Re: [kitten] GSS-API and timeouts
Martin Rex <mrex@sap.com> Wed, 04 April 2012 17:28 UTC
Return-Path: <mrex@sap.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1256921F861B for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.042
X-Spam-Level:
X-Spam-Status: No, score=-9.042 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFOq3Zd0GpuE for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:28:00 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 1044421F8562 for <kitten@ietf.org>; Wed, 4 Apr 2012 10:27:59 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q34HRsgo016428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 4 Apr 2012 19:27:54 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201204041727.q34HRs1a005247@fs4113.wdf.sap.corp>
To: nico@cryptonector.com
Date: Wed, 04 Apr 2012 19:27:54 +0200
In-Reply-To: <CAK3OfOgOKr1=rA2GyKQTaxuRgc14+KnyWrLuBbTdkX3U_zaYyw@mail.gmail.com> from "Nico Williams" at Apr 4, 12 11:31:17 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: kitten@ietf.org, simon@josefsson.org
Subject: Re: [kitten] GSS-API and timeouts
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 17:28:01 -0000
Nico Williams wrote: > > If you don't want to tackle async init/accept_sec_context now then I > suggest that you use threads and thread cancellation. Without looking at the particular environment underlying this discussion, I've seen problems with termination of blocking/synchronous network communication. While doing a shutdown() on a socket across threads will normally wake blocking threads on Unix system (without invalidating the socket handle that the thread was blocked on), this does not work on Microsoft Windows and on some older versions of SunOS. On Windows, the shutdown will cause network I/O, and if the peer processes the close event and closes the socket, the blocking thread will wake up almost instantly. But if the peer does not process events on the socket, then it will take 4 minutes 2*MSL (TCP retransmit timeout) before the thread that is blocking on read will be woken up with a timeout error on the socket. While closesocket() does have an immediate effect, it also invalidates the socket handle, which will require additional synchronization, so that (a) the socket handle is not used after closesocket() has been called and closesocket() is only called once. (The problem is that on a busy multi-threaded server the socket handle may get reused by an accept() between the time when a watchdog thread forces a closesocket() and the originally blocking thread wakes up.) -Martin
- Re: [kitten] GSS-API and timeouts Martin Rex
- [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts William Mills
- Re: [kitten] GSS-API and timeouts Simo Sorce
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Martin Rex
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts William Mills
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Simon Josefsson
- Re: [kitten] GSS-API and timeouts Russ Allbery
- Re: [kitten] GSS-API and timeouts Nico Williams
- Re: [kitten] GSS-API and timeouts Luke Howard
- Re: [kitten] GSS-API and timeouts Russ Allbery