You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by John Neffenger <jo...@volano.com> on 2001/01/15 00:37:51 UTC
socket.setSoTimeout(connectionTimeout)
I was pleased to see that a connection timeout has been added to Tomcat
4.0 in the HttpConnector class. A timeout was missing in Sun's JSDK
through version 2.0 and in earlier versions of Tomcat. Without a
timeout, the servlet runner process accumulates dead connections on the
Internet and, with the JSDK, eventually stops accepting new ones since
its "max handlers" limit is reached.
Dead connections happen all the time out on the Internet when clients
make a connection but send in only a few HTTP GET request headers, or no
headers at all, and then go away (because of modem disconnects,
computers crashes, or anything else silently breaking the connection
between the client and the server). I suspect people didn't notice it
because they tend to run servlets behind Apache, which does have a
connection timeout:
http://httpd.apache.org/docs/mod/core.html#timeout
We run Tomcat as standalone process, though.
Will that connection timeout be a permanent feature in Tomcat starting
with version 4.0?
Thanks,
John Neffenger
Re: socket.setSoTimeout(connectionTimeout)
Posted by Remy Maucherat <re...@apache.org>.
> Insofar as any of us can predict the future, I would say the answer to
this is
> definitely yes. Among other things, the lack of a timeout creates a
pretty easy
> DOS attack against a Tomcat server -- simply open enough socket
connections to
> exhaust the configured pool size, and just sit there.
Note : It's not that much better with 4.0 against DOS, since the connector
will still sit idle for quite some time before closing the connection, so it
would just be maginally harder to DOS.
> Over time, we will probably want to tweak how long the timeouts actually
are,
> based on the state of the interaction so far, but AFAIKT they will always
be
> needed.
Yes, it will be in in 4.1, since the client can actually give hints about
the keep alive duration with the Connection header. In 4.1, the timeout
value will also be dynamic depending on how many processors are idle (the
less there are, the shorter the timeout).
Also, the connection timeout can be set for the connector using the
connectionTimeout property. The default is 60s.
This (put in the server.xml file) would set the timeout to 30s :
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="80" minProcessors="5" maxProcessors="75"
acceptCount="10" debug="0" connectionTimeout="30000"/>
Other useful features in the connector would be :
- Support for tranfer encodings (like deflate and gzip) which should be easy
to do by layering output streams.
- Add a (configurable) mechnism to limit the number of connections any given
client get get.
I do not anticipate that 4.1 will introduce a lot of new core features (the
main one - the JNDI stuff - is already in), but will feture a number of
limited code rewrite and reorganization to improve robustness and
performance.
Remy
Re: socket.setSoTimeout(connectionTimeout)
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
John Neffenger wrote:
> I was pleased to see that a connection timeout has been added to Tomcat
> 4.0 in the HttpConnector class. A timeout was missing in Sun's JSDK
> through version 2.0 and in earlier versions of Tomcat. Without a
> timeout, the servlet runner process accumulates dead connections on the
> Internet and, with the JSDK, eventually stops accepting new ones since
> its "max handlers" limit is reached.
>
> Dead connections happen all the time out on the Internet when clients
> make a connection but send in only a few HTTP GET request headers, or no
> headers at all, and then go away (because of modem disconnects,
> computers crashes, or anything else silently breaking the connection
> between the client and the server). I suspect people didn't notice it
> because they tend to run servlets behind Apache, which does have a
> connection timeout:
>
> http://httpd.apache.org/docs/mod/core.html#timeout
>
> We run Tomcat as standalone process, though.
>
> Will that connection timeout be a permanent feature in Tomcat starting
> with version 4.0?
>
Insofar as any of us can predict the future, I would say the answer to this is
definitely yes. Among other things, the lack of a timeout creates a pretty easy
DOS attack against a Tomcat server -- simply open enough socket connections to
exhaust the configured pool size, and just sit there.
Over time, we will probably want to tweak how long the timeouts actually are,
based on the state of the interaction so far, but AFAIKT they will always be
needed.
>
> Thanks,
> John Neffenger
>
Craig McClanahan