LISTSERV 16.5 - XROOTD-DEV Archives

CMS saw a fairly effective DoS attack on our infrastructure when a user accidentally issued billions of prepare requests.

This patch is what we did in response - simply put a hard limit on the number of prepare requests allowed per client connection.

For example, to allow 40 prepare requests per client connection, one would add the following to the configuration file:

xrootd.limit noerror prepare 40

noerror controls whether an explicit error message is returned to the client or the request is silently ignored. For the CMS use case, noerror is set.

You can view, comment on, or merge this pull request online at:

https://github.com/xrootd/xrootd/pull/452

Commit Summary

Enforce prepare limits.

File Changes

M src/XrdXrootd/XrdXrootdConfig.cc (40)
M src/XrdXrootd/XrdXrootdProtocol.cc (4)
M src/XrdXrootd/XrdXrootdProtocol.hh (8)
M src/XrdXrootd/XrdXrootdXeq.cc (10)

Patch Links:

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Add limits for prepare requests (#452)"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/452"}}}

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1