[
https://issues.apache.org/jira/browse/QPID-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13263561#comment-13263561
]
jirapos...@reviews.apache.org commented on QPID-2616:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4857/#review7296
-----------------------------------------------------------
Ship it!
Not entirely sure this belongs in ACL at present, but otherwise looks good.
- Gordon
On 2012-04-26 20:08:30, Chug Rolke wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/4857/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-04-26 20:08:30)
bq.
bq.
bq. Review request for qpid, Andrew Stitcher, Gordon Sim, and Ted Ross.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. One user can consume all connections to the broker as a denial of service
attack. This patch provides command line limits to the number of connections
made by an individual user or by a host computer.
bq.
bq. The user is tracked by the connection user name and hosts are tracked by
the client computer's IP address as seen in the connection's management ID.
bq.
bq. This code uses the broker::ConnectionObserver facility.
bq.
bq. This patch does NOT time out lower level socket connections such as when a
user telnets in to the qpid broker socket and then transfers no data. To effect
this function requires the addition of a transport/socket observer facility
similar to the ConnectionObserver or to have those functions built into the
lower layers.
bq.
bq. This code is added as part of the ACL plugin. If the ACL plugin is not
loaded then the functions are unavaliable and there is zero performance impact.
Individual tracking limits may be disabled by setting their AclOptions values
to 0.
bq.
bq.
bq. This addresses bug QPID-2616.
bq. https://issues.apache.org/jira/browse/QPID-2616
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1330296
bq. trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h PRE-CREATION
bq. trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp PRE-CREATION
bq. trunk/qpid/cpp/src/CMakeLists.txt 1330296
bq. trunk/qpid/cpp/src/acl.mk 1330296
bq. trunk/qpid/cpp/src/qpid/acl/Acl.h 1330296
bq. trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1330296
bq.
bq. Diff: https://reviews.apache.org/r/4857/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. in the works - to be tested as part of acl.py suite.
bq.
bq.
bq. Thanks,
bq.
bq. Chug
bq.
bq.
> Qpid C++ broker: disconnect client when handshake incomplete
> ------------------------------------------------------------
>
> Key: QPID-2616
> URL: https://issues.apache.org/jira/browse/QPID-2616
> Project: Qpid
> Issue Type: New Feature
> Components: C++ Broker
> Environment: Red Hat Enterprise MRG 1.2
> Reporter: Armin Noll
>
> The broker should disconnect clients if the connection handshake doesn't
> complete after a configurable time (both for SSL and for non-SSL connections).
> This feature has already been mentioned by G. Sim in the JIRA QPID-2518.
> We are looking for an implementation of this feature and will provide it as
> soon as we are done.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
