BIND 10 #357: There should be timeout on TCP connection in auth server
BIND 10 Development
do-not-reply at isc.org
Sun Oct 3 11:15:00 UTC 2010
#357: There should be timeout on TCP connection in auth server
-----------------------+----------------------------------------------------
Reporter: vorner | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: b10-auth | Keywords:
Sensitive: 0 | Estimatedhours: 0
Hours: 0 | Billable: 1
Totalhours: 0 | Internal: 0
-----------------------+----------------------------------------------------
It seems that the b10-auth holds an inactive TCP connection opened forever
(I already have a socat connected to it for an hour while nothing is
sent). This seems to be a bad thing, since it allocates a 64kB buffer for
each TCP connection. It is too easy to create a connection and keep it
open.
Furthemore, as an idle connection can survive forever without any packet
going any way, this is possible resource leak. Imagine that a machine
starts a TCP connection to Auth and crashes after the handshake, but
before anything is sent. No packets are sent from the auth, since it waits
on read. Therefore there will be no os-level timeout. But the machine will
not send any packets, it does not know about the connection after reboot.
Therefore the connection will be opened forever, eating 64kB of memory and
a file descriptor.
--
Ticket URL: <http://bind10.isc.org/ticket/357>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list