is gen_tcp:accept/1 safe?

Question

I am implementing a server which accepts many concurrent connections.

I used this structure:

loop(Sock) ->
  case gen_tcp:accept(Sock) of
      {ok, CSock} ->    
          fork_handling_process(CSock);
      {error, Reason} ->
          do_something_else();
  end,
  loop(Sock).

I am wondering if someone sends me a SYN, but never sends me an SYN ACK in response to my server ACK, will my server be blocked forever by that client since I call gen_tcp:accept without a timeout?

By the way I think this situation is hard to emulate, so please let me know if you have ways to try it out.

Thx in advance.

score 4 · Accepted Answer · answered Dec 08 '10 at 13:12

When you listen/accept its a bit different as you describe:

Some client wants to connect: it sends a SYN, then your operating system sends a SYN/ACK (erlang not involvled), when you get the ACK gen_tcp:accept will return.

When someone sends you SYN's and nothing else (that would be a SYN flood attack if done in a great amount) then operating system resources will be reserved but nothing happens in your erlang code because a three way handshake is not complete yet.

Many operating systems are taking special care of SYN flooding attacks avoiding too much resource consumption.

score 0 · Answer 2 · answered Dec 08 '10 at 10:58

0

The approach you are using appears to be fine. Your server will not block. If something goes wrong I believe that your forked process will receive the error, not the server.

answered Dec 08 '10 at 10:58

OJ.

28,944
5
56
71

is gen_tcp:accept/1 safe?

2 Answers2