Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages | Search for 

SSLIOP_Accept_Strategy.h

Go to the documentation of this file.
00001 // -*- C++ -*-
00002 
00003 //=============================================================================
00004 /**
00005  *  @file    SSLIOP_Accept_Strategy.h
00006  *
00007  *  SSLIOP_Accept_Strategy.h,v 1.5 2006/03/14 06:14:35 jtc Exp
00008  *
00009  *  IIOP/SSL specific accept strategy
00010  *
00011  *  @author Ossama Othman <ossama@dre.vanderbilt.edu>
00012  */
00013 //=============================================================================
00014 
00015 
00016 #ifndef TAO_SSLIOP_ACCEPT_STRATEGY_H
00017 #define TAO_SSLIOP_ACCEPT_STRATEGY_H
00018 
00019 #include /**/ "ace/pre.h"
00020 
00021 #include "ace/config-all.h"
00022 
00023 #if !defined (ACE_LACKS_PRAGMA_ONCE)
00024 # pragma once
00025 #endif /* ACE_LACKS_PRAGMA_ONCE */
00026 
00027 #include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h"
00028 
00029 #include "tao/Acceptor_Impl.h"
00030 
00031 #include "ace/SSL/SSL_SOCK_Acceptor.h"
00032 
00033 TAO_BEGIN_VERSIONED_NAMESPACE_DECL
00034 
00035 namespace TAO
00036 {
00037   namespace SSLIOP
00038   {
00039 
00040     /**
00041      * @class Accept_Strategy
00042      *
00043      * @brief SSLIOP-specific accept strategy that builds on the
00044      *        TAO_Accept_Strategy implementation.
00045      *
00046      * This accept strategy builds on on the TAO_Accept_Strategy
00047      * implementation.  It sub-classes that class, and overrides the
00048      * accept_svc_handler() method so that a timeout value may be
00049      * passed to the underlying peer acceptor.  This is necessary to
00050      * defend against a simple Denial-of-Service attack.
00051      * @par
00052      * Since SSL requires two handshakes, one TCP and one SSL, it is
00053      * possible for a malicious client to establish a TCP connection
00054      * to the SSL port, and never complete the SSL handshake.  The
00055      * underlying SSL passive connection code would block/hang waiting
00056      * for the SSL handshake to complete.  Given enough incomplete
00057      * connections where only the TCP handshake is completed, a server
00058      * process could potentially run out of available file
00059      * descriptors, thus preventing legitimate client connections from
00060      * being established.
00061      * @par.
00062      * The timeout defense alluded to above bounds the time this sort of
00063      * DoS attack lasts.
00064      */
00065     class Accept_Strategy
00066       : public TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler,
00067                                    ACE_SSL_SOCK_ACCEPTOR>
00068     {
00069     public:
00070 
00071       /// Constructor.
00072       Accept_Strategy (TAO_ORB_Core * orb_core,
00073                        const ACE_Time_Value & timeout);
00074 
00075       /// Overridden method that forces a passive connection timeout value
00076       /// to be passed to the underlying acceptor.
00077       virtual int accept_svc_handler (handler_type * svc_handler);
00078 
00079     private:
00080 
00081       /// The accept() timeout.
00082       /**
00083        * This timeout includes the overall time to complete the SSL
00084        * handshake.  This includes both the TCP handshake and the SSL
00085        * handshake.
00086        */
00087       const ACE_Time_Value timeout_;
00088 
00089     };
00090 
00091   }  // End SSLIOP namespace
00092 }  // End TAO namespace
00093 
00094 TAO_END_VERSIONED_NAMESPACE_DECL
00095 
00096 #include /**/ "ace/post.h"
00097 
00098 #endif  /* TAO_SSLIOP_ACCEPT_STRATEGY_H */
Generated on Thu Nov 9 13:54:13 2006 for TAO_SSLIOP by doxygen 1.3.6