Use of an auto-dispose writer meant the NO_WRITERS case did not actually
get tested. The behaviour of the implementation was to generate
deadline missed notifications for such instances, but the test expected
otherwise.
There is a disagreement between different DDS implementations on the
desirability of generating deadline missed notifications for NOT_ALIVE
instances. Deadline notifications on DISPOSED instances seems silly, as
it means end-of-life. Deadline notifications on a NO_WRITERS instance
are certainly valuable for applications that don't pay attention to the
number of writers (otherwise one has to monitor both liveliness changed
and deadline missed notifications to be be sure to get some
notification).
Different usage patterns definitely affect what is desirable and I doubt
one-size-fits-all is the right approach. This commit changes the test
and retains the behaviour, and if it errs, it at least errs on the side
of caution.
Signed-off-by: Erik Boasson <eb@ilities.com>
The entire point of this test program is to exercise the RHC while
checking its internal state. The likelihood of (at least some)
forgetting to enable the "expensive" checks has been proven to be
significant.
Signed-off-by: Erik Boasson <eb@ilities.com>
This changes the behaviour of auto-dispose writers: instead of always
disposing when the writer disposes the data, it now only disposes the
data when the instance would otherwise go to the "no writers" state.
This only affects the behaviour when there are multiple writers for the
same instance.
In case the writers use a different value for the auto-dispose setting,
it now tracks whether an instance has ever been touched by an writer
with auto-dispose enabled, and treats auto-disposes the instance when
the last writer leaves if this is the case. This way, if an instance is
registered by one auto-dispose and one non-auto-dispose writer, the
order of unregistering does not matter.
Signed-off-by: Erik Boasson <eb@ilities.com>
Deadline registration, renewal and deregistration was somewhat spread
through the code and relied on the "isdisposed" flag as a proxy for
whether it was registered or not. This consolidates the deadline
handling code in a final step of updating the instance and uses a
separate flag to track whether the instance is currently registered in
the deadline administration or not.
This also makes it possible to trivially change the rules for when
deadline notifications are required, and so allows for, e.g., adding a
mode in which instances in the "no writers" state do not trigger any
deadline missed notifications, or just once (both of which seem useful
modes).
Signed-off-by: Erik Boasson <eb@ilities.com>
Do not pass a dangling pointer to update_conditions_locked after
dropping an instance. The dangling pointer did not actually get
dereferenced because of the state changes caused by dropping the
samples, but that is cutting a bit fine.
Signed-off-by: Erik Boasson <eb@ilities.com>
Scanning all instances was never good for anything: the RHC is organised
as hash table on instance id (which is an alias for "instance handle")
and it was always designed to do this with a fast lookup.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Add a flag to indicate signed integral values and one to indicate
floating-point values
* Set these flags in the output of idlc
* Use them when printing sample contents to the trace
By encoding the information as flags in reserved bits the actual
serialization and deserialization is unaffected.
Signed-off-by: Erik Boasson <eb@ilities.com>
Introduced a test that checks for the correct matching behavious for combinations
of the read/write access control settings in the governance xml (enable read/write
access control in the topic rules) and in the permissions xml (the publish/subscribe
grants for a topic).
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add validate_local_permissions to the set of access control plugin
hooks tests, and add discovery_protection_enabled as an additional
parameter for the access control hook tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add testing liveness protection to the existing discovery protection
test. The test checks if the P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_WRITER
is using the encode_decode_submessage function of the crypto plugin
to secure liveliness messages.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
A test that checks that the security handshake fails in case of non-matching
encoding settings in the governance xml. All combinations of values for
rtps, discovery and liveliness protection are checked. For meta-data and
payload encoding, this test checks that a reader and writer do not connect
in case of non-matching values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Adding a test that checks the effects of using different configuration settings
for discovery protection. This test set uses the cryptography wrapper to count
the number of invocations of the encode and decode functions during a session
and checks the counts with the expected values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Introduced a test that checks if all crypto tokens send by a node are
received correctly by the remote node. To support this test, the crypto
wrapper plugin is extended with a token_log mode, that stores all tokens
that are exchanged after the security handshake is finished.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add test cases for the join_access_control governance setting and for
the access control plugin check_create_ and check_remote_ hooks,
using a wrapper plugin that simulates failure for each of these,
to test the DDSI integration with the access control plugin.
This commit also contains fixes for:
- an assert on DDS_RETCODE_OK in dds_create_reader and
dds_create_writer that cased the application to terminate in case
creation of a reader or writer is not allowed by security
- do not match a proxy reader that has the 'relay_only' set to
true, which is currently unsupported
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
The conversion of incoming discovery data (in "parameter list" format)
check for the presence of the entity GUID parameter for the particular
type of endpoint and use it as the key field in subsequent processing.
If the parameter is absent, deserialisation fails and the handlers are
never called and the old check is therefore no longer necessary.
Signed-off-by: Erik Boasson <eb@ilities.com>
The initialization of remote participant's key material was not protected
by the remote_participant_crypto lock, which could result in using partially
initialized remote key material. This caused intermittent test failures
with assertions on key_size in crypto_cipher_decrypt_data. This commit fixes
this issue by adding locking for the remote key material.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
