mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Victor N (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRMINA-764) DDOS possible in only a few seconds...
Date Mon, 15 Feb 2010 14:17:27 GMT

    [ https://issues.apache.org/jira/browse/DIRMINA-764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12833804#action_12833804

Victor N commented on DIRMINA-764:

Emmanuel, are you clients in this test fast enough to read at the speed proposed by the server?
Also, is the network between the server and the client fast enough?
Maybe "read buffer" is too small in the client? I do not see it configured in the stress client.
I would say that it is typical - when some server is writing too quickly into a socket, so
that some client can not read at this speed, the server will die in OutOfMemory :)
You need to throttle/limit the write speed somehow. As I know, in mina, writeRequestQueue
is unlimited in IoSession :(

> DDOS possible in only a few seconds...
> --------------------------------------
>                 Key: DIRMINA-764
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-764
>             Project: MINA
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Emmanuel Lecharny
>            Priority: Blocker
>             Fix For: 2.0.0
>         Attachments: screenshot-1.jpg, screenshot-2.jpg
> We can kill a server in just a few seconds using the stress test found in DIRMINA-762.
> If we inject messages with no delay, using 50 threads to do that, the ProtocolCodecFilter$MessageWriteRequest
is stuffed with hundred of thousands messages waiting to be written back to the client, with
no success.
> On the client side, we receive almost no messages :
> 0 messages/sec (total messages received 1)
> 2 messages/sec (total messages received 11)
> 8 messages/sec (total messages received 55)
> 8 messages/sec (total messages received 95)
> 9 messages/sec (total messages received 144)
> 3 messages/sec (total messages received 162)
> 1 messages/sec (total messages received 169)
> ...
> On the server side, the memory is totally swamped in 20 seconds, with no way to recover
> Exception in thread "pool-1-thread-1" java.lang.OutOfMemoryError: Java heap space
> (see graph attached)
> On the server, ConcurrentLinkedQueue contain the messages to be written (in my case,
724 499 Node are present). There are also 361629 DefaultWriteRequests, 361628 DefaultWriteFutures,
361625 SimpleBuffer, 361 618 ProtocolCodecFilter$MessageWriteRequest and 361 614 ProtocolCodecFilter$EncodedWriteRequests.
> That mean we don't flush them to the client at all. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message