Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

frang: concurrent_tcp_connections - the connection counter works incorrectly #2084

Closed
RomanBelozerov opened this issue Mar 29, 2024 · 0 comments
Closed

frang: concurrent_tcp_connections - the connection counter works incorrectly #2084

RomanBelozerov opened this issue Mar 29, 2024 · 0 comments
Assignees
@enuribekov-tempesta
Labels
bug crucial good to start Start form this tasks if you're new in Tempesta FW security
Milestone
0.8 - Beta

Comments

@RomanBelozerov
Copy link
Contributor

Tempesta - 66e8acf

For frang config:

frang_limits {
    concurrent_connections 2;
}
  1. Establish 10 client connections from same IP (number of warning in dmesg - 8).
  2. Close connections.
  3. Wait (optional)
  4. Establish new 10 client connection from that IP.

ER: Tempesta allows 2 connections and closes 8 connections. The last dmesg warning - frang: connections max num. exceeded for 127.0.0.1: 8 (lim=2)
AR: Tempesta closes 10 connections. The last dmesg warning - frang: connections max num. exceeded for 127.0.0.1: 18 (lim=2)

Testing

t_frang.test_concurrent_connections.ConcurrentConnections.test_clear_client_connection_stats_greater
@RomanBelozerov RomanBelozerov added this to the 0.8 - Beta milestone Mar 29, 2024
@krizhanovsky krizhanovsky added the good to start Start form this tasks if you're new in Tempesta FW label Mar 29, 2024
@RomanBelozerov RomanBelozerov linked a pull request Apr 5, 2024 that will close this issue
Decrement connection counter if limit exceeded. #2093
Closed
enuribekov-tempesta added a commit that referenced this issue Apr 23, 2024
@enuribekov-tempesta
Add sk_free callback handler.
ecef287 
In this way tfw_classify_conn_close() function called when
connection closed on the socket level.
In this particular case we fix the situation when tfw_classify_conn_close()
skipped when connection dropped by connections limiter (Issue #2084).
@enuribekov-tempesta enuribekov-tempesta mentioned this issue Apr 23, 2024
Merged
enuribekov-tempesta added a commit that referenced this issue Apr 24, 2024
@enuribekov-tempesta
Add sk_free callback handler (kernel part).
11aa5f4 
In this way tfw_classify_conn_close() function called when
connection closed on the socket level.
In this particular case we fix the situation when tfw_classify_conn_close()
skipped when connection dropped by connections limiter (Issue #2084).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enuribekov-tempesta enuribekov-tempesta

Labels
bug crucial good to start Start form this tasks if you're new in Tempesta FW security
Projects
None yet
Milestone
0.8 - Beta
Development

Successfully merging a pull request may close this issue.

Decrement connection counter if limit exceeded. tempesta-tech/tempesta
3 participants
@krizhanovsky @RomanBelozerov @enuribekov-tempesta