How can I set a timeout value for a network fd? - Unix

This is a discussion on How can I set a timeout value for a network fd? - Unix ; Dear all, I'm trying to implement a multithread server program. Now I've encountered a problem. With multi process server, I can set a timeout value for a connection when the connection is first established and then I can choose to ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: How can I set a timeout value for a network fd?

  1. How can I set a timeout value for a network fd?

    Dear all,

    I'm trying to implement a multithread server program.
    Now I've encountered a problem.
    With multi process server, I can set a timeout value for a connection
    when the connection is first established and then I can choose to
    continue use the timeout value or not depending on the connecion's
    input data with signal call.
    But now my program is written as multithread, signal won't work for
    me.
    What I want to implement is like the openssh server.
    First, I wait for a connection.
    Then, I wait for a valid input.
    If the user fails to input for about 10 seconds or the user fails
    three times, I'll disconnect the connection.
    If the user input the right thing, I'll wait for ever for the user's
    further input.
    Any hints will be appreciated and thanks in advance.

  2. Re: How can I set a timeout value for a network fd?

    kun niu wrote:
    > Dear all,
    >
    > I'm trying to implement a multithread server program.
    > Now I've encountered a problem.
    > With multi process server, I can set a timeout value for a connection
    > when the connection is first established and then I can choose to
    > continue use the timeout value or not depending on the connecion's
    > input data with signal call.
    > But now my program is written as multithread, signal won't work for
    > me.
    > What I want to implement is like the openssh server.
    > First, I wait for a connection.
    > Then, I wait for a valid input.
    > If the user fails to input for about 10 seconds or the user fails
    > three times, I'll disconnect the connection.
    > If the user input the right thing, I'll wait for ever for the user's
    > further input.
    > Any hints will be appreciated and thanks in advance.


    I don't think that would be a good idea to wait some seconds for a
    VALID input. In some connections that may take more time to arrive.
    You should wait 10 seconds for data become available, and after
    receiving validate theme.

    With using of select(2), you can set a timeout and wait until one or
    more file-descriptors become "ready". On success, it return a set of
    fds which may be zero if it reaches the timeout limit.

    Regards,
    M.Reza Qurbani

  3. Re: How can I set a timeout value for a network fd?

    On Sep 21, 10:27*am, kun niu wrote:
    > Dear all,
    >
    > I'm trying to implement a multithread server program.
    > Now I've encountered a problem.
    > With multi process server, I can set a timeout value for a connection
    > when the connection is first established and then I can choose to
    > continue use the timeout value or not depending on the connecion's
    > input data with signal call.
    > But now my program is written as multithread, signal won't work for
    > me.


    Actually, you never needed signals You just chose to use socket
    operations that block indefinitely and then used signals as a kludge
    to unblock them. Had ou used socket operations that don't block
    indefinitely in the first place, you would never have needed signals.

    In fact, the use of signals is bad for another reason. It means you
    need one stack for each event you are waiting for. There's no rational
    reason for that either.

    > What I want to implement is like the openssh server.
    > First, I wait for a connection.
    > Then, I wait for a valid input.
    > If the user fails to input for about 10 seconds or the user fails
    > three times, I'll disconnect the connection.
    > If the user input the right thing, I'll wait for ever for the user's
    > further input.
    > Any hints will be appreciated and thanks in advance.


    Keep track of an expire time for every connection. If you reach the
    expire time, shutdown the connection. Update the expire time when you
    hear from the connection or as appropriate.

    I've found that one cool approach is to have an 'idle' flag in each
    connection structure. Every, say, five minutes, you check each
    connection. If the flag is cleared, you set it. If it's set, you
    shutdown the connection. When you hear from a connection, clear the
    flag.

    DS

  4. Re: How can I set a timeout value for a network fd?

    >I don't think that would be a good idea to wait some seconds for a
    >VALID input. In some connections that may take more time to arrive.


    On the other hand, you may well need to have a timeout that will
    absolutely, positively kill the connection if it hasn't given you
    a VALID request in a certain period of time, regardless of how the
    client keeps stringing the server along. That can act as a
    denial-of-service attack on the server by tying up connections.

    >You should wait 10 seconds for data become available, and after
    >receiving validate theme.


    I am reminded here of a problem I found in exim. Exim has an
    ultimate timeout for delivering a mail message, however, it would
    fail to honor that and keep trying if it got a "temporary" DNS
    error. Well, there are some "temporary-until-hell-freezes-over"
    DNS errors which require a country to build DNS servers before it's
    fixed (and that country would be better off buying food or building
    roads). Result: bounced SPAM over 2 months old sitting in the mail
    queue.

    >With using of select(2), you can set a timeout and wait until one or
    >more file-descriptors become "ready". On success, it return a set of
    >fds which may be zero if it reaches the timeout limit.



  5. Re: How can I set a timeout value for a network fd?

    On Sep 23, 3:52*am, gordonb.af...@burditt.org (Gordon Burditt) wrote:
    > >I don't think that would be a good idea to wait some seconds for a
    > >VALID input. In some connections that may take more time to arrive.

    >
    > On the other hand, you may well need to have a timeout that will
    > absolutely, positively kill the connection if it hasn't given you
    > a VALID request in a certain period of time, regardless of how the
    > client keeps stringing the server along. *That can act as a
    > denial-of-service attack on the server by tying up connections.
    >
    > >You should wait 10 seconds for data become available, and after
    > >receiving validate theme.

    >
    > I am reminded here of a problem I found in exim. *Exim has an
    > ultimate timeout for delivering a mail message, however, it would
    > fail to honor that and keep trying if it got a "temporary" DNS
    > error. *Well, there are some "temporary-until-hell-freezes-over"
    > DNS errors which require a country to build DNS servers before it's
    > fixed (and that country would be better off buying food or building
    > roads). *Result: bounced SPAM over 2 months old sitting in the mail
    > queue.
    >
    > >With using of select(2), you can set a timeout and wait until one or
    > >more file-descriptors *become "ready". On success, it return a set of
    > >fds which may be zero if it reaches the timeout limit.


    Yes, That makes sense. I didn't think about DoS, Thank you so much.

  6. Re: How can I set a timeout value for a network fd?

    On 9月22日, 下午2时33分, David Schwartz wrote:
    > On Sep 21, 10:27 am, kun niu wrote:
    >
    > > Dear all,

    >
    > > I'm trying to implement a multithread server program.
    > > Now I've encountered a problem.
    > > With multi process server, I can set a timeout value for a connection
    > > when the connection is first established and then I can choose to
    > > continue use the timeout value or not depending on the connecion's
    > > input data with signal call.
    > > But now my program is written as multithread, signal won't work for
    > > me.

    >
    > Actually, you never needed signals You just chose to use socket
    > operations that block indefinitely and then used signals as a kludge
    > to unblock them. Had ou used socket operations that don't block
    > indefinitely in the first place, you would never have needed signals.
    >
    > In fact, the use of signals is bad for another reason. It means you
    > need one stack for each event you are waiting for. There's no rational
    > reason for that either.
    >
    > > What I want to implement is like the openssh server.
    > > First, I wait for a connection.
    > > Then, I wait for a valid input.
    > > If the user fails to input for about 10 seconds or the user fails
    > > three times, I'll disconnect the connection.
    > > If the user input the right thing, I'll wait for ever for the user's
    > > further input.
    > > Any hints will be appreciated and thanks in advance.

    >
    > Keep track of an expire time for every connection. If you reach the
    > expire time, shutdown the connection. Update the expire time when you
    > hear from the connection or as appropriate.
    >
    > I've found that one cool approach is to have an 'idle' flag in each
    > connection structure. Every, say, five minutes, you check each
    > connection. If the flag is cleared, you set it. If it's set, you
    > shutdown the connection. When you hear from a connection, clear the
    > flag.
    >
    > DS


    That's pretty cool.
    Thank you very much for your great hint.

  7. Re: How can I set a timeout value for a network fd?

    On 9月23日, 上午8时52分, gordonb.af...@burditt.org (Gordon Burditt) wrote:
    > >I don't think that would be a good idea to wait some seconds for a
    > >VALID input. In some connections that may take more time to arrive.

    >
    > On the other hand, you may well need to have a timeout that will
    > absolutely, positively kill the connection if it hasn't given you
    > a VALID request in a certain period of time, regardless of how the
    > client keeps stringing the server along. That can act as a
    > denial-of-service attack on the server by tying up connections.
    >
    > >You should wait 10 seconds for data become available, and after
    > >receiving validate theme.

    >
    > I am reminded here of a problem I found in exim. Exim has an
    > ultimate timeout for delivering a mail message, however, it would
    > fail to honor that and keep trying if it got a "temporary" DNS
    > error. Well, there are some "temporary-until-hell-freezes-over"
    > DNS errors which require a country to build DNS servers before it's
    > fixed (and that country would be better off buying food or building
    > roads). Result: bounced SPAM over 2 months old sitting in the mail
    > queue.
    >

    That would be horrible.
    Why didn't exim fix that?
    I thought exim was a stable email system and was the default email
    system on Debian system.
    > >With using of select(2), you can set a timeout and wait until one or
    > >more file-descriptors become "ready". On success, it return a set of
    > >fds which may be zero if it reaches the timeout limit.


  8. Re: How can I set a timeout value for a network fd?

    >> I am reminded here of a problem I found in exim. Exim has an
    >> ultimate timeout for delivering a mail message, however, it would
    >> fail to honor that and keep trying if it got a "temporary" DNS
    >> error. Well, there are some "temporary-until-hell-freezes-over"
    >> DNS errors which require a country to build DNS servers before it's
    >> fixed (and that country would be better off buying food or building
    >> roads). Result: bounced SPAM over 2 months old sitting in the mail
    >> queue.
    >>

    >That would be horrible.
    >Why didn't exim fix that?


    I think they did. I'm not sure whether it was my bug report or
    someone beat me to it. In any case, this was a long time ago.

    >I thought exim was a stable email system and was the default email


    Even in spite of that flaw, I considered it stable for an ISP with
    80,000 mailboxes. Only a small percentage of bounced spam triggered
    this problem.


  9. Re: How can I set a timeout value for a network fd?

    gordonb.6qlc2@burditt.org (Gordon Burditt) writes:

    [...]

    >>I thought exim was a stable email system and was the default email

    >
    > Even in spite of that flaw, I considered it stable for an ISP with
    > 80,000 mailboxes. Only a small percentage of bounced spam triggered
    > this problem.


    This could be regarded as a configuration problem. When 'bouncing'
    spam, the spam message is, alongside some decoration, being sent to
    the envelope sender address. This envelope sender address has been
    provided by the person who sent the orignal mail as part of the
    SMTP-dialogue. IOW, the mail server is relaying spam to an address
    determined by the spammer.

+ Reply to Thread