add a handshake timeout on the stream Accept path#62
Merged
Conversation
Listener.performHandshake called ResponderHandshake with no deadline, so a peer that connected and stalled mid-handshake pinned a goroutine and a session indefinitely - a slow-loris vector. The handshake-rate limiter throttles new attempts but does nothing for an in-flight stall; the datagram transport already times out, the stream path did not. Add HandshakeTimeout to TransportConfig (default 30s; the CH-KEM handshake is sub-millisecond, so the bound only catches the abusive case). performHandshake sets the connection deadline before ResponderHandshake and clears it on success, so the established transport's own per-op deadlines take over. Responder/Accept path only - a hung Dial is the client's own problem. Test: a peer that connects and sends nothing, the responder tears it down within the timeout instead of hanging.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Listener.performHandshakecalledResponderHandshakewith no deadline, so a peer that connected and then stalled mid-handshake pinned a goroutine + session indefinitely (slow-loris). The handshake-rate limiter throttles new attempts but does nothing for an in-flight stall. The datagram transport already times out; the stream path did not.Change
HandshakeTimeouttoTransportConfig, default 30s (the CH-KEM handshake is sub-millisecond, so the bound only catches the abusive case; operators in hostile environments can lower it).performHandshakesets the connection deadline beforeResponderHandshakeand clears it on success, so the established transport's own per-op deadlines take over.Acceptpath only - a hungDialis the client's own problem. Deadline only, no wire change.Verification
TestResponderHandshakeTimeout: a peer that connects and sends nothing gets torn down within the timeout instead of hanging.-race; full suite green.