[jira] [Created] (HDFS-10452) SASL negotation should support buffer size negotiation

Mon, 23 May 2016 15:23:32 -0700 

Wei-Chiu Chuang created HDFS-10452:
--------------------------------------

             Summary: SASL negotation should support buffer size negotiation
                 Key: HDFS-10452
                 URL: https://issues.apache.org/jira/browse/HDFS-10452
             Project: Hadoop HDFS
          Issue Type: New Feature
          Components: encryption
            Reporter: Wei-Chiu Chuang
            Assignee: Wei-Chiu Chuang


The SASL negotation for data transfer encryption implemented in Hadoop 
currently only supports negotiation of cipher and QoP. The buffer size is not 
negotiated by SASL.

{code:title=SaslOutputStream.java}
public SaslOutputStream(OutputStream outStream, SaslClient saslClient) {
    this.saslServer = null;
    this.saslClient = saslClient;
    String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);
    this.useWrap = qop != null && !"auth".equalsIgnoreCase(qop);
    if (useWrap) {
      this.outStream = new BufferedOutputStream(outStream, 64*1024);
    } else {
      this.outStream = outStream;
    }
  }
{code}

{code:title=DataTransferSaslUtil.java}
public static Map<String, String> createSaslPropertiesForEncryption(
      String encryptionAlgorithm) {
    Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);
    saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());
    saslProps.put(Sasl.SERVER_AUTH, "true");
    saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);
    return saslProps;
  }
{code}

For applications that are sensitive to buffer size, e.g., HBase, there should 
be a way to configure the buffer size.

In addition, the SASL negotiation for RPC does use the negotiated buffer size, 
but since Hadoop never actually negotiates it, the size is the default value, 
64 KB.

{code:title=SaslRpcClient.java}
public OutputStream getOutputStream(OutputStream out) throws IOException {
    if (useWrap()) {
      // the client and server negotiate a maximum buffer size that can be
      // wrapped
      String maxBuf = 
(String)saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE);
      out = new BufferedOutputStream(new WrappedOutputStream(out),
                                     Integer.parseInt(maxBuf));
    }
    return out;
  }
{code}

We should make it possible to negotiate the buffer size for both data transfer 
and RPC.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

Reply via email to