Repository: trafficserver Updated Branches: refs/heads/master e6f28e18f -> 2b2d25714
TS-3659: Add config to limit max number of websocket connections Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e31ff43e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e31ff43e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e31ff43e Branch: refs/heads/master Commit: e31ff43ee584a628e0391c818d1d238e20c193ce Parents: e6f28e1 Author: Brian Geffon <bri...@apache.org> Authored: Tue Jun 9 23:39:19 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Tue Jun 9 23:39:19 2015 -0700 ---------------------------------------------------------------------- mgmt/RecordsConfig.cc | 6 +++++- proxy/http/HttpConfig.cc | 2 ++ proxy/http/HttpConfig.h | 3 ++- proxy/http/HttpTransact.cc | 14 ++++++++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e31ff43e/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index f8577d1..48a5557 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -153,7 +153,11 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.http.cache.ignore_accept_charset_mismatch", RECD_INT, "2", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL} , - + // + // Websocket configs + // + {RECT_CONFIG, "proxy.config.http.websocket.max_number_of_connections", RECD_INT, "-1", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} + , //############################################################################## //# //# Redirection http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e31ff43e/proxy/http/HttpConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index 7a7e9af..b598111 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -934,6 +934,7 @@ HttpConfig::startup() #endif HttpEstablishStaticConfigLongLong(c.server_max_connections, "proxy.config.http.server_max_connections"); + HttpEstablishStaticConfigLongLong(c.max_websocket_connections, "proxy.config.http.websocket.max_number_of_connections"); HttpEstablishStaticConfigLongLong(c.oride.server_tcp_init_cwnd, "proxy.config.http.server_tcp_init_cwnd"); HttpEstablishStaticConfigLongLong(c.oride.origin_max_connections, "proxy.config.http.origin_max_connections"); HttpEstablishStaticConfigLongLong(c.origin_min_keep_alive_connections, "proxy.config.http.origin_min_keep_alive_connections"); @@ -1209,6 +1210,7 @@ HttpConfig::reconfigure() params->disable_ssl_parenting = INT_TO_BOOL(m_master.disable_ssl_parenting); params->server_max_connections = m_master.server_max_connections; + params->max_websocket_connections = m_master.max_websocket_connections; params->oride.server_tcp_init_cwnd = m_master.oride.server_tcp_init_cwnd; params->oride.origin_max_connections = m_master.oride.origin_max_connections; params->origin_min_keep_alive_connections = m_master.origin_min_keep_alive_connections; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e31ff43e/proxy/http/HttpConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index fc3cec8..07b2a4c 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -611,6 +611,7 @@ public: MgmtInt server_max_connections; MgmtInt origin_min_keep_alive_connections; // TODO: This one really ought to be overridable, but difficult right now. MgmtInt attach_server_session_to_client; + MgmtInt max_websocket_connections; MgmtByte parent_proxy_routing_enable; MgmtByte disable_ssl_parenting; @@ -839,7 +840,7 @@ extern volatile int32_t icp_dynamic_enabled; ///////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////// inline HttpConfigParams::HttpConfigParams() - : proxy_hostname(NULL), proxy_hostname_len(0), server_max_connections(0), origin_min_keep_alive_connections(0), + : proxy_hostname(NULL), proxy_hostname_len(0), server_max_connections(0), origin_min_keep_alive_connections(0), max_websocket_connections(-1), parent_proxy_routing_enable(0), disable_ssl_parenting(0), enable_url_expandomatic(0), no_dns_forward_to_parent(0), uncacheable_requests_bypass_parent(1), no_origin_server_dns(0), use_client_target_addr(0), use_client_source_port(0), proxy_request_via_string(NULL), proxy_request_via_string_len(0), proxy_response_via_string(NULL), http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e31ff43e/proxy/http/HttpTransact.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 7e0e6d3..21eb935 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -1252,6 +1252,20 @@ HttpTransact::HandleRequest(State *s) // client keep-alive, cache action, etc. initialize_state_variables_from_request(s, &s->hdr_info.client_request); + + // The following chunk of code will limit the maximum number of websocket connections (TS-3659) + if (s->is_upgrade_request && s->is_websocket && s->http_config_param->max_websocket_connections >= 0) { + int64_t val = 0; + HTTP_READ_DYN_SUM(http_websocket_current_active_client_connections_stat, val); + if (val >= s->http_config_param->max_websocket_connections) { + s->is_websocket = false; // unset to avoid screwing up stats. + DebugTxn("http_trans", "Rejecting websocket connection because the limit has been exceeded"); + bootstrap_state_variables_from_request(s, &s->hdr_info.client_request); + build_error_response(s, HTTP_STATUS_SERVICE_UNAVAILABLE, "WebSocket Connection Limit Exceeded", NULL, NULL); + TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, NULL); + } + } + // The following code is configurable to allow a user to control the max post size (TS-3631) if (s->http_config_param->max_post_size > 0 && s->hdr_info.request_content_length > 0 && s->hdr_info.request_content_length > s->http_config_param->max_post_size) {