Fixes#4967 - Possible buffer corruption in HTTP/2 session failures
Partially reverted the changes introduced in #4855, because they
were working only when sends were synchronous.
Introduced ByteBufferPool.remove(ByteBuffer) to fix the issue.
Now when a concurrent failure happens while frames are being
generated or sent, the buffer is discarded instead of being
recycled, therefore resolving the buffer corruption.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented selector recovery by transferring
all keys to a newly created selector.
Updated code so that it does not assume that the
SelectionKey never changes.
Introduced NetworkTrafficSocketChannelEndPoint to replace
NetworkTrafficSelectChannelEndPoint, now deprecated.
Code and javadocs cleanup.
Moved the tests to jetty-client so that also the client is tested.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed write in doShutdownOutput() by updating the state before the write,
so that needsFillInterest() can check whether to also do a write or not.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed handling of encrypted bytes to write in
needsFillInterest() when the TLS handshake status
is NOT_HANDSHAKING.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4376 Async Content Complete
Added test harness to reproduce unready completing write.
Fixed test by not closing output prior to becoming READY
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Async Write Complete
Test harness to reproduce unready when closing/completing.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Async Write Complete
test both PENDING and UNREADY
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Async Write Complete
test cleanups
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Async Close Complete
Cleanups of write
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* WIP
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Work in progress
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Added async close to HttpWriter and ResponseWriter
Always use async close, with blocker if necessary.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Working async close complete!
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
invert test as we can now call complete when not ready!
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
fixed transition to ERROR state
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
async close after onError
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
minor cleanups
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Fix for proxy tests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Fix write loop to handle clear of p=0,l=0 rather than p=l
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Removed old close on all content mechanism
Cleanups and some more TODOs
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
a reworking of HttpOutput to separate out API state.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Soft close for Dispatcher
release buffer in onWriteComplete
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Set _onError in onWriteComplete
NOOP callback instead of null
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
failure closes HttpOutput
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Moved closedCallback handling to onWriteComplete
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Additional test of complete during blocking write.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
reimplemented blocking close to sometimes be async
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
ascii "art"
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Code cleanup. Use a CLOSE state rather than non null closedCallback to be clearer that it is a state.
Renamed close(Callback) to complete(Callback)
Renamed and simplified closed() to completed()
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Do not dispatch
Better ascii art
improved close impl to be similar to complete
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
More test cases
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
retain execute behaviour in 9.4. review in 10.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Improved javadoc and ascii art
* Improved CLOSING
Switch to CLOSING state as soon as last write is done, even if several non last channelWrites will be done. This allows a subsequent call to close to know that nothing needs to be written and can avoid some EOF exceptions. Now onWriteComplete acts only on the passed in last parameter.
Added test for sendContent
* WIP
Aggregate within lock
pipeline test debug
* Avoid creating ignored exception when Idle or Failed.
* Try a parse without fill to avoid unconsumed input debug
* fixed pipeline size
* release buffer before callback
* turn off debug
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Better javadoc
refactored onWriteComplete logic to be simpler
fixed bug with flush of last written byte
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Completely reworked test harness for better coverage.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4331 Close Complete
Reworked order of ifs to match logic above in onWriteComplete
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#4421 - HttpClient support for PROXY protocol.
Implemented support for the PROXY protocol in HttpClient.
Introduced Request.tag(Object) to tag requests that belong
to the same group (e.g. a client address) so that they can
generate a different destination.
The tag object may implement ClientConnectionFactory.Decorator
so that it can decorate the HttpDestination ClientConnectionFactory
and therefore work both with and without forward proxy configuration.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Releasing the decrypted input buffer so that it can be re-acquired
with an expanded capacity.
Looping around only if the buffer size has changed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added workarounds for the Java 11 behavior.
In fill(), call closeInbound() if we filled -1 and the handshake
did not start yet. This avoids to send a ClientHello to the peer
even if we are closing.
In flush(), if the handshake status is NEED_UNWRAP but we are
closing, force a wrap().
Added test cases.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now rethrowing other exceptions as SSLHandshakeException
if they happen during the TLS handshake.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Invalid HTTP/2 headers are now causing an error rather than being ignored.
HTTP2Flusher now catches HpackException.StreamException and generates a
RST_STREAM frame, rather than just closing the connection.
Modified HpackEncoder to throw HpackException in case of encoding failure.
Introduced HpackEncoder.validateEncoding (defaults true) so validation of
the headers can be disabled (useful for tests).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now exceptions thrown by fill() or flush() are stored in a field.
Further fill() operations will rethrow the original exception rather
than returning -1.
Returning -1 to application was causing them to close() with a generic
failure that was triggering the EOFException reported in this issue.
Now applications see the original exception and can close() with the
proper cause.
Re-enabled HostnameVerificationTest that was reproducing this issue
reliably but was @Disabled a while back and never re-enabled.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
1. Now forwarding the fillable event rather than assuming that is due
to garbage bytes or by a server close. This ensures that a HTTP read
consumes the TLS bytes and the `NewSessionTicket` message.
2. Avoid to set the `SslConnection` onto the `EndPoint` in
`SslClientConnectionFactory` - this allows upgrades to work properly,
for example when tunnelling through a secure proxy.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced a Response.DemandedContentListener to explicitly separate
the will to request more content from the notification that the content
has been consumed.
Updated all transports to follow the new semantic: rather than waiting
for the callback to complete before delivering more content, now they
wait for the demand to be positive to deliver more content.
Since now the content may be unconsumed but there can be more demand,
all transport implementation had to be changed to use RetainableByteBuffer
to retain content buffers that were not consumed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #3806 async sendError
Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.
The ErrorHandler was dispatching directly to a context from within
sendError. This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.
This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler. However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError. Thus we have ignore complete ISEs for the remainder of
the current async cycle.
Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.
* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state
Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler. Async not yet working.
Additional tests
Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.
Removed ASYNC_IO state as it was just the same as DISPATCHED
The async onError listener handling is now most likely broken.
WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests
Improved thread handling
removed bad test
Implemented error dispatch on complete properly
more fixed tests
sendError state looks committed
- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing. Moved towards being able to write async
* fixed gzipHandlerTest
* Updated handling of timeout errors. According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:
If an exception is thrown while invoking methods in an AsyncListener,
it is logged and will not affect the invocation of any other AsyncListeners.
* This changes several tests.
* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!
* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy
* more test fixes
* Fixed head handling
reverted unnecessary changes
Improved reason handling
WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing
more WIP on fully async error handling.
sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.
* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer
Use the response to get/release a pooled buffer into which the error
page can be written. Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).
The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9
* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ Adds onSelectFailed(Throwable)
+ Adds startSelector()
+ Unit test to demonstrate behavior on both execution
strategies
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
After review, introduced WriteFlusher.isPending() and now using that
in the test case to test for TCP congestion.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
The client reset wakes up threads blocked in
writes, but these may again attempt to write,
therefore blocking again.
Now we detect that the stream is not writable
and mark the transport as failed, so that
writes fail immediately without blocking.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Removing Legacy Method Separators
* Restyling branch `jetty-9.4.x`
* Applying changes highlighted by checkstyle
* Applying XML restyling
* Fixing XML codestyle for IntelliJ
* Fixing XML style mistakes
* Revert "Applying XML restyling"
* Updating checkstyle for XML codestyle
* Reformatting pom.xml files
* Fixed empty string from line wraps
* Update intellij style to not do expression relative formatting. Reformatted code based on that.
* Increasing line split on Eclipse IDE Formatter to 512
* Restoring setting on internal default value.
+ IntelliJ will not export settings on things that set to their
internal default values.
We want to keep those values as a hedge against future default
value changes in future releases of IntelliJ.
* Fixing intellij codestyle
* do not allow single line simple methods
* misc checkstyle fixes
* re-exported with correct name and all values
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>