[Varnish] #402: send_timeout cause connections to be prematurely closed

Varnish varnish-bugs at projects.linpro.no
Mon Nov 16 10:54:26 CET 2009 

#402: send_timeout cause connections to be prematurely closed
--------------------------------------+-------------------------------------
 Reporter:  havardf                   |        Owner:  phk       
     Type:  defect                    |       Status:  closed    
 Priority:  normal                    |    Milestone:            
Component:  varnishd                  |      Version:  2.0       
 Severity:  normal                    |   Resolution:  worksforme
 Keywords:  send_timeout connections  |  
--------------------------------------+-------------------------------------
Changes (by phk):

  * status:  new => closed
  * resolution:  => worksforme

Comment:

 Your test is not valid, because SO_SNDTIMEO works on a per-packet basis.

 20 bytes per second, will only amount to 400 bytes in 20 seconds, and 400
 bytes is below the payload in the 576 byte minimum MTU, so the timeout
 should fire.

 If I run wget with --limit-rate=20 (on FreeBSD), the initial Tcp packet
 has only 512 bytes (slow-start ?) and the test fails because wget does not
 reopen the TCP window within 20 seconds.

 If I increase --limit-rate to 40, the connection does not get cut off,
 because a packet of data is transferred more often than 20 seconds.

 The intent behind send_timeout, is to prevent a client from holding a
 worker thread hostage, due to bugs, malicious intent or network trouble,
 and for all I can see, it works as it should.

 Try for instance to fetch a multi-MB file with wget and --limit-rate=1000
 and then CTRL-Z the wget.  After send_timeout, the connection is broken,
 as it should be.

 It can be argued that different behaviours should be implemented,
 depending on the client sending TCP-ACKS with shut window or the client
 not responding at all, but this is not possible within the POSIX
 definition of the socket API, and would likely just change DoS attacks
 sematics accordingly.

 Poul-Henning

-- 
Ticket URL: <http://varnish.projects.linpro.no/ticket/402#comment:2>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list