Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8270553: Tests should not use (real, in-use, routable) 1.1.1.1 as dummy IP value #4806

Closed
wants to merge 1 commit into from

Conversation

jmtd
Copy link

@jmtd jmtd commented Jul 16, 2021

The tests test/jdk/java/net/HttpURLConnection/HttpURLConWithProxy.java uses the IP address "1.1.1.1" as a value. I think at the time the address was picked, the assumption was the address was not valid / not routable. Since April 2018 the address is part of CloudFlare's "Free" DNS product: https://en.wikipedia.org/wiki/1.1.1.1. (this test was originally written in 2016, before the service was launched)

I've verified using local packet captures that running the test does result in IP traffic being sent to 1.1.1.1. (Several other tests in JDK use 1.1.1.1 as a placeholder IP. I've checked them all and none of the others connect out to the IP like this one)

This PR substitutes that IP address value (and two others) for ones from a reserved IP range (240.0.0.0/4 according to RFC 6761) which will not result in runners of the test suit inadvertently sending IP packets to the CloudFlare service.

This could be invalidated again if that address range is allocated at some point in the future. A more future-proof fix would be to bind to random ports on localhost for each dummy proxy (as done for the target HTTP server in the test already). I can do that if preferred.

https://bugs.openjdk.java.net/browse/JDK-8270553


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8270553: Tests should not use (real, in-use, routable) 1.1.1.1 as dummy IP value

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/4806/head:pull/4806
$ git checkout pull/4806

Update a local copy of the PR:
$ git checkout pull/4806
$ git pull https://git.openjdk.java.net/jdk pull/4806/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 4806

View PR using the GUI difftool:
$ git pr show -t 4806

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/4806.diff

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Jul 16, 2021

👋 Welcome back jdowland! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr label Jul 16, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Jul 16, 2021

@jmtd The following label will be automatically applied to this pull request:

  • net

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the net label Jul 16, 2021
@mlbridge
Copy link

@mlbridge mlbridge bot commented Jul 16, 2021

Webrevs

Copy link
Contributor

@shipilev shipilev left a comment

I had to read up if this would work, and I am somewhat convinced it would. IANA Database mentions these addresses are Reserved-by-Protocol, and refers to RFC 1112, Section 4 which mentions these are reserved for future addressing modes.

But this rabbit hole excursion makes me think it would be better to just use the local loopback in these tests.

@AlanBateman
Copy link
Contributor

@AlanBateman AlanBateman commented Jul 27, 2021

But this rabbit hole excursion makes me think it would be better to just use the local loopback in these tests.

The test already attempts to connect to a server on the loopback address with setup that leads to the "no suitable proxy" scenario. I suspect the proposed patch is okay but I'd prefer to wait until @dfuch is back (Daniel has been doing a lot of work on test stability in this area and will probably want to run the change on a wide range of OS/configurations to check that it is stable).

@dfuch
Copy link
Member

@dfuch dfuch commented Aug 5, 2021

Thanks for suggesting a replacement for the 1.1.1.1 address Jonathan! I have run your patch through our test system and not observed any errors caused by this patch - so from my perspective you're good to go. Could you please add a comment before the line where the 240.* addresses are used that explains that these addresses are reserved (Class E network) and are not supposed to point to any existing endpoint?

@jmtd jmtd force-pushed the 8270553-one.one.one.one branch from af1fe55 to 1befd62 Compare Aug 6, 2021
dfuch
dfuch approved these changes Aug 25, 2021
Copy link
Member

@dfuch dfuch left a comment

LGTM. Thanks for adding the comment Jonathan! If you integrate I will sponsor this.
(PS: I hadn't notice your changes because you used force-push - instead of merge - and the update sent by github let me believe the commit was a merge commit - apologies for the delay)

@openjdk
Copy link

@openjdk openjdk bot commented Aug 25, 2021

@jmtd This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8270553: Tests should not use (real, in-use, routable) 1.1.1.1 as dummy IP value

Reviewed-by: shade, dfuchs

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 358 new commits pushed to the master branch:

  • f9b2507: 8271834: TestStringDeduplicationAgeThreshold intermittent failures on Shenandoah
  • 261cb44: 8273629: compiler/uncommontrap/TestDeoptOOM.java fails with release VMs
  • b0d0497: 8273584: TypeElement.getSuperclass crashes for a record TypeElement when j.l.Record is not available
  • 4efcd20: 8273478: [macos11] JTabbedPane selected and pressed tab is not legible
  • a73c06d: 8273021: C2: Improve Add and Xor ideal optimizations
  • 9f86082: 8273610: LogTestFixture::restore_config() should not restore options
  • 2ee1f96: 8273484: Cleanup unnecessary null comparison before instanceof check in java.naming
  • f189dff: 8273595: tools/jpackage tests do not work on apt-based Linux distros like Debian
  • 922e86f: 8273522: Rename test property vm.cds.archived.java.heap to vm.cds.write.archived.java.heap
  • f42b927: 8273609: Fix trivial doc typos in the compiler area
  • ... and 348 more: https://git.openjdk.java.net/jdk/compare/c495ede2c2df405e6eec0e205cd67401d7826c4c...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@shipilev, @dfuch) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added the ready label Aug 25, 2021
@dfuch
Copy link
Member

@dfuch dfuch commented Sep 10, 2021

Hi Jonathan, this should be ready to integrate so please enter /integrate in a new comment and then it can be sponsored.

@jmtd
Copy link
Author

@jmtd jmtd commented Sep 13, 2021

/integrate

@openjdk openjdk bot added the sponsor label Sep 13, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Sep 13, 2021

@jmtd
Your change (at version 1befd62) is now ready to be sponsored by a Committer.

@jmtd
Copy link
Author

@jmtd jmtd commented Sep 14, 2021

@dfuch thanks for the prompt and sorry for the delay!

@dfuch
Copy link
Member

@dfuch dfuch commented Sep 14, 2021

/sponsor

@openjdk
Copy link

@openjdk openjdk bot commented Sep 14, 2021

Going to push as commit 394ebc8.
Since your change was applied there have been 379 commits pushed to the master branch:

  • 0f31d0f: 8273373: Zero: Cannot invoke JVM in primordial threads on Zero
  • fe89dd3: 8271254: javac generates unreachable code when using empty semicolon statement
  • 8974b95: 8273730: WorkGangBarrierSync constructor unused
  • 1d3eb14: 8273635: Attempting to acquire lock StackWatermark_lock/9 out of order with lock tty_lock/3
  • 31667da: 8273491: java.util.spi.LocaleServiceProvider spec contains statement that is too strict
  • ed7789d: 8256977: Bump minimum GCC from 5.x to 6 for JDK
  • 5bfd043: 8273497: building.md should link to both md and html
  • 3884580: 8273597: Rectify Thread::is_ConcurrentGC_thread()
  • f527289: 8273639: tests fail with "assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark"
  • 1d2458d: 8266550: C2: mirror TypeOopPtr/TypeInstPtr/TypeAryPtr with TypeKlassPtr/TypeInstKlassPtr/TypeAryKlassPtr
  • ... and 369 more: https://git.openjdk.java.net/jdk/compare/c495ede2c2df405e6eec0e205cd67401d7826c4c...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot closed this Sep 14, 2021
@openjdk openjdk bot added integrated and removed ready rfr sponsor labels Sep 14, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Sep 14, 2021

@dfuch @jmtd Pushed as commit 394ebc8.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated net
4 participants