Remove oldest channel if not used by session, when number of channels reaches MaxChannelCount - 1

[mrsuciu]

Proposed changes

Close the oldest unused channel prior to consuming the last available slot, thus always allowing one free channel slot to be available.
The pool of potential channels to pick from and chose the oldest is made by channels not used by sessions.

Related Issues

• Fixes NETStandard doesn't pass UACTT DoS attack test #2979

Types of changes

What types of changes does your code introduce?
Put an x in the boxes that apply. You can also fill these out after creating the PR.

• Bugfix (non-breaking change which fixes an issue)
• Enhancement (non-breaking change which adds functionality)
• Test enhancement (non-breaking change to increase test coverage)
• Breaking change (fix or feature that would cause existing functionality to not work as expected, requires version increase of Nuget packages)
• Documentation Update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING doc.
• I have signed the CLA.
• I ran tests locally with my changes, all passed.
• I fixed all failing tests in the CI pipelines.
• I fixed all introduced issues with CodeQL and LGTM.
• I have added tests that prove my fix is effective or that my feature works and increased code coverage.
• I have added necessary documentation (if appropriate).
• Any dependent changes have been merged and published in downstream modules.

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[codecov]

Codecov Report

Attention: Patch coverage is 23.52941% with 13 lines in your changes missing coverage. Please review.

Project coverage is 55.45%. Comparing base (fcc3b74) to head (f5fac32).
Report is 6 commits behind head on master.

Files with missing lines	Patch %	Lines
...tack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs	0.00%	10 Missing and 2 partials ⚠️
Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2986      +/-   ##
==========================================
- Coverage   55.46%   55.45%   -0.01%     
==========================================
  Files         352      352              
  Lines       67853    67869      +16     
  Branches    13904    13908       +4     
==========================================
+ Hits        37634    37637       +3     
- Misses      26100    26106       +6     
- Partials     4119     4126       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[romanett]

looks good & passes ctt tests with 10 & 50 channels & 75 channles (for 75 increase channel & security Token lifetime)

[Siyuan-Xu-Wapice]

looks good & passes ctt tests with 10 & 50 channels & 75 channles (for 75 increase channel & security Token lifetime)

Hello, @romanett Hmm...I couldn't get the latest Master (I checked commit history, the latest fixes were included indeed) of ReferenceConsoleServer to pass the UACTT Security test with session/channel 10/11, nor 50/51 nor 75/76. What were your settings? Were Server config and the UACTT project config syncs concerning the MaxSession and MaxChannel?

[romanett]

@Siyuan-Xu-Wapice
-> Were Server config and the UACTT project config syncs concerning the MaxSession and MaxChannel

• You need to configure Server & CTT to exactly match each other. FOr MaxSession & MaxChannel. i used 10/10 50/50 75/75
• For 75 I increased the security token & secure channel lifetime because before I observered in the logs that this messed up the test.
• Also I ran the tests individually, so no channels are present on the Server before the test or else the verification logic of the CTT Test will maybe not work.

[Siyuan-Xu-Wapice]

Thanks for quick reply. I am confused now. When I just discovered the issue, I contacted Alexander Allmendinger (Test Lab Manager of OPC Foundation European Certification Lab) for help, his response regarding the test setup was that there should be one more MaxSecureChannel than MaxSession.

PS. Yes, I can confirm with your suggested configurations the Ref Server would pass the test.