I'm not totally convinced that this is a solvable problem (nor that it is in any way unique to Cap'n Proto).
But I suppose if a solution exists, it would be based around placing limits on things like: - Number of calls that can be in-flight at once. - Total size of in-flight call parameters (we actually have code for this already, which we use in Sandstorm to prevent an app from flooding the system with calls). - Total number of outstanding capabilities (maybe weighted by some app-specified cost of each object?). - Probably lots of other things. The problem with limits, of course, is that inevitably there is no suitable default that is appropriate for all apps. It's all heuristic. We can lessen the harm of accidentally hitting limits by applying backpressure (blocking new requests until previous requests complete) rather than throwing hard errors, but this can lead to subtle problem. E.g. a limit on number of calls could in theory lead to a deadlock, if the caller needs to make a new call to cause previous calls to return. It will probably work 99.999% of the time, though? For limiting capabilities, it's not clear that backpressure would work at all, but maybe the server could respond by disconnecting the least-recently-used capability when the table overflows? In theory clients need to be able to handle disconnects anyway. -Kenton On Thu, Mar 9, 2017 at 12:53 PM, Ian Denhardt <[email protected]> wrote: > The capnproto FAQ states: > > > At this time, the RPC layer is not robust against resource exhaustion > > attacks, possibly allowing denials of service. > > Has there been any thought into how to deal with this? It's something > that has crossed my mind in the past, and found myself wondering about > it again today. > > -Ian > > -- > You received this message because you are subscribed to the Google Groups > "Cap'n Proto" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/group/capnproto. > -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/capnproto.
