[PATCH] Make sure whole bundle content is read before replying to web unbundle command

[Matt Mackall]

On Wed, 2008-10-15 at 00:45 +0200, Mads Kiilerich wrote:
> Matt Mackall wrote, On 10/14/2008 10:29 PM:
> > Interesting. How much harder would it be to make the client handle the
> > exception instead? We'd much rather take load off the server side.
> >   
> 
> I think that:
> 
> Mercurial currently uses httplib. In its module docstring there is a 
> nice state diagram which shows that it is strictly stateful; first the 
> request is sent, then the response is read.
> 
> In order to read responses while we are sending then something has to be 
> done asynchronously or in threads. As far as I know there is no such 
> implementation in the standard library. Perhaps we could find one or 
> create one based on asyncore. But ... is it worth it?

So I take it your answer is "much harder". Fair enough.

> We could define that the current server behaviour is the right one. 
> Clients could and should first post a unbundle command without content. 
> It should be able to handle authentication error codes in that 
> situation. If it succeeds then it can post the real unbundle. And if 
> that fails then it is free to crash badly.
> 
> But on the third side: How much load is there to take off from the 
> server side? Is it worth caring about DOS by uploads which will be 
> cancelled immediately? It is probably much easier to DOS the same 
> bandwith by downloads which even uses more CPU.

It's less about intentional DOS attacks than users being clueless. Oh,
did I just push a gigabyte of data to the wrong address? Silly me!

-- 
Mathematics is the supreme nostalgia of our time.