OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Add a session concurrency option per key. Allows developer/config to specify number of concurrent requests on a service.

link-sitting
teravus 2013-10-09 22:21:25 -05:00
parent e7ea053c4a
commit 75f63ecfcd
4 changed files with 102 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
OpenSim/Framework/BasicDOSProtector.cs
View File

@ -43,9 +43,11 @@ namespace OpenSim.Framework
private readonly BasicDosProtectorOptions _options; private readonly BasicDosProtectorOptions _options;
private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection; // per client request checker private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection; // per client request checker
private readonly Dictionary<string, int> _tempBlocked; // blocked list private readonly Dictionary<string, int> _tempBlocked; // blocked list
private readonly Dictionary<string, int> _sessions;
private readonly System.Timers.Timer _forgetTimer; // Cleanup timer private readonly System.Timers.Timer _forgetTimer; // Cleanup timer
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
private readonly System.Threading.ReaderWriterLockSlim _lockSlim = new System.Threading.ReaderWriterLockSlim(); private readonly System.Threading.ReaderWriterLockSlim _blockLockSlim = new System.Threading.ReaderWriterLockSlim();
private readonly System.Threading.ReaderWriterLockSlim _sessionLockSlim = new System.Threading.ReaderWriterLockSlim();
public BasicDOSProtector(BasicDosProtectorOptions options) public BasicDOSProtector(BasicDosProtectorOptions options)
{ {
_generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true); _generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true);
@ -53,13 +55,14 @@ namespace OpenSim.Framework
_options = options; _options = options;
_deeperInspection = new Dictionary<string, CircularBuffer<int>>(); _deeperInspection = new Dictionary<string, CircularBuffer<int>>();
_tempBlocked = new Dictionary<string, int>(); _tempBlocked = new Dictionary<string, int>();
_sessions = new Dictionary<string, int>();
_forgetTimer = new System.Timers.Timer(); _forgetTimer = new System.Timers.Timer();
_forgetTimer.Elapsed += delegate _forgetTimer.Elapsed += delegate
{ {
_forgetTimer.Enabled = false; _forgetTimer.Enabled = false;
List<string> removes = new List<string>(); List<string> removes = new List<string>();
_lockSlim.EnterReadLock(); _blockLockSlim.EnterReadLock();
foreach (string str in _tempBlocked.Keys) foreach (string str in _tempBlocked.Keys)
{ {
if ( if (
@ -67,26 +70,27 @@ namespace OpenSim.Framework
_tempBlocked[str]) > 0) _tempBlocked[str]) > 0)
removes.Add(str); removes.Add(str);
} }
_lockSlim.ExitReadLock(); _blockLockSlim.ExitReadLock();
lock (_deeperInspection) lock (_deeperInspection)
{ {
_lockSlim.EnterWriteLock(); _blockLockSlim.EnterWriteLock();
for (int i = 0; i < removes.Count; i++) for (int i = 0; i < removes.Count; i++)
{ {
_tempBlocked.Remove(removes[i]); _tempBlocked.Remove(removes[i]);
_deeperInspection.Remove(removes[i]); _deeperInspection.Remove(removes[i]);
_sessions.Remove(removes[i]);
} }
_lockSlim.ExitWriteLock(); _blockLockSlim.ExitWriteLock();
} }
foreach (string str in removes) foreach (string str in removes)
{ {
m_log.InfoFormat("[{0}] client: {1} is no longer blocked.", m_log.InfoFormat("[{0}] client: {1} is no longer blocked.",
_options.ReportingName, str); _options.ReportingName, str);
} }
_lockSlim.EnterReadLock(); _blockLockSlim.EnterReadLock();
if (_tempBlocked.Count > 0) if (_tempBlocked.Count > 0)
_forgetTimer.Enabled = true; _forgetTimer.Enabled = true;
_lockSlim.ExitReadLock(); _blockLockSlim.ExitReadLock();
}; };
_forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds; _forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds;
@ -100,9 +104,9 @@ namespace OpenSim.Framework
public bool IsBlocked(string key) public bool IsBlocked(string key)
{ {
bool ret = false; bool ret = false;
_lockSlim.EnterReadLock(); _blockLockSlim.EnterReadLock();
ret = _tempBlocked.ContainsKey(key); ret = _tempBlocked.ContainsKey(key);
_lockSlim.ExitReadLock(); _blockLockSlim.ExitReadLock();
return ret; return ret;
} }
@ -119,20 +123,58 @@ namespace OpenSim.Framework
string clientstring = key; string clientstring = key;
_lockSlim.EnterReadLock(); _blockLockSlim.EnterReadLock();
if (_tempBlocked.ContainsKey(clientstring)) if (_tempBlocked.ContainsKey(clientstring))
{ {
_lockSlim.ExitReadLock(); _blockLockSlim.ExitReadLock();
if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod) if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
return false; return false;
else else
throw new System.Security.SecurityException("Throttled"); throw new System.Security.SecurityException("Throttled");
} }
_lockSlim.ExitReadLock();
_generalRequestTimes.Put(Util.EnvironmentTickCount()); _blockLockSlim.ExitReadLock();
lock (_generalRequestTimes)
_generalRequestTimes.Put(Util.EnvironmentTickCount());
if (_options.MaxConcurrentSessions > 0)
{
int sessionscount = 0;
_sessionLockSlim.EnterReadLock();
if (_sessions.ContainsKey(key))
sessionscount = _sessions[key];
_sessionLockSlim.ExitReadLock();
if (sessionscount > _options.MaxConcurrentSessions)
{
// Add to blocking and cleanup methods
lock (_deeperInspection)
{
_blockLockSlim.EnterWriteLock();
if (!_tempBlocked.ContainsKey(clientstring))
{
_tempBlocked.Add(clientstring,
Util.EnvironmentTickCount() +
(int) _options.ForgetTimeSpan.TotalMilliseconds);
_forgetTimer.Enabled = true;
m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds based on concurrency, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint);
}
else
_tempBlocked[clientstring] = Util.EnvironmentTickCount() +
(int) _options.ForgetTimeSpan.TotalMilliseconds;
_blockLockSlim.ExitWriteLock();
}
}
else
ProcessConcurrency(key, endpoint);
}
if (_generalRequestTimes.Size == _generalRequestTimes.Capacity && if (_generalRequestTimes.Size == _generalRequestTimes.Capacity &&
(Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) < (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) <
_options.RequestTimeSpan.TotalMilliseconds)) _options.RequestTimeSpan.TotalMilliseconds))
@ -147,6 +189,29 @@ namespace OpenSim.Framework
} }
return true; return true;
} }
private void ProcessConcurrency(string key, string endpoint)
{
_sessionLockSlim.EnterWriteLock();
if (_sessions.ContainsKey(key))
_sessions[key] = _sessions[key] + 1;
else
_sessions.Add(key,1);
_sessionLockSlim.ExitWriteLock();
}
public void ProcessEnd(string key, string endpoint)
{
_sessionLockSlim.EnterWriteLock();
if (_sessions.ContainsKey(key))
{
_sessions[key]--;
if (_sessions[key] <= 0)
_sessions.Remove(key);
}
else
_sessions.Add(key, 1);
_sessionLockSlim.ExitWriteLock();
}
/// <summary> /// <summary>
/// At this point, the rate limiting code needs to track 'per user' velocity. /// At this point, the rate limiting code needs to track 'per user' velocity.
@ -169,12 +234,12 @@ namespace OpenSim.Framework
_options.RequestTimeSpan.TotalMilliseconds)) _options.RequestTimeSpan.TotalMilliseconds))
{ {
//Looks like we're over the limit //Looks like we're over the limit
_lockSlim.EnterWriteLock(); _blockLockSlim.EnterWriteLock();
if (!_tempBlocked.ContainsKey(clientstring)) if (!_tempBlocked.ContainsKey(clientstring))
_tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds); _tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds);
else else
_tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds; _tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds;
_lockSlim.ExitWriteLock(); _blockLockSlim.ExitWriteLock();
m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint); m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint);
@ -205,5 +270,6 @@ namespace OpenSim.Framework
public bool AllowXForwardedFor; public bool AllowXForwardedFor;
public string ReportingName = "BASICDOSPROTECTOR"; public string ReportingName = "BASICDOSPROTECTOR";
public BasicDOSProtector.ThrottleAction ThrottledAction = BasicDOSProtector.ThrottleAction.DoThrottledMethod; public BasicDOSProtector.ThrottleAction ThrottledAction = BasicDOSProtector.ThrottleAction.DoThrottledMethod;
public int MaxConcurrentSessions;
} }
} }

8
OpenSim/Framework/Servers/HttpServer/BaseStreamHandlerBasicDOSProtector.cs
View File

@ -55,12 +55,14 @@ namespace OpenSim.Framework.Servers.HttpServer
{ {
byte[] result; byte[] result;
RequestsReceived++; RequestsReceived++;
string clientstring = GetClientString(httpRequest);
if (_dosProtector.Process(GetClientString(httpRequest), GetRemoteAddr(httpRequest))) string endpoint = GetRemoteAddr(httpRequest);
if (_dosProtector.Process(clientstring, endpoint))
result = ProcessRequest(path, request, httpRequest, httpResponse); result = ProcessRequest(path, request, httpRequest, httpResponse);
else else
result = ThrottledRequest(path, request, httpRequest, httpResponse); result = ThrottledRequest(path, request, httpRequest, httpResponse);
if (_options.MaxConcurrentSessions > 0)
_dosProtector.ProcessEnd(clientstring, endpoint);
RequestsHandled++; RequestsHandled++;

14
OpenSim/Framework/Servers/HttpServer/GenericHTTPBasicDOSProtector.cs
View File

@ -47,10 +47,18 @@ namespace OpenSim.Framework.Servers.HttpServer
} }
public Hashtable Process(Hashtable request) public Hashtable Process(Hashtable request)
{ {
if (_dosProtector.Process(GetClientString(request), GetRemoteAddr(request))) Hashtable process = null;
return _normalMethod(request); string clientstring= GetClientString(request);
string endpoint = GetRemoteAddr(request);
if (_dosProtector.Process(clientstring, endpoint))
process = _normalMethod(request);
else else
return _throttledMethod(request); process = _throttledMethod(request);
if (_options.MaxConcurrentSessions>0)
_dosProtector.ProcessEnd(clientstring, endpoint);
return process;
} }
private string GetRemoteAddr(Hashtable request) private string GetRemoteAddr(Hashtable request)

7
OpenSim/Framework/Servers/HttpServer/XmlRpcBasicDOSProtector.cs
View File

@ -53,11 +53,14 @@ namespace OpenSim.Framework.Servers.HttpServer
{ {
XmlRpcResponse resp = null; XmlRpcResponse resp = null;
if (_dosProtector.Process(GetClientString(request, client), GetEndPoint(request, client))) string clientstring = GetClientString(request, client);
string endpoint = GetEndPoint(request, client);
if (_dosProtector.Process(clientstring, endpoint))
resp = _normalMethod(request, client); resp = _normalMethod(request, client);
else else
resp = _throttledMethod(request, client); resp = _throttledMethod(request, client);
if (_options.MaxConcurrentSessions > 0)
_dosProtector.ProcessEnd(clientstring, endpoint);
return resp; return resp;
} }