It looks like the Swift proxy will leak memory if the connection is closed and the full response is not read. This opens for a potential DoS attacks.
Reproduce:
$ swift -A http://localhost:8888/auth/v1.0 -U .. -K .. upload --use-slo --segment-size 1048576 <container> <big-file> $ curl -H'X-Auth-Token: AUTH_...' "http://localhost:8888/v1/AUTH_../<container>/<big-file>" -m 0.001 > /dev/null
Repeat the curl command a couple of times and you will have more information in netstat and sockstat. The important part is the -m which sets the max time curl spends at downloading. After that point, it'll close the connection.
$ sudo netstat -ant -p | grep :6000 $ cat /proc/net/sockstat
tcp 0 0 127.0.0.1:6000 0.0.0.0:* LISTEN 1358/python tcp 0 43221 127.0.0.1:6000 127.0.0.1:48350 FIN_WAIT1 - tcp 0 43221 127.0.0.1:6000 127.0.0.1:48882 FIN_WAIT1 - tcp 939820 0 127.0.0.1:48350 127.0.0.1:6000 ESTABLISHED 17897/python tcp 939820 0 127.0.0.1:48882 127.0.0.1:6000 ESTABLISHED 17890/python tcp 983041 0 127.0.0.1:48191 127.0.0.1:6000 CLOSE_WAIT 17897/python tcp 983041 0 127.0.0.1:48948 127.0.0.1:6000 CLOSE_WAIT 17892/python
Restarting the proxy frees up the lingering memory.
This problem did not exist in 2.2.0.
ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: swift 2.2.2-0ubuntu1~cloud0 [origin: Canonical] ProcVersionSignature: Ubuntu 3.16.0-48.64~14.04.1-generic 3.16.7-ckt15 Uname: Linux 3.16.0-48-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.12 Architecture: amd64 CrashDB: { "impl": "launchpad", "project": "cloud-archive", "bug_pattern_url": "http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml", } Date: Tue Sep 8 09:55:05 2015 InstallationDate: Installed on 2015-06-22 (77 days ago) InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) PackageArchitecture: all SourcePackage: swift UpgradeStatus: No upgrade log present (probably fresh install)
It looks like the Swift proxy will leak memory if the connection is closed and the full response is not read. This opens for a potential DoS attacks.
Reproduce:
$ swift -A http:// localhost: 8888/auth/ v1.0 -U .. -K .. upload --use-slo --segment-size 1048576 <container> <big-file> localhost: 8888/v1/ AUTH_.. /<container> /<big-file> " -m 0.001 > /dev/null
$ curl -H'X-Auth-Token: AUTH_...' "http://
Repeat the curl command a couple of times and you will have more information in netstat and sockstat. The important part is the -m which sets the max time curl spends at downloading. After that point, it'll close the connection.
$ sudo netstat -ant -p | grep :6000
$ cat /proc/net/sockstat
tcp 0 0 127.0.0.1:6000 0.0.0.0:* LISTEN 1358/python
tcp 0 43221 127.0.0.1:6000 127.0.0.1:48350 FIN_WAIT1 -
tcp 0 43221 127.0.0.1:6000 127.0.0.1:48882 FIN_WAIT1 -
tcp 939820 0 127.0.0.1:48350 127.0.0.1:6000 ESTABLISHED 17897/python
tcp 939820 0 127.0.0.1:48882 127.0.0.1:6000 ESTABLISHED 17890/python
tcp 983041 0 127.0.0.1:48191 127.0.0.1:6000 CLOSE_WAIT 17897/python
tcp 983041 0 127.0.0.1:48948 127.0.0.1:6000 CLOSE_WAIT 17892/python
Restarting the proxy frees up the lingering memory.
This problem did not exist in 2.2.0.
ProblemType: Bug cloud0 [origin: Canonical] ature: Ubuntu 3.16.0- 48.64~14. 04.1-generic 3.16.7-ckt15
"impl" : "launchpad",
"project" : "cloud-archive",
"bug_ pattern_ url": "http:// people. canonical. com/~ubuntu- archive/ bugpatterns/ bugpatterns. xml", ture: all
DistroRelease: Ubuntu 14.04
Package: swift 2.2.2-0ubuntu1~
ProcVersionSign
Uname: Linux 3.16.0-48-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.12
Architecture: amd64
CrashDB:
{
}
Date: Tue Sep 8 09:55:05 2015
InstallationDate: Installed on 2015-06-22 (77 days ago)
InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
PackageArchitec
SourcePackage: swift
UpgradeStatus: No upgrade log present (probably fresh install)