cloudstack

History

Rohit Yadav 9c7518698d CLOUDSTACK-9348: NioConnection improvements - Unit test to demonstrate denial of service attack The NioConnection uses blocking handlers for various events such as connect, accept, read, write. In case a client connects NioServer (used by agent mgr to service agents on port 8250) but fails to participate in SSL handshake or just sits idle, this would block the main IO/selector loop in NioConnection. Such a client could be either malicious or aggresive. This unit test demonstrates such a malicious client that can perform a denial-of-service attack on NioServer that blocks it to serve any other client. - Use non-blocking SSL handshake - Uses non-blocking socket config in NioClient and NioServer/NioConnection - Scalable connectivity from agents and peer clustered-management server - Removes blocking ssl handshake code with a non-blocking code - Protects from denial-of-service issues that can degrade mgmt server responsiveness due to an aggressive/malicious client - Uses separate executor services for handling ssl handshakes Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2016-05-19 16:45:16 +05:30
..
java	CLOUDSTACK-9348: NioConnection improvements	2016-05-19 16:45:16 +05:30
resources	Refactor cloud-utils project into Maven default structure	2015-08-25 14:50:33 +02:00

Rohit Yadav 9c7518698d CLOUDSTACK-9348: NioConnection improvements

- Unit test to demonstrate denial of service attack
  The NioConnection uses blocking handlers for various events such as connect,
  accept, read, write. In case a client connects NioServer (used by
  agent mgr to service agents on port 8250) but fails to participate in SSL
  handshake or just sits idle, this would block the main IO/selector loop in
  NioConnection. Such a client could be either malicious or aggresive.

  This unit test demonstrates such a malicious client that can perform a
  denial-of-service attack on NioServer that blocks it to serve any other client.

- Use non-blocking SSL handshake
  - Uses non-blocking socket config in NioClient and NioServer/NioConnection
  - Scalable connectivity from agents and peer clustered-management server
  - Removes blocking ssl handshake code with a non-blocking code
  - Protects from denial-of-service issues that can degrade mgmt server responsiveness
    due to an aggressive/malicious client
  - Uses separate executor services for handling ssl handshakes

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2016-05-19 16:45:16 +05:30

java

CLOUDSTACK-9348: NioConnection improvements

2016-05-19 16:45:16 +05:30

resources

Refactor cloud-utils project into Maven default structure

2015-08-25 14:50:33 +02:00