On Tue, Apr 28, 2009 at 3:04 AM, Rainer Toebbicke <[email protected]> wrote: > Tom Keiser schrieb: > >> >> Raising thread count is not a solution. More to the point, this patch >> introduces a trivially-exploitable (by rxnull conns, no less) thread >> DoS against the volume server, and that's just not acceptable. >> >> The solution to this problem needs to happen client-side, period. >> > > > Tom, > > as you are aware the file server is trivially DoSsable. Even logical and > valid requests from a batch farm of a few thousand clients like ours will > lock it up in no time, which we solved here in a way that's perhaps even > more contentious. A volserver DoS would rarely have a comparable impact, and > 7005 can probably be firewalled out from the wild world without much loss. > > I agree however that introducing a DoS point even if it's only the 20th or > 30th on the list is a filthy habit of the past century. I'll check if that > problem can be fixed on the client side without spaghettitizing the code > significantly - when I get some time!
It can. See the updated patch in 124635. Try if you can. Derrick _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
