You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Henry Robinson (JIRA)" <ji...@apache.org> on 2009/05/05 06:18:30 UTC

[jira] Updated: (ZOOKEEPER-336) single bad client can cause server to stop accepting connections

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henry Robinson updated ZOOKEEPER-336:
-------------------------------------

    Attachment: ZOOKEEPER-336.patch

Attached is a patch which does the following:

1. Adds a configuration variable maxClientCnxns which defaults to 10, which limits the number of simultaneous connection attempts from an InetAddress. (This is the change that touches most files).
2. Update NIOServerCnxn.java to implement this change by closing a socket connection that contravenes this limit. I added a new constructor (called by the old one), plus the data structures to quickly find how many connections are already open from a particular address in O(1) (assuming finite maxClientCnxns) time.

If maxClientCnxns is 0, there is no limit.

Limitations: 

* If many clients are behind a NAT, this limit will have to be taken off as the code cannot distinguish between different NATted clients.
* This probably isn't effective in the face of IPv6 if a single user has loads of addresses :)

At present, clients that can't connect retry once every second. I also have a patch that adds a maxConnectionAttempt configuration variable, and have ClientCnxn enforce the limit, but I haven't found a clean way to call up to the ZooKeeper object and tell it to abandon the connection attempt (ZooKeeper.close() maybe seems to deadlock, I'll look further later).

 

> single bad client can cause server to stop accepting connections
> ----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-336
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-336
>             Project: Zookeeper
>          Issue Type: Improvement
>          Components: c client, java client, server
>            Reporter: Patrick Hunt
>            Priority: Critical
>             Fix For: 3.2.0
>
>         Attachments: ZOOKEEPER-336.patch
>
>
> One user saw a case where a single mis-programmed client was overloading the server with connections - the client was creating a huge number of sessions to the server. This caused all of the fds on the  server to become used.
> Seems like we should have some way of limiting (configurable override) the maximum number of sessions from a single client (say 10 by default?) Also we should output warnings when this limit is exceeded (or attempt to exceed).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.