Projects tigase _server server-core Issues #190
raise log level of severe issue (#190)
Closed
tom quas opened 1 decade ago

ran into a problem with traffic limits; the SM told me

@ConnectionManager.checkTrafficLimits() FINE: [[ext]] XMPP Limits exceeded on connection null, type: accept, Socket: nullSocket[addr=/127.0.0.1,port=18846,localport=8888] stopping, packets dropped: [from=null, to=null, DATA=<presence to=

@

this cause the MUC component to cry

ComponentProtocol.getXMPPIOService() INFO: No ext connection for hostname: test.com

log level FINE? INFO? to me this sounds more like FATAL. it's an ops' nightmare!

Artur Hefczyc commented 1 decade ago

You are correct. My hesitation about using a higher level for logging is to prevent some kind of DOS attack as this feature was implemented mainly for c2s connections to put some limits on standard users communication. As this may happen very often, especially if there is some persistent offender this could cause excessive logging. Plus this may also happen for s2s connections.

As a resolution for this issue I have done 2 things:

  1. Increased default limits for external component (and cluster connection manager as well) to be x1000 higher then currently, which means actually no limits

  2. Increased log level to WARNING for all connections except c2s connections.

I hope you find this resolution satisfactory. Let me know if you have any comments to this.

tom quas commented 1 decade ago

artur, thx for the quick reaction. increasing the default limits was a good thing to do for high traffic sites.

i don't understand "using a higher level for logging is to prevent some kind of DOS attack." traffic limits certainly are a nice feature when you allow the world to connect to your s2s or ext ports - how likely is that though? and what does it have to do with log levels when things go down the tube?

so yes, WARNING is kinda ok, but for my taste dropped packets and disconnected components should ring all alarm bells in a production environment. i'm still convinced that FATAL is the level to go for.

Artur Hefczyc commented 1 decade ago

By DOS attack I meant a use case when a offending user connects over and over again possibly on multiple connections exceeding traffic limits, you could end up with excessive logging on the server which could slow down the service.

Traffic limits for s2s certainly make sense as there are lots of badly maintained public XMPP services which may impact your own installation.

I fully agree about ext connections, it is highly unlikely to allow any external traffic for these types of connections. The whole "problem" was caused by the fact that such functionality is usually implemented at the lowest possible level, in framework which is common to all types of connections, so the ext connections just inherited the functionality.

This is fairly new feature requested by one of our customers, hence, not all border cases were checked thoroughly enough. I am sorry for the troubles it caused.

Artur Hefczyc commented 1 decade ago

Applied in changeset tigase-server|commit:4ccaf048e8040924694ae35756108d9eef772900.

issue 1 of 1
Type
New Feature
Priority
Major
Assignee
RedmineID
1070
Version
tigase-server-5.2.0
Estimation
2h
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#190
Please wait...
Page is in error, reload to recover