[
https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412546#comment-15412546
]
Edward Ribeiro edited comment on ZOOKEEPER-2454 at 8/8/16 9:57 PM:
-------------------------------------------------------------------
Hi [~botond.hejj],
I totally agree with [~fpj]. As you correctly pointed out the Netty code is a
bit out of sync wrt to NIO already, but if we can avoid this *further*, the
better, imo.
{quote}
I've checked Netty code and I see that in Netty even the simple ip based
connection limiting implementation is broken. There is a set to collect
connections for ip but there is no remove from the set on disconnect and
actually the logic is missing to disconnect a connection if the limit is
reached.
{quote}
Yup, this particular issue has being tracked by ZOOKEEPER-2280. It is a very
old patch and *certainly is lacks needs fixing/reworking/rebasing*, but gonna
resume now.
Also, I have proposed another feature to limit the total amount of connections:
ZOOKEEPER-2280 (again, an old patch, particularly broken, that I will revisit
and rewritte asap). I think it would make a nice addition to this JIRA if, as
this patch, it addressed the NIO and Netty cases.
Cheers
was (Author: eribeiro):
Hi [~botond.hejj],
I totally agree with [~fpj]. As you correctly pointed out the Netty code is a
bit out of sync wrt to NIO already, but if we can avoid this *further*, the
better, imo.
{quote}
I've checked Netty code and I see that in Netty even the simple ip based
connection limiting implementation is broken. There is a set to collect
connections for ip but there is no remove from the set on disconnect and
actually the logic is missing to disconnect a connection if the limit is
reached.
{quote}
Yup, this particular issue has being tracked by ZOOKEEPER-2280. It is a very
old patch and *certainly is lacks needs fixing/reworking/rebasing*, but gonna
resume now.
Also, I have proposed another feature to limit the total amount of connections:
ZOOKEEPER-2280 (again, an old patch that need to be revisited and probably
rewritten). I think it would make a nice addition to this JIRA.
Cheers
> Limit Connection Count based on User
> ------------------------------------
>
> Key: ZOOKEEPER-2454
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Botond Hejj
> Assignee: Botond Hejj
> Priority: Minor
> Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch,
> ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the
> same ip. It is a great feature to malfunctioning clients DOS-ing the server
> with many requests.
> I propose additional safegurads for ZooKeeper.
> It would be great if optionally connection count could be limited for a
> specific user or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users
> and these users share the same client ips. This can be common in container
> based cloud deployment where external ip of multiple clients can be the same.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
