[20181] Hotfix: Secure simple participants with initialpeers over TCP match (backport #5071)
#5177
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
|
Cherry-pick of 3ca60e0 has failed: To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally |
12 tasks
MiguelCompany
requested review from
MiguelCompany
and removed request for
MiguelCompany
|
@Mergifyio rebase |
…ch (#5071) * Refs #20181: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: Add Fix Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: linter Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181. Pass in secure_endpoints as lambda capture. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. New approach. Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants. This resulted in some cases in the transport threads eating all CPU resources. The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. Unmatch non-secure before matching secure. Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Miguel Company <[email protected]> (cherry picked from commit 3ca60e0) # Conflicts: # src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp # test/blackbox/common/BlackboxTestsSecurity.cpp
Signed-off-by: Miguel Company <[email protected]>
✅ Branch has been successfully rebased |
MiguelCompany
force-pushed
the
mergify/bp/2.10.x/pr-5071
branch
from
2837963
to
388945f
Compare
MiguelCompany
requested review from
MiguelCompany
and removed request for
MiguelCompany
MiguelCompany
approved these changes
Sep 20, 2024
mfaferek93
pushed a commit
to mfaferek93/Fast-DDS
that referenced
this pull request
Sep 24, 2024
…ch (eProsima#5071) (eProsima#5177) * Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071) * Refs #20181: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: Add Fix Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: linter Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181. Pass in secure_endpoints as lambda capture. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. New approach. Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants. This resulted in some cases in the transport threads eating all CPU resources. The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. Unmatch non-secure before matching secure. Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Miguel Company <[email protected]> (cherry picked from commit 3ca60e0) * Fix conflicts Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Mario Domínguez López <[email protected]> Co-authored-by: Miguel Company <[email protected]>
mfaferek93
pushed a commit
to mfaferek93/Fast-DDS
that referenced
this pull request
Sep 24, 2024
…ch (eProsima#5071) (eProsima#5177) * Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071) * Refs #20181: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: Add Fix Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: linter Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181. Pass in secure_endpoints as lambda capture. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. New approach. Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants. This resulted in some cases in the transport threads eating all CPU resources. The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. Unmatch non-secure before matching secure. Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Miguel Company <[email protected]> (cherry picked from commit 3ca60e0) * Fix conflicts Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Mario Domínguez López <[email protected]> Co-authored-by: Miguel Company <[email protected]>
mfaferek93
pushed a commit
to mfaferek93/Fast-DDS
that referenced
this pull request
Sep 25, 2024
…ch (eProsima#5071) (eProsima#5177) * Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071) * Refs #20181: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: Add Fix Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181: linter Signed-off-by: Mario Dominguez <[email protected]> * Refs #20181. Pass in secure_endpoints as lambda capture. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. New approach. Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants. This resulted in some cases in the transport threads eating all CPU resources. The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement. Signed-off-by: Miguel Company <[email protected]> * Refs #20181. Unmatch non-secure before matching secure. Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Miguel Company <[email protected]> (cherry picked from commit 3ca60e0) * Fix conflicts Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Mario Domínguez López <[email protected]> Co-authored-by: Miguel Company <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes a behavior that changed in f2e5ce making simple secure participants not match.
The
tcp clientsends itsDATA[P]to the tcp server, the server starts the security handshake but the client is not able to accept the security handshake request because it does not have the discovery information from the server participant.@Mergifyio backport 2.14.x 2.10.x
Contributor Checklist
Commit messages follow the project guidelines.
The code follows the style guidelines of this project.
Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
Any new/modified methods have been properly documented using Doxygen.
N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
Changes are backport compatible: they do NOT break ABI nor change library core behavior.
Changes are API compatible.
N/A New feature has been added to the
versions.mdfile (if applicable).N/A New feature has been documented/Current behavior is correctly described in the documentation.
Applicable backports have been included in the description.
Reviewer Checklist
This is an automatic backport of pull request #5071 done by [Mergify](https://mergify.com).