On Tuesday, March 25, 2014 1:29:57 PM UTC+5:30, Saúl Ibarra Corretgé wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 03/25/2014 02:58 AM, Ashish wrote: > > > > LIBUV based servers are event based hence they are vulnerable to > > denial of service attacks. > > > > Where do you get this from? > > > In other words, "sending a large number of pipelined requests > > without reading the response" results in generating so huge number > > of 'read' events that event loop never triggers any other events. > > Eventually the server ends up running out of resources. > > > > I was just wondering how this can be handled? > > > > I don't think it's the responsibility of the library (libuv in this > case) to handle all possible deployments/scenarios. We provide the > tools. When you build a server with it you'll need to adjust it to > your scenario. You could coalesce X reads and process them in an idle > handle, or what have you. If you are being hammered by reads, libuv > will still fire timer, check, prepare and idle callbacks, so it's not > like you can't do anything. > > > Cheers, > > - -- > Saúl Ibarra Corretgé > bettercallsaghul.com > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Icedove - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJTMTd9AAoJEEEOVVOum8BZq98QALKXrZDGGPHpevmwa/9KeT9t > fIk4XfncsGfHvGIX2m5rw0+KMh40o5UsT0dRb81p5Ch+OBEZ2eMDR86LVo/5uhFY > WtHLtMCbg0UnFUKI1dZfU6cRfEuulCeBo8KXijhucwZ5VLeo+b6VvObpQ7FbIROq > YPO5O3quBk/KwCS7CZWJDZJ4cAbe6hYR6d4CVCISkKZ5Dx/jmB2KaM4f6HSFmGww > GV/gAKNV4Xa9w5T7FY8jMMZWnIVh0Gu/H9a/S1aOzCEO9L1ci32t00iJh5OMmagy > zSpGbAH/zK8hi2WJkUF2OIgrmYBoQ84eu5Dk6LL/wONB8rmySnLdtjdUMXip07FC > TNAFKanJ4zQZTZMhUn0ZWWk38tEhgK/QjblMnDSHOP4m7tK9ntPOT1s4j4QA02rl > uxm1ncd7E7MEwKw5TejavO1if/a3W6r7O0pFFUmGCMt4JZkpxIrlPyMTPAW1mFC1 > 9QmebN13tmUm0lEFJ5JUHVFB1R+lmBE+ItpALYSC9jIXe23hF7OZTJwG37S8vME0 > gZUOPL6zY3asE8kD1wzIyIA002AOvDqDFeyDfdgddOhkrDIgmLWrlFsJ6Xbtw3JM > rezRxybhyodRu6p10hGPw+nXwqgbLXgJDjG4JnYJCOKFISCt6MmLL92g0tv0GNI+ > ToIyaP7JP3MPofpqcAfD > =mdqf > -----END PGP SIGNATURE----- >
By design my server queues incoming requests and triggers certain number of threads to process the queue. And in 'after_thread' callback I do cleanup activities. For legitimate requests it works perfectly well. However, if there are continuous requests pouring into ( a typical DoS attack ) libuv keeps calling only 'on_read' and it never calls 'after_thread' callback (Even if threads are finished running). Libuv invokes all those pending 'after_thread' callbacks only once incoming requests are stopped (or paused). Tried a lot but not sure how to make libuv to call 'after_thread' even when it is hammered by continuous reads. Where can I find more info on timer, check, prepare and idle callbacks? I'll try to see if they can help me handling DoS. Tnx, Ashsh -- You received this message because you are subscribed to the Google Groups "libuv" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/libuv. For more options, visit https://groups.google.com/d/optout.
