In a nutshell, sun's 1.1 jre/jdk is so broken I'm recommending that we add a check at node startup for it and refuse to run under sun 1.1. This is because nodes running under sun 1.1 regularly enter a state where they effectively launch a DoS attack on other nodes.
What happens is that the node gets locked in a loop where it keeps reading the same request message from a socket over and over again. Since it has already handled that chain, it issues a QueryRejected. This loop is on a 3 second interval, so the unfortunate node that first sent that request to the evil-1.1 node starts receiving an identical QueryRejected every 3 seconds ad infinitum. There seems to be a decent likelihood of this happening to DataRequest chains where the evil-1.1 node initially QueryRejects due to a looped request. The problem compounds rapidly so that a single evil-1.1 node may be doing this on multiple chains, or a single node may be getting hammered by several evil-1.1 nodes. We observed one node receiving approximately 20 of these bogus QueryRejected messages each second. We have reproduced this bug several times under controlled circumstances in a private 4-node test network. 3 nodes were running sun 1.3 and the 4th was running sun 1.1. The 1.1 node did it every time, even if we moved the 1.1 installation to a different machine. I have also confirmed independent observations of this bug from node operators on IRC. So, because of the deleterious effects on the rest of the network, I'd like to add code to the next build of Fred for refusing to run under sun 1.1. When the mandatory build number finally increases again we will be rid of them, but it will still take a while. -tc _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
