Henry Robinson updated ZOOKEEPER-336:

    Attachment: ZOOKEEPER-336.patch

Attached is a patch which does the following:

1. Adds a configuration variable maxClientCnxns which defaults to 10, which 
limits the number of simultaneous connection attempts from an InetAddress. 
(This is the change that touches most files).
2. Update NIOServerCnxn.java to implement this change by closing a socket 
connection that contravenes this limit. I added a new constructor (called by 
the old one), plus the data structures to quickly find how many connections are 
already open from a particular address in O(1) (assuming finite maxClientCnxns) 

If maxClientCnxns is 0, there is no limit.


* If many clients are behind a NAT, this limit will have to be taken off as the 
code cannot distinguish between different NATted clients.
* This probably isn't effective in the face of IPv6 if a single user has loads 
of addresses :)

At present, clients that can't connect retry once every second. I also have a 
patch that adds a maxConnectionAttempt configuration variable, and have 
ClientCnxn enforce the limit, but I haven't found a clean way to call up to the 
ZooKeeper object and tell it to abandon the connection attempt 
(ZooKeeper.close() maybe seems to deadlock, I'll look further later).


> single bad client can cause server to stop accepting connections
> ----------------------------------------------------------------
>                 Key: ZOOKEEPER-336
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-336
>             Project: Zookeeper
>          Issue Type: Improvement
>          Components: c client, java client, server
>            Reporter: Patrick Hunt
>            Priority: Critical
>             Fix For: 3.2.0
>         Attachments: ZOOKEEPER-336.patch
> One user saw a case where a single mis-programmed client was overloading the 
> server with connections - the client was creating a huge number of sessions 
> to the server. This caused all of the fds on the  server to become used.
> Seems like we should have some way of limiting (configurable override) the 
> maximum number of sessions from a single client (say 10 by default?) Also we 
> should output warnings when this limit is exceeded (or attempt to exceed).

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Reply via email to