Skip to content

Commit 40bc44c

Browse files
symatMate Szalay-Beko
symat
authored and
Mate Szalay-Beko
committed
Merge remote-tracking branch 'apache/master' into ZOOKEEPER-3188
2 parents f875f5c + d2bec6b commit 40bc44c

22 files changed

Lines changed: 316 additions & 5056 deletions

File tree

README_packaging.md

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -65,26 +65,3 @@ The compiled C client can be found here:
6565
- `zookeeper-client/zookeeper-client-c/target/c/include/zookeeper` - Native library headers
6666

6767
The same folders gets archived to the `zookeeper-assembly/target/apache-zookeeper-<version>-lib.tar.gz` file, assuming you activated the `full-build` maven profile.
68-
69-
## Package build command (using ant)
70-
71-
**Command to build tarball package:** `ant tar`
72-
73-
`zookeeper-<version>.tar.gz` tarball file structure layout:
74-
75-
- `/bin` - User executable
76-
- `/sbin` - System executable
77-
- `/libexec` - Configuration boot trap script
78-
- `/lib` - Library dependencies
79-
- `/docs` - Documents
80-
- `/share/zookeeper` - Project files
81-
82-
83-
**Command to build tarball package with native components:** `ant package-native tar`
84-
85-
`zookeeper-<version>-lib.tar.gz` tarball file structure layout:
86-
87-
- `/bin` - User executable
88-
- `/lib` - Native libraries
89-
- `/include/zookeeper` - Native library headers
90-

build.xml

Lines changed: 0 additions & 2003 deletions
This file was deleted.

ivy.xml

Lines changed: 0 additions & 164 deletions
This file was deleted.

ivysettings.xml

Lines changed: 0 additions & 41 deletions
This file was deleted.

zookeeper-assembly/src/main/assembly/source-package.xml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,6 @@
107107
<outputDirectory>.</outputDirectory>
108108
<includes>
109109
<include>pom.xml</include>
110-
<include>build.xml</include>
111-
<include>ivy.xml</include>
112-
<include>ivysettings.xml</include>
113110
<include>excludeFindBugsFilter.xml</include>
114111
<include>owaspSuppressions.xml</include>
115112
<include>checktyle.xml</include>

zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -667,6 +667,15 @@ property, when available, is noted below.
667667
recommended to set the value to N * **preAllocSize**
668668
where N >= 2.
669669

670+
* *maxCnxns* :
671+
(Java system property: **zookeeper.maxCnxns**)
672+
Limits the total number of concurrent connections that can be made to a
673+
zookeeper server (per client Port of each server ). This is used to prevent certain
674+
classes of DoS attacks. The default is 0 and setting it to 0 entirely removes
675+
the limit on total number of concurrent connections. Accounting for the
676+
number of connections for serverCnxnFactory and a secureServerCnxnFactory is done
677+
separately, so a peer is allowed to host up to 2*maxCnxns provided they are of appropriate types.
678+
670679
* *maxClientCnxns* :
671680
(No Java system property)
672681
Limits the number of concurrent connections (at the socket

zookeeper-server/src/main/java/org/apache/zookeeper/server/ExitCode.java

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,7 @@ public enum ExitCode {
4848
QUORUM_PACKET_ERROR(13),
4949

5050
/** Unable to bind to the quorum (election) port after multiple retry */
51-
UNABLE_TO_BIND_QUORUM_PORT(14),
52-
53-
/** Failed to shutdown the request processor pipeline gracefully **/
54-
SHUTDOWN_UNGRACEFULLY(16);
51+
UNABLE_TO_BIND_QUORUM_PORT(14);
5552

5653
private final int value;
5754

zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxnFactory.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,9 @@ private boolean doAccept() {
273273
try {
274274
sc = acceptSocket.accept();
275275
accepted = true;
276+
if (limitTotalNumberOfCnxns()) {
277+
throw new IOException("Too many connections max allowed is " + maxCnxns);
278+
}
276279
InetAddress ia = sc.socket().getInetAddress();
277280
int cnxncount = getClientCnxnCount(ia);
278281

@@ -634,6 +637,7 @@ public void configure(InetSocketAddress addr, int maxcc, int backlog, boolean se
634637
configureSaslLogin();
635638

636639
maxClientCnxns = maxcc;
640+
initMaxCnxns();
637641
sessionlessCnxnTimeout = Integer.getInteger(ZOOKEEPER_NIO_SESSIONLESS_CNXN_TIMEOUT, 10000);
638642
// We also use the sessionlessCnxnTimeout as expiring interval for
639643
// cnxnExpiryQueue. These don't need to be the same, but the expiring

zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,11 @@ public void channelActive(ChannelHandlerContext ctx) throws Exception {
186186
}
187187

188188
final Channel channel = ctx.channel();
189+
if (limitTotalNumberOfCnxns()) {
190+
ServerMetrics.getMetrics().CONNECTION_REJECTED.add(1);
191+
channel.close();
192+
return;
193+
}
189194
InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
190195
if (maxClientCnxns > 0 && getClientCnxnCount(addr) >= maxClientCnxns) {
191196
ServerMetrics.getMetrics().CONNECTION_REJECTED.add(1);
@@ -524,6 +529,7 @@ public void closeAll(ServerCnxn.DisconnectReason reason) {
524529
@Override
525530
public void configure(InetSocketAddress addr, int maxClientCnxns, int backlog, boolean secure) throws IOException {
526531
configureSaslLogin();
532+
initMaxCnxns();
527533
localAddress = addr;
528534
this.maxClientCnxns = maxClientCnxns;
529535
this.secure = secure;

zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxnFactory.java

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,8 @@
4040
public abstract class ServerCnxnFactory {
4141

4242
public static final String ZOOKEEPER_SERVER_CNXN_FACTORY = "zookeeper.serverCnxnFactory";
43+
private static final String ZOOKEEPER_MAX_CONNECTION = "zookeeper.maxCnxns";
44+
public static final int ZOOKEEPER_MAX_CONNECTION_DEFAULT = 0;
4345

4446
private static final Logger LOG = LoggerFactory.getLogger(ServerCnxnFactory.class);
4547

@@ -51,6 +53,9 @@ public abstract class ServerCnxnFactory {
5153
*/
5254
static final ByteBuffer closeConn = ByteBuffer.allocate(0);
5355

56+
// total number of connections accepted by the ZooKeeper server
57+
protected int maxCnxns;
58+
5459
// sessionMap is used by closeSession()
5560
final ConcurrentHashMap<Long, ServerCnxn> sessionMap = new ConcurrentHashMap<Long, ServerCnxn>();
5661

@@ -287,4 +292,40 @@ public static String getUserName() {
287292
return loginUser;
288293
}
289294

295+
/**
296+
* Maximum number of connections allowed in the ZooKeeper system
297+
*/
298+
public int getMaxCnxns() {
299+
return maxCnxns;
300+
}
301+
302+
protected void initMaxCnxns() {
303+
maxCnxns = Integer.getInteger(ZOOKEEPER_MAX_CONNECTION, ZOOKEEPER_MAX_CONNECTION_DEFAULT);
304+
if (maxCnxns < 0) {
305+
maxCnxns = ZOOKEEPER_MAX_CONNECTION_DEFAULT;
306+
LOG.warn("maxCnxns should be greater than or equal to 0, using default vlaue {}.",
307+
ZOOKEEPER_MAX_CONNECTION_DEFAULT);
308+
} else if (maxCnxns == ZOOKEEPER_MAX_CONNECTION_DEFAULT) {
309+
LOG.warn("maxCnxns is not configured, using default value {}.",
310+
ZOOKEEPER_MAX_CONNECTION_DEFAULT);
311+
} else {
312+
LOG.info("maxCnxns configured value is {}.", maxCnxns);
313+
}
314+
}
315+
316+
/**
317+
* Ensure total number of connections are less than the maxCnxns
318+
*/
319+
protected boolean limitTotalNumberOfCnxns() {
320+
if (maxCnxns <= 0) {
321+
// maxCnxns limit is disabled
322+
return false;
323+
}
324+
int cnxns = getNumAliveConnections();
325+
if (cnxns >= maxCnxns) {
326+
LOG.error("Too many connections " + cnxns + " - max is " + maxCnxns);
327+
return true;
328+
}
329+
return false;
330+
}
290331
}

0 commit comments

Comments
 (0)