[
https://issues.apache.org/jira/browse/CASSANDRA-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13495750#comment-13495750
]
Jonathan Ellis commented on CASSANDRA-3017:
-------------------------------------------
IMO the goal here is to keep a malicious or foolish peer on the network from
breaking things by forcing us to allocate huge buffers. So MessageOut should
check and log an error if it actually hits a legitimate Message that is too
large -- this is a sign that legitimate requests are getting dropped (see
below). But MessageIn should only log a warning.
The reason I wanted to investigate the difference between Thrift frame size and
our Message size is, if a Thrift limit of (say) 100K turns into a Message of
99K that is fine, we can use the Thrift limit here. But if our Messages are
larger than the corresponding Thrift frame then we could reject messages that
Thrift said were fine which is bad.
> add a Message size limit
> ------------------------
>
> Key: CASSANDRA-3017
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3017
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Jonathan Ellis
> Assignee: Kirk True
> Priority: Minor
> Labels: lhf
> Attachments:
> 0001-use-the-thrift-max-message-size-for-inter-node-messa.patch,
> trunk-3017.txt
>
>
> We protect the server from allocating huge buffers for malformed message with
> the Thrift frame size (CASSANDRA-475). But we don't have similar protection
> for the inter-node Message objects.
> Adding this would be good to deal with malicious adversaries as well as a
> malfunctioning cluster participant.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
