Eric,
On 6/25/24 14:22, Chuck Caldarale wrote:
On Jun 25, 2024, at 13:12, Eric Robinson <eric.robin...@psmnv.com> wrote:
I'm obviously not getting something. If I understand correctly, the purpose of
the acceptCount param is to allow tomcat to reject connections even after the
TCP stack has passed them to the java process. At that point, the request has
made it through the OS all the way to tomcat, so if tomcat rejects it, then it
should log a message... no?
No - Tomcat passes the acceptCount value to the TCP/IP stack of the OS as part of
listener socket initialization. The accept queue is maintained entirely by the OS;
Tomcat is not involved in the management thereof, other than taking requests off the
accept queue with the listener thread for the <Connector>. If connection
requests arrive at the NIC fast enough to fill up the accept queue, excess ones are
simply rejected by the OS.
+1
If the OS's TCP stack rejects a request because the backlog queue is
full, the application is never notified. I've never even tried to see if
this situation results in a syslog message or similar. You'd have to do
some Linux kernel research and/or Rocky config research to see if you
can coax that information out of the kernel. It would be one more attack
vector: jut slam a server with connections and fill the disk with logs.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org