* Problem: no test case with CURVE encryption and large identity
Solution: added test case (currently crashing)
* Problem: possible buffer overflow in mechanism_t::add_property
Solution: add target buffer length parameter and check the buffer is sufficiently large
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Problem: possible buffer overruns related to metadata at various locations
Solution: allocate buffer large enough for actual metadata, reduce code duplication
* Problem: syntax error related to pointer type conversion
Solution: change argument type of make_command_with_basic_properties to const char *
* Problem: large metadata may cause an assertion in produce_initiate
Solution: Allow metadata of arbitrary size in produce_initiate
* Extracted connect_vanilla_socket function
* Problem: no tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO commands
* Problem: insufficient tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO command version
* Problem: test HELLO message is invalid apart from deliberate errors
Solution: create cryptographically correct HELLO message
add tweetnacl.c to test_security_curve
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: no test with INITIATE command with invalid length
Solution: added test case
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted further parts of zmq::curve_client_t into reusable functions
added missing file
* Problem: mechanism_t::add_property can be declared static
Solution: declare mechanism_t::add_property static
* Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t
Solution: add non-static member functions
* Problem: msg_t instance may be closed twice
Solution: remove offending close
* Problem: prepare_hello uses static curve_client_tools_t::produce_hello
Solution: Use non-static curve_client_tools_t::produce_hello
* Problem: no test with invalid command name where INITIATE command is expected
Solution: added test case
* Problem: make builds are failing due to curve_client_tools.hpp not being found
Solution: add curve_client_tools.hpp to list of source files
* Problem: wrong initializer order in zmq::curve_client_t
Solution: reorder
* Problem: under non-Windows systems, test fails because random_open was not called
Solution: call random_open/random_close within test
* Problem: conflict between custom function htonll and macro definition on Darwin
Solution: define htonll function only if not defined as a macro
* Problem: nullptr not defined on all platforms
Solution: replace nullptr by NULL
* Problem: libsodium builds not working
Solution: adapt compile and link file sets for libsodium builds
* Problem: Makefile.am broken
Solution: Fix syntax
* Problem: no tests for garbage encrypted cookie or content in INITIATE
Solution: added test cases
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Solution: some error cases are unreachable
Problem: for the time being, added some comments without changing the code
* Added comments on hard-to-test cases
Solution: force the compiler to make the atomic_counter_t alignment
friendly.
This will ensure that the pointers inside the buffers allocated by
shared_message_memory are aligned, at the cost of growing the memory
size of atomic_counter_t from 4 to 8 bytes on 64 bit (when not using
mutexes).
Note that although content_t contains an atomic_counter_t, the
compiler already padded the struct so there is no change in the
buffer sizes used by the engines, save for the extra 4 bytes for the
buffer's own single atomic counter.
Fixes#2588
Solution: remove requirement to manually define macro and just check
for the C++ supported version.
Note that compiler intrinsics still have priority if available, to
avoid changes unless necessary.
* Problem: missing test for status code 300, inadequate assertion for status code 500
Solution: add test, change assertion (currently test fails)
* Problem: gcc compiler error deprecated conversion from string constant
Solution: declare variable as const
* Problem: in case of ZAP handler returning a status code other than 200, no appropriate event is emitted
Solution: immediately emit event after receiving reply from ZAP handler
* Problem: endpoint address is not included in zap-reply monitor event
Solution: added functions to retrieve endpoint address in zmq::i_engine and zmq::session_base_t
removed unused code block in zmq::stream_engine_t::next_handshake_command
* Problem: wrong formatting
Solution: fix formatting
* Problem: test fails because of EPIPE
Solution: add EPIPE/ECONNRESET/ECONNAGAIN handling for more test cases
* Fixing #2002 one way of doing it
* Mechanisms can implement a new method `error_detail()`
* This error detail have three values for the moment: no_detail
(default), protocol, encryption.
+ generic enough to make sense for all mechanisms.
- low granularity level on information.
* Fixing #2002: implementation of the error details
The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details
as value.
* Removed Microsoft extenstion for enum member access
This was leading to compilation error under linux.
* Adaptation of CURVE test cases
* Monitoring event: changed API for detailed events
Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by:
- ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL,
- ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL,
- ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION
Adaptation of text case `security_curve`
* Removed event value comparison
This was introduced for the previous API model adaptation
* Removed the prints in std output and added missing details
`current_error_detail` was not set in every protocol error cases
* Fixed initialization of current_error_detail
* Fixed error in greeting test case
The handshake failure due to mechanism mismatch in greeting is actually
a protocol error. The error handling method consider it like so and
send a protocol handshake failure monitoring event instead of no_detail.
Fixed the test_security_curve expectation as well.
* Upgraded tests of monitoring events
The tests check the number of monitoring events received
* Problem: does not build under Linux or without ZMQ_DRAFT_API
Solution:
- properly use ZMQ_DRAFT_API conditional compilation
- use receive timeouts instead of Sleep
* Problem: duplicate definition of variable 'timeout'
Solution: merged definitions
* Problem: inconsistent timing dependencies
Solution: reduce timing dependency by using timeouts at more places
* Problem: assertion failure under Linux due to unexpected monitor event
Solution: output event type to aid debugging
* Problem: erroneous assertion code
* Problem: assertion failure with a garbage server key due to an extra third event
Solution: changed assertion to expect three events (needs to be checked)
* Problem: extra include directive to non-existent file
Solution: removed include directive
* Problem: assertion failure on appveyor for unknown reason
Solution: improve debug output
* Problem: no build with libsodium and draft api
Solution: add build configurations with libsodium and draft api
* Problem: assertion failure on CI
Solution: change assertion to reflect actual behaviour on CI (at least temporarily)
* Problem: error in condition in assertion code
* Problem: assertion failure on CI
Solution: generalize assertion to match behavior on CI
* Problem: assertion failures on CI
Solution: removed inconsistent assertion on no monitor events before flushing
improved debuggability by converting function into macro
* Problem: diverging test code for three analogous test cases with garbage key
Solution: extract common code into function
* Problem: does not build without ZMQ_BUILD_DRAFT_API
Solution: introduce dummy variable
* Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again
* Problem: EAGAIN error after handshake complete if there is no more data in inbuffer
Solution: Skip tcp_read attempt in that case
* Problem: handshaking event emitted after handshaking failed
Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking
* Include error code in debug output
* Improve debugging output: output flushed events
* Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP
* Fixed compilation without ZMQ_BUILD_DRAFT_API
* Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
* Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
* Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
* Fixed assert_monitor_event (require event instead of allowing no event)
Reverted erroneous change to handshaking condition
Renamed test_wrong_key to test_garbage_key
Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE
* Better isolate test cases from each other by providing a fresh context & server for each
* Added diagnostic output
* Changed assertion to reflect actual behavior on CI
* Fixed formatting, observe maximum line length
* Fixed formatting, observe maximum line length
* Increase timeout to check if this fixes valgrind run
* Close server with close_zero_linger
* Increase timeout to check if this fixes valgrind run
* Increase timeout to check if this fixes valgrind run
* Generalize assertion to also work with valgrind
* Fixed formatting
* Add more diagnostic output
* Generalize assertion to also work with valgrind
Linux now supports Virtual Routing and Forwarding (VRF) as per:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
In order for an application to bind or connect to a socket with an
address in a VRF, they need to first bind the socket to the VRF device:
setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev)+1);
Note "dev" is the VRF device, eg. VRF "blue", rather than an interface
enslaved to the VRF.
Add a new socket option, ZMQ_BINDTODEVICE, to bind a socket to a device.
In general, if a socket is bound to a device, eg. an interface, only
packets received from that particular device are processed by the socket.
If device is a VRF device, then subsequent binds/connects to that socket
use addresses in the VRF routing table.
Solution: add a crypto [de-]initialiser, refcounted and serialised
through critical sections.
This is necessary as utility APIs such as zmq_curve_keypair also
call into the sodium/tweetnacl libraries and need the initialisation
outside of the zmq context.
Also the libsodium documentation explicitly says that sodium_init
must not be called concurrently from multiple threads, which could
have happened until now. Also the randombytes_close function does
not appear to be thread safe either.
This change guarantees that the library is initialised only once at
any given time across the whole program.
Fixes#2632
Before this commit, xhas_out() was returning true regardless. This
was correct before the ZMQ_ROUTER_MANDATORY flag as introduced.
However, ZMQ_POLLOUT.
With this commit, _if_ ZMQ_ROUTER_MANDATORY is set, xhas_out() will
return false if ALL peer's outgoing pipes are full.
There is an outstanding high-level design question:
If ZMQ_ROUTER_MANDATORY is set, and zmq_poll() waits for ZMQ_POLLOUT
events, zmq_poll() will immediately wake up if only 1 pipe has
room to send, regardless of the peer, creating a busy loop of
zmq_poll() wake-up, zmq_send() (EAGAIN). There is no way for
the application to selectively wait for ZMQ_POLLOUT for specific
peer(s), which seems somehow necessary in ZMQ_ROUTER_MANDATORY.
This discussion will be addressed in a separate issue.
Signed-off-by: Marc Sune <marc@voltanet.io>
Signed-off-by: Fredi Raspall <fredi@voltanet.io>
Solution: if a CURVE server is using zmq_connect, the same session
will be used for any client "reconnect" (actual binds). This is
acceptable, so do not assert if zap_pipe already exists during the
handshake, but simply reuse it.
Fixes#2608
Solution: remove the pipe from the real trie when a peer disconnects.
Also add a unit test that exercises the behaviour by reconnecting
a different socket and sending a message that matches.
Fixes#2601 and introduced by #2042
Solution: revert change that made ZAP mandatory.
The "Stonehouse" pattern, where CURVE is used only for encryption and
without authentication, is a valid use case so we should still
support it.
Also restore CURVE testing in the test_heartbeat.
Fixes#2594
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is
enabled, abort immediately if it cannot be used (eg: out of memory)
or it is configured incorrectly (eg: wrong socket type).
Otherwise authentication failures will simply be ignored and
unauthorised peers will be allowed to slip in.
problem: for zmq radio/dish pattern, if the radio process restarts, the dish will not resend subscriptions to radio. And the result is that the dish will never receive any more messages.
solution: in session_base_t::reconnect (), take ZMQ_DISH into consideration when invoking hiccup method.
In function session_base_t::reconnect, if we set immediate to 1 and set linger, we will get into first block of reconnect function, and set pipe to NULL, but we forget to cancel timer of linger. Once timer tiggered, we will get coredump. Solution: cancel timer in the end of set pipe to NULL
Solution: don't set thread name on Android
Setting a thread name on Android may fail with "permission
denied" error and abort the process due to failed assertion.
Tested on Android 5 and 6 (two phones).
Strangely enough, it only happens on signed APKs and is fine
in debug. Using JeroMQ is not an option as we need TCP keepalive
settings and authentication which JeroMQ doesn't support.
Solution: roll back the pipe if writing messages other than the
first fails in router::xsend. Roll it back also when the pipe is
terminating.
Also add test case that reproduces the memory leak when ran with
valgrind.
Fixes#2567
Solution: roll back the pipe if writing messages other than the
first fails in router::xsend.
Also add test case that reproduces the memory leak when ran with
valgrind.
Fixes#2567
