[jira] [Commented] (QPID-2616) Qpid C++ broker: disconnect client when handshake incomplete

jirapos...@reviews.apache.org (JIRA) Thu, 26 Apr 2012 08:34:10 -0700

    [ 
https://issues.apache.org/jira/browse/QPID-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13262671#comment-13262671
 ]

jirapos...@reviews.apache.org commented on QPID-2616:
-----------------------------------------------------

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4857/#review7264
-----------------------------------------------------------

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
<https://reviews.apache.org/r/4857/#comment16049>

    does this typedef need to be public?

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
<https://reviews.apache.org/r/4857/#comment16048>

    (very minor not: why mutable, since there appear to be no const methods 
exposed?)

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
<https://reviews.apache.org/r/4857/#comment16047>

    why use shared pointers here?

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
<https://reviews.apache.org/r/4857/#comment16050>

    This suggests to me that perhaps a better solution for the timeout would 
indeed be at a lower level. One of the concerns for example is around SSL 
handshakes, which would need to complete before the protocol versions (in 0-10).

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
<https://reviews.apache.org/r/4857/#comment16051>

    There is some duplication between this chunk of code and the very similar 
code above for user names... perhaps this could be encapsulated in a generic 
incrementing method that takes a key, a map and returns a bool indicating 
success or failure?

trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
<https://reviews.apache.org/r/4857/#comment16052>

    again, feels like we could have a little less duplication

- Gordon

On 2012-04-24 20:26:17, Chug Rolke wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/4857/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2012-04-24 20:26:17)
bq.  
bq.  
bq.  Review request for qpid, Andrew Stitcher, Gordon Sim, and Ted Ross.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  One user can consume all connections to the broker as a denial of service 
attack. This patch provides command line limits to the number of connections 
made by an individual user or by a host computer.
bq.   
bq.  The user is tracked by the connection user name and hosts are tracked by 
the client computer's IP address as seen in the connection's management ID. 
bq.  
bq.  This code uses the broker::ConnectionObserver facility.
bq.  
bq.  This patch does NOT time out lower level socket connections such as when a 
user telnets in to the qpid broker socket and then transfers no data. To effect 
this function requires the addition of a transport/socket observer facility 
similar to the ConnectionObserver or to have those functions built into the 
lower layers.
bq.  
bq.  This code is added as part of the ACL plugin. If the ACL plugin is not 
loaded then the functions are unavaliable and there is zero performance impact. 
Individual tracking limits may be disabled by setting their AclOptions values 
to 0.
bq.  
bq.  
bq.  This addresses bug QPID-2616.
bq.      https://issues.apache.org/jira/browse/QPID-2616
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    trunk/qpid/cpp/src/CMakeLists.txt 1329920 
bq.    trunk/qpid/cpp/src/qpid/acl/Acl.h 1329920 
bq.    trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1329920 
bq.    trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h PRE-CREATION 
bq.    trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp PRE-CREATION 
bq.    trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1329920 
bq.  
bq.  Diff: https://reviews.apache.org/r/4857/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  in the works - to be tested as part of acl.py suite.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Chug
bq.  
bq.

> Qpid C++ broker: disconnect client when handshake incomplete
> ------------------------------------------------------------
>
>                 Key: QPID-2616
>                 URL: https://issues.apache.org/jira/browse/QPID-2616
>             Project: Qpid
>          Issue Type: New Feature
>          Components: C++ Broker
>         Environment: Red Hat Enterprise MRG 1.2
>            Reporter: Armin Noll
>
> The broker should disconnect clients if the connection handshake doesn't 
> complete after a configurable time (both for SSL and for non-SSL connections).
> This feature has already been mentioned by G. Sim in the JIRA QPID-2518.
> We are looking for an implementation of this feature and will provide it as 
> soon as we are done.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Commented] (QPID-2616) Qpid C++ broker: disconnect client when handshake incomplete

Reply via email to