1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/audit-design.md d

    From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, March 30, 2026 10:39:00
    https://gitlab.synchro.net/main/sbbs/-/commit/7440b2f2b9cfdd7b4d0ab3ad
    Modified Files:
    src/ssh/audit-design.md deucessh-conn.h ssh-conn.c ssh-internal.h src/ssh/test/test_chan.c
    Log Message:
    Fix audit items 4-5, 7-10 + event queue init + ZC window fix

    Audit conformance fixes against design-channel-io-api.md:

    - Item 4: term field changed from char[64] to char* with strdup
    (no truncation, matches RFC 4254 unbounded string)
    - Item 5: add dssh_chan_get_pty() returning const dssh_chan_params*
    - Item 7: add cb_mtx per-channel mutex protecting callback pointers;
    init/destroy in all channel lifecycle paths
    - Item 8: in_zc_rx guard added to shutwr, close, send_signal,
    send_window_change, send_break (was only on zc_getbuf/zc_send)
    - Item 9: ZC callback WINDOW_ADJUST now sent (ZC mode only; stream
    mode uses maybe_replenish_window after app reads)
    - Item 10: dssh_session_set_event_cb stores in session struct,
    propagated to channels at open/accept time

    Additional fixes found during testing:
    - Event queue initialized before channel registration in all three
    open functions (dssh_chan_open, dssh_chan_zc_open, dssh_chan_accept)
    to prevent SIGFPE when demux dispatches EOF/CLOSE during reject
    - ZC WINDOW_ADJUST restricted to DSSH_IO_ZC (was firing for stream
    mode too, breaking window accounting in demux truncation tests)

    Remaining deliberate deviations documented in audit-design.md:
    - Item 6: remote_window uses buf_mtx not atomic (correct, optimization)
    - Item 11: design doc inconsistency in event position semantics
    - Item 12: accept-loops-on-reject deferred (needs demux sync work)

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, March 30, 2026 10:39:00
    https://gitlab.synchro.net/main/sbbs/-/commit/957616f7caac7fecb344fc43
    Modified Files:
    src/ssh/audit-design.md design-channel-io-api.md ssh-conn.c ssh-internal.h src/ssh/test/dssh_test.h mock_io.c test_algo_enc.c test_algo_key.c test_algo_mac.c test_alloc.c test_auth.c test_chan.c test_conn.c test_selftest.c test_thread_errors.c test_transport.c test_transport_errors.c
    Log Message:
    Fix audit items 6, 11 + test reliability under contention

    Item 6: remote_window converted to atomic_uint_least32_t with CAS
    saturating add/sub helpers. zc_send_inner no longer acquires buf_mtx
    for the window deduction.

    Item 11: design doc event positions corrected to "bytes of unread
    stdout/stderr at poll time"; poll freeze path recomputes from .used.

    Test fixes:
    - 20 test_server_send_fail_* tests: close both pipes before thrd_join
    to prevent hang when server send wins the race and loops to recv
    - 3 dclient server threads: close_s2c_write (not full close) to avoid
    yanking the read fd from under the client thread
    - Selftest/conn accept+poll timeouts: 5s -> 30s, poll loops 100-200ms
    -> 1000ms to survive -j16 contention with PQ/DH-GEX crypto
    - EINTR retry on all socket send/recv in test_selftest.c and mock_io.c
    - After-each cleanup hook in test framework: selftest registers
    g_active_ctx so leaked demux/accept threads from ASSERT bail-outs
    get cleaned up before the next test runs in the same process

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net