[
https://issues.apache.org/jira/browse/YARN-8972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694768#comment-17694768
]
ASF GitHub Bot commented on YARN-8972:
--------------------------------------
goiri commented on code in PR #5382:
URL: https://github.com/apache/hadoop/pull/5382#discussion_r1120893767
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/RouterServerUtil.java:
##########
@@ -624,4 +637,112 @@ public static ReservationDefinition
convertReservationDefinition(
return definition;
}
+
+ /**
+ * Checks if the ApplicationSubmissionContext submitted with the application
+ * is valid.
+ *
+ * Current checks:
+ * - if its size is within limits.
+ *
+ * @param appContext the app context to check.
+ * @throws IOException if an IO error occurred.
+ * @throws YarnException yarn exception.
+ */
+ @Public
+ @Unstable
+ public static void
checkAppSubmissionContext(ApplicationSubmissionContextPBImpl appContext,
+ Configuration conf) throws IOException, YarnException {
+ // Prevents DoS over the ApplicationClientProtocol by checking the context
+ // the application was submitted with for any excessively large fields.
+ double maxAscSize =
conf.getStorageSize(YarnConfiguration.ROUTER_ASC_INTERCEPTOR_MAX_SIZE,
+ YarnConfiguration.DEFAULT_ROUTER_ASC_INTERCEPTOR_MAX_SIZE,
StorageUnit.KB);
+ if (appContext != null) {
+ int size = appContext.getProto().getSerializedSize();
Review Comment:
From the previous stuff I was expecting bytes.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/RouterServerUtil.java:
##########
@@ -624,4 +637,112 @@ public static ReservationDefinition
convertReservationDefinition(
return definition;
}
+
+ /**
+ * Checks if the ApplicationSubmissionContext submitted with the application
+ * is valid.
+ *
+ * Current checks:
+ * - if its size is within limits.
+ *
+ * @param appContext the app context to check.
+ * @throws IOException if an IO error occurred.
+ * @throws YarnException yarn exception.
+ */
+ @Public
+ @Unstable
+ public static void
checkAppSubmissionContext(ApplicationSubmissionContextPBImpl appContext,
+ Configuration conf) throws IOException, YarnException {
+ // Prevents DoS over the ApplicationClientProtocol by checking the context
+ // the application was submitted with for any excessively large fields.
+ double maxAscSize =
conf.getStorageSize(YarnConfiguration.ROUTER_ASC_INTERCEPTOR_MAX_SIZE,
+ YarnConfiguration.DEFAULT_ROUTER_ASC_INTERCEPTOR_MAX_SIZE,
StorageUnit.KB);
+ if (appContext != null) {
+ int size = appContext.getProto().getSerializedSize();
Review Comment:
Is this KB? can you add it to the variable?
```
int sizeKB
```
> [Router] Add support to prevent DoS attack over ApplicationSubmissionContext
> size
> ---------------------------------------------------------------------------------
>
> Key: YARN-8972
> URL: https://issues.apache.org/jira/browse/YARN-8972
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Giovanni Matteo Fumarola
> Assignee: Shilun Fan
> Priority: Major
> Labels: pull-request-available
> Attachments: YARN-8972.v1.patch, YARN-8972.v2.patch,
> YARN-8972.v3.patch, YARN-8972.v4.patch, YARN-8972.v5.patch
>
>
> This jira tracks the effort to add a new interceptor in the Router to prevent
> user to submit applications with oversized ASC.
> This avoid YARN cluster to failover.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
