Upgraded to Netty 4.1.96

- Add Bouncycastle dependency - Upgrade tcnative boringssl - Add TLSv1.3 to encryption options tests - Revert defaults after changes in Netty 4.1.75 - Remove Guava 18 from deps - we accidentally ended with Guava 30+ and 18 on the classpath because JimFS includes it as a transient dependency. Patch by Jacek Lewandowski and Brandon Williams; reviewed by Ekaterina Dimitrova and Berenguer Blasi for CASSANDRA-17992 Co-authored-by: Jacek Lewandowski <lewandowski.jacek@gmail.com> Co-authored-by: Brandon Williams <driftx@gmail.com>
apache · Aug 3, 2023 · 53d1644 · 53d1644
1 parent 4f23232
commit 53d1644
Show file tree

Hide file tree

Showing 9 changed files with 64 additions and 6 deletions.
diff --git a/.build/cassandra-deps-template.xml b/.build/cassandra-deps-template.xml
@@ -170,6 +170,10 @@
       <groupId>com.github.jbellis</groupId>
       <artifactId>jamm</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+    </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-bom</artifactId>
@@ -179,6 +183,15 @@
       <groupId>io.netty</groupId>
       <artifactId>netty-all</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-transport-native-epoll</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-transport-native-epoll</artifactId>
+      <classifier>linux-x86_64</classifier>
+    </dependency>
 
     <!-- chronicle queue, and fixed transitive dependencies -->
     <dependency>

diff --git a/.build/parent-pom-template.xml b/.build/parent-pom-template.xml
@@ -340,6 +340,12 @@
         <groupId>com.google.jimfs</groupId>
         <artifactId>jimfs</artifactId>
         <version>1.1</version>
+        <exclusions>
+          <exclusion>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.hdrhistogram</groupId>
@@ -719,19 +725,35 @@
       <dependency>
         <groupId>io.netty</groupId>
         <artifactId>netty-bom</artifactId>
-        <version>4.1.58.Final</version>
+        <version>4.1.96.Final</version>
         <type>pom</type>
         <scope>provided</scope>
       </dependency>
       <dependency>
         <groupId>io.netty</groupId>
         <artifactId>netty-all</artifactId>
-        <version>4.1.58.Final</version>
+        <version>4.1.96.Final</version>
       </dependency>
       <dependency>
         <groupId>io.netty</groupId>
         <artifactId>netty-tcnative-boringssl-static</artifactId>
-        <version>2.0.36.Final</version>
+        <version>2.0.61.Final</version>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcpkix-jdk15on</artifactId>
+        <version>1.70</version>
+      </dependency>
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-transport-native-epoll</artifactId>
+        <version>4.1.94.Final</version>
+      </dependency>
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-transport-native-epoll</artifactId>
+        <version>4.1.94.Final</version>
+        <classifier>linux-x86_64</classifier>
       </dependency>
 
       <!-- chronicle-queue deps -->

diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,4 +1,5 @@
 5.0
+ * Upgraded Netty to 4.1.96, added BouncyCastle dependency (CASSANDRA-17992)
  * Fix for (unsupported) big endian unaligned architecture, eg s390x (CASSANDRA-17723)
  * CIDR filtering authorizer (CASSANDRA-18592)
  * Remove 3.x from the versions checked for prepared statement behaviour (CASSANDRA-18695)

diff --git a/build.xml b/build.xml
@@ -1145,6 +1145,8 @@
         <jvmarg value="-Dcassandra.test.flush_local_schema_changes=${cassandra.test.flush_local_schema_changes}"/>
         <jvmarg value="-Dcassandra.test.messagingService.nonGracefulShutdown=${cassandra.test.messagingService.nonGracefulShutdown}"/>
         <jvmarg value="-Dcassandra.use_nix_recursive_delete=${cassandra.use_nix_recursive_delete}"/>
+        <jvmarg value="-Dio.netty.allocator.useCacheForAllThreads=true"/>
+        <jvmarg value="-Dio.netty.allocator.maxOrder=11"/>
         <jvmarg line="${java-jvmargs}"/>
         <!-- disable shrinks in quicktheories CASSANDRA-15554 -->
         <jvmarg value="-DQT_SHRINKS=0"/>

diff --git a/conf/jvm11-server.options b/conf/jvm11-server.options
@@ -112,4 +112,8 @@
 # inferior performance and risks exceeding MaxDirectMemory
 -Dio.netty.tryReflectionSetAccessible=true
 
+# Revert changes in defaults introduced in https://netty.io/news/2022/03/10/4-1-75-Final.html
+-Dio.netty.allocator.useCacheForAllThreads=true
+-Dio.netty.allocator.maxOrder=11
+
 # The newline in the end of file is intentional
diff --git a/conf/jvm17-server.options b/conf/jvm17-server.options
@@ -130,4 +130,8 @@
 # inferior performance and risks exceeding MaxDirectMemory
 -Dio.netty.tryReflectionSetAccessible=true
 
+# Revert changes in defaults introduced in https://netty.io/news/2022/03/10/4-1-75-Final.html
+-Dio.netty.allocator.useCacheForAllThreads=true
+-Dio.netty.allocator.maxOrder=11
+
 # The newline in the end of file is intentional
diff --git a/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java b/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java
@@ -236,13 +236,14 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
             c.set("server_encryption_options",
                   ImmutableMap.builder().putAll(validKeystore)
                               .put("internode_encryption", "all")
-                              .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2"))
+                              .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2", "TLSv1.3"))
                               .build());
         }).start())
         {
             InetAddress address = cluster.get(1).config().broadcastAddress().getAddress();
             int port = cluster.get(1).config().broadcastAddress().getPort();
 
+            // deprecated
             TlsConnection tls10Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1"));
             Assert.assertEquals("Should not be possible to establish a TLSv1 connection",
                                 ConnectResult.FAILED_TO_NEGOTIATE, tls10Connection.connect());
@@ -257,6 +258,11 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
             Assert.assertEquals("Should be possible to establish a TLSv1.2 connection",
                                 ConnectResult.NEGOTIATED, tls12Connection.connect());
             Assert.assertEquals("TLSv1.2", tls12Connection.lastProtocol());
+
+            TlsConnection tls13Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1.3"));
+            Assert.assertEquals("Should be possible to establish a TLSv1.3 connection",
+                                ConnectResult.NEGOTIATED, tls13Connection.connect());
+            Assert.assertEquals("TLSv1.3", tls13Connection.lastProtocol());
         }
     }
 

diff --git a/...stributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java b/...stributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
@@ -170,7 +170,7 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
             c.set("client_encryption_options",
                   ImmutableMap.builder().putAll(validKeystore)
                               .put("enabled", true)
-                              .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2"))
+                              .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2", "TLSv1.3"))
                               .build());
         }).start())
         {
@@ -191,6 +191,11 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
             Assert.assertEquals("Should be possible to establish a TLSv1.2 connection",
                                 ConnectResult.NEGOTIATED, tls12Connection.connect());
             Assert.assertEquals("TLSv1.2", tls12Connection.lastProtocol());
+
+            TlsConnection tls13Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1.3"));
+            Assert.assertEquals("Should be possible to establish a TLSv1.3 connection",
+                                ConnectResult.NEGOTIATED, tls13Connection.connect());
+            Assert.assertEquals("TLSv1.3", tls13Connection.lastProtocol());
         }
     }
 

diff --git a/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java b/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java
@@ -117,7 +117,8 @@ public class ClusterSimulation<S extends Simulation> implements AutoCloseable
                                             FutureCallback.class,
                                             io.netty.util.concurrent.GenericFutureListener.class,
                                             io.netty.channel.FileRegion.class,
-                                            io.netty.util.ReferenceCounted.class
+                                            io.netty.util.ReferenceCounted.class,
+                                            io.netty.util.concurrent.FastThreadLocal.class
                                         };
 
     public static final Class<?>[] ISOLATE = new Class<?>[0];