-safe one to continue. 2016-04-28 06:23:25,282 WARN
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-214432357 @swill done, though as I mentioned in the comments above the test that failed in last travis run is a component test and fails on master too (i.e. not related to this PR). When Travis runs, the component tests are not run every time (it's random, if Travis allows to run additional jobs see tools/travis for details). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-214412952 I will run CI on this today. @rhtyd can you force push again to see if we can get all green lights. @jburwell I see you have been active on this PR, does it have your LGTM? I need another LGTM as well. Thx... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rhtyd commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-214252922 All tests passes, except for a test that runs only on simulator that sometimes passes, sometimes fails. This issue is due to master and not specific to this PR: === TestName: test_listVolume_by_id_as_user_volumefromsamedomaindifferentaccount | Status : EXCEPTION === cc @swill --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-213327217 @jburwell @GabrielBrascher @rafaelweingartner @swill if you're done with review, LGTM please or share what else should be fixed. Thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-212284556 @jburwell fixed use of test timeout within \@Test annotation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-211261793 @swill I've fixed the outstanding issues, can you run your CI on this and help merge? thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59920010 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59918834 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,215 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +/* NioTest --- End diff -- If you are going to use some kind of documenting, I believe the java doc style would be more appropriate. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-210576373 Thanks all for the review, I've update the commits; please re-review and advise other outstanding issue. Thanks again. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59917981 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59915385 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59915315 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59915248 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59915144 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59914101 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59913697 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1)
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59913436 --- Diff: utils/src/test/java/com/cloud/utils/backoff/impl/ConstantTimeBackoffTest.java --- @@ -94,7 +94,7 @@ public void wakeupNotExisting() { @Test public void wakeupExisting() throws InterruptedException { final ConstantTimeBackoff backoff = new ConstantTimeBackoff(); -backoff.setTimeToWait(10); +backoff.setTimeToWait(1000); --- End diff -- I was trying to diagnose why this test was failing on Travis, so added a large value. Removed now. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59913672 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59913051 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59913073 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59912710 --- Diff: utils/src/test/java/com/cloud/utils/backoff/impl/ConstantTimeBackoffTest.java --- @@ -94,7 +94,7 @@ public void wakeupNotExisting() { @Test public void wakeupExisting() throws InterruptedException { final ConstantTimeBackoff backoff = new ConstantTimeBackoff(); -backoff.setTimeToWait(10); +backoff.setTimeToWait(1000); --- End diff -- is it 1000 seconds or miliseconds? Does it need to be that high? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user rafaelweingartner commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59912439 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1)
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59900221 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59900296 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59900210 --- Diff: utils/src/main/java/com/cloud/utils/nio/Link.java --- @@ -453,115 +449,192 @@ public static SSLContext initSSLContext(boolean isClient) throws GeneralSecurity return sslContext; } -public static void doHandshake(SocketChannel ch, SSLEngine sslEngine, boolean isClient) throws IOException { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: begin Handshake, isClient: " + isClient); +public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionProposedCapacity) { +if (buffer == null || sessionProposedCapacity < 0) { +return buffer; } - -SSLEngineResult engResult; -SSLSession sslSession = sslEngine.getSession(); -HandshakeStatus hsStatus; -ByteBuffer in_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer in_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -ByteBuffer out_pkgBuf = ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40); -ByteBuffer out_appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40); -int count; -ch.socket().setSoTimeout(60 * 1000); -InputStream inStream = ch.socket().getInputStream(); -// Use readCh to make sure the timeout on reading is working -ReadableByteChannel readCh = Channels.newChannel(inStream); - -if (isClient) { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP; +if (sessionProposedCapacity > buffer.capacity()) { +buffer = ByteBuffer.allocate(sessionProposedCapacity); } else { -hsStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; +buffer = ByteBuffer.allocate(buffer.capacity() * 2); } +return buffer; +} -while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("SSL: Handshake status " + hsStatus); +public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { +if (engine == null || buffer == null) { +return buffer; +} +if (buffer.position() < buffer.limit()) { +return buffer; +} +ByteBuffer replaceBuffer = enlargeBuffer(buffer, engine.getSession().getPacketBufferSize()); +buffer.flip(); +replaceBuffer.put(buffer); +return replaceBuffer; +} + +private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { +if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { +return false; +} +if (socketChannel.read(peerNetData) < 0) { +if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { +return false; } -engResult = null; -if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) { -out_pkgBuf.clear(); -out_appBuf.clear(); -out_appBuf.put("Hello".getBytes()); -engResult = sslEngine.wrap(out_appBuf, out_pkgBuf); -out_pkgBuf.flip(); -int remain = out_pkgBuf.limit(); -while (remain != 0) { -remain -= ch.write(out_pkgBuf); -if (remain < 0) { -throw new IOException("Too much bytes sent?"); -} -} -} else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { -in_appBuf.clear(); -// One packet may contained multiply operation -if (in_pkgBuf.position() == 0 || !in_pkgBuf.hasRemaining()) { -in_pkgBuf.clear(); -count = 0; -try { -count = readCh.read(in_pkgBuf); -} catch (SocketTimeoutException ex) { -if (s_logger.isTraceEnabled()) { -s_logger.trace("Handshake reading time out! Cut the connection"); -} -count = -1; -} -if (count == -1) { -
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user GabrielBrascher commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59894203 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user GabrielBrascher commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59892756 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", 0, 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", server.getPort(), 1, new NioMaliciousTestClient()); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59799743 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59795416 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user swill commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59792529 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59791280 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user GabrielBrascher commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1493#discussion_r59790778 --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java --- @@ -19,146 +19,198 @@ package com.cloud.utils.testcase; -import java.nio.channels.ClosedChannelException; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; -import org.junit.Assert; - +import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.exception.NioConnectionException; import com.cloud.utils.nio.HandlerFactory; import com.cloud.utils.nio.Link; import com.cloud.utils.nio.NioClient; import com.cloud.utils.nio.NioServer; import com.cloud.utils.nio.Task; import com.cloud.utils.nio.Task.Type; +import org.apache.log4j.Logger; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; -/** - * - * - * - * - */ +import java.io.IOException; +import java.net.InetSocketAddress; +import java.nio.channels.ClosedChannelException; +import java.nio.channels.Selector; +import java.nio.channels.SocketChannel; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; + +public class NioTest { -public class NioTest extends TestCase { +private static final Logger LOGGER = Logger.getLogger(NioTest.class); -private static final Logger s_logger = Logger.getLogger(NioTest.class); +final private int totalTestCount = 10; +private int completedTestCount = 0; -private NioServer _server; -private NioClient _client; +private NioServer server; +private List clients = new ArrayList<>(); +private List maliciousClients = new ArrayList<>(); -private Link _clientLink; +private ExecutorService clientExecutor = Executors.newFixedThreadPool(totalTestCount, new NamedThreadFactory("NioClientHandler"));; +private ExecutorService maliciousExecutor = Executors.newFixedThreadPool(5*totalTestCount, new NamedThreadFactory("MaliciousNioClientHandler"));; -private int _testCount; -private int _completedCount; +private Random randomGenerator = new Random(); +private byte[] testBytes; private boolean isTestsDone() { boolean result; synchronized (this) { -result = _testCount == _completedCount; +result = totalTestCount == completedTestCount; } return result; } -private void getOneMoreTest() { -synchronized (this) { -_testCount++; -} -} - private void oneMoreTestDone() { synchronized (this) { -_completedCount++; +completedTestCount++; } } -@Override +@Before public void setUp() { -s_logger.info("Test"); +LOGGER.info("Setting up Benchmark Test"); -_testCount = 0; -_completedCount = 0; - -_server = new NioServer("NioTestServer", , 5, new NioTestServer()); -try { -_server.start(); -} catch (final NioConnectionException e) { -fail(e.getMessage()); -} +completedTestCount = 0; +testBytes = new byte[100]; +randomGenerator.nextBytes(testBytes); -_client = new NioClient("NioTestServer", "127.0.0.1", , 5, new NioTestClient()); +// Server configured with one worker +server = new NioServer("NioTestServer", , 1, new NioTestServer()); try { -_client.start(); +server.start(); } catch (final NioConnectionException e) { -fail(e.getMessage()); +Assert.fail(e.getMessage()); } -while (_clientLink == null) { -try { -s_logger.debug("Link is not up! Waiting ..."); -Thread.sleep(1000); -} catch (final InterruptedException e) { -// TODO Auto-generated catch block -e.printStackTrace(); +// 5 malicious clients per valid client +for (int i = 0; i < totalTestCount; i++) { +for (int j = 0; j < 5; j++) { +final NioClient maliciousClient = new NioMaliciousClient("NioMaliciousTestClient-" + i, "127.0.0.1", , 1, new NioMaliciousTestClient()); +maliciousClients.add(maliciousClient); +
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-210103368 I've created two commits to show: (1) test to prove denial of service behavior due to blocking main IO loop, (2) the fix (as mentioned earlier long term fix would require migration to a better framework). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request: CLOUDSTACK-9348: Use non-blocking SSL han...
Github user bhaisaab commented on the pull request: https://github.com/apache/cloudstack/pull/1493#issuecomment-209896417 - Tested against KVM, mgmt server - KVM links and clustered management server - NioTest modified to have multiple clients against a server instance with just one worker and 10 malicious clients (they simply do a secure connect to the server and don't do anything else) trying to connect server per valid client - Ran Marvin smoke tests successfully against KVM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---