Report timeouts as Errors, with original connection (AsyncAccept::Connection)
#36
Comments
And make the errors enun non_exhaustive BREAKING CHANGE: Adds a new variant to the Error Enum BREAKING CHANGE: The Error enum is now non_exhaustive BREAKING CHANGE: Now returns an error if a handshake times out Fixes: #36
this would be pretty straightforward to do, although it would break backwards compatibility.
This is more difficult. By the time we get a timeout the connection is owned by the future that is performing the handshake, and I no longer have any reference to it. Furthermore, I don't even have access to the actual Future, since I pull from a As a possible workaround, you could do the following:
If you have any good ideas on how I could include the connection or information about the connection, I would be happy to hear them. |
And make the errors enun non_exhaustive BREAKING CHANGE: Adds a new variant to the Error Enum BREAKING CHANGE: The Error enum is now non_exhaustive BREAKING CHANGE: Now returns an error if a handshake times out Fixes: #36
|
Ah, you're right. Although I've submitted #38 as an alternative. Instead of giving back the socket upon error, that PR changes |
And make the errors enun non_exhaustive BREAKING CHANGE: Adds a new variant to the Error Enum BREAKING CHANGE: The Error enum is now non_exhaustive BREAKING CHANGE: Now returns an error if a handshake times out Fixes: #36
This now exposes the address of the peer connection both when accepting a new connection, and included in error variants. Unfortunately, this required several breaking changes. BREAKING CHANGE: AsyncAccept::poll_accept now returns a pair of the connection and address BREAKING CHANGE: AsyncAccept now has an Address associated type BREAKING CHANGE: Error now has an additional type parameter BREAKING CHANGE: AsyncAccept::Error must implement std::error::Error BREAKING CHANGE: TlsAcceptError is now a struct form variant. Fixes: #36 Co-authored-by: ahcodedthat
This builds on the previous commit. In addition to some minor stylictic and naming changes (such as calling the address peer_addr instead of remote_addr to be more consistent with tokio and stdlib), the main change here is replacing the FutureWithExtraData with a more purpose-built Waiting struct encodes the state of a connection that is waitinf for a handshake to complete. BREAKING CHANGE: AsyncAccept::Error must implement std::error::Error BREAKING CHANGE: TlsAcceptError is now a struct form variant. Fixes: #36
This builds on the previous commit. In addition to some minor stylictic and naming changes (such as calling the address peer_addr instead of remote_addr to be more consistent with tokio and stdlib), the main change here is replacing the FutureWithExtraData with a more purpose-built Waiting struct encodes the state of a connection that is waitinf for a handshake to complete. BREAKING CHANGE: AsyncAccept::Error must implement std::error::Error BREAKING CHANGE: TlsAcceptError is now a struct form variant. Fixes: #36
Currently, when a TLS handshake times out, the connection is closed silently. It would probably be better to report these events to the application as a new variant of
tls_listener::Error, containing the original connection object (AsyncAccept::Connection), so that the application can fetch the client's IP address (usingTcpStream::peer_addr) and emit a log message.That way, if an attacker attempts to DoS the application by opening a lot of dummy connections, thus exceeding
max_handshakes, the log messages will tell the administrator what's going on and what the attacker's IP addresses are.The text was updated successfully, but these errors were encountered: