[
https://issues.apache.org/jira/browse/IVY-854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735587#action_12735587
]
Ernest Pasour commented on IVY-854:
-----------------------------------
It appears that the problem we are experiencing right now is because of all the
attempts to read non-existent directories using the ApacheURLLister class.
When the connection attempts (and fails) to get the input stream, it is
apparently enough to create a connection, but the connection is not cleaned up
properly, even using the disconnect call. The code below reproduces the
problem (on windows) if you put the proper data in the url definition. You
will get the BindException after about 15 seconds. If you do a "netstat" from
the command line, you will see lots of connections in the TIME_WAIT state.
I think Nascif's idea above makes sense to reduce the number of connections
being made. I think it would also make sense to reduce the number of invalid
URLs used. I hacked together some code to keep a hash of the shortest invalid
urls and then not attempt to make connections when subsequent urls show up with
an invalid prefix. This seems to work but I haven't really validated it yet.
This idea could also be used in conjunction with Nascif's idea.
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.BindException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
public class Test2 {
public static void main(String[] args) throws IOException {
for (int i=0;;i++)
{
URL url=new URL("http", "<your server>", 80, "<bad path
on server>"); //shows problem
// URL url=new URL("http", "<your server>", 80, "<existing
path on server>"); //works fine; does not leak connections
URLConnection conn=url.openConnection();
String htmlText = "";
try
{
BufferedReader r = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
}
catch (BindException e)
{
e.printStackTrace();
}
catch (IOException e)
{}
finally
{
if (conn instanceof HttpURLConnection)
{
((HttpURLConnection)conn).disconnect();
}
}
}
}
}
> Evil behavior form resolve latest.status: performs DOS attacks
> --------------------------------------------------------------
>
> Key: IVY-854
> URL: https://issues.apache.org/jira/browse/IVY-854
> Project: Ivy
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.0.0-beta-2
> Environment: windows xp sp2, linux fedora core 9, running Ivy
> repository through http for remote resolving and Hudson CI server (publishing
> to the repo).
> Reporter: Hans Lund
> Assignee: Maarten Coene
> Fix For: 2.0-RC1
>
>
> Ivy is extremely aggressive towards repositories . This can result in
> resolving fails, even towards a healthy repository.
> The symptom:
> [ivy:resolve] 01-07-2008 13:16:24
> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
> [ivy:resolve] INFO: I/O exception (java.net.BindException) caught when
> processing request: Address already in use: connect.
> In effect this happens when Ivy has performed a successfully DOS attack
> against the repository.
> This is especially a problem when having large repositories (lost of
> revisions) and resolve against latest.status -> as this will fetch ivy.xml
> md5 and sha1 files for every revision.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
