TAO_SSLIOP  2.2.2
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Public Member Functions | Private Attributes | List of all members
TAO::SSLIOP::Accept_Strategy Class Reference

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation. More...

#include <SSLIOP_Accept_Strategy.h>

Inheritance diagram for TAO::SSLIOP::Accept_Strategy:
Inheritance graph
Collaboration diagram for TAO::SSLIOP::Accept_Strategy:
Collaboration graph

Public Member Functions

 Accept_Strategy (TAO_ORB_Core *orb_core, const ACE_Time_Value &timeout)
 Constructor. More...
 
virtual int accept_svc_handler (handler_type *svc_handler)
 
- Public Member Functions inherited from TAO_Accept_Strategy< TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_Acceptor >
 TAO_Accept_Strategy (TAO_ORB_Core *orb_core)
 
int open (const ACE_PEER_ACCEPTOR_ADDR &local_addr, bool restart=false)
 
int accept_svc_handler (SVC_HANDLER *svc_handler)
 
- Public Member Functions inherited from ACE_Accept_Strategy< SVC_HANDLER, ACE_PEER_ACCEPTOR_2 >
 ACE_Accept_Strategy (ACE_Reactor *reactor=ACE_Reactor::instance())
 
 ACE_Accept_Strategy (const ACE_PEER_ACCEPTOR_ADDR &local_addr, bool restart=false, ACE_Reactor *reactor=ACE_Reactor::instance())
 
virtual ACE_HANDLE get_handle (void) const
 
virtual ACE_PEER_ACCEPTORacceptor (void) const
 
virtual ~ACE_Accept_Strategy (void)
 
void dump (void) const
 

Private Attributes

const ACE_Time_Value timeout_
 The accept() timeout. More...
 

Additional Inherited Members

- Public Types inherited from ACE_Accept_Strategy< SVC_HANDLER, ACE_PEER_ACCEPTOR_2 >
typedef ACE_PEER_ACCEPTOR_ADDR addr_type
 
typedef ACE_PEER_ACCEPTOR acceptor_type
 
typedef SVC_HANDLER handler_type
 
typedef SVC_HANDLER::stream_type stream_type
 
- Public Attributes inherited from ACE_Accept_Strategy< SVC_HANDLER, ACE_PEER_ACCEPTOR_2 >
 ACE_ALLOC_HOOK_DECLARE
 
- Protected Types inherited from TAO_Accept_Strategy< TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_Acceptor >
typedef ACE_Accept_Strategy
< SVC_HANDLER,
ACE_PEER_ACCEPTOR_2
ACCEPT_STRATEGY_BASE
 
- Protected Attributes inherited from TAO_Accept_Strategy< TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_Acceptor >
TAO_ORB_Coreorb_core_
 

Detailed Description

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation.

This accept strategy builds on on the TAO_Accept_Strategy implementation. It sub-classes that class, and overrides the accept_svc_handler() method so that a timeout value may be passed to the underlying peer acceptor. This is necessary to defend against a simple Denial-of-Service attack.

Since SSL requires two handshakes, one TCP and one SSL, it is possible for a malicious client to establish a TCP connection to the SSL port, and never complete the SSL handshake. The underlying SSL passive connection code would block/hang waiting for the SSL handshake to complete. Given enough incomplete connections where only the TCP handshake is completed, a server process could potentially run out of available file descriptors, thus preventing legitimate client connections from being established.
.
The timeout defense alluded to above bounds the time this sort of DoS attack lasts.

Constructor & Destructor Documentation

TAO::SSLIOP::Accept_Strategy::Accept_Strategy ( TAO_ORB_Core orb_core,
const ACE_Time_Value timeout 
)

Constructor.

Member Function Documentation

int TAO::SSLIOP::Accept_Strategy::accept_svc_handler ( handler_type svc_handler)
virtual

Overridden method that forces a passive connection timeout value to be passed to the underlying acceptor.

Member Data Documentation

const ACE_Time_Value TAO::SSLIOP::Accept_Strategy::timeout_
private

The accept() timeout.

This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake.


The documentation for this class was generated from the following files: