[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections |
Date: |
Wed, 15 Oct 2014 13:31:10 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Oct 15, 2014 at 02:19:45PM +0200, Gerd Hoffmann wrote:
> Also track the number of connections in "connecting" and "shared" state
> (additionally to "exclusive" state). Apply a configurable limit to
> these connections.
>
> The logic to apply the limit to connections in "shared" state is pretty
> simple: When the limit is reached no new connections are allowed.
>
> The logic to apply the limit to connections in "connecting" state (this
> is the state you are in *before* successfull authentication) is
> slightly different: A new connect kicks out the oldest client which is
> still in "connecting" state. This avoids a easy DoS by unauthenticated
> users by simply opening connections until the limit is reached.
I'd suggest that rather than kicking off the oldest client QEMU
should simply stop calling accept() when it reaches the limit
of active unauthenticated client connections.
By allowing the connection to succeeed & then kicking off another
client QEMU's still burning CPU to do memory allocation & free'ing
for each client.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances., Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 5/6] vnc: update docs/multiseat.txt, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 2/6] vnc: remove unused DisplayState parameter, add id instead., Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections,
Daniel P. Berrange <=
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/16
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/20
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21