apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Pane <brian.p...@cnet.com>
Subject call for vote Re: [PATCH] Re: Frankentables
Date Wed, 21 May 2003 03:22:39 GMT
Thanks.  IMHO, a 4x increase in CPU usage for the worst
case isn't a problem, as that's a 4x increase in an operation
that's only a few percent of the total cycles anyway.

But since the 4x degradation in the worst case may be
controversial, I'd like to have a vote first.  I'm +1 for
making this change in APR. Can a few other committers weigh in?

Thanks,
Brian

On Tue, 2003-05-20 at 17:25, Joe Schaefer wrote:
> Brian Pane <brian.pane@cnet.com> writes:
> 
> > Thanks, it works much better with that change.
> > One more question: do you have a way to get "before" and
> > "after" profile data for a request with a ridiculously
> > large number of header fields (e.g., 90 different Cookie
> > or Accept lines that need to get merged)?  A default httpd
> > config will allow up to a 100-line header, which is a large
> > enough 'n' to make me paranoid about O(n^2) DoS vulnerabilities.
> 
> I had to patch ab to allow it to take a large enough 
> set of headers.
> 
> % perl -wle '$xx="aa";$args.="-H Cook".++$xx.":foo=bar " for 1..48; \
>   exec qq{ab $args $args -n 50000 -c 50 http://127.0.0.1:8080/foo}'
> 
> % oprofile -rl /home/joe/apache2/bin/httpd | head
> 
> 
> UNPATCHED:
> vma      samples  %           symbol name             
> 00075fb4 9007     20.0071     __GI___strcasecmp       
> 00009d3c 8553     18.9986     __pthread_internal_tsd_address 
> 0000cf00 2294     5.09563     overlap_hash            
> 0000d13c 1900     4.22044     apr_table_overlap       
> 0808852c 1867     4.14714     ap_rgetline_core        
> 000762d8 1254     2.78549     memcpy                  
> 000177d4 787      1.74815     apr_palloc              
> 0808ddbc 551      1.22393     core_input_filter       
> 00075b10 482      1.07066     __memchr                
> 
> 
> PATCHED:
> vma      samples  %           symbol name             
> 00075fb4 35642    35.7866     __GI___strcasecmp       
> 00009d3c 35549    35.6932     __pthread_internal_tsd_address 
> 0000c41c 3134     3.14671     apr_table_compress      
> 000762d8 1454     1.4599      memcpy                  
> 0808852c 1453     1.45889     ap_rgetline_core        
> 0000c010 1450     1.45588     apr_array_pstrjoin      
> 00017bb8 811      0.81429     apr_palloc              
> 00006214 621      0.623519    apr_brigade_split_line  
> 0808ddbc 578      0.580345    core_input_filter       
> 
> So it looks like the worst case scenario is 
> worsened by a factor of 4.


Mime
View raw message