[JENKINS-36871] JNLPProtocol4 #92
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t relying on external dependencies
…CommandTransport optimized implementation - The original implementation we had could not access some of the required methods due to being outside of the `hudson.remoting` package, so we didn't need these wrappers
- Some of the tests require JUnit 4.12
…occurs in "fast" protocols
- Resurected from history as we will be forced to diverge to map against the JNLPProtocol APIs rather than follow the nicer implementation path from CJOC
…c within remoting - rather than having one half of the protocol in jenkins and the other half in remoting. - I need to write tests for this and then remote the old classes
TODO
|
…rQueueInputStream
- Also causes commands that span multiple frames to be corrupted
…onnects - Don't think this affected any real protocols, but better to fix after finding
- Avoids intermediate String representation. Could probably get faster still with BigInteger and zero-left-pad but it becomes harder to understand
…et concurrent modification exceptions - They'll recover, but better is not to have to worry about it at all
|
Let's see if we can get lucky |
stephenc
force-pushed
the
jenkins-36871
branch
from
d2a3455
to
e406ea8
Compare
- Of course we are now weakening the equality test, but since this has come through the cipher this shouldn't be too bad.
- Found another set of cases where the cookie gets mangled, as the EngineUtil.readLine does a `.trim()` If the encrypted cookie happens to being or end with a whitespace character... boom A first order analysis looks only at the single bytes that could be whitespace. There are 9 such bytecodes, but that includes `\n` which we have already tested for So there is an 8 in 256 or 1 in 32 chance that the first character is whitespace There is a 31 in 32 chance that it is not and a 1 in 32 chance that the last is whitespace Thus (1/32 + 32/32*1/32) = 6%... or in total 28% of the time the generated cookies will be unusable with the current handshaking ciphers - Also stop creating throw-away instances of `SecureRandom` because that is a waste
…s introduced bug - We don't want to synchronize as that will cause issues during the close. We can rely on the stack for ensuring that reads are serialized and writes are serialized and the `channel` field is write once with the write guarded by the synchronized setup method
- On machines with fewer cores than my machine, the selector thread may not have processed the interest removal and hence the test can fail randomly for lower spec machines
|
Retriggering to confirm that flaky tests have been fixed |
|
And let's see |
|
Timeout... Ffs |
|
The last changes look good. |
|
@oleg-nenashev I'd rather cut a 2.0 branch pre-merge and merge this on master |
|
We agreed that we will follow master and stable branch approach |
oleg-nenashev
added a commit
to oleg-nenashev/jenkins
that referenced
this pull request
Aug 14, 2016
Changes are listed below: Fixed issues: * [JENKINS-22853](https://issues.jenkins-ci.org/browse/JENKINS-22853) - Be robust against the delayed EOF command when unexporting input and output streams. (jenkinsci/remoting#97) * Fixed ~20 minor issues reported by FindBugs. More fixes to be delivered in future versions. (jenkinsci/remoting#96) Enhancements: * [JENKINS-37218](https://issues.jenkins-ci.org/browse/JENKINS-37218) - Performance: <code>ClassFilter</code> does not use Regular Expressions anymore to match <code>String.startsWith</code> patterns. (jenkinsci/remoting#92) * [JENKINS-37031](https://issues.jenkins-ci.org/browse/JENKINS-37031) <code>TcpSlaveAgentListener</code> now publishes a list of supported agent protocols to speed up connection setup. (jenkinsci/remoting#93)
DanielWeber
added a commit
to DanielWeber/jenkins
that referenced
this pull request
Aug 26, 2016
(Cherry Pick of 06be933) Changes are listed below: Fixed issues: * [JENKINS-22853](https://issues.jenkins-ci.org/browse/JENKINS-22853) - Be robust against the delayed EOF command when unexporting input and output streams. (jenkinsci/remoting#97) * Fixed ~20 minor issues reported by FindBugs. More fixes to be delivered in future versions. (jenkinsci/remoting#96) Enhancements: * [JENKINS-37218](https://issues.jenkins-ci.org/browse/JENKINS-37218) - Performance: <code>ClassFilter</code> does not use Regular Expressions anymore to match <code>String.startsWith</code> patterns. (jenkinsci/remoting#92) * [JENKINS-37031](https://issues.jenkins-ci.org/browse/JENKINS-37031) <code>TcpSlaveAgentListener</code> now publishes a list of supported agent protocols to speed up connection setup. (jenkinsci/remoting#93)
oleg-nenashev
added a commit
to oleg-nenashev/remoting
that referenced
this pull request
Oct 22, 2016
oleg-nenashev
added a commit
that referenced
this pull request
Oct 23, 2016
…121) * [JENKINS-39161] - Add brief description of remoting versions, provide subpage link stubs * [JENKINS-39161] - Add Changelog for the 3.0 release * [JENKINS-39161] - Add the Contributiing page with PR creation guidelines * [JENKINS-39161] - Add protocol descriptions page * [JENKINS-39161] - Add placeholders for Jenkins specifics and Troubleshooting * [JENKINS-39161] - Update JNLP4-plaintext documentation according to comments from @stephenc * [JENKINS-39161] - Add compatibility notes as a follow-up to #92 * [JENKINS-39161] - Update Readme * [JENKINS-39161] - Modify the System Property documentation * [JENKINS-39161] - Fix relative links in the compatibility page * [JENKINS-39161] - Fix the spelling mistake
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a JNLP protocol that uses TLS upgrade over the plaintext socket before exchanging any connection secrets and allows for end-to-end security leveraging the TLS certificates on the Jenkins master HTTPS end-point where the master is using TLS on the web UI.
Initial measurements show that the TLS encryption using SSLEngine coupled with the ByteBuffer backed NIO implementation does not seem to have any negative performance impact. Additionally the new NIO implementation shows significantly better scalability and performance due to the offloading of I/O processing to the worker threads (this was necessary for to use SSLEngine, but a nice side-effect when compared with the previous NIO implementation (i.e. JNLPProtocol2) which does the actual I/O processing on the selector thread and thus can cause excessive transport delays when the selector thread becomes overloaded)
See JENKINS-36871 for the tracking issue.
This code is being contributed to the Jenkins Community by CloudBees, Inc. (though some of this code was work developed by me in personal time, but I am contributing that to the Jenkins Community anyway)
Work in progress while I complete our internal process for all the files required to be released.
This change is