search

hyperledger-archives / fabric

THIS IS A READ-ONLY historic repository. Current development is at https://gerrit.hyperledger.org/r/#/admin/projects/fabric . pull requests not accepted
https://gerrit.hyperledger.org/
Apache License 2.0
1.17k stars 1.01k forks source link

too many open files when REST API connections linger #689

Open corecode opened 8 years ago

corecode commented 8 years ago

If client connections are not marked as Connection: close, HTTP API connections stay around, and eat file descriptors. If no more free file descriptors are available, grpc's accept() will fail, and the peer will shut down. This is an easy DoS surface to bring down a peer.

A quick work-around is setting read and write timeouts for the REST handler:

    httpServer := http.Server{
        Addr:         viper.GetString("rest.address"),
        Handler:      router,
        ReadTimeout:  300 * time.Millisecond,
        WriteTimeout: 300 * time.Millisecond,
    }

    // Start server
    err := httpServer.ListenAndServe()

However, this this still allows for a connection flood DoS.

Another approach is to only allow a maximum amount of concurrently open connections, by supplying a custom (counting) listener, as in http://play.golang.org/p/hy9ouVmtKk. A more advanced system would start killing old (inactive, LRU) connections.

The same goes for peer grpc connections.

christo4ferris commented 8 years ago

@corecode @angrbrd is this still an issue or can it be closed?

angrbrd commented 8 years ago

@corecode I am not sure if this was ever addressed? I know this is a very old issue... If you find that this still a problem, please open a matching issue in Jira and tag with "api". Then close this issue.

Thanks!