luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/vendor/github.com
History
Michael Schurter c82b14b0c4 core: add limits to unauthorized connections 
Introduce limits to prevent unauthorized users from exhausting all
ephemeral ports on agents:

 * `{https,rpc}_handshake_timeout`
 * `{http,rpc}_max_conns_per_client`

The handshake timeout closes connections that have not completed the TLS
handshake by the deadline (5s by default). For RPC connections this
timeout also separately applies to first byte being read so RPC
connections with TLS enabled have `rpc_handshake_time * 2` as their
deadline.

The connection limit per client prevents a single remote TCP peer from
exhausting all ephemeral ports. The default is 100, but can be lowered
to a minimum of 26. Since streaming RPC connections create a new TCP
connection (until MultiplexV2 is used), 20 connections are reserved for
Raft and non-streaming RPCs to prevent connection exhaustion due to
streaming RPCs.

All limits are configurable and may be disabled by setting them to `0`.

This also includes a fix that closes connections that attempt to create
TLS RPC connections recursively. While only users with valid mTLS
certificates could perform such an operation, it was added as a
safeguard to prevent programming errors before they could cause resource
exhaustion.
2020-01-30 10:38:25 -08:00
..
agext/levenshtein Vendor conflicts 2018-08-07 13:02:47 -07:00
apparentlymart/go-textseg Vendor conflicts 2018-08-07 13:02:47 -07:00
appc/spec Expose rkt DriverNetwork 2017-09-21 00:34:22 +02:00
armon test case for 5540 (#5590) 2019-04-30 10:31:35 -04:00
aws/aws-sdk-go Update AWS SDK library to v1.25.41 2019-12-03 13:35:03 -05:00
Azure vendor: Update go-discover for AWS SDK change 2019-12-03 13:49:52 -05:00
beorn7/perks vendor necessary libraries for prometheus metrics 2017-09-13 19:21:21 +00:00
bgentry Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
boltdb/bolt Update bolt 2017-09-25 14:43:44 -07:00
BurntSushi/toml update consul-template to latest version 2019-08-12 16:34:48 -04:00
checkpoint-restore/go-criu vendor upstream opencontainers/runc 2019-04-19 09:49:04 -04:00
circonus-labs vault client test: minor formatting 2019-04-10 10:34:10 -05:00
containerd ar: refactor network bridge config to use go-cni lib (#6255) 2019-09-04 16:33:25 -04:00
containernetworking vendor: add cni libs 2019-07-31 01:04:07 -04:00
coreos ar: ensure network forwarding is allowed for bridged allocs (#6196) 2019-08-28 10:51:34 -04:00
cyphar/filepath-securejoin Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
DataDog/datadog-go vendor latest version of go-metrics and datadog-go/statsd 2017-09-05 14:11:49 +00:00
davecgh/go-spew Updates vendor directory to get code generation working correctly 2017-10-25 12:15:31 -05:00
docker vendor docker/docker volume utils 2019-04-25 08:55:21 -04:00
dustin/go-humanize Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
elazarl/go-bindata-assetfs sync 2017-09-19 10:08:23 -05:00
fatih vendor: update mitchellh/cli and transitive deps 2018-04-09 18:02:14 -04:00
fsouza/go-dockerclient Update go-dockerclient and docker dependencies 2019-01-15 11:28:57 -08:00
go-ini/ini Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
go-ole/go-ole Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
godbus/dbus Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
gogo/protobuf Update go-dockerclient to fix #3419 2017-11-14 15:57:09 -08:00
golang vendor: Update go-discover for AWS SDK change 2019-12-03 13:49:52 -05:00
google vendor: Update go-discover for AWS SDK change 2019-12-03 13:49:52 -05:00
googleapis/gax-go govendor fetch github.com/hashicorp/go-getter@f5101da, protobuf 1.2 2019-08-26 17:54:21 -04:00
gorhill/cronexpr sync 2017-09-19 10:08:23 -05:00
gorilla vendor github.com/gorilla/websocket 2019-05-09 16:49:08 -04:00
hashicorp core: add limits to unauthorized connections 2020-01-30 10:38:25 -08:00
hpcloud/tail Update tail, x/sys, and fsnotify deps 2017-11-30 15:52:43 -08:00
jmespath/go-jmespath Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
konsorten/go-windows-terminal-sequences update logrus and go-windows-terminal-sequences 2019-06-18 14:55:19 -04:00
kr vendor github.com/kr/pty 2019-05-10 19:17:14 -04:00
LK4D4/joincontext Device manager 2018-11-07 10:43:15 -08:00
mattn vendor: Update to latest go-colorable 2019-02-20 13:56:15 +01:00
matttproud/golang_protobuf_extensions vendor necessary libraries for prometheus metrics 2017-09-13 19:21:21 +00:00
Microsoft/go-winio vendor: Use dani fork of go-winio 2019-06-28 13:47:18 +02:00
miekg/dns Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
mitchellh Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
moby/moby Fix moby package location 2018-01-21 12:35:41 +01:00
mrunalp/fileutils Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
NVIDIA/gpu-monitoring-tools Introduce nvidia-plugin fingerprinting 2018-10-03 15:11:56 -07:00
Nvveen/Gotty Revendor docker client 2017-02-14 17:34:05 -08:00
NYTimes/gziphandler update go-hclog dep 2019-11-05 09:51:52 -05:00
oklog/run update grpc vendor dependencies 2018-08-06 11:43:24 -04:00
onsi Add missing deps needed for ginkgo 2018-03-12 10:30:56 -05:00
opencontainers Update github.com/opencontainers/selinux 2019-06-18 14:49:11 -04:00
pkg/errors error pkg 2017-01-23 10:57:06 -08:00
pmezard/go-difflib vendor 2017-07-07 12:18:14 -07:00
posener/complete Fix path completions on zsh 2017-08-29 16:39:44 -07:00
prometheus metrics: upgraded prometheus http client to 0.9.4 to address label conflict in Nomad 0.9.x reported in #5345 2019-06-18 18:34:22 +00:00
rs/cors Support CORS for client endpoints 2017-10-18 17:32:36 -07:00
ryanuber Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
sean-/seed Update github.com/sean-/seed to latest. 2017-03-13 09:50:24 -07:00
seccomp/libseccomp-golang Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
sethgrid/pester vendor + api 2016-08-17 16:23:29 -07:00
shirou Update shirou/gopsutil dep to use non-GPL code 2019-01-17 11:08:30 -05:00
sirupsen/logrus update logrus and go-windows-terminal-sequences 2019-06-18 14:55:19 -04:00
skratchdot/open-golang sync 2017-10-13 14:36:02 -07:00
spf13/pflag Expose rkt DriverNetwork 2017-09-21 00:34:22 +02:00
StackExchange/wmi Update gopsutil (#2927) 2017-07-28 09:46:44 -07:00
stretchr vendor: update testify to v1.4.0 2019-08-19 15:36:04 -07:00
syndtr/gocapability Finish implementation of the capabilities whitelist 2018-01-21 12:14:24 +01:00
tonnerre/golang-text vendor: add autopilot and flags packages from consul 2017-12-18 14:29:35 -08:00
tv42/httpunix Missing vendors 2018-09-10 15:08:34 -07:00
ugorji/go Fix hashicorp/go-msgpack import 2019-09-27 09:08:30 -04:00
ulikunitz/xz Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
vishvananda/netlink Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
vmihailenco/msgpack Initial go-plugin 2018-08-12 15:58:39 -07:00
zclconf/go-cty vendor: Update to latest hcl2 2019-02-14 13:34:46 +01:00