[GitHub] cloudstack pull request: CLOUDSTACK-9348: NioConnection improvemen...

Thu, 19 May 2016 09:32:56 -0700 

GitHub user rhtyd reopened a pull request:

    https://github.com/apache/cloudstack/pull/1549

    CLOUDSTACK-9348: NioConnection improvements

    Reopened PR with squashed changes for a re-review and testing after 
https://github.com/apache/cloudstack/pull/1493 and sub-sequent PRs got reverted

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shapeblue/cloudstack nio-fixagain-singlepr

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1549.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1549
    
----
commit 9c7518698d2f4a9fcc6a83fd22dd5b2fc4260232
Author: Rohit Yadav <[email protected]>
Date:   2016-04-14T18:54:53Z

    CLOUDSTACK-9348: NioConnection improvements
    
    - Unit test to demonstrate denial of service attack
      The NioConnection uses blocking handlers for various events such as 
connect,
      accept, read, write. In case a client connects NioServer (used by
      agent mgr to service agents on port 8250) but fails to participate in SSL
      handshake or just sits idle, this would block the main IO/selector loop in
      NioConnection. Such a client could be either malicious or aggresive.
    
      This unit test demonstrates such a malicious client that can perform a
      denial-of-service attack on NioServer that blocks it to serve any other 
client.
    
    - Use non-blocking SSL handshake
      - Uses non-blocking socket config in NioClient and NioServer/NioConnection
      - Scalable connectivity from agents and peer clustered-management server
      - Removes blocking ssl handshake code with a non-blocking code
      - Protects from denial-of-service issues that can degrade mgmt server 
responsiveness
        due to an aggressive/malicious client
      - Uses separate executor services for handling ssl handshakes
    
    Signed-off-by: Rohit Yadav <[email protected]>

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to