luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/vendor/github.com/hashicorp
History
Michael Schurter c82b14b0c4 core: add limits to unauthorized connections 
Introduce limits to prevent unauthorized users from exhausting all
ephemeral ports on agents:

 * `{https,rpc}_handshake_timeout`
 * `{http,rpc}_max_conns_per_client`

The handshake timeout closes connections that have not completed the TLS
handshake by the deadline (5s by default). For RPC connections this
timeout also separately applies to first byte being read so RPC
connections with TLS enabled have `rpc_handshake_time * 2` as their
deadline.

The connection limit per client prevents a single remote TCP peer from
exhausting all ephemeral ports. The default is 100, but can be lowered
to a minimum of 26. Since streaming RPC connections create a new TCP
connection (until MultiplexV2 is used), 20 connections are reserved for
Raft and non-streaming RPCs to prevent connection exhaustion due to
streaming RPCs.

All limits are configurable and may be disabled by setting them to `0`.

This also includes a fix that closes connections that attempt to create
TLS RPC connections recursively. While only users with valid mTLS
certificates could perform such an operation, it was added as a
safeguard to prevent programming errors before they could cause resource
exhaustion.
2020-01-30 10:38:25 -08:00
..
consul vendor: update consul/api@v1.5.1 for connect fields 2019-07-31 01:04:05 -04:00
consul-template updates consul template deps to v0.22.1 2019-11-14 08:58:34 -05:00
errwrap Using godeps to build 2016-02-12 10:02:16 -08:00
go-checkpoint Updating go-checkpoint lib to have a fixed timeout 2017-10-09 15:23:46 -04:00
go-cleanhttp Update go-cleanhttp 2017-02-10 19:41:28 -05:00
go-connlimit core: add limits to unauthorized connections 2020-01-30 10:38:25 -08:00
go-discover Update go-discover library 2020-01-08 14:49:04 -05:00
go-envparse Update go-envparse to allow dots in env vars 2018-01-22 14:02:39 -08:00
go-getter govendor fetch github.com/hashicorp/go-getter@f5101da, protobuf 1.2 2019-08-26 17:54:21 -04:00
go-hclog update go-hclog to latest release 2019-12-18 12:53:33 -05:00
go-immutable-radix Deployment watcher takes state store 2017-08-30 18:51:59 -07:00
go-memdb vendor filter iterator 2017-09-07 17:15:56 -07:00
go-msgpack Fix hashicorp/go-msgpack import 2019-09-27 09:08:30 -04:00
go-multierror Update go-multierror to 72917a1 2019-12-13 10:13:31 -05:00
go-plugin upgrade go-plugin to latest, 8091134 2019-10-04 13:26:49 -04:00
go-retryablehttp vendor: updated consul-template and downstream 2019-04-10 10:34:10 -05:00
go-rootcerts Add option to set certificate in-memory via SDK 2019-12-16 10:59:27 +01:00
go-safetemp vendor: pull in go-safetemp 2018-04-09 17:19:26 -04:00
go-sockaddr vendor gosockaddr 2018-03-20 10:39:39 -07:00
go-syslog added version github.com/hashicorp/go-syslog 2019-08-20 13:17:08 +03:00
go-uuid Divest api/ package of deps elsewhere in the nomad repo. (#5488) 2019-03-29 14:47:40 -04:00
go-version vendor: update go-version to include NewSemver 2019-11-19 08:40:18 -08:00
golang-lru more vendoring 2016-10-06 12:36:44 -07:00
hcl config parse update hcl with support for decoding bool to string 2019-06-10 13:12:38 -04:00
hcl2 Upgrade hcl2 to validate arrays for unknown values 2019-06-17 12:28:14 -04:00
logutils Update runc/libcontainer and friends (#4655) 2018-10-16 16:53:30 -07:00
memberlist test case for 5540 (#5590) 2019-04-30 10:31:35 -04:00
net-rpc-msgpackrpc Using godeps to build 2016-02-12 10:02:16 -08:00
raft updated to latest hashicorp/raft and hashicorp/memberlist to pull 2019-01-04 14:01:36 +00:00
raft-boltdb Using godeps to build 2016-02-12 10:02:16 -08:00
serf updated serf along with raft 2019-01-04 16:56:26 +00:00
vault vendor: updated consul-template and downstream 2019-04-10 10:34:10 -05:00
yamux vendor yamux 2018-09-17 13:58:51 -07:00