From 072f37fafca7582882d21706c7a44f1d9be1df2b Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Tue, 17 Nov 2015 13:53:40 +0100 Subject: [PATCH] connect-max per IP MP-632 --- etc/config-shared1.xml | 5 +- src/filter_frontend_net.cpp | 112 +++++++++++++++++++++++------------- src/util.cpp | 4 +- xml/schema/filter_frontend_net.rnc | 7 ++- 4 files changed, 83 insertions(+), 45 deletions(-) diff --git a/etc/config-shared1.xml b/etc/config-shared1.xml index ea40579..caf5564 100644 --- a/etc/config-shared1.xml +++ b/etc/config-shared1.xml @@ -4,8 +4,9 @@ @:9000 - 10 - 2 + 2000 + 2 + FN diff --git a/src/filter_frontend_net.cpp b/src/filter_frontend_net.cpp index 02638d6..ee36538 100644 --- a/src/filter_frontend_net.cpp +++ b/src/filter_frontend_net.cpp @@ -58,6 +58,7 @@ namespace metaproxy_1 { friend class Rep; friend class FrontendNet; std::string pattern; + int verbose; int value; }; class FrontendNet::Rep { @@ -69,7 +70,7 @@ namespace metaproxy_1 { std::vector m_ports; int m_listen_duration; int m_session_timeout; - int m_connect_max; + std::list connect_max; std::list http_req_max; std::string m_msg_config; std::string m_stat_req; @@ -104,7 +105,8 @@ namespace metaproxy_1 { const mp::Package *package, Port *port, Rep *rep, - yazpp_1::LimitConnect &limit_connect); + yazpp_1::LimitConnect &limit, + const char *peername); int m_no_requests; Port *m_port; private: @@ -123,7 +125,7 @@ namespace metaproxy_1 { bool m_delete_flag; const mp::Package *m_package; Rep *m_p; - yazpp_1::LimitConnect &m_limit_connect; + yazpp_1::LimitConnect &m_limit_http_req; }; class FrontendNet::ThreadPoolPackage : public mp::IThreadPoolMsg { public: @@ -161,6 +163,7 @@ namespace metaproxy_1 { mp::ThreadPoolSocketObserver *m_thread_pool_observer; const mp::Package *m_package; yazpp_1::LimitConnect limit_connect; + yazpp_1::LimitConnect limit_http_req; Port *m_port; Rep *m_p; }; @@ -282,23 +285,15 @@ yf::FrontendNet::ZAssocChild::ZAssocChild( mp::ThreadPoolSocketObserver *my_thread_pool, const mp::Package *package, Port *port, Rep *rep, - yazpp_1::LimitConnect &limit_connect) - : Z_Assoc(PDU_Observable), m_p(rep), m_limit_connect(limit_connect) + yazpp_1::LimitConnect &limit_http_req, + const char *peername) + : Z_Assoc(PDU_Observable), m_p(rep), m_limit_http_req(limit_http_req) { m_thread_pool_observer = my_thread_pool; m_no_requests = 0; m_delete_flag = false; m_package = package; m_port = port; - const char *peername = PDU_Observable->getpeername(); - if (!peername) - peername = "unknown"; - else - { - const char *cp = strchr(peername, ':'); - if (cp) - peername = cp + 1; - } std::string addr; addr.append(peername); addr.append(" "); @@ -400,45 +395,53 @@ void yf::FrontendNet::ZAssocChild::recv_GDU(Z_GDU *z_pdu, int len) && !strcmp(hreq->path, m_p->m_stat_req.c_str())) { report(hreq); + delete p; return; } + } + + p->copy_route(*m_package); + p->request() = yazpp_1::GDU(z_pdu); + + if (m_p->m_msg_config.length()) + { + if (z_pdu) + { + std::ostringstream os; + os << m_p->m_msg_config << " " + << *p << " " + << "0.000000" << " " + << *z_pdu; + yaz_log(YLOG_LOG, "%s", os.str().c_str()); + } + } + if (z_pdu && z_pdu->which == Z_GDU_HTTP_Request) + { + Z_HTTP_Request *hreq = z_pdu->u.HTTP_Request; std::string peername = p->origin().get_address(); - m_limit_connect.add_connect(peername.c_str()); - m_limit_connect.cleanup(false); - int con_sz = m_limit_connect.get_total(peername.c_str()); + m_limit_http_req.cleanup(false); + int con_sz = m_limit_http_req.get_total(peername.c_str()); std::list::const_iterator it = m_p->http_req_max.begin(); for (; it != m_p->http_req_max.end(); it++) { if (mp::util::match_ip(it->pattern, peername)) { + if (it->verbose > 1 || (con_sz >= it->value && it->verbose > 0)) + yaz_log(YLOG_LOG, "http-req-max pattern=%s ip=%s con_sz=%d value=%d", it->pattern.c_str(), peername.c_str(), con_sz, it->value); if (con_sz < it->value) break; mp::odr o; Z_GDU *gdu_res = o.create_HTTP_Response(m_session, hreq, 500); int len; send_GDU(gdu_res, &len); + delete p; return; } } + m_limit_http_req.add_connect(peername.c_str()); } - ThreadPoolPackage *tp = new ThreadPoolPackage(p, this, m_p); - p->copy_route(*m_package); - p->request() = yazpp_1::GDU(z_pdu); - - if (m_p->m_msg_config.length()) - { - if (z_pdu) - { - std::ostringstream os; - os << m_p->m_msg_config << " " - << *p << " " - << "0.000000" << " " - << *z_pdu; - yaz_log(YLOG_LOG, "%s", os.str().c_str()); - } - } m_thread_pool_observer->put(tp); } @@ -500,17 +503,36 @@ yazpp_1::IPDU_Observer *yf::FrontendNet::ZAssocServer::sessionNotify( { const char *peername = the_PDU_Observable->getpeername(); + if (!peername) + peername = "unknown"; + else + { + const char *cp = strchr(peername, ':'); + if (cp) + peername = cp + 1; + } if (peername) { - limit_connect.add_connect(peername); limit_connect.cleanup(false); int con_sz = limit_connect.get_total(peername); - if (m_p->m_connect_max && con_sz > m_p->m_connect_max) - return 0; + std::list::const_iterator it = m_p->connect_max.begin(); + for (; it != m_p->connect_max.end(); it++) + { + if (mp::util::match_ip(it->pattern, peername)) + { + if (it->verbose > 1 || (con_sz >= it->value && it->verbose > 0)) + yaz_log(YLOG_LOG, "connect-max pattern=%s ip=%s con_sz=%d value=%d", it->pattern.c_str(), peername, con_sz, it->value); + if (con_sz < it->value) + break; + return 0; + } + } + limit_connect.add_connect(peername); } ZAssocChild *my = new ZAssocChild(the_PDU_Observable, m_thread_pool_observer, - m_package, m_port, m_p, limit_connect); + m_package, m_port, m_p, limit_http_req, + peername); return my; } @@ -544,7 +566,6 @@ yf::FrontendNet::Rep::Rep() m_stack_size = 0; m_listen_duration = 0; m_session_timeout = 300; // 5 minutes - m_connect_max = 0; az = 0; size_t i; for (i = 0; i < 22; i++) @@ -761,17 +782,26 @@ void yf::FrontendNet::configure(const xmlNode * ptr, bool test_only, } else if (!strcmp((const char *) ptr->name, "connect-max")) { - m_p->m_connect_max = mp::xml::get_int(ptr, 0); + const char *names[3] = {"ip", "verbose", 0}; + std::string values[2]; + + mp::xml::parse_attr(ptr, names, values); + IP_Pattern m; + m.value = mp::xml::get_int(ptr, 0); + m.pattern = values[0]; + m.verbose = values[1].length() ? atoi(values[1].c_str()) : 1; + m_p->connect_max.push_back(m); } else if (!strcmp((const char *) ptr->name, "http-req-max")) { - const char *names[2] = {"ip", 0}; - std::string values[1]; + const char *names[3] = {"ip", "verbose", 0}; + std::string values[2]; mp::xml::parse_attr(ptr, names, values); IP_Pattern m; m.value = mp::xml::get_int(ptr, 0); m.pattern = values[0]; + m.verbose = values[1].length() ? atoi(values[1].c_str()) : 1; m_p->http_req_max.push_back(m); } else if (!strcmp((const char *) ptr->name, "message")) diff --git a/src/util.cpp b/src/util.cpp index c18895d..1ea62d3 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -743,9 +743,11 @@ const char *mp::wrbuf::c_str_null() bool mp::util::match_ip(const std::string &pattern, const std::string &value) { std::vector globitems; + // split may produce empty strings as results - in particular + // the empty pattern produces one empty string (vector size 1) boost::split(globitems, pattern, boost::is_any_of(" ")); - std::vector::const_iterator it = globitems.begin(); bool ret_value = true; // for now (if only empty values) + std::vector::const_iterator it = globitems.begin(); for (; it != globitems.end(); it++) { const char *c_str = (*it).c_str(); diff --git a/xml/schema/filter_frontend_net.rnc b/xml/schema/filter_frontend_net.rnc index 365c556..8431040 100644 --- a/xml/schema/filter_frontend_net.rnc +++ b/xml/schema/filter_frontend_net.rnc @@ -17,9 +17,14 @@ filter_frontend_net = xsd:string }+, element mp:timeout { xsd:integer }?, - element mp:connect-max { xsd:integer }?, + element mp:connect-max { + attribute ip { xsd:string }?, + attribute verbose { xsd:integer }?, + xsd:integer + }*, element mp:http-req-max { attribute ip { xsd:string }?, + attribute verbose { xsd:integer }?, xsd:integer }*, element mp:message { xsd:string }?, -- 1.7.10.4