From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 9190C1FF2C5 for ; Mon, 8 Jul 2024 18:48:32 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E8622AABE; Mon, 8 Jul 2024 18:48:52 +0200 (CEST) From: Max Carrara To: pbs-devel@lists.proxmox.com Date: Mon, 8 Jul 2024 18:48:14 +0200 Message-Id: <20240708164817.689324-1-m.carrara@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.029 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH v2 proxmox 0/3] Fix #5105: Overhaul TLS Handshake Checking Logic X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Cc: Wolfgang Bumiller Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Fix #5105: Overhaul TLS Handshake Checking Logic - v2 ===================================================== Notable Changes Since v1 ------------------------ As discussed with Wolfgang off-list, instead of busy-waiting and continuously yielding back to the event loop, patch 03 now makes use of some lower-level functionality in tokio, which allows us to "retry" peeking into the TCP stream's queue and raise an EAGAIN / EWOULDBLOCK if we haven't received all required bytes to perform the TLS handshake check. The reason for this change is that streams behave incorrectly in terms of edge-triggering [1], and we currently have no guarantee that we won't run into related bugs when we're peeking into the stream's queue (or that they won't affect us) in the future. In short, the event loop isn't supposed to wake the task again if we didn't receive enough bytes yet. With the change made to patch 03, what happens is that we're only peeking into the stream's queue if we're told that we can actually peek again. All in all, we're not busy-waiting anymore while simultaneously ensuring that our implementation will remain correct in the future. Thanks to Wolfgang for all the help in this regard! Older Versions -------------- v1: https://lists.proxmox.com/pipermail/pbs-devel/2024-July/010091.html References ---------- [1]: https://lwn.net/Articles/864947/ Summary of Changes ------------------ Max Carrara (3): rest-server: connection: clean up accept data flow rest-server: connection: log peer address on error fix #5105: rest-server: connection: overhaul TLS handshake check logic proxmox-rest-server/src/connection.rs | 206 ++++++++++++++------------ 1 file changed, 115 insertions(+), 91 deletions(-) -- 2.39.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel