tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex O'Ree" <alexo...@apache.org>
Subject Re: Tomcat with half open tcp sockets
Date Thu, 04 Oct 2018 00:25:27 GMT
Thanks Chris.  I ended up using aggressive read timeout values on the Web
service clients by adding properties to the binding provider. Thing is,
every jre version and soap attacks use different versions which made this
much harder to track down.


On Tue, Oct 2, 2018, 1:44 PM Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Alex,
>
> On 9/29/18 08:31, Alex O'Ree wrote:
> > Does tomcat detect or mitigate against half open tcp connections?
>
> Not directly. Basically, that's the OS's job.
>
> > I recently ran into an issue where something in between a java
> > jaxws client and a jaxws service running in tomcat is interfering
> > with the tcp stream. Resolving this client side has been a
> > challenge due the transmitting thread hanging forever waiting to
> > read from the remote server and not being able to be interrupted or
> > aborted. While troubleshooting this, it dawned on me that services
> > running in tomcat may run into a similar problem and was wondering
> > if tomcat has any safe guards for this scenario. If it does, what
> > is the strategy used? I'm thinking maybe I can something similar
> > client side.
>
> In these cases, the only option the server has is to close the
> connection and then let the TCP stack purge the connection after some
> time in the penalty box (FIN_WAIT, FIN_WAIT2, or TIME_WAIT).
>
> If you see these kinds of connections piling-up, you may want to tweak
> the options of your TCP stack to have them cleared-out more quickly.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluzrmsACgkQHPApP6U8
> pFh2rg//cX7UAqis6qKHTDpgOSSBjFIusm7kdxW58/VpWcp/JzUfNhFLLl0aeCsT
> NbU38l0W0UqYXTCu0sMuPCKGLGYpwuAOCuWq6mJq4VFWtUCyBmCP/A2pvtTzW8js
> f4e0npXpp/3TxdDx9xNpLfWDv6nzqyzEXhIvfWvjtxNmcA1kGq2ueeHgVCWwb6v0
> CJ1VbF52R3B8Gq61u86uV8PPTsUKVIDnn+e+snkLlGMl+lcdBUcGBsxguOaoDHca
> lRN4gkpXjk946Nor7wPkMG4hUBndD7L/nhWNqrqZnd8TKJJxD+98U419LRFq0xSG
> qyAx75oNUUwo2l14q/xGTdAGwOzijfOyvnVscljV9fWGEtOMjOFoqPFlHK6QCec7
> ysZGuSoEJPuBYfFzdnQE4aOiRNYnAkYAmv6CEq/o0DEgZpuxm/ZAaMzrfP6XH8wk
> 072o62Cq0gN50q2KYSi7XJD61Akh4nJUl/7XSYKFU8Tj+jHYQBdw22EXEsgrhPuW
> gyTdH4TxHv40NmMOv9YQXOA0oyiXq/PXGA85gIhQyJdFoa4U8LXC++UBJCk3gNW8
> pOO2pFSJ8WAfOrK45Fcl/NgK4066BSqaQu6txnb/Bo/7VCPrPZvZ2/VgLaO/L6jD
> nb8sXBkozGtrS2sigKHx7HzJNb0r5EE1Uqbpk3YFYcntrl4afHs=
> =yRjT
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message