IETF Logo Mail Archive

Re: [kitten] GSS-API and timeouts

Martin Rex <mrex@sap.com> Wed, 04 April 2012 17:28 UTC

Return-Path: <mrex@sap.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1256921F861B for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.042
X-Spam-Level:
X-Spam-Status: No, score=-9.042 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFOq3Zd0GpuE for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:28:00 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 1044421F8562 for <kitten@ietf.org>; Wed, 4 Apr 2012 10:27:59 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q34HRsgo016428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 4 Apr 2012 19:27:54 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201204041727.q34HRs1a005247@fs4113.wdf.sap.corp>
To: nico@cryptonector.com
Date: Wed, 04 Apr 2012 19:27:54 +0200
In-Reply-To: <CAK3OfOgOKr1=rA2GyKQTaxuRgc14+KnyWrLuBbTdkX3U_zaYyw@mail.gmail.com> from "Nico Williams" at Apr 4, 12 11:31:17 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: kitten@ietf.org, simon@josefsson.org
Subject: Re: [kitten] GSS-API and timeouts
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 17:28:01 -0000

Nico Williams wrote:
> 
> If you don't want to tackle async init/accept_sec_context now then I
> suggest that you use threads and thread cancellation.

Without looking at the particular environment underlying this discussion,
I've seen problems with termination of blocking/synchronous network
communication.  While doing a shutdown() on a socket across threads
will normally wake blocking threads on Unix system (without invalidating
the socket handle that the thread was blocked on), this does not work
on Microsoft Windows and on some older versions of SunOS.

On Windows, the shutdown will cause network I/O, and if the peer
processes the close event and closes the socket, the blocking thread
will wake up almost instantly.  But if the peer does not process events
on the socket, then it will take 4 minutes 2*MSL (TCP retransmit timeout)
before the thread that is blocking on read will be woken up with a
timeout error on the socket.  While closesocket() does have an immediate
effect, it also invalidates the socket handle, which will require
additional synchronization, so that (a) the socket handle is not used
after closesocket() has been called and closesocket() is only called once.
(The problem is that on a busy multi-threaded server the socket handle
 may get reused by an accept() between the time when a watchdog thread
 forces a closesocket() and the originally blocking thread wakes up.)

-Martin

v2.23.0 | Report a Bug | By Email