[pull] master from esnet:master #141
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Correct format specifier for printing int64_t
Fix --affinity help text
* minor error message correction for openssl includes * update fix for config/ax_check_openssl.m4
* Fix --rcv-timeout manual text Correct the default value in ms from `12000` to `120000`. Source of truth: https://github.com/esnet/iperf/blob/master/src/iperf_api.h#L71 * Fix --rcv-timeout manual text
This eliminates some compile-time tests that didn't really work as desired and aren't easy to fix. Inspired by comments on PR #1636.
Without this change, an --fq-rate setting would persist on the server, which could adversely slow down future --reverse tests. This bug was exposed by PR #1643, which allows --fq-rate to work on the server. One annoying side-effect of this bug was that GitHub Actions scripts were timing out and throwing errors. Pet file copyright date while here.
Properly reset the --fq-rate parameter on the server between tests.
in the function iperf_new_test the bitrate_limit_intervals_traffic_bytes array was only memset for the size of the sizeof return type, instead of the entire array.
This fixes some non-intuitive behavior when using the iperf3 authentication feature, where iperf3 was able to use a relative path to locate the credentials file when being run "normally" but not if it was being run as a --daemon (the workaround was to use only absolute pathname arguments).
…anges per reviewer comments)
This is similar to what was done for iperf_errexit() in a previous commit.
…#1688) Add locking around fprintf() calls in JSONStream_Output(). Probably not needed at the moment given that this function can only be called from the main thread, but added for consistency and possible future usage.
More json output fixes
…2024-26306. Special thanks to Hubert Kario at Red Hat for finding the vulnerability.
RSA padding update for authentication feature
---------------------
* Notable user-visible changes
* BREAKING CHANGE: iperf3's authentication features, when used with
OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
timing attack. To address this flaw, a change has been made to the
padding applied to encrypted strings. This change is not backwards
compatible with older versions of iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
* iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
* A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
* UDP tests now work correctly between different endian hosts
(#1415).
* The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).
* The statistics reporting interval is now available in the --json
start test object (#1663).
* A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
* Notable developer-visible changes
* Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
* iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
Fix typo in iperf3 documentation
…_client Send Server's get_Parameters() errors to the client
* Update build.yml to add read permissions
* Fix memory issues with t_auth * Add make check to github for sanitizers
docs: We use Ubuntu, not CentOS, for primary Linux development. Closes #1891.
* reject measurements from client's whose duration exceeds that of the server * sum of test duration and omit must not exceed server's max duration * client's test duration cannot be 0 when server sets max duration * formatting * add flag description to man page * add server flag to case * changes made for review comments * handle errno * man page capitalization * adjust error code for server time max violation * move validation to within get_parameters * move validation to the end of the function
server: ignore rcv-timeout in BIDIRECTIONAL mode Closes #1766.
* Set output buffer size prior to encrypt operation When calling EVP_PKEY_encrypt with a non-null output buffer, the output buffer length must be provided. Attempts to write beyond this length will fail. * Rename keysize to output_buffer_len This more accurately represents the meaning; it is the minimum buffer allocation necessary for an encrypt or decrypt operation to succeed. This is the same size for both ciphertext and cleartext, as padding is applied. * Avoid out-of-bounds access when base64 decoding short strings Check the length before reading memory. * Don't over-allocate followed by partial reads We know how much we expect to read; the input buffer has a defined size. Allocate the exact buffer expected instead of a larger one with a read expected to return only partial data. This makes it simpler to follow the logic and to avoid off-by-one errors. * Add warnings on silent truncation Input should not be this long, but makes the expectations of the code clearer.
* Initialize i_errno with 0 * Add error handling to the unit_atoX() functions Previously, the unit_atoX() functions did not have any error handling: Calling e.g. `iperf3 -nZ -c ...` would silently hide the fact that -n requires a numeric argument and also not apply the -Z (it was “consumed” by unit_atoi()). The intention was to pass -NZ here. With this change, iperf3 will refuse options where unit_atoX() did not find any numeric value or detect an invalid suffix (not one of KMGT). --------- Co-authored-by: Bruce A. Mah <bmah@es.net>
Zerocopy Flag Does Not Send Expected Data
Minor improvement in man page for --server-max-duration flag
Removed extra warning message.
Do as iperf_parse_hostname()'s comment says already: pass a copy of getopt(3)'s `optarg` aka. to avoid strtok(3) scribbling over `argv[]`. Otherwise arguments like "fe80::1%vport0" appear as "fe80::1" in the process list and cause exact matching of process name and arguments (against what was used) to fail. OpenBSD's net/iperf3 package ships a rc.subr(8) script and the service framework uses pgrep(1) to check for running processes, where this bug causes a mismatch due to the scope identifier being stripped: ``` $ rcctl get iperf3 flags -6 --bind fe80::1%vport0 $ rcctl check iperf3 iperf3(failed) $ pgrep -fl iperf3 33091 /usr/local/bin/iperf3 -s -D -6 -B fe80::1 ``` Pass a copy to avoid modification, thus fixing rcctl(8) reporting: ``` $ rcctl check iperf3 iperf3(ok) $ pgrep -fl iperf3 98863 /usr/local/bin/iperf3 -s -D -6 -B fe80::1%vport0 ```
Do not modify --bind and --client arguments inplace
Typographical Fixes
Increase MAX_MSS to 32K
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )