ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nascif Abousalh-Neto (JIRA)" <>
Subject [jira] Commented: (IVY-854) Evil behavior form resolve latest.status: performs DOS attacks
Date Thu, 23 Jul 2009 21:07:14 GMT


Nascif Abousalh-Neto commented on IVY-854:

I believe we are seeing the same issue on Ivy 2.0 final, will post more details soon.

I have to agree that the current design is very much a DOS attack on the server. Our scenario
is very much as described above as well, large number of modules, with large number of revisions,
and resolving for latest. We can easily get to thousands of connections created and destroyed
in a resolve, and we are bumping into the Windows limitations described in;EN-US;196271.
For continuous integration builds, this is a major issue.

I wonder if a different approach could be taken for the url resolver. Instead of releasing
the connection on every download() and upload(), why not take advantage of HTTP 1.1 ability
to keep connections open? You would go from thousands of connections per resolve to 1 - and
it would be constant, instead of on the order of modules x versions x resolvers as it is today.

Since there is already a concept of locking in Ivy, it means there is a concept of transaction
borders. You could use that to implement to setup and closing of the connection.

> Evil behavior form resolve latest.status: performs DOS attacks
> --------------------------------------------------------------
>                 Key: IVY-854
>                 URL:
>             Project: Ivy
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.0-beta-2
>         Environment: windows xp sp2, linux fedora core 9, running Ivy repository through
http for remote resolving and Hudson CI server (publishing to the repo).
>            Reporter: Hans Lund
>            Assignee: Maarten Coene
>             Fix For: 2.0-RC1
> Ivy is extremely aggressive towards repositories . This can result in  
> resolving fails, even towards a healthy repository. 
> The symptom:
> [ivy:resolve] 01-07-2008 13:16:24
> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
> [ivy:resolve] INFO: I/O exception ( caught when
> processing request: Address already in use: connect.
> In effect this happens when Ivy has performed a successfully DOS attack against the repository.

> This is especially a problem when having large repositories (lost of revisions) and resolve
against latest.status -> as this will fetch ivy.xml md5 and sha1 files for every revision.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message