hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-10452) SASL negotation should support buffer size negotiation
Date Mon, 23 May 2016 22:23:13 GMT
Wei-Chiu Chuang created HDFS-10452:

             Summary: SASL negotation should support buffer size negotiation
                 Key: HDFS-10452
                 URL: https://issues.apache.org/jira/browse/HDFS-10452
             Project: Hadoop HDFS
          Issue Type: New Feature
          Components: encryption
            Reporter: Wei-Chiu Chuang
            Assignee: Wei-Chiu Chuang

The SASL negotation for data transfer encryption implemented in Hadoop currently only supports
negotiation of cipher and QoP. The buffer size is not negotiated by SASL.

public SaslOutputStream(OutputStream outStream, SaslClient saslClient) {
    this.saslServer = null;
    this.saslClient = saslClient;
    String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);
    this.useWrap = qop != null && !"auth".equalsIgnoreCase(qop);
    if (useWrap) {
      this.outStream = new BufferedOutputStream(outStream, 64*1024);
    } else {
      this.outStream = outStream;

public static Map<String, String> createSaslPropertiesForEncryption(
      String encryptionAlgorithm) {
    Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);
    saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());
    saslProps.put(Sasl.SERVER_AUTH, "true");
    saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);
    return saslProps;

For applications that are sensitive to buffer size, e.g., HBase, there should be a way to
configure the buffer size.

In addition, the SASL negotiation for RPC does use the negotiated buffer size, but since Hadoop
never actually negotiates it, the size is the default value, 64 KB.

public OutputStream getOutputStream(OutputStream out) throws IOException {
    if (useWrap()) {
      // the client and server negotiate a maximum buffer size that can be
      // wrapped
      String maxBuf = (String)saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE);
      out = new BufferedOutputStream(new WrappedOutputStream(out),
    return out;

We should make it possible to negotiate the buffer size for both data transfer and RPC.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org

View raw message