Azat Khuzhin [Fri, 11 Jan 2019 18:52:11 +0000 (21:52 +0300)]
rpc: use *_new_with_arg() to match function prototype
In 755fbf16c ("Add void* arguments to request_new and reply_new
evrpc hooks") this new functions had been introduced, but newer used,
what for? So let's use them.
Azat Khuzhin [Fri, 7 Dec 2018 18:46:27 +0000 (21:46 +0300)]
http: fix connection retries when there more then one request for connection
We should not attemp to establishe the connection if there is retry
timer active, since otherwise there will be a bug.
Imagine next situation:
con = evhttp_connection_base_new()
evhttp_connection_set_retries(con, 2)
req = evhttp_request_new()
evhttp_make_request(con, req, ...)
# failed during connecting, and timer for 2 second scheduler (retry_ev)
Then another request scheduled for this evcon:
evhttp_make_request(con, req, ...)
# got request from server,
# and now it tries to read the response from the server
# (req.kind == EVHTTP_RESPONSE)
#
# but at this point retry_ev scheduled,
# and it schedules the connect again,
# and after the connect will succeeed, it will pick request with
# EVHTTP_RESPONSE for sending and this is completelly wrong and will
# fail in evhttp_make_header_response() since there is no
# "http_server" for this evcon
This was a long standing issue, that I came across few years ago
firstly, bad only now I had time to dig into it (but right now it was
pretty simple, by limiting amount of CPU for the process and using rr
for debug to go back and forth).
Azat Khuzhin [Thu, 22 Nov 2018 21:29:55 +0000 (00:29 +0300)]
cmake: do not build both (SHARED and STATIC) for MSVC/win32
MSVC does not support SHARED and STATIC libraries with the same name,
so let's just build SHARED libraries by default instead (yes we can add
prefix but let's stick with this).
The reason for this is that in windows shared libraries requires .lib
file too, but this is not static library it is imported library for
shared (doh...), for more info [1] and [2].
And when we build both static library can and will override shared
library imported part, let's take a look at event_extra.lib:
- before patch [3]:
$ less libevent-fail/lib/Debug/event_extra.lib | head
==> use library:contained_file to view a file in the archive
rw-rw-rw- 100666/100666 59568 Nov 21 23:55 2018 event_extra_static.dir/Debug/evrpc.obj
rw-rw-rw- 100666/100666 252219 Nov 21 23:55 2018 event_extra_static.dir/Debug/evdns.obj
rw-rw-rw- 100666/100666 203850 Nov 21 23:55 2018 event_extra_static.dir/Debug/http.obj
rw-rw-rw- 100666/100666 25907 Nov 21 23:55 2018 event_extra_static.dir/Debug/event_tagging.obj
- "after patch" [4] (not after but the same effect):
$ less libevent-ok/lib/Debug/event_extra.lib | head
==> use library:contained_file to view a file in the archive
--------- 0/0 509 Nov 21 23:38 2018 event_extra.dll
...
And there is no way to configure this (and indeed you need to do this
for MSVC for example), so let's introduce option for this --
EVENT__LIBRARY_TYPE.
Plus now we have INTERFACE libraries, that we can use internally in
libevent's cmake rules to avoid strict to _shared/_static variant of the
libraries to link with samples/tests (we prefer SHARED over STATIC for
linking).
Also bump minimal cmake required version to 3.1 by the following
reasons:
- 3.1 is required for RPATH configuration under APPLE
- 3.0 is required for add_library(INTERFACE) (did not found it in 2.8.x
documentation)
- remove extra conditions
(anyway 3.1 was release 4 years ago, so I guess that most of the systems
will have it)
Azat Khuzhin [Tue, 20 Nov 2018 08:46:44 +0000 (11:46 +0300)]
Mark a lot of flacky tests with TT_RETRIABLE (for linux/win32 only)
This patch mark testcases that only fail under travis-ci/appveyor with
TT_RETRIABLE, since otherwise there is too much noise, other issues
(like failures under vagrant boxes) would be investigated separatelly.
Azat Khuzhin [Mon, 19 Nov 2018 22:06:04 +0000 (01:06 +0300)]
regress: introduce TT_RETRIABLE
We have some tests that has false-positive due to real/CPU time bound,
but they are pretty generic and we do not want to skip them by default.
TT_RETRIABLE is the flag that will indicate tinytest to retry the test
in case of failure, use it to avoid next possible false-positives:
- real time-related
- CPU time-related
Since I guess it is better to see/grepping RETRYING messages over
ignoring completely failed builds.
No configuration switch for number of retries was done on purpose (only
3 retries and no more).
And this is how it looks BTW:
$ gcc ../test/tinytest_demo.c ../test/tinytest.c
$ ./a.out --verbose --no-fork
demo/timeout_retry
demo/timeout_retry:
FAIL ../test/tinytest_demo.c:201: assert(i != 1): 1 vs 1
[timeout_retry FAILED]
[RETRYING timeout_retry (3)]
demo/timeout_retry:
OK ../test/tinytest_demo.c:201: assert(i != 1): 2 vs 1
OK ../test/tinytest_demo.c:213: assert(t2-t1 >= 4): 5 vs 4
OK ../test/tinytest_demo.c:215: assert(t2-t1 <= 6): 5 vs 6
1 tests ok. (0 skipped)
Azat Khuzhin [Tue, 13 Nov 2018 21:20:20 +0000 (00:20 +0300)]
http: improve error path for bufferevent_{setfd,enable,disable}()
We have calls to the next functions but do not check return values,
though they can be invalid and it is better to show this somehow.
Also do bufferevent_setfd() first and only after it
bufferevent_enable()/bufferevent_disable() since:
a) it is more natural
b) it will avoid extra operations
c) it will not fail first bufferevent_enable() (this is the case for
buffbufferevent_async at least)
In this case we could add more information for issues like #709
Azat Khuzhin [Tue, 13 Nov 2018 19:47:43 +0000 (22:47 +0300)]
Merge branch 'iocp-fixes'
* iocp-fixes:
regress: test for HTTP/HTTPS with IOCP enabled
bev_async: trigger/run only deferred callbacks
bev_async: do not initialize timeouts multiple times
bev_async: set "ok" on setfd if fd>=0 (like we do during creation)
bev_async: ignore ERROR_INVALID_PARAMETER on .setfd for iocp
Azat Khuzhin [Tue, 13 Nov 2018 18:31:44 +0000 (21:31 +0300)]
bev_async: trigger/run only deferred callbacks
Otherwise callbacks will be runned even without event_loop, due to
nature of IOCP.
A simple example is:
evhttp_connection_free(client)
# freeing the client will trigger evhttp_connection_free() for the
# client on the server side, and hence there will double free
evhttp_free(server)
Azat Khuzhin [Sun, 11 Nov 2018 18:35:20 +0000 (21:35 +0300)]
bev_async: ignore ERROR_INVALID_PARAMETER on .setfd for iocp
listener already calls event_iocp_port_associate_() the second call will
return ERROR_INVALID_PARAMETER.
Plus we already ignore it on creation, so why we should care about it
here?
Azat Khuzhin [Tue, 13 Nov 2018 18:26:12 +0000 (21:26 +0300)]
Fix conceivable UAF of the bufferevent in evhttp_connection_free()
Although this is not a problem, since bufferevent uses finalizers and
will free itself only from the loop (well this is not a problem if you
do not play games with various event_base in different threads) it
generates questions, so rewrite it in more reliable way.
Azat Khuzhin [Tue, 13 Nov 2018 08:10:25 +0000 (11:10 +0300)]
Merge branch 'sample-http-server'
Some improvements for http-server sample:
- getopt
- persistent port via -p option
- IOCP for win32 via -I
- disable buffering
- enable debug logging via -v/EVENT_DEBUG_LOGGING_ALL
- cleanup (by signal and separate error path on errors)
* sample-http-server:
s/http-server: graceful cleanup
s/http-server: enable debug logging if EVENT_DEBUG_LOGGING_ALL env isset
s/http-server: turn off buffering (otherwise do output on win32)
s/http-server: add an option to use IOCP
s/http-server: add options (for persistent port)
Azat Khuzhin [Wed, 7 Nov 2018 21:21:08 +0000 (00:21 +0300)]
Remove Vagrantfile (will be moved into libevent-extras)
Since:
- it is not a library
- this file should have (if I had enough time) enough fixes in itself
and should not polute libevent history
- it "requires" (it more cleaner to use it in this way) script --
tools/vagrant-tests.py (indeed, from libevent-extras)
- will has it's own issues/README/...
Azat Khuzhin [Wed, 7 Nov 2018 21:36:07 +0000 (00:36 +0300)]
regress_ssl: fix ssl/bufferevent_wm_filter for non defered callbacks
Even after referenced patch there is still possible recursive callbacks
from evbuffer_drain(bev_input), i.e.:
wm_transfer() -> evbuffer_drain() -> wm_transfer()
inc(ctx->get)
But if we will increment ctx->get before drain that we will not add more
data to buffer.
Refs: 54c6fe3c ("regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance")
CI: https://ci.appveyor.com/project/nmathewson/libevent/build/job/f0rv299i71wnuxdq#L2546
Azat Khuzhin [Mon, 5 Nov 2018 14:04:47 +0000 (17:04 +0300)]
appveyor: cache build directory to reduce overall time (6x time faster)
various build checks (i.e. detecting headers/macroses/functions) takes
7 minutes (from 13 minutes in total) for cmake, which is too high.
By using cache we can reduce this to ~0.
And set APPVEYOR_SAVE_CACHE_ON_ERROR so that cmake checks will be
cached (anyway all sources will be built from scratch due to timestamp
updates while extracting from sources).
Azat Khuzhin [Mon, 5 Nov 2018 15:30:38 +0000 (18:30 +0300)]
cmake: set CMP0075 to NEW (for ws2_32.lib in win32)
Otherwise cmake complains:
Policy CMP0075 is not set: Include file check macros honor
CMAKE_REQUIRED_LIBRARIES. Run "cmake --help-policy CMP0075" for policy
details. Use the cmake_policy command to set the policy and suppress this
warning.
CMAKE_REQUIRED_LIBRARIES is set to:
ws2_32.lib
For compatibility with CMake 3.11 and below this check is ignoring it.
Azat Khuzhin [Mon, 5 Nov 2018 15:23:31 +0000 (18:23 +0300)]
cmake: set CMP0074 to NEW (for OPENSSL_ROOT in appveyor)
We have $env:OPENSSL_ROOT (env) equals to -DOPENSSL_ROOT (cmake
variable) anyway.
cmake complains:
Policy CMP0074 is not set: find_package uses <PackageName>_ROOT variables.
Run "cmake --help-policy CMP0074" for policy details. Use the cmake_policy
command to set the policy and suppress this warning.
Environment variable OpenSSL_ROOT is set to:
C:/OpenSSL-Win64/bin
For compatibility, CMake is ignoring the variable.
This warning is for project developers. Use -Wno-dev to suppress it.
Azat Khuzhin [Mon, 5 Nov 2018 19:25:15 +0000 (22:25 +0300)]
regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance
Due to inplace callbacks (i.e. no BEV_OPT_DEFER_CALLBACKS) we cannot be
sure that wm_transfer() will not be called recursively and indeed it
still happens sometimes, and the referenced patch increase amount of
this times, especially for linux/poll.
Fixes: 66304a23cf748714159c988e78f35401c5352827 ("Fix
ssl/bufferevent_wm_filter when bev does not reach watermark on break")
Azat Khuzhin [Mon, 5 Nov 2018 18:33:54 +0000 (21:33 +0300)]
regress_http: disable http/read_on_write_error under win32
EVHTTP_CON_READ_ON_WRITE_ERROR works only if an error already read from
the socket, but if we already got EPIPE on write we cannot read from the
socket anymore, and win32 does not guarantee that read will happens
before (although it happens from time to time).
In the referenced patch I just replaced callback with not expecting 417,
but like I already wrote, this is not always true (i.e. it is flacky).
Fixes: 3b581693ac1967f7f8d98491cb772a1b415eb4cd ("test/http:
read_on_write_error: fix it for win32")
Azat Khuzhin [Sun, 4 Nov 2018 18:41:20 +0000 (21:41 +0300)]
Merge branch 'ssl_bufferevent_wm_filter-fix'
* ssl_bufferevent_wm_filter-fix:
Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break
regress_ssl: cover watermarks with deferred callbacks
regress_ssl: improve bufferevent_wm/bufferevent_wm_filter logging
Azat Khuzhin [Sun, 4 Nov 2018 17:40:04 +0000 (20:40 +0300)]
Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break
For the ssl/bufferevent_wm* we have next configuration:
- payload_len = 1024
- wm_high = 5120
- limit = 40960
- to_read = 512
In this test we expect that with high watermark installed to "wm_high"
we will read "limit" bytes by reading "to_read" at a time, but adding
"payload_len" at a time (this "to_read"/"payload_len" limits is
installed to finally overflow watermark).
Once we read "limit" bytes we break, by disable EV_READ and reset
callbacks. Although this will not work if when we want to break we do
not reach watermark, this is because watermarks installs evbuffer
callback for the input buffer and if the watermark does not reached it
will enable EV_READ while be_openssl_enable() will read from the
underlying buffer (in case the openssl bufferevent created via
bufferevent_openssl_filter_new()) and call callback again (until it will
reach watermark or read al from the underlying buffer -- this is why it
stops in our caes).
And this is exactly what happened in win32, you can see this in the
following logs:
- win32 before:
OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 40960
OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break
OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41472
OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break
OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41984
OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break
OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 42496
OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break
- win32 after:
OK C:\vagrant\test\regress_ssl.c:821: wm_transfer-client(00FC26F0): break
OK C:\vagrant\test\regress_ssl.c:836: wm_transfer-client(00FC26F0): in: 4800, out: 0, got: 40960
- linux before:
OK ../test/regress_ssl.c:829: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960
OK ../test/regress_ssl.c:834: wm_transfer-client(0x55555566f5e0): break
- linux after:
OK ../test/regress_ssl.c:821: wm_transfer-client(0x55555566f5e0): break
OK ../test/regress_ssl.c:836: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960
(As you can see in linux case we already reach watermark hence it passed
before).
So fix the issue by breaking before draining.
But during fixing this I was thinking is this right? I.e. reading from
the be_openssl_enable(), maybe we should force deferred callbacks at
least?
Azat Khuzhin [Sat, 3 Nov 2018 21:59:33 +0000 (00:59 +0300)]
regress: use non blocking descriptors whenever it is possible
Next tests uses fds without O_NONBLOCK flag
- main/free_active_base
- main/many_events
- et/et (has some other bits cleaned up by using TT_* flags and test
setup/cleanup callbacks)
And hence they will fail in debug mode (EVENT_DEBUG_MODE=):
Assertion flags & O_NONBLOCK failed in event_debug_assert_socket_nonblocking_
Azat Khuzhin [Tue, 30 Oct 2018 22:22:30 +0000 (01:22 +0300)]
Merge branch 'event-ET-#636-v2'
* event-ET-#636-v2:
Preserve ET bit for backends with changelist
Epoll ET setting lost with multiple events for same fd
Cover ET with multiple events for same fd
Add ET flag into event_base_dump_events()
Isidor Kouvelas [Tue, 30 Oct 2018 15:50:08 +0000 (08:50 -0700)]
Epoll ET setting lost with multiple events for same fd
After two or more events have been registered for the same file
descriptor using EV_ET, if one of the events is deleted, then the
epoll_ctl() call issued by libevent drops the EPOLLET flag resulting in
level triggered notifications.
[ azat: use existing "et" in the evmap_io_del_() ]
Azat Khuzhin [Sun, 28 Oct 2018 15:11:22 +0000 (18:11 +0300)]
Check existence of IPV6_V6ONLY in evutil_make_listen_socket_ipv6only() (mingw32)
MinGW 32-bit 5.3.0 does not defines it and our appveyour [1] build
reports this instantly:
evutil.c: In function 'evutil_make_listen_socket_ipv6only':
evutil.c:392:40: error: 'IPV6_V6ONLY' undeclared (first use in this function)
return setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void*) &one,
Azat Khuzhin [Sun, 28 Oct 2018 13:46:24 +0000 (16:46 +0300)]
Convert evbuffer_strspn() (internal helper) to use size_t
As pointed by @yankeehacker in #590:
Signed to Unsigned Conversion Error - buffer.c:1623
Description: This assignment creates a type mismatch by populating an
unsigned variable with a signed value. The signed integer will be
implicitly cast to an unsigned integer, converting negative values into
positive ones. If an attacker can control the signed value, it may be
possible to trigger a buffer overflow if the value specifies the length
of a memory write.
Remediation: Do not rely on implicit casts between signed and unsigned
values because the result can take on an unexpected value and violate
weak assumptions made elsewhere in the program.
Azat Khuzhin [Sun, 28 Oct 2018 12:16:24 +0000 (15:16 +0300)]
buffer: add an assert for last_with_datap to suppress static analyzer
../buffer.c:2231:6: warning: Access to field 'flags' results in a dereference of a null pointer
if (CHAIN_SPACE_LEN(*firstchainp) == 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../buffer.c:130:30: note: expanded from macro 'CHAIN_SPACE_LEN'
#define CHAIN_SPACE_LEN(ch) ((ch)->flags & EVBUFFER_IMMUTABLE ? \
Mike Frysinger [Fri, 13 Jun 2014 20:08:04 +0000 (16:08 -0400)]
libevent.pc: link against core/extra
Since we want people to stop using -levent, have the pkg-config file
also stop linking against that. This makes it easier to delete the
libevent.so library entirely.
Azat Khuzhin [Sat, 27 Oct 2018 16:34:52 +0000 (19:34 +0300)]
regress_ssl: reset static variables on test setup/cleanup and eliminate leaks
One tricky bit is reply to the BIO_C_GET_FD command, since otherwise it
will try to close(0) and accepted bev in ssl/bufferevent_connect_sleep
will leak. Other seems more or less trivial.
This was done to make sure that for at least generic cases does not
leak (tricky cases was listed here nmathewson/Libevent#83).
Azat Khuzhin [Sat, 27 Oct 2018 15:35:08 +0000 (18:35 +0300)]
be_openssl: avoid leaking of SSL structure
From nmathewson/Libevent#83 by @fancycode:
There are a few code paths where the passed SSL object is not released in error cases, even if BEV_OPT_CLOSE_ON_FREE is passed as option while for others it is released. That way it's impossible for the caller to know it he has to free it on errors himself or not.
Line numbers are from "bufferevent_openssl.c" in 911abf3:
L1414 ("underlying == NULL" passed)
L1416 (bio could not be created)
L1446 (different fd passed)
L1325 (both underlying and fd passed)
L1328 (out-of-memory)
L1333 ("bufferevent_init_common_" failed)
In all error cases after the "bufferevent_ops_openssl" has been assigned, the option is evaluated on "bufferevent_free" (L1399) and the SSL object released (L1226).
Azat Khuzhin [Sat, 27 Oct 2018 11:58:30 +0000 (14:58 +0300)]
cmake: add various warning flags like autotools has
This is mostly to match autotools and reduce amount mixiing declarations
and code.
Added:
- -Wextra (the same as -W), -Wno-unused-parameter -Wstrict-aliasing
- -fno-strict-aliasing (gcc 2.9.5+)
- -Winit-self -Wmissing-field-initializers -Wdeclaration-after-statement (4.0+)
- -Waddress -Wno-unused-function -Wnormalized=id -Woverride-init (4.2+)
- -Wlogical-op (4.5+)
Removed:
- -Wformat (include in -Wall)
Plus use CMAKE_C_COMPILER_ID over CMAKE_COMPILER_IS_GNUCC, as
cmake-variables(7) suggesting, and add common GNUC/CLANG variables.
v2: drop checks for flags, since add_compiler_flags() will check if such
flags exists anyway (but just to note, gcc ignores non existing warning
flags by default).
Murat Demirten [Mon, 4 Jun 2018 13:43:34 +0000 (16:43 +0300)]
listener: ipv6only socket bind support
According to RFC3493 and most Linux distributions, default value is to
work in IPv4-mapped mode. If there is a requirement to bind same port
on same ip addresses but different handlers for both IPv4 and IPv6,
it is required to set IPV6_V6ONLY socket option to be sure that the
code works as expected without affected by bindv6only sysctl setting
in system.
Azat Khuzhin [Wed, 24 Oct 2018 21:50:50 +0000 (00:50 +0300)]
Merge branch 'evutil_found_ifaddr-dev'
* evutil_found_ifaddr-dev:
Cover evutil_v4addr_is_local_()/evutil_v6addr_is_local_()
Split evutil_found_ifaddr() into helpers (evutil_v{4,6}addr_is_local())
Use INADDR_ANY over 0 in evutil_found_ifaddr()
Replace EVUTIL_V4ADDR_IS_*() macroses with static inline functions
Filter link-local IPv4 addresses in evutil_found_ifaddr()
Azat Khuzhin [Mon, 22 Oct 2018 21:12:23 +0000 (00:12 +0300)]
Merge branch 'http-request-line-parsing'
* http-request-line-parsing:
Fix http https_basic/https_filter_basic under valgrind (increase timeout)
http: cover various non RFC3986 conformant URIs
http: allow non RFC3986 conformant during parsing request-line (http server)
http: do not try to parse request-line if we do not have enough bytes
http: allow trailing spaces (and only them) in request-line (like nginx)
http: cleanup of the request-line parsing
Azat Khuzhin [Mon, 22 Oct 2018 20:38:42 +0000 (23:38 +0300)]
http: cover various non RFC3986 conformant URIs
- http/basic_trailing_space -- covers cases when there is trailing space
after the request line (nginx handles this)
- http/simple_nonconformant -- covers non RFC3986 conformant URIs