rtrlib/rtr: add range checks for interval values in packets.c #98

colinbs · 2016-10-28T12:22:47Z

Closes issue #81
Uses same if-statements used in rtr.c
There still are return values for failed checks needed, suggestions are welcome.

codecov-io · 2016-10-28T12:58:47Z

Codecov Report

Merging #98 into master will decrease coverage by 0.06%.
The diff coverage is 59.74%.

@@            Coverage Diff             @@
##           master      #98      +/-   ##
==========================================
- Coverage   65.72%   65.65%   -0.07%     
==========================================
  Files          16       16              
  Lines        2150     2213      +63     
==========================================
+ Hits         1413     1453      +40     
- Misses        737      760      +23

waehlisch · 2016-10-28T21:25:28Z

Please, do not merge. There are several open items:

There is no appropriate error handling.
There is no error log message in case that these values overwrite pre-configured values (see rtr.c). Actually, it is unclear to me if overwriting pre-configured values is a good option at all. I contacted Randy and Rob.

PS: Please, don't use verb conjugation (e.g., use "add ..." instead "adds ...") in commity message.

smlng · 2016-11-01T19:46:46Z

@colinbs, I agree with @waehlisch, before we merge we need real error handling. Further, though haven't had the time for a careful review, I think those values have to be passed through ntohl see here.

[EDIT] for the latter see #87, too.

waehlisch · 2016-11-01T21:44:55Z

Some more feedback after talking with Rob.

(1) Should the router send an error PDU to the cache server if the cache server sends a timer value exceeding the spec values?

He suggests that the "client could just enforce the minimum and maximum values (eg, if the cache says something larger than max, router treats it as if cache had said max). I suppose one might have a knob to control whether the router does this or instead generates an Error."

Personally, I like the idea but it should be very well documented. The only error PDU that currently might fit is Corrupt Data (fatal).

(2) If the admin configured explicitly other values compared to the values sent by the cache, can the cache overwrite these values?

There is a clear statement that the router should not harm the cache. (Note that there is a trust relation between cache and router.)

By default, the router should accept the values communicated by the cache. However, in any case, a log message should be fired.

Furthermore, there should be a configuration knob that allows the router to keep the explicitly configured expiration interval.

smlng · 2016-11-03T08:34:57Z

If we want to have the behavior to be configurable this will atleast introduce a new call to the API, we should be careful there. Thus, for now I would recommend to just extend the API by a separate, additional call. If we change/uptdate/optimize the rtrlib API in the future (see #4, #86), this can be put into the config of the rtr_mgr.

colinbs · 2016-11-07T11:50:44Z

So I guess it should be left as it is for now and be picked up again as soon as the API receives changes.

smlng · 2016-11-07T21:24:52Z

@colinbs: as I said above, an additional call -that is, no modification to existing API calls- should be safe right now. However, it might not be optimal but that can be fixed as soon as we update/cleanup the API.

colinbs · 2016-11-16T09:26:15Z

Several things were changed/added:
To avoid magic numbers for the min/max values for interval boundaries they are now defined in rtr.h

There now is a (temporary) solution for different options regarding interval handling:
This is still WIP and right now only for demonstration/discussion purposes.

IGNORE_ANY: no interval values will be applied at all
ACCEPT_ANY: all interval values, in range or not, will be applied
DEFAULT_MIN_MAX: if interval values are not in range, apply min/max values
IGNORE_ON_FAILURE: if interval values are not in range, do nothing

A user should be able to apply one of these values to INTERVAL_OPTION. How he does this is not yet implemented and object of discussion.

smlng · 2016-12-09T13:28:11Z

rtrlib/rtr/rtr.h

 #define RTR_DBG1(a) lrtr_dbg("RTR Socket: " a)

+// min and max values for expiration time
+static const uint16_t EXPIRATION_MIN = 600;     // ten minutes


Use prefix RTR_ for all #defines

smlng · 2016-12-09T13:29:31Z

rtrlib/rtr/rtr.c

        rtr_socket->tr_socket = tr;

-    if(refresh_interval > 86400 || refresh_interval < 1) {
+    if(refresh_interval > REFRESH_MAX || refresh_interval < REFRESH_MIN) {


why not use the (new) rtr_check_interval_range function here and below?

smlng · 2016-12-09T13:30:10Z

rtrlib/rtr/packets.c

    return *((char *) pdu + 1);
 }

+static int rtr_check_interval_range(uint32_t interval, const int interval_type)


move this function to rtrlib/rtr.c to use it in other code parts as well, see below.

smlng · 2016-12-09T13:31:37Z

rtrlib/rtr/packets.c


 #define TEMPORARY_PDU_STORE_INCREMENT_VALUE 100
 #define MAX_SUPPORTED_PDU_TYPE 10
+#define INTERVAL_OPTION -1


this will not work, should be static int interval_option = SOME_DEFAULT_VALUE, and there should be a API call to set this parameter.

smlng · 2016-12-09T13:33:48Z

rtrlib/rtr/packets.c

+                if (interv_retval == INSIDE_INTERVAL_RANGE) {
+                    rtr_socket->expire_interval = ((struct pdu_end_of_data_v1 *) pdu)->expire_interval;
+                } else {
+                    switch (INTERVAL_OPTION) {


won't work, see above. Use static variable.

smlng · 2016-12-09T13:34:43Z

rtrlib/rtr/packets.c

+                        rtr_socket->expire_interval = ((struct pdu_end_of_data_v1 *) pdu)->expire_interval;
+                        break;
+                    case IGNORE_ON_FAILURE:
+                        // if interval values are out of bounds, ignore them without error PDU.


add debug output here, too

smlng · 2016-12-09T13:41:26Z

rtrlib/rtr/packets.c

+                if (interv_retval == INSIDE_INTERVAL_RANGE) {
+                    rtr_socket->retry_interval = ((struct pdu_end_of_data_v1 *) pdu)->retry_interval;
+                } else {
+                    switch (INTERVAL_OPTION) {


Here is a lot of code duplication to handle the different intervals according to the interval_option.

Either write another helper function that just returns the correct value corresponding to interval_option and interval_type or expand/rewrite rtr_check_interval_range to return the value instead of just -1, 0, or 1,

smlng · 2017-02-01T09:55:16Z

rtrlib/rtr/packets.c


+// These modes let the user configure how
+// received intervals should be handled.
+enum interval_mode {


this enum might be needed for a future config API call, so might be good to move it into a header file.
Further, please add doxygen conform documentation for this enum then.

smlng · 2017-02-03T08:36:35Z

rtrlib/rtr/packets.c

 #define TEMPORARY_PDU_STORE_INCREMENT_VALUE 100
 #define MAX_SUPPORTED_PDU_TYPE 10

+static int interval_option = DEFAULT_MIN_MAX;


This is only visible here, but you also define it in rtr.c, hence it should be globally defined (and set) somewhere

smlng · 2017-02-03T08:36:51Z

rtrlib/rtr/rtr.c

 #include "rtrlib/rtr/rtr.h"
 #include "rtrlib/lib/utils.h"

+static int interval_option = DEFAULT_MIN_MAX;


see comment above

smlng · 2017-02-03T08:38:16Z

rtrlib/rtr/rtr.c

+        minimum = RTR_RETRY_MIN;
+        maximum = RTR_RETRY_MAX;
+        break;
+    default:


add error message and return here?

smlng · 2017-02-03T08:45:56Z

rtrlib/rtr/rtr.c

+
+    int interv_retval = rtr_check_interval_range(interval, type);
+
+    if (interv_retval == INSIDE_INTERVAL_RANGE || interval_mode == ACCEPT_ANY) {


I would move the switch() case here, and check for INSIDE_INTERVAL_RANGE where required

smlng · 2017-02-03T08:49:53Z

rtrlib/rtr/rtr.c

-    } else {
+    int interv_retval = rtr_check_interval_range(refresh_interval, REFRESH);
+
+    if(interv_retval == INSIDE_INTERVAL_RANGE) {


you could summarize the checks into one like:

if (rtr_check_interval_range(refresh_interval, REFRESH) != INSIDE_INTERVAL_RANGE || rtr_check_interval_range(refresh_interval, EXPIRATION) != INSIDE_INTERVAL_RANGE || rtr_check_interval_range(refresh_interval, RETRY) != INSIDE_INTERVAL_RANGE) { /* optional: print some error message? */ return RTR_INVALID_PARAM; } /* otherwise not error, hence set all as given */

smlng · 2017-02-03T08:51:32Z

rtrlib/rtr/rtr.h

+ */
+enum interval_mode {
+    /** Ignore appliance of interval values at all. */
+    IGNORE_ANY = 0,


add comments for doxygen like this:

IGNORE_ANY = 0, /*< Ignore appliance of interval values at all. */

Should I adjust the comments for the rtr_socket_state enum as well, while I'm at it? Or are these not relevant for Doxygen?

smlng · 2017-02-27T21:45:28Z

rtrlib/rtr/rtr.c

+        RTR_DBG1("Invalid interval mode. Mode remains unchanged.");
+        return;
+    }
+    RTR_DBG("Interval mode set to %s", txt);


This functions complexity is only related to this debug output, otherwise it should be just:

void set_interval_mode(int option) { switch(option) { case IGNORE_ANY: case ACCEPT_ANY: case DEFAULT_MIN_MAX: case IGNORE_ON_FAILURE: interval_option = option; break; default: RTR_DBG1("Invalid interval mode. Mode remains unchanged."); } }

smlng · 2017-02-27T21:46:28Z

rtrlib/rtr/rtr.c

+
+int rtr_check_interval_range(uint32_t interval, int16_t minimum, int32_t maximum)
+{
+    if(interval < minimum) {


add space if ( and braces are not discouraged by kernel coding style

smlng · 2017-02-27T21:47:50Z

rtrlib/rtr/rtr.c

+    switch (type) {
+    case EXPIRATION:
+        minimum = RTR_EXPIRATION_MIN;
+        maximum = RTR_EXPIRATION_MAX;


minimum, and maximum can be initialized before switch?

To prevent confusion on my side: should minimum and maximum be initialized before the switch statement like this?
uint16_t minimum = 0;
uint32_t maximum = 0;

ah sorry, forget about it thought min/max are always the same, but they are not :/ my bad.

smlng · 2017-02-27T21:50:32Z

rtrlib/rtr/rtr.h

+ */
+enum interval_mode {
+    IGNORE_ANY = 0,         /*< Ignore appliance of interval values at all. */
+


remove empty lines, here and below

and same here, enums start with 0 and increment by 1 as a default.

smlng · 2017-02-27T21:57:51Z

rtrlib/rtr/rtr.c

+
+    if (interv_retval == INSIDE_INTERVAL_RANGE || interval_mode == ACCEPT_ANY) {
+        apply_interval_value(rtr_socket, interval, type);
+    } else {


IMHO this would be [more] readable without switch () case rewrite for instance like:

if (interv_retval == INSIDE_INTERVAL_RANGE || interval_mode == ACCEPT_ANY) { apply_interval_value(rtr_socket, interval, type); } if else (interval_mode == DEFAULT_MIN_MAX) { if (interv_retval == BELOW_INTERVAL_RANGE) apply_interval_value(rtr_socket, minimum, type); else apply_interval_value(rtr_socket, maximum, type); } else { RTR_DBG(); }

smlng · 2017-02-27T21:59:51Z

tests/unittests/test_packets_static.c

+	assert_int_equal(rtr_socket->expire_interval, pdu_eod->expire_interval);
+
+	/* test checks that determine if value is inside range */
+	retval = 2;


why is retval set here, or below, when it is replaced by function return value afterwards?

smlng · 2017-02-28T13:22:42Z

rtrlib/rtr/rtr.h

+};
+
+enum interval_type {
+    EXPIRATION = 0,


explicite values are not needed here, enums start with 0 by default and increment by 1, too.

smlng · 2017-08-15T12:49:19Z

rtrlib/rtr/rtr.h

+ * @return ABOVE_INTERVAL_RANGE If the given interval is above the specified range.
+ * @return INSIDE_INTERVAL_RANGE If the given interval is inside the specified range.
+ */
+int rtr_check_interval_range(uint32_t interval, int16_t minimum, int32_t maximum);


I think its a bit strange that min and max have different types, int16_t and int32_t specifically, which could be unsigned by the way, right?!

Yeah, it looks kind of strange. I used int16_t since the minimum values for the intervals fit into it. Not sure if this is even necessary.
Anyway, I will change it to uint32_t.

the intervals are stored as uint32_t in the socket struct anyway - so makes sense to use unsigned

smlng · 2018-01-26T09:20:34Z

please rebase

smlng · 2018-02-08T18:04:39Z

@colinbs ping?

Use new rtr_check_interval_range function in rtr.c Refactor code duplication.

mroethke

Furthermore there are a few style issues in packets.[ch] and rtr.[ch] however enforcing coding style in those files probably does not make much sense, considering their current state.

mroethke · 2018-02-15T11:12:52Z

tests/unittests/test_packets_static.c

+	UNUSED(state);
+
+	struct rtr_socket *rtr_socket = malloc(1024);
+	struct pdu_end_of_data_v1 *pdu_eod = malloc(1024);


There is no need here to allocate 2*1K of memory here, either use sizeof or allocate static memory. preferably the later.

mroethke · 2018-02-15T13:15:23Z

tests/unittests/test_packets_static.c

+{
+	UNUSED(state);
+
+	struct rtr_socket *rtr_socket = malloc(1024);


smlng · 2018-03-08T10:27:29Z

tests/unittests/test_packets_static.c

+
+	struct rtr_socket rtr_socket;
+
+	set_interval_mode(&rtr_socket, IGNORE_ANY);


you need to add an include for rtr_mgr.h, Travis reports compiler warning:

/rtrlib/rtrlib/tests/unittests/test_packets_static.c:478:2: warning: implicit declaration of function ‘set_interval_mode’ [-Wimplicit-function-declaration] set_interval_mode(&rtr_socket, IGNORE_ANY); ^

smlng · 2018-03-09T13:05:00Z

please squash the 2 unittest commits into one

smlng · 2018-03-09T13:29:33Z

@mroethke if you agree, please merge (without squash)

colinbs changed the title ~~rtrlib/rtr: adds range checks for interval values in packets.c #81~~ rtrlib/rtr: adds range checks for interval values in packets.c Oct 28, 2016

colinbs force-pushed the interval_range_checks branch from 5161af2 to a77d9a6 Compare October 28, 2016 12:58

waehlisch added the status:WIP label Oct 28, 2016

colinbs changed the title ~~rtrlib/rtr: adds range checks for interval values in packets.c~~ rtrlib/rtr: add range checks for interval values in packets.c Oct 31, 2016

colinbs force-pushed the interval_range_checks branch from dd6e808 to 0f2f628 Compare November 21, 2016 13:41

smlng requested changes Dec 9, 2016

View reviewed changes

smlng reviewed Feb 1, 2017

View reviewed changes

colinbs force-pushed the interval_range_checks branch 12 times, most recently from 4c6b38b to e241131 Compare February 2, 2017 12:17

smlng reviewed Feb 3, 2017

View reviewed changes

rtrlib/rtr/rtr.c Outdated

minimum = RTR_RETRY_MIN;

maximum = RTR_RETRY_MAX;

break;

default:

Copy link

Member

smlng Feb 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add error message and return here?

smlng reviewed Feb 3, 2017

View reviewed changes

fho closed this Feb 3, 2017

fho reopened this Feb 3, 2017

colinbs force-pushed the interval_range_checks branch from e580c25 to 281de67 Compare February 8, 2017 15:59

smlng requested changes Feb 27, 2017

View reviewed changes

smlng reviewed Feb 28, 2017

View reviewed changes

colinbs force-pushed the interval_range_checks branch from 98a32d1 to e4b22ef Compare February 28, 2017 14:56

colinbs mentioned this pull request Aug 2, 2017

Dynamic adding and removing of rtr_mgr_groups #131

Merged

smlng requested changes Aug 15, 2017

View reviewed changes

smlng approved these changes Aug 30, 2017

View reviewed changes

smlng added this to the release 0.6.0 milestone Feb 8, 2018

rtrlib/rtr: adds range checks for interval values.

d91a225

Use new rtr_check_interval_range function in rtr.c Refactor code duplication.

colinbs force-pushed the interval_range_checks branch from f4e2040 to d91a225 Compare February 14, 2018 10:48

mroethke requested changes Feb 15, 2018

View reviewed changes

smlng added type:new feature priority:medium and removed status:WIP labels Mar 8, 2018

smlng requested changes Mar 8, 2018

View reviewed changes

smlng approved these changes Mar 9, 2018

View reviewed changes

unittests: make memory allocation static in interval check functions.

4d2998e

colinbs force-pushed the interval_range_checks branch from b801306 to 4d2998e Compare March 9, 2018 13:24

mroethke approved these changes Mar 22, 2018

View reviewed changes

mroethke merged commit 831d9e1 into rtrlib:master Mar 22, 2018

waehlisch mentioned this pull request Mar 22, 2018

Missing validation of interval values received from cache server #81

Closed


		int interv_retval = rtr_check_interval_range(interval, type);

		if (interv_retval == INSIDE_INTERVAL_RANGE \|\| interval_mode == ACCEPT_ANY) {


		struct rtr_socket rtr_socket;

		set_interval_mode(&rtr_socket, IGNORE_ANY);

rtrlib/rtr: add range checks for interval values in packets.c #98

rtrlib/rtr: add range checks for interval values in packets.c #98

Uh oh!

Conversation

colinbs commented Oct 28, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-io commented Oct 28, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

waehlisch commented Oct 28, 2016 • edited by colinbs Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

smlng commented Nov 1, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

waehlisch commented Nov 1, 2016

Uh oh!

smlng commented Nov 3, 2016

Uh oh!

colinbs commented Nov 7, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

smlng commented Nov 7, 2016

Uh oh!

colinbs commented Nov 16, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

smlng Dec 9, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

smlng Feb 3, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

smlng Feb 27, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

colinbs commented Oct 28, 2016 •

edited

Loading

codecov-io commented Oct 28, 2016 •

edited

Loading

waehlisch commented Oct 28, 2016 •

edited by colinbs

Loading

smlng commented Nov 1, 2016 •

edited

Loading

colinbs commented Nov 7, 2016 •

edited

Loading

colinbs commented Nov 16, 2016 •

edited

Loading

smlng Dec 9, 2016 •

edited

Loading

smlng Feb 3, 2017 •

edited

Loading

smlng Feb 27, 2017 •

edited

Loading

colinbs Aug 15, 2017 •

edited

Loading