r4070 - in trunk/varnish-cache: bin/varnishd include
phk at projects.linpro.no
phk at projects.linpro.no
Mon May 11 11:25:12 CEST 2009
Author: phk
Date: 2009-05-11 11:25:12 +0200 (Mon, 11 May 2009)
New Revision: 4070
Modified:
trunk/varnish-cache/bin/varnishd/cache_acceptor.c
trunk/varnish-cache/bin/varnishd/cache_session.c
trunk/varnish-cache/bin/varnishd/heritage.h
trunk/varnish-cache/bin/varnishd/mgt_param.c
trunk/varnish-cache/include/stat_field.h
Log:
Put an upper limit on how many sessions we will allocate before we just
drop new connections summarily.
The parameter is session_max, default is 100k and the stats variable
client_drop counts how many sessions were dropped.
This is mostly an anti-DoS measure and your feedback and experience
with it is most welcome.
Modified: trunk/varnish-cache/bin/varnishd/cache_acceptor.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/cache_acceptor.c 2009-05-11 08:57:00 UTC (rev 4069)
+++ trunk/varnish-cache/bin/varnishd/cache_acceptor.c 2009-05-11 09:25:12 UTC (rev 4070)
@@ -241,8 +241,11 @@
continue;
}
sp = SES_New(addr, l);
- XXXAN(sp);
-
+ if (sp == NULL) {
+ AZ(close(i));
+ VSL_stats->client_drop++;
+ continue;
+ }
sp->fd = i;
sp->id = i;
sp->t_open = now;
Modified: trunk/varnish-cache/bin/varnishd/cache_session.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/cache_session.c 2009-05-11 08:57:00 UTC (rev 4069)
+++ trunk/varnish-cache/bin/varnishd/cache_session.c 2009-05-11 09:25:12 UTC (rev 4070)
@@ -111,6 +111,8 @@
volatile unsigned u;
if (sm == NULL) {
+ if (VSL_stats->n_sess_mem >= params->max_sess)
+ return (NULL);
/*
* It is not necessary to lock mem_workspace, but we
* need to cache it locally, to make sure we get a
Modified: trunk/varnish-cache/bin/varnishd/heritage.h
===================================================================
--- trunk/varnish-cache/bin/varnishd/heritage.h 2009-05-11 08:57:00 UTC (rev 4069)
+++ trunk/varnish-cache/bin/varnishd/heritage.h 2009-05-11 09:25:12 UTC (rev 4070)
@@ -82,6 +82,9 @@
/* TTL used for synthesized error pages */
unsigned err_ttl;
+ /* Maximum concurrent sessions */
+ unsigned max_sess;
+
/* Worker threads and pool */
unsigned wthread_min;
unsigned wthread_max;
Modified: trunk/varnish-cache/bin/varnishd/mgt_param.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/mgt_param.c 2009-05-11 08:57:00 UTC (rev 4069)
+++ trunk/varnish-cache/bin/varnishd/mgt_param.c 2009-05-11 09:25:12 UTC (rev 4070)
@@ -676,6 +676,15 @@
"have both IPv4 and IPv6 addresses.",
0,
"off", "bool" },
+ { "session_max", tweak_uint,
+ &master.max_sess, 1000, UINT_MAX,
+ "Maximum number of sessions we will allocate "
+ "before just dropping connections.\n"
+ "This is mostly an anti-DoS measure, and setting it plenty "
+ "high should not hurt, as long as you have the memory for "
+ "it.\n",
+ 0,
+ "100000", "sessions" },
{ "session_linger", tweak_uint,
&master.session_linger,0, UINT_MAX,
"How long time the workerthread lingers on the session "
Modified: trunk/varnish-cache/include/stat_field.h
===================================================================
--- trunk/varnish-cache/include/stat_field.h 2009-05-11 08:57:00 UTC (rev 4069)
+++ trunk/varnish-cache/include/stat_field.h 2009-05-11 09:25:12 UTC (rev 4070)
@@ -30,6 +30,7 @@
*/
MAC_STAT(client_conn, uint64_t, 0, 'a', "Client connections accepted")
+MAC_STAT(client_drop, uint64_t, 0, 'a', "Connection dropped, no sess")
MAC_STAT(client_req, uint64_t, 0, 'a', "Client requests received")
MAC_STAT(cache_hit, uint64_t, 0, 'a', "Cache hits")
More information about the varnish-commit
mailing list