Have receivers enforce max-message-size if configured #57
Comments
|
The setter/accessors only convey/access information to/from the remote peer in the link attach, there is currently no enforcement by the library itself, which like proton-j (and -c) itself leaves it to the using application code to handle and react to. In hindsight, given it is actually the fully encoded message data which that size value governs, and not of just e.g the string body used in this case, it was a mistake exposing the setters/getters in vertx-proton without also considering that since the encoded message isn't directly seen by the using application code there (assuming it doesn't encode it itself just to check it). Handling it internally on the receiving side the way the spec indicates would be a little awkward. Need to think on how to address that. |
|
I agree with your assessment, @gemmellr, that it is hard for the application layer to determine the total message size based on payload (and maybe headers). This should be left to the framework layer. |
My understanding of both max-frame-size as well as max-message-size is that these properties can be used to implement a safeguard on the receiver side to prevent a sender from flooding the receiver with frames that would eat up the receiver's memory. Based on that assumption I think that the receiver side will have to enforce both property values in order to provide this safeguard. If this is deferred to the application layer (on the receiver side) then problem will already have occurred way before the receiving application first sees the incoming message. If I am not mistaken then proton-j already enforces the max-frame-size on the receiving end of a link but it doesn't limit the inbound message buffer based on the max-message-size, does it? |
|
@gemmellr We are running into this problem again. Any thoughts regarding if and how to fix this at the vertx-proton and/or proton-j layer? |
A receiver link now checks if the receiver side's max-message-size is being exceeded by an incoming transfer frame's content. If so, the transfer is being rejected, thus preventing senders from exceeding the receiver's resource limits. Signed-off-by: Kai Hudalla <kai.hudalla@bosch.io>
|
@gemmellr After having taken a closer look at the vertx-proton code, it seems that multi-transfer messages are being assembled at the vertx-proton layer. I have created a PR which should prevent receivers from accepting transfers that would result in exceeding the max-message-size. |
The AMQP adapter is now being tested to reject messages exceeding the adapter's configured max-message-size. The test can be enabled with a feature flag as the underlying vertx-proton library does not (yet) support this. Thus, the test is disabled for the time being. See vert-x3/vertx-proton#57 Signed-off-by: Kai Hudalla <kai.hudalla@bosch.io>
A receiver link now checks if the receiver side's max-message-size is being exceeded by an incoming transfer frame's content. If so, the application is notified via a handler and the link is being closed. Signed-off-by: Kai Hudalla <kai.hudalla@bosch.io>
gemmellr
changed the title
(cherry picked from commit e4f7cee with fixup)
Hi,
I tried to use the property MaxMessageSize. On my set up the property is bigger on the sender side as on the receiver side and I send message that is bigger as both properties.
I would expect that the sender checks the own and the RemoteMaxMessageSize and the receiver throws error if the message is bigger than MaxMessageSize.
See attached file:
SetMaxMessageSizeTest.java.txt
The text was updated successfully, but these errors were encountered: