Open corecode opened 8 years ago
@corecode @angrbrd is this still an issue or can it be closed?
@corecode I am not sure if this was ever addressed? I know this is a very old issue... If you find that this still a problem, please open a matching issue in Jira and tag with "api". Then close this issue.
Thanks!
If client connections are not marked as
Connection: close
, HTTP API connections stay around, and eat file descriptors. If no more free file descriptors are available, grpc'saccept()
will fail, and the peer will shut down. This is an easy DoS surface to bring down a peer.A quick work-around is setting read and write timeouts for the REST handler:
However, this this still allows for a connection flood DoS.
Another approach is to only allow a maximum amount of concurrently open connections, by supplying a custom (counting) listener, as in http://play.golang.org/p/hy9ouVmtKk. A more advanced system would start killing old (inactive, LRU) connections.
The same goes for peer grpc connections.