Re: Review Request 61664: Libprocess: Added a timeout for send socket operation.

Vinod Kone Tue, 15 Aug 2017 15:07:09 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61664/#review183002
-----------------------------------------------------------





3rdparty/libprocess/src/process.cpp
Lines 256-261 (patched)
<https://reviews.apache.org/r/61664/#comment258985>

    How did you pick these values?



3rdparty/libprocess/src/process.cpp
Lines 2184 (patched)
<https://reviews.apache.org/r/61664/#comment258986>

    s/, see/; see/



3rdparty/libprocess/src/process.cpp
Lines 2170-2182 (original), 2195-2209 (patched)
<https://reviews.apache.org/r/61664/#comment258989>

    I guess this means if writing a very large message takes greater than the 
timeout we abort? Do you have a rought back of the envelope calculation for 
what the max data size could be given the minimum timeout?


- Vinod Kone


On Aug. 15, 2017, 3:45 p.m., Alexander Rukletsov wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61664/
> -----------------------------------------------------------
> 
> (Updated Aug. 15, 2017, 3:45 p.m.)
> 
> 
> Review request for mesos, Benno Evers, Benjamin Mahler, Jie Yu, and Vinod 
> Kone.
> 
> 
> Bugs: MESOS-7748
>     https://issues.apache.org/jira/browse/MESOS-7748
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Prior to this patch, a send socket operation can wait forever for
> a send to complete. Clients that drop connections or stop reading
> incoming data, aka "slow reader" attack, can eventually exhaust the
> resources of a libprocess-based application and cause denial of
> service or an OOM event.
> 
> This patch introduces an obligatory timeout for all send socket
> operations, after which the stalled connection is dropped. The
> timeout can be adjusted via the `LIBPROCESS_SOCKET_SEND_TIMEOUT`
> environment variable.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 
> dcd9c6738816764aae066fe56cd5f468c98fc9bd 
> 
> 
> Diff: https://reviews.apache.org/r/61664/diff/1/
> 
> 
> Testing
> -------
> 
> Manual testing with a rogue client.
> 
> 
> Thanks,
> 
> Alexander Rukletsov
> 
>

Re: Review Request 61664: Libprocess: Added a timeout for send socket operation.

Reply via email to