BIND 10 #357: There should be timeout on TCP connection in auth server

BIND 10 Development do-not-reply at isc.org
Fri Aug 31 13:43:19 UTC 2012 

#357: There should be timeout on TCP connection in auth server
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  vorner
  vorner                             |                Status:  reviewing
                       Type:         |             Milestone:
  defect                             |  Sprint-20120904
                   Priority:         |            Resolution:
  medium                             |             Sensitive:  0
                  Component:         |           Sub-Project:  DNS
  b10-auth                           |  Estimated Difficulty:  5
                   Keywords:         |           Total Hours:  0
            Defect Severity:         |
  Medium                             |
Feature Depending on Ticket:         |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Changes (by jelte):

 * owner:  jelte => vorner


Comment:

 Replying to [comment:8 vorner]:
 > Hello
 >
 > About the changelog message, it looks bad if it starts with lower-case
 letter, maybe changing the sentence slightly so b10-auth is not the first
 word? Also, maybe saying the well-known word „Timeout“ in there somewhere
 might make sense.
 >

 take 2:

 [bug]
 TCP connections now time out in b10-auth if no (or not all) query data is
 sent by the client. The timeout value defaults to 5000 milliseconds, but
 is configurable in Auth/tcp_recv_timeout.

 > Now, to the code. Cppcheck complains here:
 > src/bin/auth/auth_config.cc:123: check_fail: Member variable
 'TCPRecvTimeoutConfig::timeout_' is not initialized in the constructor.
 (warning,uninitMemberVar)
 >

 fixed (set to 0, build() will override it anyway)

 > The special-case of 0 should be documented in the guide.
 >

 oh right, of course

 > Maybe we should also validate the value is non-negative (someone might
 try to put -1 there hoping for some magic to happen). Also, maybe a
 warning with too low values (below 1 second, for example)?
 >

 i suspect that people might actually want to (temporarily) set this quite
 low, to mitigate synflood-like attacks and increase the chance that at
 least fast proper connections get through

 It does error on negative values now. And I discovered a lowlevel problem
 that is out of scope for this ticket, but the c++ client side of msgq
 can't handle very large integers in JSON data, I'll make a separate ticket
 for that.

 > Also, I'm not sure if 1 is enough as a default value. There are
 connection types (like GPRS/EDGE) with possibly multi-second round trips.

 right, I chatted a bit with jeremy about this, we decided that we could
 use some statistical info here :) but since we need a value now, i chose 5
 seconds (windows CE clients themselves give up after 3, a common
 resolv.conf client-side timeout is 5)

-- 
Ticket URL: <http://bind10.isc.org/ticket/357#comment:9>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list