code review request: 7162687: enhance KDC server availability detection
Weijun Wang
weijun.wang at oracle.com
Fri May 18 10:08:27 UTC 2012
Hi Valerie
Webrev updated:
http://cr.openjdk.java.net/~weijun/7162687/webrev.01/
Summary:
KdcComm.java and NetClient.java
1. Make NetClient AutoCloseable, use try-with-resources.
2. Add a connect() after UDP socket is created, this ensures an
immediate PortUnreachableException if the server is not on. When this
exception is seen, we won't try the same KDC again.
3. Now we have
try {
dgSocket.receive(dgPacketIn);
}
catch (SocketException e) {
+ if (e instanceof PortUnreachableException) {
+ throw e;
+ }
dgSocket.receive(dgPacketIn);
}
Here I have no idea what benefit the original code gets by retrying
receive(). This code has been there at the very beginning. I simply add
a new exception check.
test/sun/security/krb5/auto/Unreachable.java
test/sun/security/krb5/auto/unreachable.krb5.conf
New test. With PortUnreachableException, the test should finish in a
very short time without waiting for 3 timeouts. Hopefully no process is
waiting on those 3 ports I hard code.
test/ProblemList.txt
PortUnreachableException is not available on Mac, new test won't
work there.
test/sun/security/krb5/auto/BadKdc.java
test/sun/security/krb5/auto/MaxRetries.java
Old tests need to be updated. Start a dummy DatagramSocket to
trigger the TimeoutException.
test/sun/security/krb5/auto/TcpTimeout.java
The test checks for time elapse but quite a lot of our test machines
are virtual machines and Windows guests always get timing wrong. Remove
that check.
Thanks
Max
On 04/19/2012 11:21 AM, Weijun Wang wrote:
> Hi Valerie
>
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/7162687/webrev.00/
>
> Basically I add a connect() before send/receive and if a KDC UDP server
> is not on, an ICMP Port Unreachable message will be received
> immediately, and there will be no more retry on the same KDC.
>
> In the tests, an idle DatagramSocket must be created to avoid the ICMP
> message being sent. I also enhance the BadKdc tests to check the new
> behavior: When no idle DatagramSocket is created, there are no more
> retries on the same KDC, but you can still see krb5.kdc.bad.policy working.
>
> Thanks
> Max
>
>
> -------- Original Message --------
> *Change Request ID*: 7162687
> *Synopsis*: enhance KDC server availability detection
>
> Product: java
> Category: java
> Subcategory: classes_security
> Type: RFE
>
> === *Description*
> ============================================================
> Currently if there are multiple KDCs defined for a realm, we send UDP
> request to each one and wait for reply, when no reply is received, we
> retry. After several unsuccessful retries, we go on to the next KDC. The
> timeout for the wait is normally 30 seconds. If the KDCs defined are not
> all turned on, the time spent to finally get a response might be very
> long. This is especially true for customers having a main KDC and
> several slave KDCs and the main KDC is in maintenance.
>
> In fact, there is a better way to detect if the KDC server is on by
> connect() to it first. In this way, an IMCP PortUnreachableException
> will be thrown in a later send/receive method immediately. Also, when
> this exception is thrown, we can be sure that the KDC server is off and
> there is no need to retry this one.
>
> Please note that if a KDC is on but for various reasons it cannot reply
> in a timely manner, we will still wait for the timeout and do a retry.
>
> *** (#1 of 1): 2012-04-19 02:56:04 GMT+00:00 weijun.wang at oracle.com
> *** Last Edit: 2012-04-19 02:57:44 GMT+00:00 weijun.wang at oracle.com
>
More information about the security-dev
mailing list