[libvirt] [PATCH v3 0/2] Introduce max_anonymous_clients
https://bugzilla.redhat.com/show_bug.cgi?id=981729 So far we can limit how many clients are connected, how many are waiting in accept() line but we could not control the count of accepted but not authenticated yet. diff to v2: -Dan's suggestions worked in Michal Privoznik (2): virNetServer: Introduce unauth clients counter daemon: Introduce max_anonymous_clients daemon/libvirtd-config.c | 4 +- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++- daemon/remote.c | 21 +++++---- daemon/test_libvirtd.aug.in | 3 +- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 108 ++++++++++++++++++++++++++++++++++++++++---- src/rpc/virnetserver.h | 4 ++ 11 files changed, 130 insertions(+), 23 deletions(-) -- 1.9.0
The counter gets incremented on each unauthenticated client added to the server and decremented whenever the client authenticates. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- daemon/remote.c | 21 +++++++++++++-------- src/rpc/virnetserver.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- src/rpc/virnetserver.h | 3 +++ 3 files changed, 58 insertions(+), 11 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index b48d456..416aa40 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2619,7 +2619,7 @@ cleanup: /*-------------------------------------------------------------*/ static int -remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthList(virNetServerPtr server, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -2649,6 +2649,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; VIR_INFO("Bypass polkit auth for privileged client %s", ident); virNetServerClientSetAuth(client, 0); + virNetServerTrackCompletedAuth(server); auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; VIR_FREE(ident); } @@ -2764,7 +2765,8 @@ authfail: * Returns 0 if ok, -1 on error, -2 if rejected */ static int -remoteSASLFinish(virNetServerClientPtr client) +remoteSASLFinish(virNetServerPtr server, + virNetServerClientPtr client) { const char *identity; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); @@ -2789,6 +2791,7 @@ remoteSASLFinish(virNetServerClientPtr client) return -2; virNetServerClientSetAuth(client, 0); + virNetServerTrackCompletedAuth(server); virNetServerClientSetSASLSession(client, priv->sasl); VIR_DEBUG("Authentication successful %d", virNetServerClientGetFD(client)); @@ -2810,7 +2813,7 @@ error: * This starts the SASL authentication negotiation. */ static int -remoteDispatchAuthSaslStart(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthSaslStart(virNetServerPtr server, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -2868,7 +2871,7 @@ remoteDispatchAuthSaslStart(virNetServerPtr server ATTRIBUTE_UNUSED, ret->complete = 0; } else { /* Check username whitelist ACL */ - if ((err = remoteSASLFinish(client)) < 0) { + if ((err = remoteSASLFinish(server, client)) < 0) { if (err == -2) goto authdeny; else @@ -2908,7 +2911,7 @@ error: static int -remoteDispatchAuthSaslStep(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthSaslStep(virNetServerPtr server, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -2966,7 +2969,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server ATTRIBUTE_UNUSED, ret->complete = 0; } else { /* Check username whitelist ACL */ - if ((err = remoteSASLFinish(client)) < 0) { + if ((err = remoteSASLFinish(server, client)) < 0) { if (err == -2) goto authdeny; else @@ -3051,7 +3054,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server ATTRIBUTE_UNUSED, #if WITH_POLKIT1 static int -remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthPolkit(virNetServerPtr server, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -3142,6 +3145,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, ret->complete = 1; virNetServerClientSetAuth(client, 0); + virNetServerTrackCompletedAuth(server); virMutexUnlock(&priv->lock); virCommandFree(cmd); VIR_FREE(pkout); @@ -3182,7 +3186,7 @@ authdeny: } #elif WITH_POLKIT0 static int -remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthPolkit(virNetServerPtr server, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -3297,6 +3301,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, ret->complete = 1; virNetServerClientSetAuth(client, 0); + virNetServerTrackCompletedAuth(server); virMutexUnlock(&priv->lock); VIR_FREE(ident); return 0; diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index f70e260..3170f64 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -88,9 +88,10 @@ struct _virNetServer { size_t nprograms; virNetServerProgramPtr *programs; - size_t nclients; - size_t nclients_max; - virNetServerClientPtr *clients; + size_t nclients; /* Current clients count */ + virNetServerClientPtr *clients; /* Clients */ + size_t nclients_max; /* Max allowed clients count */ + size_t nclients_unauth; /* Unauthenticated clients count */ int keepaliveInterval; unsigned int keepaliveCount; @@ -118,6 +119,8 @@ static virClassPtr virNetServerClass; static void virNetServerDispose(void *obj); static void virNetServerUpdateServicesLocked(virNetServerPtr srv, bool enabled); +static inline size_t virNetServerTrackPendingAuthLocked(virNetServerPtr srv); +static inline size_t virNetServerTrackCompletedAuthLocked(virNetServerPtr srv); static int virNetServerOnceInit(void) { @@ -273,6 +276,9 @@ static int virNetServerAddClient(virNetServerPtr srv, srv->clients[srv->nclients-1] = client; virObjectRef(client); + if (virNetServerClientNeedAuth(client)) + virNetServerTrackPendingAuthLocked(srv); + if (srv->nclients == srv->nclients_max) { /* Temporarily stop accepting new clients */ VIR_DEBUG("Temporarily suspending services due to max_clients"); @@ -1140,6 +1146,9 @@ void virNetServerRun(virNetServerPtr srv) srv->nclients = 0; } + if (virNetServerClientNeedAuth(client)) + virNetServerTrackCompletedAuthLocked(srv); + /* Enable services if we can accept a new client. * The new client can be accepted if we are at the limit. */ if (srv->nclients == srv->nclients_max - 1) { @@ -1236,3 +1245,33 @@ bool virNetServerKeepAliveRequired(virNetServerPtr srv) virObjectUnlock(srv); return required; } + +static inline size_t +virNetServerTrackPendingAuthLocked(virNetServerPtr srv) +{ + return ++srv->nclients_unauth; +} + +static inline size_t +virNetServerTrackCompletedAuthLocked(virNetServerPtr srv) +{ + return --srv->nclients_unauth; +} + +size_t virNetServerTrackPendingAuth(virNetServerPtr srv) +{ + size_t ret; + virObjectLock(srv); + ret = virNetServerTrackPendingAuthLocked(srv); + virObjectUnlock(srv); + return ret; +} + +size_t virNetServerTrackCompletedAuth(virNetServerPtr srv) +{ + size_t ret; + virObjectLock(srv); + ret = virNetServerTrackCompletedAuthLocked(srv); + virObjectUnlock(srv); + return ret; +} diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 1a85c02..b56540c 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -97,4 +97,7 @@ void virNetServerClose(virNetServerPtr srv); bool virNetServerKeepAliveRequired(virNetServerPtr srv); +size_t virNetServerTrackPendingAuth(virNetServerPtr srv); +size_t virNetServerTrackCompletedAuth(virNetServerPtr srv); + #endif -- 1.9.0
On Wed, Mar 05, 2014 at 01:08:09PM +0100, Michal Privoznik wrote:
The counter gets incremented on each unauthenticated client added to the server and decremented whenever the client authenticates.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- daemon/remote.c | 21 +++++++++++++-------- src/rpc/virnetserver.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- src/rpc/virnetserver.h | 3 +++ 3 files changed, 58 insertions(+), 11 deletions(-)
ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
https://bugzilla.redhat.com/show_bug.cgi?id=981729 This config tunable allows users to determine the maximum number of accepted but yet not authenticated users. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- daemon/libvirtd-config.c | 4 ++- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++++- daemon/test_libvirtd.aug.in | 3 ++- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 63 ++++++++++++++++++++++++++++++++++++++++----- src/rpc/virnetserver.h | 1 + 10 files changed, 72 insertions(+), 12 deletions(-) diff --git a/daemon/libvirtd-config.c b/daemon/libvirtd-config.c index c816fda..c7e107b 100644 --- a/daemon/libvirtd-config.c +++ b/daemon/libvirtd-config.c @@ -258,7 +258,8 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) data->min_workers = 5; data->max_workers = 20; - data->max_clients = 20; + data->max_clients = 5000; + data->max_anonymous_clients = 20; data->prio_workers = 5; @@ -415,6 +416,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, GET_CONF_INT(conf, filename, max_workers); GET_CONF_INT(conf, filename, max_clients); GET_CONF_INT(conf, filename, max_queued_clients); + GET_CONF_INT(conf, filename, max_anonymous_clients); GET_CONF_INT(conf, filename, prio_workers); diff --git a/daemon/libvirtd-config.h b/daemon/libvirtd-config.h index a24d5d2..66dc80b 100644 --- a/daemon/libvirtd-config.h +++ b/daemon/libvirtd-config.h @@ -64,6 +64,7 @@ struct daemonConfig { int max_workers; int max_clients; int max_queued_clients; + int max_anonymous_clients; int prio_workers; diff --git a/daemon/libvirtd.aug b/daemon/libvirtd.aug index 70fce5c..5a0807c 100644 --- a/daemon/libvirtd.aug +++ b/daemon/libvirtd.aug @@ -57,6 +57,7 @@ module Libvirtd = | int_entry "max_workers" | int_entry "max_clients" | int_entry "max_queued_clients" + | int_entry "max_anonymous_clients" | int_entry "max_requests" | int_entry "max_client_requests" | int_entry "prio_workers" diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 72f0e81..40cf671 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1376,6 +1376,7 @@ int main(int argc, char **argv) { config->max_workers, config->prio_workers, config->max_clients, + config->max_anonymous_clients, config->keepalive_interval, config->keepalive_count, !!config->keepalive_required, diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf index 073c178..64c215d 100644 --- a/daemon/libvirtd.conf +++ b/daemon/libvirtd.conf @@ -255,7 +255,7 @@ # The maximum number of concurrent client connections to allow # over all sockets combined. -#max_clients = 20 +#max_clients = 5000 # The maximum length of queue of connections waiting to be # accepted by the daemon. Note, that some protocols supporting @@ -263,6 +263,10 @@ # connection succeeds. #max_queued_clients = 1000 +# The maximum length of queue of accepted but not yet not +# authenticated clients. The default value is zero, meaning +# the feature is disabled. +#max_anonymous_clients = 20 # The minimum limit sets the number of workers to start up # initially. If the number of active clients exceeds this, diff --git a/daemon/test_libvirtd.aug.in b/daemon/test_libvirtd.aug.in index a7e8515..37ff33d 100644 --- a/daemon/test_libvirtd.aug.in +++ b/daemon/test_libvirtd.aug.in @@ -34,8 +34,9 @@ module Test_libvirtd = { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } } - { "max_clients" = "20" } + { "max_clients" = "5000" } { "max_queued_clients" = "1000" } + { "max_anonymous_clients" = "20" } { "min_workers" = "5" } { "max_workers" = "20" } { "prio_workers" = "5" } diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index e047751..054dda9 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -145,7 +145,7 @@ virLockDaemonNew(virLockDaemonConfigPtr config, bool privileged) } if (!(lockd->srv = virNetServerNew(1, 1, 0, config->max_clients, - -1, 0, + config->max_clients, -1, 0, false, NULL, virLockDaemonClientNew, virLockDaemonClientPreExecRestart, diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 5ca960f..ab140f1 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -737,7 +737,7 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl) return -1; if (!(ctrl->server = virNetServerNew(0, 0, 0, 1, - -1, 0, false, + 0, -1, 0, false, NULL, virLXCControllerClientPrivateNew, NULL, diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 3170f64..eec5dd0 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -92,6 +92,7 @@ struct _virNetServer { virNetServerClientPtr *clients; /* Clients */ size_t nclients_max; /* Max allowed clients count */ size_t nclients_unauth; /* Unauthenticated clients count */ + size_t nclients_unauth_max; /* Max allowed unauth clients count */ int keepaliveInterval; unsigned int keepaliveCount; @@ -279,6 +280,14 @@ static int virNetServerAddClient(virNetServerPtr srv, if (virNetServerClientNeedAuth(client)) virNetServerTrackPendingAuthLocked(srv); + if (srv->nclients_unauth_max && + srv->nclients_unauth == srv->nclients_unauth_max) { + /* Temporarily stop accepting new clients */ + VIR_DEBUG("Temporarily suspending services " + "due to max_anonymous_clients"); + virNetServerUpdateServicesLocked(srv, false); + } + if (srv->nclients == srv->nclients_max) { /* Temporarily stop accepting new clients */ VIR_DEBUG("Temporarily suspending services due to max_clients"); @@ -362,6 +371,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t priority_workers, size_t max_clients, + size_t max_anonymous_clients, int keepaliveInterval, unsigned int keepaliveCount, bool keepaliveRequired, @@ -388,6 +398,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, goto error; srv->nclients_max = max_clients; + srv->nclients_unauth_max = max_anonymous_clients; srv->keepaliveInterval = keepaliveInterval; srv->keepaliveCount = keepaliveCount; srv->keepaliveRequired = keepaliveRequired; @@ -457,6 +468,7 @@ virNetServerPtr virNetServerNewPostExecRestart(virJSONValuePtr object, unsigned int max_workers; unsigned int priority_workers; unsigned int max_clients; + unsigned int max_anonymous_clients; unsigned int keepaliveInterval; unsigned int keepaliveCount; bool keepaliveRequired; @@ -482,6 +494,13 @@ virNetServerPtr virNetServerNewPostExecRestart(virJSONValuePtr object, _("Missing max_clients data in JSON document")); goto error; } + if (virJSONValueObjectHasKey(object, "max_anonymous_clients") && + virJSONValueObjectGetNumberUint(object, "max_anonymous_clients", + &max_anonymous_clients) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Malformed max_anonymous_clients data in JSON document")); + goto error; + } if (virJSONValueObjectGetNumberUint(object, "keepaliveInterval", &keepaliveInterval) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing keepaliveInterval data in JSON document")); @@ -507,6 +526,7 @@ virNetServerPtr virNetServerNewPostExecRestart(virJSONValuePtr object, if (!(srv = virNetServerNew(min_workers, max_clients, priority_workers, max_clients, + max_anonymous_clients, keepaliveInterval, keepaliveCount, keepaliveRequired, mdnsGroupName, clientPrivNew, clientPrivPreExecRestart, @@ -625,6 +645,12 @@ virJSONValuePtr virNetServerPreExecRestart(virNetServerPtr srv) _("Cannot set max_clients data in JSON document")); goto error; } + if (virJSONValueObjectAppendNumberUint(object, "max_anonymous_clients", + srv->nclients_unauth_max) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot set max_anonymous_clients data in JSON document")); + goto error; + } if (virJSONValueObjectAppendNumberUint(object, "keepaliveInterval", srv->keepaliveInterval) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Cannot set keepaliveInterval data in JSON document")); @@ -1068,6 +1094,34 @@ void virNetServerUpdateServices(virNetServerPtr srv, virObjectUnlock(srv); } +/** + * virNetServerCheckLimits: + * @srv: server to check limits on + * + * Check if limits like max_clients or max_anonymous_clients + * are satisfied and if so, re-enable accepting new clients. + * The @srv must be locked when this function is called. + */ +static void +virNetServerCheckLimits(virNetServerPtr srv) +{ + /* Enable services if we can accept a new client. + * The new client can be accepted if both max_clients and + * max_anonymous_clients wouldn't get overcommitted by + * accepting it. */ + VIR_DEBUG("Considering re-enabling services: " + "nclients=%zu nclients_max=%zu " + "nclients_unauth=%zu nclients_unauth_max=%zu", + srv->nclients, srv->nclients_max, + srv->nclients_unauth, srv->nclients_unauth_max); + if (srv->nclients < srv->nclients_max && + (!srv->nclients_unauth_max || + srv->nclients_unauth < srv->nclients_unauth_max)) { + /* Now it makes sense to accept() a new client. */ + VIR_DEBUG("Re-enabling services"); + virNetServerUpdateServicesLocked(srv, true); + } +} void virNetServerRun(virNetServerPtr srv) { @@ -1149,13 +1203,7 @@ void virNetServerRun(virNetServerPtr srv) if (virNetServerClientNeedAuth(client)) virNetServerTrackCompletedAuthLocked(srv); - /* Enable services if we can accept a new client. - * The new client can be accepted if we are at the limit. */ - if (srv->nclients == srv->nclients_max - 1) { - /* Now it makes sense to accept() a new client. */ - VIR_DEBUG("Re-enabling services"); - virNetServerUpdateServicesLocked(srv, true); - } + virNetServerCheckLimits(srv); virObjectUnlock(srv); virObjectUnref(client); @@ -1272,6 +1320,7 @@ size_t virNetServerTrackCompletedAuth(virNetServerPtr srv) size_t ret; virObjectLock(srv); ret = virNetServerTrackCompletedAuthLocked(srv); + virNetServerCheckLimits(srv); virObjectUnlock(srv); return ret; } diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index b56540c..8c5ae07 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -39,6 +39,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t priority_workers, size_t max_clients, + size_t max_anonymous_clients, int keepaliveInterval, unsigned int keepaliveCount, bool keepaliveRequired, -- 1.9.0
On Wed, Mar 05, 2014 at 01:08:10PM +0100, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=981729
This config tunable allows users to determine the maximum number of accepted but yet not authenticated users.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- daemon/libvirtd-config.c | 4 ++- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++++- daemon/test_libvirtd.aug.in | 3 ++- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 63 ++++++++++++++++++++++++++++++++++++++++----- src/rpc/virnetserver.h | 1 + 10 files changed, 72 insertions(+), 12 deletions(-)
ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 17.03.2014 17:00, Daniel P. Berrange wrote:
On Wed, Mar 05, 2014 at 01:08:10PM +0100, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=981729
This config tunable allows users to determine the maximum number of accepted but yet not authenticated users.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- daemon/libvirtd-config.c | 4 ++- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++++- daemon/test_libvirtd.aug.in | 3 ++- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 63 ++++++++++++++++++++++++++++++++++++++++----- src/rpc/virnetserver.h | 1 + 10 files changed, 72 insertions(+), 12 deletions(-)
ACK
Thanks, pushed. Michal
On 05.03.2014 13:08, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=981729
So far we can limit how many clients are connected, how many are waiting in accept() line but we could not control the count of accepted but not authenticated yet.
diff to v2: -Dan's suggestions worked in
Michal Privoznik (2): virNetServer: Introduce unauth clients counter daemon: Introduce max_anonymous_clients
daemon/libvirtd-config.c | 4 +- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++- daemon/remote.c | 21 +++++---- daemon/test_libvirtd.aug.in | 3 +- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 108 ++++++++++++++++++++++++++++++++++++++++---- src/rpc/virnetserver.h | 4 ++ 11 files changed, 130 insertions(+), 23 deletions(-)
I'd like to get this merged asap so we give upstream enough time to test it. Michal
On 05.03.2014 13:08, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=981729
So far we can limit how many clients are connected, how many are waiting in accept() line but we could not control the count of accepted but not authenticated yet.
diff to v2: -Dan's suggestions worked in
Michal Privoznik (2): virNetServer: Introduce unauth clients counter daemon: Introduce max_anonymous_clients
daemon/libvirtd-config.c | 4 +- daemon/libvirtd-config.h | 1 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 1 + daemon/libvirtd.conf | 6 ++- daemon/remote.c | 21 +++++---- daemon/test_libvirtd.aug.in | 3 +- src/locking/lock_daemon.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/rpc/virnetserver.c | 108 ++++++++++++++++++++++++++++++++++++++++---- src/rpc/virnetserver.h | 4 ++ 11 files changed, 130 insertions(+), 23 deletions(-)
Ping?
participants (2)
-
Daniel P. Berrange -
Michal Privoznik