cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhtyd <...@git.apache.org>
Subject [GitHub] cloudstack pull request: CLOUDSTACK-9348: NioConnection improvemen...
Date Tue, 17 May 2016 04:37:32 GMT
GitHub user rhtyd opened a pull request:

    https://github.com/apache/cloudstack/pull/1549

    CLOUDSTACK-9348: NioConnection improvements

    Reopened PR with squashed changes for a re-review and testing after https://github.com/apache/cloudstack/pull/1493
and sub-sequent PRs got reverted

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shapeblue/cloudstack nio-fixagain-singlepr

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1549.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1549
    
----
commit 267b3faa3b56d62ab7b6843cf676e0f6254a82a5
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Date:   2016-04-14T18:54:53Z

    CLOUDSTACK-9348: NioConnection improvements
    
    - Unit test to demonstrate denial of service attack
      The NioConnection uses blocking handlers for various events such as connect,
      accept, read, write. In case a client connects NioServer (used by
      agent mgr to service agents on port 8250) but fails to participate in SSL
      handshake or just sits idle, this would block the main IO/selector loop in
      NioConnection. Such a client could be either malicious or aggresive.
    
      This unit test demonstrates such a malicious client that can perform a
      denial-of-service attack on NioServer that blocks it to serve any other client.
    
    - Use non-blocking SSL handshake
      - Uses non-blocking socket config in NioClient and NioServer/NioConnection
      - Scalable connectivity from agents and peer clustered-management server
      - Removes blocking ssl handshake code with a non-blocking code
      - Protects from denial-of-service issues that can degrade mgmt server responsiveness
        due to an aggressive/malicious client
      - Uses separate executor services for handling ssl handshakes
    
    Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message