From commits-return-7005-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Sat Sep 22 06:48:20 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 67CE318065B for ; Sat, 22 Sep 2018 06:48:20 +0200 (CEST) Received: (qmail 84388 invoked by uid 500); 22 Sep 2018 04:48:18 -0000 Mailing-List: contact commits-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list commits@zookeeper.apache.org Received: (qmail 84377 invoked by uid 99); 22 Sep 2018 04:48:18 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Sep 2018 04:48:18 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 70EDFE0BEF; Sat, 22 Sep 2018 04:48:18 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: hanm@apache.org To: commits@zookeeper.apache.org Message-Id: <87c1ba2af5a14f81831a042caedb97b2@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: zookeeper git commit: ZOOKEEPER-3146: Limit the maximum client connections per IP in NettyServerCnxnFactory Date: Sat, 22 Sep 2018 04:48:18 +0000 (UTC) Repository: zookeeper Updated Branches: refs/heads/master e116d32b6 -> 4ebb847bc ZOOKEEPER-3146: Limit the maximum client connections per IP in NettyServerCnxnFactory Add similar max cnxn per ip throttling logic to Netty implementation. Author: Fangmin Lyu Reviewers: hanm@apache.org Closes #623 from lvfangmin/ZOOKEEPER-3146 Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/4ebb847b Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/4ebb847b Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/4ebb847b Branch: refs/heads/master Commit: 4ebb847bceb5ebd5c9fa53574f266c204f6f8ab7 Parents: e116d32 Author: Fangmin Lyu Authored: Fri Sep 21 21:48:13 2018 -0700 Committer: Michael Han Committed: Fri Sep 21 21:48:13 2018 -0700 ---------------------------------------------------------------------- .../zookeeper/server/NettyServerCnxnFactory.java | 18 +++++++++++++++++- .../org/apache/zookeeper/test/SessionTest.java | 19 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zookeeper/blob/4ebb847b/src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java b/src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java index ffb0d23..3e7c380 100644 --- a/src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java +++ b/src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java @@ -105,7 +105,17 @@ public class NettyServerCnxnFactory extends ServerCnxnFactory { LOG.trace("Channel connected " + e); } - NettyServerCnxn cnxn = new NettyServerCnxn(ctx.getChannel(), + Channel channel = ctx.getChannel(); + InetAddress addr = ((InetSocketAddress) channel.getRemoteAddress()) + .getAddress(); + if (maxClientCnxns > 0 && getClientCnxnCount(addr) >= maxClientCnxns) { + LOG.warn("Too many connections from {} - max is {}", addr, + maxClientCnxns); + channel.close(); + return; + } + + NettyServerCnxn cnxn = new NettyServerCnxn(channel, zkServer, NettyServerCnxnFactory.this); ctx.setAttachment(cnxn); @@ -537,6 +547,12 @@ public class NettyServerCnxnFactory extends ServerCnxnFactory { } } + private int getClientCnxnCount(InetAddress addr) { + Set s = ipMap.get(addr); + if (s == null) return 0; + return s.size(); + } + @Override public void resetAllConnectionStats() { // No need to synchronize since cnxns is backed by a ConcurrentHashMap http://git-wip-us.apache.org/repos/asf/zookeeper/blob/4ebb847b/src/java/test/org/apache/zookeeper/test/SessionTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/test/SessionTest.java b/src/java/test/org/apache/zookeeper/test/SessionTest.java index 4a74a78..889b65e 100644 --- a/src/java/test/org/apache/zookeeper/test/SessionTest.java +++ b/src/java/test/org/apache/zookeeper/test/SessionTest.java @@ -390,4 +390,23 @@ public class SessionTest extends ZKTestCase { zk.close(); LOG.info(zk.toString()); } + + @Test + public void testMaximumCnxnPerIP() throws Exception { + final int maxClientCnxnsPerIP = 3; + serverFactory.setMaxClientCnxnsPerHost(maxClientCnxnsPerIP); + ZooKeeper[] clients = new ZooKeeper[maxClientCnxnsPerIP + 1]; + for (int i = 0; i < clients.length; i++) { + CountdownWatcher watcher = new CountdownWatcher(); + // wait for 3s + int timeout = 3000; + clients[i] = new DisconnectableZooKeeper(HOSTPORT, timeout, watcher); + boolean result = watcher.clientConnected.await(timeout, TimeUnit.MILLISECONDS); + if (i >= maxClientCnxnsPerIP) { + Assert.assertFalse(result); + } else { + Assert.assertTrue(result); + } + } + } }