From 460b0533b2c0da74f5eaf7b57576752e7da8a1a5 Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Sat, 13 Aug 2022 17:19:05 +0800 Subject: [PATCH 1/2] pkg/cri/streaming: increase ReadHeaderTimeout It is follow-up of #7254. This commit will increase ReadHeaderTimeout from 3s to 30m, which prevent from unexpected timeout when the node is running with high-load. 30 Minutes is longer enough to get close to before what #7254 changes. And ideally, we should allow user to configure the streaming server if the users want this feature. Signed-off-by: Wei Fu --- pkg/cri/streaming/server.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/cri/streaming/server.go b/pkg/cri/streaming/server.go index 346dfb2c7..cc598562c 100644 --- a/pkg/cri/streaming/server.go +++ b/pkg/cri/streaming/server.go @@ -162,10 +162,11 @@ func NewServer(config Config, runtime Runtime) (Server, error) { handler.Add(ws) s.handler = handler s.server = &http.Server{ - Addr: s.config.Addr, - Handler: s.handler, - TLSConfig: s.config.TLSConfig, - ReadHeaderTimeout: 3 * time.Second, // Fix linter G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server + Addr: s.config.Addr, + Handler: s.handler, + TLSConfig: s.config.TLSConfig, + // TODO(fuweid): allow user to configure streaming server + ReadHeaderTimeout: 30 * time.Minute, // Fix linter G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server } return s, nil From 850f667f57bc57025b6bd682464ecc40707f9972 Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Sat, 13 Aug 2022 17:39:25 +0800 Subject: [PATCH 2/2] contrib/fuzz/daemon.go: reformat the fileheader Align with https://github.com/containerd/project/blob/main/script/validate/template/go.txt. Signed-off-by: Wei Fu --- contrib/fuzz/daemon.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/fuzz/daemon.go b/contrib/fuzz/daemon.go index 309ec65ba..a06bc561f 100644 --- a/contrib/fuzz/daemon.go +++ b/contrib/fuzz/daemon.go @@ -3,10 +3,13 @@ /* Copyright The containerd Authors. + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.