[libvirt] Unbounded client streams
Jiri Denemark
jdenemar at redhat.com
Wed Apr 26 07:53:51 UTC 2017
On Wed, Apr 26, 2017 at 09:48:12 +0200, Michal Privoznik wrote:
> On 04/25/2017 04:06 PM, Daniel P. Berrange wrote:
> > On Tue, Apr 25, 2017 at 09:22:51AM +0200, Michal Privoznik wrote:
> >> Dear list,
> >>
>
>
> > I see three possible options (besides ignoring it)
> >
> > - Turn off the keepalive somehow when we want to pause reading from
> > the stream
> >
> > - Somehow introduce stream "chunking". eg assume a chunk size of 10 MB
> > is somehow enabled. The server would send 10 MB, and then not send
> > any more data until the client issued a "continue" message of some
> > kind, whereupon a further 10 MB is permitted to be sent.
>
> This could work. But what I am worried about is that this relies on the
> other side playing nicely. IOW the attack surface is still the same.
>
> BTW: I've done testing the other way when iohelper is slow. In this case
> the connection dies due to keepalive.
Just a note, keepalive is actually the smallest issue in the "don't read
any data from libvirt connection" approach. What about asynchronous
events from the server or multiple threads using the same connection?
Jirka
More information about the libvir-list
mailing list