Comments (6)
Come to think of it, spawning goroutines introduces a memory leak risk - an attacker could send requests faster than we can process them, which would result in a large number of goroutines being spawned. The channel supplying the pool with jobs would eventually back up, at which point all of the spawned goroutines would be blocked on sending and unable to die. The reader goroutine would continue reading packets off the connection and spawning goroutines until the system ran out of memory.
from gokeyless.
I suppose that one approach would be to have a maximum number of outstanding requests (or even just a maximum number of outstanding key lookups) per connection and blocking if you reach that maximum.
from gokeyless.
I suppose that one approach would be to have a maximum number of outstanding requests
You could say that the number of workers in the pool is this parameter, so from the latency point-of-view a worker pool is optimal because we don't have to create new goroutines and wait for them to get scheduled.
From a throughput point-of-view: Assuming we want to handle 1,000 req/s (a huge number) and that different workers are truly parallel, then the most expensive operation needs to happen in less than 8 milliseconds. This sounds like a sufficient amount of to me.
If you want to add a metric that somehow measures "typical number of busy/idle worker threads", I think that would valuable for making sure we are using the right model. Although I imagine that 8 workers is more-than-sufficient for now.
from gokeyless.
You could say that the number of workers in the pool is this parameter, so from the latency point-of-view a worker pool is optimal because we don't have to create new goroutines and wait for them to get scheduled.
This is an interesting thought, although my concern would be that, just like the issue of generating random ECDSA values in the worker threads as opposed to in an idle thread, you'd run the risk that at the moment a request came in, all of the worker threads were in the middle of a long-running (IO-bound, in this case) computation, and so the latency would be high due to waiting for the first one to finish its computation and be ready to process the request.
from gokeyless.
If you want to add a metric that somehow measures "typical number of busy/idle worker threads", I think that would valuable for making sure we are using the right model.
I'm not sure how that'd be done, but I think it's a good idea.
from gokeyless.
This has proven to be a non-issue in practice
from gokeyless.
Related Issues (20)
- Fix TestRSADecrypt HOT 1
- Switch metrics from Summary to Histogram
- Validate that the ServerIP and ClientIP fields are IPv4 or IPv6 addresses
- Support reading pin from file or environment variable HOT 1
- Sporadic test failure in TestClientBlocks HOT 1
- codahale/hdrhistogram repo url has been transferred under the github HdrHstogram umbrella HOT 1
- No sign of new release? HOT 1
- Gokeyless not support crypto user(cu) for HSM IBM HOT 1
- Support for AWS KMS HOT 1
- Kubernetes Support HOT 2
- initialization process panics on ubuntu cgo call
- Panic with SoftHSM2 on CentOS 8 HOT 1
- build packages with latest go (currently using 1.17)
- add test that installs package during snapshot builds, asserts relevant files exist
- update packaged systemd service to start on boot
- add integration test for the setup process (interaction with Cloudflare API)
- ensure dependencies are up to date / ideally updated using renovate
- actions should run HSM tests
- Error : cannot load server cert/key: tls: found a certificate rather than a key in the PEM for the private key HOT 1
- TLS handshake failed: remote error: tls: bad certificate HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gokeyless.