mdedetrich commented on code in PR #385: URL: https://github.com/apache/incubator-pekko/pull/385#discussion_r1227725251
########## actor/src/main/scala/org/apache/pekko/io/dns/IdGenerator.scala: ########## @@ -0,0 +1,82 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * license agreements; and to You under the Apache License, version 2.0: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * This file is part of the Apache Pekko project, derived from Akka. + */ + +package org.apache.pekko.io.dns + +import org.apache.pekko.annotation.InternalApi + +import java.security.SecureRandom +import java.util.concurrent.ThreadLocalRandom +import java.util.concurrent.atomic.AtomicInteger +import scala.annotation.tailrec + +/** + * INTERNAL API + * + * These are called by an actor, however they are called inside composed futures so need to be + * nextId needs to be thread safe. + */ +@InternalApi +private[pekko] trait IdGenerator { + def nextId(): Short +} + +/** + * INTERNAL API + */ +@InternalApi +private[pekko] object IdGenerator { + sealed trait Policy + + object Policy { + case object Sequence extends Policy + case object ThreadLocalRandom extends Policy + case object SecureRandom extends Policy + val Default: Policy = ThreadLocalRandom + + def apply(name: String): Option[Policy] = name.toLowerCase match { + case "sequence" => Some(Sequence) + case "thread-local-random" => Some(ThreadLocalRandom) + case "secure-random" => Some(SecureRandom) + case _ => Some(ThreadLocalRandom) + } + } + + def apply(policy: Policy): IdGenerator = policy match { + case Policy.Sequence => sequence() + case Policy.ThreadLocalRandom => random(ThreadLocalRandom.current()) + case Policy.SecureRandom => random(new SecureRandom()) + } + + /** + * @return a random sequence of ids for production + */ + def random(rand: java.util.Random): IdGenerator = new IdGenerator { + override def nextId(): Short = rand.nextInt(Short.MaxValue).toShort + } + + /** + * @return a predictable sequence of ids for tests + */ + def sequence(): IdGenerator = new IdGenerator { Review Comment: > I don't think it is problematic to support the old sequential style as an option as long as that we document the potential problems. Users are looking for secure by default. This does not mean that we can't support other modes. If people were rational actors this may be the case but often you get the case where people use the other options ignoring the security implications. The more convincing argument I can. make here is that from looking at other DNS resolvers, none of them support sequential ID's. Furthermore I think it actually goes against the IETF spec for DNS, i.e. they say you need to use random (see https://datatracker.ietf.org/doc/html/rfc5452#section-4.3). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
