[
https://issues.apache.org/jira/browse/IGNITE-16741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523000#comment-17523000
]
biandeqiang commented on IGNITE-16741:
--------------------------------------
IgniteConfiguration igniteCfg = new IgniteConfiguration();
igniteCfg.setDiscoverySpi(buildTcpDiscoverySpi())
.setCommunicationSpi(buildTcpCommunicationSpi())
.setDataStorageConfiguration(buildDataStorageConfiguration())
.setClientConnectorConfiguration(null)
.setConnectorConfiguration(null)
.setNetworkTimeout(getTimeOut())
.setGridLogger(new IgniteErrorLoggerImp())
.setSslContextFactory(new IgniteSslFactory())
.setLocalHost(igniteManager.getLocalHost())
.setDefaultQueryTimeout(30000);
private TcpDiscoverySpi buildTcpDiscoverySpi() {
addressList = "xxx.xx.xxx.xxx";
TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
ipFinder.setAddresses(addressList).setShared(false);
TcpDiscoverySpi spi = new TcpDiscoverySpi();
spi.setLocalPort("8100") //DoS attacks occur on this port.
.setLocalPortRange(1)
.setLocalAddress(addressList )
.setIpFinder(ipFinder)
.setAckTimeout(getTimeOut())
.setNetworkTimeout(getTimeOut())
.setJoinTimeout(getTimeOut())
.setSocketTimeout(getTimeOut())
.setMaxAckTimeout(getTimeOut() + 5000);
return spi;
}
private TcpCommunicationSpi buildTcpCommunicationSpi() {
TcpCommunicationSpi ipCom = new TcpCommunicationSpi();
ipCom.setLocalPort("8200") //DoS attacks occur on this port.
.setLocalPortRange(0)
.setMessageQueueLimit(MAX_MESSAGE_QUEUE)
.setUsePairedConnections(true)
.setDirectSendBuffer(true)
.setConnectionsPerNode(MAX_CONNECTIONS)
.setConnectTimeout(getTimeOut())
.setSocketWriteTimeout(getTimeOut())
.setLocalAddress(igniteManager.getLocalHost())
.setSocketSendBuffer(IGNITE_SOCKET_BUFFER)
.setSocketReceiveBuffer(IGNITE_SOCKET_BUFFER);
return ipCom;
}
private DataStorageConfiguration buildDataStorageConfiguration() {
DataStorageConfiguration dsCfg = new DataStorageConfiguration();
DataRegionConfiguration dataRegionConfiguration = new DataRegionConfiguration();
dataRegionConfiguration.setPersistenceEnabled(false);
return dsCfg.setDefaultDataRegionConfiguration(dataRegionConfiguration);
}
CacheConfiguration cacheCfg = new CacheConfiguration<>(cacheName);
// Creating the affinity function with custom setting.
cacheCfg.setCacheMode(CacheMode.PARTITIONED)
.setBackups(0)
.setIndexedTypes(Integer.class, AlarmRecord.class)
.setSqlFunctionClasses(ExtIgniteFunctions.class)
.setOnheapCacheEnabled(false)
.setSqlOnheapCacheEnabled(false)
.setQueryParallelism(2);
The JVM is not set.
> DoS attacks on ignite ports
> ---------------------------
>
> Key: IGNITE-16741
> URL: https://issues.apache.org/jira/browse/IGNITE-16741
> Project: Ignite
> Issue Type: Bug
> Affects Versions: 2.11.1
> Reporter: biandeqiang
> Assignee: Aleksandr Polovtcev
> Priority: Critical
> Labels: ise
>
> DoS attacks on ignite's TcpCommunicationSpi and TcpDiscoverySpi's ports
> The ignite I use is embedded,ignite uses two ports, When I was testing a dos
> attack on the port, ignite had java.lang.OutOfMemoryError: Direct buffer
> memory.
> TcpDiscoverySpi spi = new TcpDiscoverySpi();
> spi.setLocalPort("port")
> TcpCommunicationSpi ipCom = new TcpCommunicationSpi();
> ipCom.setLocalPort("port")
>
> {{[2021-12-01 14:12:59,056][WARN
> ][0][0][grid-nio-worker-tcp-comm-4-#43%TcpCommunicationSpi%][ROOT][IgniteLoggerImp][88]
> Caught unhandled exception in NIO worker thread (restart the node).
> java.lang.OutOfMemoryError: Direct buffer memory
> at java.nio.Bits.reserveMemory(Bits.java:695)
> at java.nio.DirectByteBuffer.<init>(DirectByteBuffer.java:123)
> at java.nio.ByteBuffer.allocateDirect(ByteBuffer.java:311)
> at
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.register(GridNioServer.java:2672)
> at
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2089)
> at
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1910)
> at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.lang.Thread.run(Thread.java:748)}}
>
> I hope Ignite can also add MaxConnect as Tomcat and set a counter. If the
> counter exceeds the value, wait for several seconds.{{{}{}}}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
