Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[20181] Hotfix: Secure simple participants with initialpeers over TCP match #5071

Merged
merged 6 commits into from
Aug 27, 2024

Conversation

Mario-DL
Copy link
Member

@Mario-DL Mario-DL commented Jul 16, 2024

Description

This PR fixes a behavior that changed in f2e5ce making simple secure participants not match.

The tcp client sends its DATA[P] to the tcp server, the server starts the security handshake but the client is not able to accept the security handshake request because it does not have the discovery information from the server participant.

@Mergifyio backport 2.14.x 2.10.x

Contributor Checklist

  • Commit messages follow the project guidelines.
  • The code follows the style guidelines of this project.
  • Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
  • Any new/modified methods have been properly documented using Doxygen.
  • N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
  • Changes are backport compatible: they do NOT break ABI nor change library core behavior.
  • Changes are API compatible.
  • N/A New feature has been added to the versions.md file (if applicable).
  • N/A New feature has been documented/Current behavior is correctly described in the documentation.
  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • N/A If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • Check CI results: changes do not issue any warning.
  • Check CI results: failing tests are unrelated with the changes.

@Mario-DL Mario-DL added this to the v3.0.0 milestone Jul 16, 2024
@Mario-DL Mario-DL requested a review from richiprosima July 16, 2024 09:36
@github-actions github-actions bot added the ci-pending PR which CI is running label Jul 16, 2024
@Mario-DL Mario-DL force-pushed the hotfix/20181 branch 2 times, most recently from 40eb072 to 890b0dd Compare July 16, 2024 15:51
@Mario-DL Mario-DL requested review from richiprosima and removed request for richiprosima July 16, 2024 15:51
@elianalf elianalf added the needs-review PR that is ready to be reviewed label Jul 18, 2024
@EduPonz EduPonz modified the milestones: v3.0.0, v3.0.1 Jul 19, 2024
@MiguelCompany MiguelCompany requested review from MiguelCompany and removed request for richiprosima and MiguelCompany August 23, 2024 11:25
@MiguelCompany MiguelCompany requested review from MiguelCompany and removed request for MiguelCompany August 26, 2024 07:59
@MiguelCompany MiguelCompany requested review from JesusPoderoso and removed request for MiguelCompany August 26, 2024 09:20
Mario-DL and others added 6 commits August 26, 2024 11:25
Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
@MiguelCompany MiguelCompany requested review from JesusPoderoso and removed request for JesusPoderoso August 26, 2024 09:28
Copy link
Member Author

@Mario-DL Mario-DL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new approach makes sense to me. It is cleaner. Thanks @MiguelCompany for the proposal. I am also testing in local for a corner case that made the test fail (using vpn) in my former approach that may also be overcome with this new one.

@Mario-DL
Copy link
Member Author

Local test with VPN passed, LGTM

@Mario-DL Mario-DL added ready-to-merge Ready to be merged. CI and changes have been reviewed and approved. and removed needs-review PR that is ready to be reviewed ci-pending PR which CI is running labels Aug 27, 2024
@Mario-DL Mario-DL merged commit 3ca60e0 into master Aug 27, 2024
17 checks passed
@Mario-DL Mario-DL deleted the hotfix/20181 branch August 27, 2024 09:49
@MiguelCompany
Copy link
Member

@Mergifyio backport 2.14.x 2.10.x

Copy link
Contributor

mergify bot commented Aug 27, 2024

backport 2.14.x 2.10.x

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Aug 27, 2024
…ch (#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp
mergify bot pushed a commit that referenced this pull request Aug 27, 2024
…ch (#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp
paxifaer pushed a commit to paxifaer/Fast-DDS that referenced this pull request Sep 7, 2024
…ch (eProsima#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
Signed-off-by: paxifaer <807128216@qq.com>
MiguelCompany pushed a commit that referenced this pull request Sep 18, 2024
…ch (#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp
MiguelCompany added a commit that referenced this pull request Sep 20, 2024
…ch (#5071) (#5177)

* Hotfix: Secure simple participants with `initialpeers` over `TCP` match (#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp

* Fix conflicts

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
JesusPoderoso pushed a commit that referenced this pull request Sep 23, 2024
…ch (#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp
MiguelCompany pushed a commit that referenced this pull request Sep 24, 2024
…ch (#5071) (#5176)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

# Conflicts:
#	src/cpp/rtps/builtin/discovery/participant/PDPSimple.cpp
#	test/blackbox/common/BlackboxTestsSecurity.cpp

Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
mfaferek93 pushed a commit to mfaferek93/Fast-DDS that referenced this pull request Sep 24, 2024
…ch (eProsima#5071) (eProsima#5177)

* Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

* Fix conflicts

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
mfaferek93 pushed a commit to mfaferek93/Fast-DDS that referenced this pull request Sep 24, 2024
…ch (eProsima#5071) (eProsima#5177)

* Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

* Fix conflicts

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
mfaferek93 pushed a commit to mfaferek93/Fast-DDS that referenced this pull request Sep 25, 2024
…ch (eProsima#5071) (eProsima#5177)

* Hotfix: Secure simple participants with `initialpeers` over `TCP` match (eProsima#5071)

* Refs #20181: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: Add Fix

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181: linter

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #20181. Pass in secure_endpoints as lambda capture.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. New approach.

Automatically sending DATA(p) when receiving a DATA(p) could lead to an infinite ping-pong between the two participants.
This resulted in some cases in the transport threads eating all CPU resources.

The new approach matches the discovered participant to the builtin non-secure PDP writer, so it will receive the DATA(p) of the local participant in the next periodic announcement.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

* Refs #20181. Unmatch non-secure before matching secure.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
(cherry picked from commit 3ca60e0)

* Fix conflicts

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

---------

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
Co-authored-by: Miguel Company <miguelcompany@eprosima.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ready-to-merge Ready to be merged. CI and changes have been reviewed and approved.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants