Hello,
SHA-512/256 is normally not a simple truncation (because similiar hashes are
not a robust crypto practice, instead it is using different initialisation
vectors).
Haven’t checked the example vectors in rfc 7616, but I would asume they refer
to FIPS 180-4 truncation variants.
Gruss
Bernd
://bernd.eckenfels.net
Von: Michael McMahon
Gesendet: Friday, March 4, 2022 4:07:49 PM
An: Bernd Eckenfels ; net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
Bernd,
If I understand you correctly, there is no
Hello,
While I like the idea of the user having to explicitely specify the rexenabled
legacy algorithms (as opposed to removing the defaultsdisabled) it is not the
style the other algorithm policies in JCE work - so it might be confusing.
But, more critically I would separate the enabling/imple
Just a nit, but how about:
* For all interfaces use “-b 0.0.0.0“ (IPv4) or “-b ::“ (IPv6)
Instead of:
* For 0.0.0.0 (all interfaces) use -b 0.0.0.0 or -b ::0
In the usage?
(I think „::“ is canon?)
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im
I also wonder if it makes sense to either only serve files with public
permissions, or at least Filter some critical files like .ssh/* and *.jks.
Those command-line servers are often started „accidentially“ in the home
directory.
--
http://bernd.eckenfels.net
V
In the Test List .xml is not mentioned, that looks like a major format.
However I am not sure if it maybe needs extra handling because of possible
different mime types for application/xml and text/xml?
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von J
Hello,
Actually, in HTML was a separator, and in xhtml it should enclose
paragraphs. However I was under the impression Javadoc always used the
separator style (it would be strange to start the first sentence in Javadoc
with . Is this doccheck enforcing a new policy?
This officially Oracle gu
The client could drain if yo close the stream,but I think it’s more flexible If
the Application decides if it want to do that (it could be a config option but
I guess it’s uncommon that you stop reading and. It want to discard data.
Gruss
Bernd
--
http://bernd.eckenfels.net
___
Hello,
A „happy eyeballs“ implementation, not only for Multiple IPv4 addresses but
also for IPV6/IPv4 Mixed would be a good thing, however since this
a) adds additional connection Timeouts or decreases connection deadlines
b) potentially is stateful
I think it’s not a good idea to enable it for
Hello,
Good find Jamie,
The change for this is from 2010, so it should be in all recent Linux kernels
(not sure if this means no fallback is needed - maybe keep the tcp fallback)
https://lwn.net/Articles/420800/
BTW the article also,mentions there is a way to do this in MacOS also.
Gruss
Bern
Hello,
I am unsure about the signatures, s is of type SOCKET, why not keep this — I
think I missed why this would be a JNICALL convention.
There are two inconsistencies:
The header file and implementation uses (int) argument, the call casts to
(jint).
And I also think it's not a big problem t
Hello Nikola,
Can you explain why timeouts play a role here at all? Normally when connecting
to a non existing socket it should immediately respond with a TCP RST and that
should not cause a retry or delay.
Reducing the timeouts seems oddly specific, especially since your test numbers
show, th
Note that many browsers also download certs from the AIA and even "well known"
mechanisms. It won't help to access more truststores, that would be a function
you need to prove directly. Also the dynamic installation from Windows Updates
or offline from crypt32.dll is not triggered when only brow
Hello,
This would be a great addition. I do not understand why it does not support the
options available for Windows. Especially given the fact that it actually
implements 6 native methods to print "Unsupported".
But I guess that's less a question to the backport and more to the general
implem
Hello,
If you query the queue Id from a central dispatcher thread is there any benefit
in knowing that ID as the context change already happens. So without being able
to bind a thread for accepting to such a queue (which might not be so easy with
emulated async NIO) this api feature seems to no
Hello,
Depending on the test environment you don't need much native tools. You can use
java.io.File to open /proc/thread-self to get the TID and use ProcessBuilder to
execute the kill command.
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag vo
What is the MAC address of the loopback interface on Solaris anyway? Maybe it's
enough to assume there is none if the execution fails?
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von Daniel Fuchs
Gesendet: Friday, February 28, 2020 4:41:51 PM
An: Ope
Hello Anuraag,
The patch looks like a good idea (especially the additional cleanup for nanos
and arraylist) Just a minor thing I noticed there are two comments talking
about „comma and space“ but the code below will only tokenize by space. Imguess
the comment needs to be fixed, for the next rev
Hello,
Another possible extension point would be a custom socket factory. This has the
additional benefit that the sockets from this factory also can implement a
happy eyeballs algorithm (which would connect in parallel to multiple IP
address candidates, which is especially helpful for IPv6 pro
Maybe instead of having a MacOS specific algorithm it would be a good idea to
have getLocalHostName generally look up the hostnames from the Array with a
trailing „.“ and only if that Fails have it search with search Suffix?
Also I think we talked before that removing AI_CANONNAME would also hel
How will that look like on Windows, will it use IO Completion Ports? I guess
scalability becomes much more of an issue with typical thousands of classic
sockets.
What’s the expected performance of this? The blocking IO had a lot less latency
compared to Channels, is there some regression expect
Hello,
I wonder if that conclusion „stdin = tcp4 -> disable tcp6“ is correct at all.
The started program might serve a v4 connection but it still could want to do
ipv6 client connections.
If somebody wants to disable v4 they can do it regularly with the System
property.
Gruss
Bernd
--
http:/
Hello,
I think the overall request Timeout is not a good substitute (if it applies to
connect or DNS at all). Typically you want a small connect Timeout to allow
failover or retry and a larger request Timeout to allow long running activities.
However propagating the request Timeout (shortened)
yHandler** in case
I've not made that clear) then I'm happy to run one more test, if it helps. I
guess if anyone would like to see it, I can install wireshark. Let me know if
you want me to do that. (And to be clear, this is now for the benefit of anyone
*else* who wants to pursue this, n
out = new PrintWriter(new OutputStreamWriter(s.getOutputStream()));
for (var st : response) {
out.print(st + "\r\n");
System.out.println("> " + st);
}
out.flush();
s.close();
}
}
On Tue, May 15, 2018 at 1:55 PM Simon Roberts
mailto:si...@dancingcloudservices
Hello,
What about at least adding a change warning to Release Notes?
We do have software which depends on the possibility to actually reset a
connection instead of closing it cleanly (think FTP data connection proxy),
luckily in our case it’s blocking so we would not be affected, but I can
ima
Hello,
Glad to see progress on this, much needed.
I wonder if there is a better way for safe and dynamic string concatenation in
the JDK, this errmsg[56] looks scary.
Did you tried to support it on Windows, even if it does not support all 3
parameters it might be important to be available (I t
Hello,
Is this really correct? This seems to break for multi-homed hosts (old and new
code). Does OS X not do proper interface autoselection (and if so, would the
naive approach be any good?).
Shouldnt it at least try to look at the destination routes, the priorities and
the lifetimes?
Gruss
, 2018 1:39:46 PM
To: Bernd Eckenfels
Cc: net-dev@openjdk.java.net
Subject: Re: Adding SocketChannel toString to connection exception messages
Hi Bernd,
Are you specifically talking about a SOCKS proxy, or something else?
-Chris.
On 3 Jan 2018, at 12:10, Bernd Eckenfels
mailto:e
Hello,
Just to add to the discussion, if proxies are used, the error should make clear
if the problem is connecting the proxy or the endpoint. And for that case
(especially with multiple proxies) the actual failed address is also
interesting for trouble shooting (in that case higher level code
Hello,
I also dearly miss Socket addresses in connection exceptions, however it looks
like it is not going to make it. However if we add a getter for the Peer
address (not included in toString) then logging frameworks could detect
instances of ConnectException and process them accordingly.
Gru
Hello,
it is a bit unlikely that there is much difference (especially for as low as
200 packets), but I would recommend you actually try it with your specific
traffic pattern and System load. Not much a Java developer can say about
various Linux kernel versions and their drivers.
Gruss
Bernd
-
Hello,
TCP keepalive is a rather elegant mechanism to detect abandoned TCP
Connections. With increased distribution of components and inclusion of Cloud
based services I have the feeling it has become more important.
Yet it is rather clumsy to use, because in addition to actually enabling it in
What is currently returned at the end of a stream? This looks like a dangerous
thing to do, if a existing implementation only read when something is available
it might never detect that it reached EOF.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: net-dev on b
Hello,
It looks to me like using nanoseconds in the NET_Timeout Timeout Parameter
would remove quite a few conversions. Callsides mostly already have
timeoutNanoseconds for calculating reminder.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: net-dev
mailto:ne
Can't you just keep a NET_Timeout using directly os::javaTimeNano()?
Gruss
Bernd
--
http://bernd.eckenfels.net
From: net-dev on behalf of Thomas Stüfe
Sent: Monday, April 24, 2017 1:07:52 PM
To: Vyom Tewari
Cc: net-dev
Subject: Re: JDK10 RFR: 8165437 Evaluate th
Should the test maybe assert that a change was made (or maybe be a bit more
whitebox and assert the result is >64k? Should it test SND+RCV?
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Dec 9, 2016 at 12:04 PM +0100, "Michael McMahon"
wrote:
Could I get the following change r
Hello,
I know it is a radical idea, but what about exposing errno value in an
IOException.
I do think that the new ConnectionRefused subtype is helpful, but for each
seldomly occuring error case a dedicated exception is more work than a one time
mapping of native errormcodes to fields.
Gruss
B
Hello,
Java HTTP clients (HTPURLConnection) can use a limited functionality of
the system proxy. If you use Applet/JWS it is also configured on the
cotnrol panel.
http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
You can also access system key and trust stores (with limited
Am Thu, 1 Sep 2016 23:08:15 +0300
schrieb Dmitry Samersoff :
> gettimeofday is affected by system time changes, so running ntpd can
> cause unpredictable behavior of this code. Also it's rather expensive
> syscall.
At least on Linux It is actually not a syscall at all and very
performant (on Linu
Hello,
trying to understand the new jdk9 hierachy I noticed that this code:
http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/ca7fb78b94b6/src/java.httpclient/share/classes/java/net/http/SSLDelegate.java#l59
SSLParameters sslp = client.sslParameters().orElse(null);
if (sslp == null) {
Hello
I think .get() or .put() would look even strange. With all uppercase
it is rather clear its an HTTP/2 method keyword.
Gruss
Bernd
Am Wed, 17 Aug 2016
16:51:18 +0300 schrieb Rahman USTA :
> Thank you Pavel, this uncommon usage looks to me very weird.
>
> I hope it could be re-evaluated ag
Hello,
a while back I brought up the discussion that there is no
preferIPV6=system (or similar) setting which allows to turn off the
reordering of address families by Java. Because only the OS can try to
correctly do target address determinaton.
A Bug was opened and it was excluded from Java 8 -
Hello,
The reason the IPv6 Stack requires you to specify the interface for a link
local address is because such an address has no identifying prefix (since the
link local network prefix is the same for all interfaces and therefore the Is
no entry in the forwarding information base (routing tabl
Hello,
not sure how I feel about the res_init(). Depending on the backends
used this might be expensive. Especially since it wont be rate
limited. The negative-ttl of 10s is for single records I thing. So at a
minimum you should rate-limit res_init to the same negative-ttl time).
But another aspe
Hello,
I (still) like it. But I still think the AI_CANONNAME can and should be
removed. If you keep it, it will trigger additional lookups and the
actual canonized result (res->ai_canonname) is never used.
This is true for all 3 locations (but you changed only one).
I wonder if you want to make
Am Fri, 10 Oct 2014 15:03:32 +0100
schrieb Michael McMahon :
> getnameinfo() with AI_CANONNAME is taking the canonical host name as
> reported directly by the name service. Whereas the additional
> getnameinfo() is doing a reverse lookup of the forward looked up IP
> address.
getaddrinfo() with A
Am Wed, 8 Oct 2014 18:59:27 +0200
schrieb Volker Simonis :
> - it may be also possible to complete omit the call to getnameinfo()
> in that new implementation, because as far as I can see the
> 'ai_canonname' field of the first addrinfo structure returned by
> getaddrinfo() already contains the ca
Hello,
Is the GetVersionEx the recommended way to check for this feature? (we
had some trouble with manifests in the past and I think there is a new
version helper api to query for minimum levels?) Or would it easier to
just try it and remeber the WSAEOPNOTSUPP?
I see on MSDN the only reason why
Hello,
A short question out of couriosity, why is the code for the v6 and v4 case
different, anyway?
Gruss
Bernd
--
http://bernd.eckenfels.net
-Original Message-
From: Chris Hegarty
To: OpenJDK Network Dev list
Sent: Fr., 12 Sep 2014 11:05
Subject: Re: RFR [9] 8058216: NetworkInterf
Hello Peter,
I think the comments in compareTo() are now superflucious ("with 0").
Greetings
Bernd
Am Wed, 02 Jul 2014 13:56:39 +0200
schrieb Peter Levart :
> Hi,
>
> I updated the webrev with first two suggestions from Bernd
> (expireTime instead of createTime and cacheNanos + only use
> putI
Hello,
Am Wed, 02 Jul 2014 00:45:01 +0200
schrieb Peter Levart :
> > L782: is it better to use putIfAbsent unconditionally, instead of
> > get/putIfAbsent in NameServicdeAddr?
>
> I want to keep the semantics of original code that guarantees that
> there will only be a single look-up to the name
Looks good, like it, Peter.
some nits: instead of adding createTime and cacheNanos, only have a
expireAfter?
L782: is it better to use putIfAbsent unconditionally, instead of
get/putIfAbsent in NameServicdeAddr?
L732: I am unsure about the id field, isnt it enough to have the
identity equality
Looks good to me. Thanks for polisihing my scribbles up.
As you have mentioned before, you preserve the semantics of valueOf vs.
encode() for the primary and fallback properties. It is a bit hard to
unify as it would generate different behavior for 0-prefixed numbers.
Did you run some JMH tests a
Am Fri, 18 Apr 2014 17:27:47 +0100
schrieb Michael McMahon :
> I think it would be an improvement to combine these doPrivileged()
> blocks as suggested, though your patch needs work Bernd. For instance,
> the multi-catch doesn't work. Also the PrivilegedAction<> type is
> wrong.
Yes I noticed tho
Hm,
hard to say. Did you use tcpdump to check if data is transfered or
did you straced the java process? And you can check more socket stats
with /sbin/ss -eomipt
Bernd
Am Fri, 18 Apr 2014 09:23:21 +0800
schrieb Li Li :
> hi all
> sorry to post a not-dev problem here. because I can't find
Am Thu, 17 Apr 2014 21:50:23 +0200
schrieb Bernd Eckenfels :
> Hello,
>
> I would propose to use Integer.valueOf(tmp) instead, but looking at
> the context I think it is even better to skip this and the following
> null check with Integer.parseInt().
This is even shorter and
Hello,
I would propose to use Integer.valueOf(tmp) instead, but looking at the
context I think it is even better to skip this and the following null
check with Integer.parseInt().
Gruss
Bernd
what about using Integer.valueOf(tmp)
Am Thu, 17 Apr 2014 17:56:10 +0200
schrieb Claes Redestad :
> Hi,
Hello,
> Am 22.02.2014 um 10:33 schrieb Alan Bateman :
>
>> http://cr.openjdk.java.net/~chegar/8034174/webrev.00/webrev/
> Thank for you for doing this, it's long over due.
Hm, I actually like to have that JVM_ abstraction layer. Looks like it is now
replaced by NET_ in some parts, do we really
Hello,
the hosts file can be used for both direction. Canonicalizing an IP to a
hostname will pick the first hostname (alias) in the hosts file. (The
first entry in the first line with the same IP).
Some tools not use the hosts file directly but the resolver library. Then
it depends on th
Hello,
BTW: it would be good if UHE had a data member of the not-found host
value. Actually the javadoc hints in that direction:
# public UnknownHostException(String host)
#
# Parameters:
#host - the detail message.
which is quite confusing. Maybe a new constructor like UHE(String cause,
Am 25.10.2013, 16:44 Uhr, schrieb Chris Hegarty :
Wow, I've been working in this area for more than a decade, and this is
the first bug I've seen on the HttpURLConnection when using URL's with
literal IPv6 addresses.
I guess the interface identifier is just so inherently system specific
th
Am 13.09.2013, 19:32 Uhr, schrieb Rob McKenna :
W.r.t. the use of AI_CANONNAME, this doesn't actually make a difference
in the context of this fix, but is definitely something that should be
looked at. I'll put it on the todo list.
I think it does make a difference: If you remove the CANON f
Hello,
I reported before, AI_CANONNAME is used in different places with no good
reason. If you use the flag, the result would be in res[0].ai_canonname,
which is not used. So you can remove it and safe the elaborate resolving
which comes with it.
And I also think the comment "skip DNS loo
Hello,
VLAN is Handled in the kernel by the 8021Q module. Not sure what the best
reference is, the stuff was created here:
http://www.candelatech.com/~greear/vlan.html
Maybe you should ask on Linux net...@vger.kernel.org (instead ;).
Greetings
Bernd
--
bernd.eckenfels.net
Am 24.07.2013 um 08
Hello,
we found a cause for the leak, we did not use the latest xnio-nio release.
Looking at the NioTcpChannel code I guess that for example this commit
could fix a potential problem (we shutdown r+w before we close, which
would not be passed on by the older xnio-nio):
https://github.com/
Sorry I should not write those mails on the mobile - full version below.
Am 05.07.2013 um 16:05 schrieb Bernd Eckenfels :
> Hello,
>
> I have two updates on the Issue:
>
> A) same Problem exists with June 7u40 EA JDK
> B) there are no threads starting/terminating in the test
Hello,
I will have a look at 7u40 and 8 as soon as I get some time. But I dont
think it is thread(caching) related as it does not show up in the heapdump
(and we have a controled thread creation rate). It looks more like some
close/cancel interactions (and a real leak).
I will let you kno
Hello,
we see a possible handle/selector leak very similiar to this bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7118373
We see on linux unix domain sockets and on windows /dev/afd handles which
are not backed up by any socket/selector/handle/channel in the heapdump.
This is a ap
Hello Michael,
Am 13.06.2013, 12:24 Uhr, schrieb Michael McMahon
:
This does cause some confusion. The method getCanonicalHostName() was
never intended
to return the CNAME from DNS. Rather it was intended to return the name
that results
from a reverse lookup of the IP address (ie the PTR).
Hello,
Am 13.06.2013, 11:39 Uhr, schrieb Alan Bateman :
There are details on how to configure it at the end of this page:
http://docs.oracle.com/javase/7/docs/technotes/guides/net/ipv6_guide/index.html
Speaking of this guide, there are two problems with this as well:
First of all the Title is
Am 13.06.2013, 22:47 Uhr, schrieb Alan Bateman :
Yes, it looks like close is missing in a few places (but probably hasn't
been noticed as it's unlikely that the setsockopt will fail).
Linux Kernel is using in those situations an error-out label.
if () {
Throw...
goto error;
}
...
error:
Hello Matthew,
Am 13.06.2013, 00:01 Uhr, schrieb Matthew Hall :
There is a pre-existing alternative provider, dnsjava:
dns(only)-based providers are not the best option for general purpose
resolving because (besides the fact that they will not use alternative
naming methods which are typic
Hello,
I have given a (german) talk about Java and IPv6 at the largest european
IPv6 Congress last week in Frankfurt. As part of my preparation for that
talk was looking at some of the details of Java IPv6 networking. I have
some points to discuss because of that:
RFC 3484 defines the def
74 matches
Mail list logo
