[
https://issues.apache.org/jira/browse/QPID-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260987#comment-13260987
]
[email protected] commented on QPID-2616:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4857/
-----------------------------------------------------------
Review request for qpid, Andrew Stitcher, Gordon Sim, and Ted Ross.
Summary
-------
One user can consume all connections to the broker as a denial of service
attack. This patch provides command line limits to the number of connections
made by an individual user or by a host computer.
The user is tracked by the connection user name and hosts are tracked by the
client computer's IP address as seen in the connection's management ID.
This code uses the broker::ConnectionObserver facility.
This patch does NOT time out lower level socket connections such as when a user
telnets in to the qpid broker socket and then transfers no data. To effect this
function requires the addition of a transport/socket observer facility similar
to the ConnectionObserver or to have those functions built into the lower
layers.
This code is added as part of the ACL plugin. If the ACL plugin is not loaded
then the functions are unavaliable and there is zero performance impact.
Individual tracking limits may be disabled by setting their AclOptions values
to 0.
This addresses bug QPID-2616.
https://issues.apache.org/jira/browse/QPID-2616
Diffs
-----
trunk/qpid/cpp/src/CMakeLists.txt 1329920
trunk/qpid/cpp/src/qpid/acl/Acl.h 1329920
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1329920
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h PRE-CREATION
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp PRE-CREATION
trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1329920
Diff: https://reviews.apache.org/r/4857/diff
Testing
-------
in the works - to be tested as part of acl.py suite.
Thanks,
Chug
> Qpid C++ broker: disconnect client when handshake incomplete
> ------------------------------------------------------------
>
> Key: QPID-2616
> URL: https://issues.apache.org/jira/browse/QPID-2616
> Project: Qpid
> Issue Type: New Feature
> Components: C++ Broker
> Environment: Red Hat Enterprise MRG 1.2
> Reporter: Armin Noll
>
> The broker should disconnect clients if the connection handshake doesn't
> complete after a configurable time (both for SSL and for non-SSL connections).
> This feature has already been mentioned by G. Sim in the JIRA QPID-2518.
> We are looking for an implementation of this feature and will provide it as
> soon as we are done.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
